From 1375ac5fe477cf97c5f89b56cb44cc136cdf0f8a Mon Sep 17 00:00:00 2001 From: Dale Bingham Date: Sun, 3 Mar 2024 09:46:54 -0500 Subject: [PATCH] Initial Test of Files --- .DS_Store | Bin 0 -> 8196 bytes .github/workflows/uploadFiles.yml | 37 + README.md | 29 + approved-pps/sp-sample-approvedpps.xlsx | Bin 0 -> 10470 bytes ...ts_Google_Chrome_Current_Windows-2.8.6.xml | 3992 + ..._121035_XCCDF-Results_IE_11_STIG-2.5.7.xml | 11170 +++ .../PM-ComplianceStatements.xlsx | Bin 0 -> 12438 bytes .../1-2024-01-30-SoteriaWKS-Before.nessus | 63854 +++++++++++++ ...2-2024-02-02-SoteriaSVR scan_Before.nessus | 79048 ++++++++++++++++ 9 files changed, 158130 insertions(+) create mode 100644 .DS_Store create mode 100644 .github/workflows/uploadFiles.yml create mode 100644 approved-pps/sp-sample-approvedpps.xlsx create mode 100644 compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_Google_Chrome_Current_Windows-2.8.6.xml create mode 100644 compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_IE_11_STIG-2.5.7.xml create mode 100644 compliance-statements/PM-ComplianceStatements.xlsx create mode 100644 patch-scans/1-2024-01-30-SoteriaWKS-Before.nessus create mode 100644 patch-scans/2-2024-02-02-SoteriaSVR scan_Before.nessus diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..d075960602023dfc5d31983b6cb6405e87849991 GIT binary patch literal 8196 zcmeI1%Wl&^6o${Vfy4wv7F2X;iER*W0d>K~3grbbf(4*p*M?ekW~|t07EvT`=?nEu zcpm<_6bXk=Apr{Ej5PDlBI+S)9rRKBAn9?PSJIB_xdj#Q zCsK4y8Kv})$`xzwU;<2l2`~XBzyvmd0N&X;_13)i?I@Q_fC>DU1oZykBWn$vHdf8n zfx?6U&dc?0%bK#OozZzl+~Xs*-tCCWT61bD5MyUe!VHMeOW$Zrtp4 zy>7qzJ~~zNsE+GdHHxQib?cQLAnvc{> zrj_xH?11O>yz$`vV(~N>`iH@C=r0Z)A3hoSN5Ro@>Gk#=JbLzWd{#`P`fO(;+^#@( zS~I-(+4Rn%sVtQI1RL#tmrm#u#}_AbMg`?mQH_I)kEj*s-4YnrOtOV!02qoUSQ{Eh zOcL!3P%5ZyZ3&cXr`f`?w-!qcEHw~KkR@tc0_Ybe+(OmI+R;e#S8MCm&6>%z5VW== zZZd(*Ah2s6V_(PrFV>&`Z^py&Q!oK0@J9%U&T(`+!lkc%MYr#wV{IS#1F}xquCZ!d rP?&HWYQk~ow?7O~_hG7iLZ^*Y^dSB9gMi-{S@8Sce1u&5g9N?;hJSVq literal 0 HcmV?d00001 diff --git a/.github/workflows/uploadFiles.yml b/.github/workflows/uploadFiles.yml new file mode 100644 index 0000000..7ca46a4 --- /dev/null +++ b/.github/workflows/uploadFiles.yml @@ -0,0 +1,37 @@ +name: Upload Files + +on: + push: + branches: + - main + +jobs: + # ------------------------------------------------------------- + # Using GitHub's API is not supported for push events + # ------------------------------------------------------------- + # + # ---------------------------------------------------------------------------------------------- + # Using local .git history + # ---------------------------------------------------------------------------------------------- + # Event `push`: Compare the preceding remote commit -> to the current commit of the main branch + # ---------------------------------------------------------------------------------------------- + changed_files: + runs-on: ubuntu-latest # windows-latest || macos-latest + name: Track changed-files + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v42 + # NOTE: `since_last_remote_commit: true` is implied by default and falls back to the previous local commit. + + - name: List all changed files + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} + run: | + for file in ${ALL_CHANGED_FILES}; do + echo "$file was changed" + done \ No newline at end of file diff --git a/README.md b/README.md index 145f7b0..dfa9bb4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,31 @@ # openrmfpro-ghactions OpenRMF Professional public repo to show how to handle files and API interactions via GitHub Actions + + +## Get a list of files + +https://stackoverflow.com/questions/74854189/call-external-rest-api-when-a-file-is-added-or-updated-to-a-github-repository + +https://github.com/marketplace/actions/changed-files + +https://github.com/marketplace/actions/changed-files + + +## Do something with them + +https://github.com/fjogeleit/http-request-action/blob/main/.github/workflows/ci.yml + +https://github.com/fjogeleit/http-request-action/ + +``` +https://{root-url}/api/external/systempackage/{systemKey}/scapchecklist/?applicationKey={applicationKey} + +formdata: + checklistFile *.xml/*.ckl/*.nessus/*.csv + +Authorization Token is the Bearer, space, then the API Token +``` + +## Files are in directories to keep them separate + +You can get a list of all files, all files in a directory, all files by directory, etc. and process as required \ No newline at end of file diff --git a/approved-pps/sp-sample-approvedpps.xlsx b/approved-pps/sp-sample-approvedpps.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..335df797a2dc2ab2f13ce12532f337f60f1e6a91 GIT binary patch literal 10470 zcmeHtgzl{Ii@n1Xx#qmQ5T`VZ#w^H9lw-{xXDurP=kNx}5 z=#*Z!cgOV>n&_mzefyjq`iLTug=xiIfi}A2#dbboS!rim>mSnFq>K>e*Wa$DkI&8A z(|1JKhK(ERq^)(DiGeT7ifdpHVV(l`5?Ew?XS zOp%wH&i~!l{(*X)cEw{80&ly#ahNSg@w;b?8`S;A%XSfzfp$^~pWx%Q{(XM0qp@wB zfRppYeP6aGXaL~(83F+On_AYWv5;TAa82$->)>D1(!j~g2E@$tv;Chs{uk@uUtYa9 zR$j4-1tI8E>U(hi?euaqiioV+8>uEz)pzfumyl~BvMKPF+o%apRPh2JBz;@neIHz0 z7Kk|LC%xI=C=Nrz;3uzjD+x+^aCCv8qjE}=a4cT$Ms=OOp1w(zl<}Z(ZHb~Qs?X1o z9atrom^>G&KpADyz=K22B?!V2O!m|6mDgG^zAFWr7Ew7a2`aDS&OC@4P4S&g%-cs4 z3gMMInn=d%2N_$;mwNZxkY3;8si|1sU&`{!$VD2`| zzw3#cy_2=Ey}k8M>-C4ufW4To7b*YUN3pWJY&Q!^3;a_si(85-ChEL1Gue^aAu{Yh zHSHo5Df_#tReZWeJ4*L9$Xpo-hHmCeh_9K@g5U|F_ zB}D#`Q0Qn!2Zu$+@JOFQ=nb!9`x(+Pcy{h+C~?_9oY{E+XO|jM1`D!-a*bJ!TplNzO=ER?JvnqYNzYYB9DW#ZHpHSLszHfTLXR5 zt1m14Ps&Vvm`AUEp^MPVu8aIK;)ODQB}bc2HsaSo93y z^<@QHD5*Lje-&Y7;lrvMA#D7`L=EbkW2uYxNz3ltcVoR*)usy$lqv+NcQ~xc1*t>g zA5ZQ2^pVL;3Wf`SvAK82xZdN>PsiT5SCeuD)R2IQoci)w8CX`W4jC&2)gB759hs!5 zPG#nh0*>qkTAZp}lC0CdoE+T^M3FB-{#iSq^op3lgIMV%uyHvc{FQtM{p6Q~dC4`I z!irWr71g1Z>Z$)GQgLKss)MXPDzjALy zxbIh}Jc+h)fH+Bk@rdUmkB{JBzG>BHY1$EMK5P$AwvAb`mUvR+tDc@4jT0X6$qN2` zN#hPnG z+L8NZObM(`x}VoY?e4gV;(NKkHKm-US0&8T_c4w?_zmfnC@&rML{EX55H?{Gi>U6} zK{`40AkW6}gu@WAVwU2ZZU1|Lu{Oetn(_~Kz~Qz5kp1{)Os#IzBncPn*Qth7-DfgB;vqq|29)Q1$JDP`Nj^OOh@@cnb? zq#YhTV$2(aBHm2b7(Mz`ay2#-6knF0INd~~QoOn-?%&x)T(g?@CW2bmanT!@{{Ef} z?BX#RL2^>Q^z`t1npACKa2aZ&A|c|AmNu45bjbu-DqJafON)1(}Vqk$?m{EYnrWIpT7HEnLT{bU05sl`4B z!`PEq2OcQ+2zqTCh}K3YVlW;W=sQ=XGwefE&H6=xoAv!-kqhxOV;2h?+i-p>dZ$lT zJ2nP$Su4|iciQ9t7~LlI@VUFYL~21~q1m;81Ql&rB68g7_ZWCRj&b9R@NwL!xQK=) zDnT9x9e&Ebz6%VbE?-&Xi}AfT^6A^1@Ed6Ja^Z=UY`UMX;-}!G(4`2w>gVv z>-4C2Hwn_Kvv+>{(Q2&|WQ$I&Xe}YR&!8Jzm9=0yB4^L(APg~k(4>csF@F3S)kO`F z0hqbVSIbSy%`miCk6pfiyNOTmnQ{xGCSYXbuAliFruV=#zkT>+Yu#IR}V2-LL!g&3_yy!2UObe(~k0B zT;}3_fNRWzsDb_9cUT@9+CZWr(QP8-mnBvEDl^gslOoq3U>#h7e%?Gf-cReb6YZUQ zv?YkFyRbcXi@vZu)^A9|X}EnGo|mpaDk`t|u0I;g&SEGMA+H!PP#nG0C#jcG&oI(`({(L+hlUR$bA2~YlJ6sN>&}(h%$S6D=mXg7*a@*C9rJV(p=^4eDY=Iy3 zgzR-Rim37k{8QKrqr}xH)zYg39>9jAmr_xM=Q)aRREu|mhiZGXDDm>!WqWK%>N_^Q z2^~^^xKI|BE~qN0WkCd+G^-%rdyLZ1n)AG4)@Pq3<;R>DQb3M{9no1G(r3~yYvvhQ zRtIe~gxgHQGhpI$J2*J38cGO?9whgyo=`>LcBzp?ao4U{CYmf$^bF`06bM+uNZ)$E zKj6Wm;{`wsZ0j7sWjK&btzy*_t^-xz2`zkj zMUzNw`FNr)WPDF||zxPsfYs3&&2ZaP*&-?7bw% zZkkXNEShQi?_LEyMDFt0AfZ;e1&XxvRxP2KdIXC6=($|P+IqPn*dvLl!&0b9!(o0g zQv+4Pe`B$jKZM?k!2x#^i>S_eBpp;zzc@882_*|oCTe^^0L?rIX?Mph{N25sgAV+v zT)+3-L6TOhk^|jD`?-P}w;_++^J|g5Kl>UX~HfwUGeM z4UpmIj`mArZeRw)WH|Ke{EhF@kUOA8T~4A66WTmG)DUK+2efbQJ7-wEp5d?)CiQfn zw)Itob~KJ*^4C-ohG(Sy0@oG%7TzDeir___Xey0C`WDOdhHvR3jwEPeVeJ1}uf?3w52x^oe_jbW8)t?e#jX|OOn~CMnz{#v z>a!2d?b0L6=+V`+W1ERi)}&+FxldmO_2#43=(N1g1+h<){|~=9j_6sLcBlDr`!Jl9 z?daLGl7wf8QAD+!OyvxLa%iin#wK%(HV{I~rdH#4Mbo>s$y05GJ`loXt92AH!Kjh5 z+sZu`j2?UVK?_QLGe}258b@+}Mnea=!lFak!953kVFn$~$D(h~_g@|P4s4WG1sDLJ zm*i*M@;67`+0x9`jQO{g^{2OUq%{(T&yCTB{UC$@a{JD?8AZ9WHfj^MOktW9Pf$~P zq@>Qy7Tb)E4o=B?txS`XnVXZ4sc$#u@mr+|@002z&%o*{0~?Uic)k+0i# zefUGWt#;xom?ejQLSF40-(iAXv=JikVLGcx<5X=3Yh}zpud0EtFe-31Q`NUTh!~-9 zO&q@L4ee{)uHZEDuNH^1nHUB-U9+;s`oOv?YoM64Q+*IqV2zbq!vdyh=UycG3PQk} zmRQeJNd&Qvb>FnT~dw+`hytBLQ`~6T-+w(c!b@|2;CUdLL z#l?Oc_NveIu3{A7!Xg3Tr!&&finG#nlT)fNBR{0ab1A`9|XN28zh!GKmVPC6jPh95=qT!p}ozXAbFd%W;r!clP!@5S+|dkxYYGh!dwZ5Y=eGfW^nk}0O| z|E6}GY6xZ)TWCE)>y!jbZ+3egZ(D9*@96K2MH7m;nsbjQwk)H^vz@BynHGs8zs3o^ zO}rI0NjnR*#}eDrCVdzIt7VboiFM+w=Rp6?zN*jAU`6n_6%yCm3YX-j?q&o<$=YAQ zCH zzd@?gi@kKk=8A20()g1hsGcSfHy_C6@o*TH{6(ck>IN&YZ)A6$IX^Kh#gj8`I#LNy zvn@o8A!v)5Ew`tBl)F}SXQ#?E$q9C$$IKWjc~rP`kBXR7uxKc5{9FJJ6?^Yas~aJj zB$KzNEqJ<8GIjWFPt{E;37Tep630l+9AC)=N67$51Vi8AgZ_N7=D4%wIPf4TOIyNm z`xT2VCZ_xL&6;@2cJP~pH$mnE@w+CNU#pXw!%JU%OP27AV=qVs0~#~4lSDbI%r`oE zSh>6{Y!T04BoBA4ieQ;w@yA|g;2%kR)aq?a4xVCDY%p%XcVa(?Kt{C|C!?*lw+ud#xyqa)|AzDM7~>6&$iZXlo1!TzFB?}{s(Zg=Nql!%L687vmhryHj*2+bPv z$t%8_(SXr60g+>z;EOH2#(R|4+MAz+>4{SuQJnev-Ptm^#Iy@Ej ztP&Pe%oB9B5JyC{K=AEyqvmL8GSkCEhQ1FAa5@-a^-C$ojM=_-+b|rooNfL%!5be* z&KCxB{qo5)y^}Mvba-5mo)|}Q{&PpxA(OzTLWr9d#bs{d=|K?m+Z~I%9=d}m=eYe~ z{w>6!3(=`cx?H;-3XD#r)=UjZXwx1t&FfP>VGtcGj2Xjh@>8WtvJFpOQZ{;<)iJMZmyib|69STmTZW$S7cXkH^o z1KFaGJ$5w17pPyNbBgG>Ts}@9aMnVOh_o`WD&u2e{aV@_Z(f=6w# ztUgBxrVA37q8|z4XD#rCc7;HWIjMbg6{KEmWum^NU`ec@v{r=&IYEjNVV$my+{oC= zAsRwZRGTYUSvUDBcUeade<%#VT2+;iH9uD>E7<2KpP(KHqEd=i84#0I_#m>{2~?xx z5uj~N7+XLW6YXMn;I7#l7LNOlm1^o)bxfr@fP_jv4(oLVM3d4NDAUQEFYIVUcIM>>W5wqW1@N+3) z9)|M=Pprge~|&R+KW9?$isG zwtc*~gA6h;$xdK#WYgvB?`Dne)B_&Lx}G`uisVUu+SQ7uc02h(q}Rc-sbi8rpz1XS z=Ld6$isL0l5P16*E%zLX{D~T7badB{z^T-1e38CVE2`bSiUDiGj1`Gj>rbZsurex3M|uT@yzVJp{^;<8U#dX3 z=7Exb*DviBtYJk%joy?Vv@)eJVJhsm7bjr#5^2-5hz2NGEYAd2+96dQN4MM$`z_JL zS=BU!$rK%g^z2gvrP6~Y76=l+ApBh-re$Amk5lf(c%tFUc9Z)zilL%a$c98q=^Eps z4O0#}OlT>J(d5+yWJex<&*?ZCFywlb?1{(lhF=_hRO!5gR)6Hp`4aqT|MgMgx@FjH z!#U#jw8bMw5Od2?VtE7ZWogOX0%qCC?v~UQa@4~>*ZLmGioOTOcY>dh=I7_%no3$J zImK&v2AR=edi8#3dHM=9wlQ`MWtu^`(f1Xy7x3+0@?>5~-&0cFH?ZhSSQ*P$p@vu# z=R_xF7=Ul?Eza*H?P8l@Tjb;=&izbh{4)Xwr%3?;{&MT^<%97u;w8ilvNUosGgWbR zdTVF#TOiOm=8Y@_D@x$0|Fcp5vNmsb941$GaI&#&Q&PFHXBINfzFk5+qq1tERiokGgYLQ|DxBa$G)%x(+`cfIo2fSs>FuN<%M+znkTJ-6*& zx3l=qU3n5Ociz6F22fuzNv8HDKqq?#5VMKBli7c2ApVy?dLdJItde3E2}abGH(!rFe>x3_#6G~;5b9n`mjWeD!kt6rzw$okEoA;zh2`Ln zI!<~aAN7kpMfofFj2s;P$Gw*+`_GXYD{sH}GvN(!LyWMD&btgm@GCZ!;=U?328*q= zP{=dMs-y@hjyalDtR0`ya$ATXX4V%ZE3k`9qxY0E4Jhlj()tMA0#|b#EF*B##@rg> zkK>KV6MLfk77!t~;9K$G}_QfpHns%Ui4vZ1BxT}D!43j$P9G&&HxMR^! zpYMvHZ16&RBW8S7lX+tvC>ME{{ybZaWWJW&_k-5lu%xwjuNdrG+tlq$j&Roc22uDm zK|W(EAtE2;E?WYxo27p2b{tbe>Q^g^_H`vs7IH5=?s1nwnV~Qo$!}%$yTvT{s%lRlu)a`JV!~3I6ZF|KX$mD&&Z|HK0T(4+vsKaA_I l@V{?}e}xB-{{{Y^?GY#o^|HDEz^j+@{fqquQvLk({{UPOeU|_L literal 0 HcmV?d00001 diff --git a/compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_Google_Chrome_Current_Windows-2.8.6.xml b/compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_Google_Chrome_Current_Windows-2.8.6.xml new file mode 100644 index 0000000..461ba95 --- /dev/null +++ b/compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_Google_Chrome_Current_Windows-2.8.6.xml @@ -0,0 +1,3992 @@ + + + + + accepted + Google Chrome Current Windows STIG SCAP Benchmark - NIWC Enhanced with Manual Questions + This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. + Portions of this document were developed at Naval Information Warfare Center Atlantic by employees of the Federal Government in the course of their official duties. Pursuant to title 17 Section 105 of the United States Code this software is not subject to copyright protection and is in the public domain. The Government assumes no responsibility whatsoever for its use by other parties, and the software is provided "AS IS" without warranty or guarantee of any kind, express or implied, including, but not limited to, the warranties of merchantability and of fitness for a particular purpose. In no event shall the Government be liable for any claim, damages or other liability, whether in an action of contract, tort or other dealings in the software. The Government has no obligation hereunder to provide maintenance, support, updates, enhancements, or modifications. We would appreciate acknowledgement if the software is used. This software can be redistributed and/or modified freely provided that any derivative works bear some notice that they are derived from it, and any modified versions bear some notice that they have been modified. + This content stream was enhanced with OCIL manual questions derived from the STIG Manual by the NIWC SCC team. +Timestamp: 2023-08-31T12:53:48 +Tool Version: 1.0 +STIG Manual Version: 2.8 +SCAP Benchmark Version: 2.8 +DISA Automated rules added: 39 +NIWC Automated rules added: 2 +Manual rules added: 2 + This data is metadata to be used for the creation of CKL reports. +version:--:2 +classification:--:UNCLASSIFIED +customname:--: +stigid:--:Google_Chrome_Current_Windows +description:--:This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. +filename:--:U_Google_Chrome_V2R8_STIG_Manual-xccdf.xml +releaseinfo:--:Release: 8 Benchmark Date: 26 Jan 2023 +title:--:Google Chrome Current Windows Security Technical Implementation Guide +uuid:--: +notice:--: +source:--:STIG.DOD.MIL + + + DISA+NIWC + STIG.DOD.MIL + + Enhanced Content 2.8.6 Date: 2023-08-31, based on Release: 2.8 Benchmark Date: 26 Jan 2023 + 3.4.0.34222 + 1.10.0 + + 2.8.6 + + DISA + DISA + DISA + STIG.DOD.MIL + + + I - Mission Critical Classified + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + I - Mission Critical Public + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + I - Mission Critical Sensitive + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + II - Mission Support Classified + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + II - Mission Support Public + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + II - Mission Support Sensitive + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + III - Administrative Classified + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + III - Administrative Public + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + III - Administrative Sensitive + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CAT I Only + This profile only includes rules that are Severity Category I. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBC-0001 + Firewall traversal from remote host must be disabled. + <VulnDiscussion>Remote connections should never be allowed that bypass the firewall, as there is no way to verify if they can be trusted. Enables usage of STUN and relay servers when remote clients are trying to establish a connection to this machine. If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall. If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network. If this policy is left not set the setting will be enabled. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57545 + V-44711 + CCI-001414 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative\Templates\Google\Google Chrome\Remote Access + Policy Name: Enable firewall traversal from remote access host + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If RemoteAccessHostFirewallTraversal is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows registry: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding. + + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0002 + Site tracking users location must be disabled. + <VulnDiscussion>Website tracking is the practice of gathering information as to which websites were accesses by a browser. The common method of doing this is to have a website create a tracking cookie on the browser. If the information of what sites are being accessed is made available to unauthorized persons, this violates confidentiality requirements, and over time poses a significant OPSEC issue. This policy setting allows you to set whether websites are allowed to track the user’s physical location. Tracking the user’s physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location. + 1 = Allow sites to track the user’s physical location + 2 = Do not allow any site to track the user’s physical location + 3 = Ask whenever a site wants to track the user’s physical location</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57557 + V-44723 + CCI-001166 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\ + Policy Name: Default geolocation setting + Policy State: Enabled + Policy Value: Do not allow any site to track the users' physical location + + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultGeolocationSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultGeolocationSetting value name does not exist or its value data is not set to 2, then this is a finding. + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0004 + Sites ability to show pop-ups must be disabled. + <VulnDiscussion>Chrome allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up windows are not prevented from appearing. If you disable this policy setting, scripts can continue to create pop-up windows, and pop-ups that hide other windows. Recommend configuring this setting to ‘2’ to help prevent malicious websites from controlling the pop-up windows or fooling users into clicking on the wrong window. If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. If this policy is left not set, 'BlockPopups' will be used and the user will be able to change it. + 1 = Allow all sites to show pop-ups + 2 = Do not allow any site to show pop-ups</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57553 + V-44719 + CCI-000381 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\ + Policy Name: Default popups setting + Policy State: Enabled + Policy Value: Do not allow any site to show popups + + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultPopupsSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the value name DefaultPopupsSetting does not exist or its value data is not set to 2, then this is a finding. + +Note: If AO Approved exceptions to this rule have been enabled, this is not a finding. + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBC-0005 + Extensions installation must be blocklisted by default. + <VulnDiscussion>Extensions are developed by third party sources and are designed to extend Google Chrome's functionality. An extension can be made by anyone, to do and access almost anything on a system; this means they pose a high risk to any system that would allow all extensions to be installed by default. Allows you to specify which extensions the users can NOT install. Extensions already installed will be removed if blocklisted. A blocklist value of '*' means all extensions are blocklisted unless they are explicitly listed in the allowlist. If this policy is left not set the user can install any extension in Google Chrome.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57561 + V-44727 + CCI-000169 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\ + Policy Name: Configure extension installation blocklist + Policy State: Enabled + Policy Value: * + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If ExtensionInstallBlocklist is not displayed under the Policy Name column or it is not set to * under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlocklist + 3. If the a registry value name of 1 does not exist under that key or its value is not set to *, then this is a finding. + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBC-0006 + Extensions that are approved for use must be allowlisted. + <VulnDiscussion>The allowlist should only contain organizationally approved extensions. This is to prevent a user from accidently allowlisitng a malicious extension. This policy allows you to specify which extensions are not subject to the blacklist. A blacklist value of ‘*’ means all extensions are blacklisted and users can only install extensions listed in the allowlist. By default, no extensions are allowlisted. If all extensions have been blacklisted by policy, then the allowlist policy can be used to allow specific extensions to be installed. Administrators should determine which extensions should be allowed to be installed by their users. If no extensions are allowlisted, then no extensions can be installed when combined with blacklisting all extensions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57563 + V-44729 + CCI-001170 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\ +Policy Name: Configure extension installation allowlist +Policy State: Enabled +Policy Value: oiigbmnaadbkfbmpbfijlflahbdbdgdf + +Note: oiigbmnaadbkfbmpbfijlflahbdbdgdfis the extension ID for scriptno (a commonly used Chrome extension), other extension IDs may vary. + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If ExtensionInstallAllowlist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding. + +Windows method: +1. Start regedit +2. Navigate to the key HKLM\Software\Policies\Google\Chrome\ExtensionInstallAllowlist +3. If the ExtensionInstallAllowlist key is not set to 1 and oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator-approved extension IDs, then this is a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0007 + The default search providers name must be set. + <VulnDiscussion>Specifies the name of the default search provider that is to be used, if left empty or not set, the host name specified by the search URL will be used. This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled. When doing internet searches it is important to use an encrypted connection via https.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57567 + V-44733 + CCI-000381 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\ + Policy Name: Default search provider name + Policy State: Enabled + Policy Value: set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted) + + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultSearchProviderName is displayed under the Policy Name column or it is not set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted) under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultSearchProviderName value name does not exist or it is not set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted), then this is a finding. + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0008 + The default search provider URL must be set to perform encrypted searches. + <VulnDiscussion>Specifies the URL of the search engine used when doing a default search. The URL should contain the string '{searchTerms}', which will be replaced at query time by the terms the user is searching for. This option must be set when the 'DefaultSearchProviderEnabled' policy is enabled and will only be respected if this is the case. When doing internet searches it is important to use an encrypted connection via https.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57569 + V-44735 + CCI-000381 + If the system is on the SIPRNet, this requirement is NA. + +Windows group policy: +1. Open the group policy editor tool with gpedit.msc. +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\. +- Policy Name: Default search provider search URL +- Policy State: Enabled +- Policy Value: Must be set to an organization-approved encrypted search string +(ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) + + + + If the system is on the SIPRNet, this requirement is NA. + +Universal method: +1. In the omnibox (address bar) type chrome://policy. +2. If DefaultSearchProviderSearchURL is not displayed under the Policy Name column or it is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\. +3. If the DefaultSearchProviderSearchURL value name does not exist or its value data is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ), this is a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0009 + Default search provider must be enabled. + <VulnDiscussion>Policy enables the use of a default search provider. If you enable this setting, a default search is performed when the user types text in the omnibox that is not a URL. You can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider. If you disable this setting, no search is performed when the user enters non-URL text in the omnibox. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set, the default search provider is enabled, and the user will be able to set the search provider list.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57571 + V-44737 + CCI-000381 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\ + Policy Name: Enable the default search provider + Policy State: Enabled + Policy Value: N/A + + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultSearchProviderEnabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultSearchProviderEnabled value name does not exist or its value data is not set to 1, then this is a finding. + +Note: This policy will only display in the chrome://policy tab on domain joined systems. On standalone systems, the policy will not display. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0011 + The Password Manager must be disabled. + <VulnDiscussion>Enables saving passwords and using saved passwords in Google Chrome. Malicious sites may take advantage of this feature by using hidden fields gain access to the stored information. If you enable this setting, users can have Google Chrome memorize passwords and provide them automatically the next time they log in to a site. If you disable this setting, users are not able to save passwords or use already saved passwords. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set, this will be enabled but the user will be able to change it. ListPassword manager should not be used as it stores passwords locally.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57575 + V-44741 + CCI-000381 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Password Manager\ +Policy Name: Enable Saving Passwords to the Password Manager +Policy State: Disabled +Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If PasswordManagerEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the PasswordManagerEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + + + + + + + + SRG-APP-000112 + <GroupDescription></GroupDescription> + + DTBC-0017 + Background processing must be disabled. + <VulnDiscussion>Determines whether a Google Chrome process is started on OS login that keeps running when the last browser window is closed, allowing background apps to remain active. The background process displays an icon in the system tray and can always be closed from there. If this policy is set to True, background mode is enabled and cannot be controlled by the user in the browser settings. If this policy is set to False, background mode is disabled and cannot be controlled by the user in the browser settings. If this policy is left unset, background mode is initially disabled and can be controlled by the user in the browser settings.' - Google Chrome Administrators Policy ListThis setting, if enabled, allows Google Chrome to run at all times. There is two reasons that this is not wanted. First, it can tie up system resources that might otherwise be needed. Second, it does not make it obvious to the user that it is running and poorly written extensions could cause instability on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57587 + V-44753 + CCI-001695 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Continue running background apps when Google Chrome is closed + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If BackgroundModeEnabled is not displayed under the Policy Name column and it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the BackgroundModeEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + + + + + + + + SRG-APP-000047 + <GroupDescription></GroupDescription> + + DTBC-0020 + Google Data Synchronization must be disabled. + <VulnDiscussion>Disables data synchronization in Google Chrome using Google-hosted synchronization services and prevents users from changing this setting. If you enable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set the user will be able to enable Google Sync. Google Sync is used to sync information between different user devices, this data is then stored on Google owned servers. The synced data may consist of information such as email, calendars, viewing history, etc. This feature must be disabled because the organization does not have control over the servers the data is stored on.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57593 + V-44759 + CCI-001374 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Disable synchronization of data with Google + Policy State: Enabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If SyncDisabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SyncDisabled value name does not exist or its value data is not set to 1, then this is a finding. + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0021 + The URL protocol schema javascript must be disabled. + <VulnDiscussion>Each access to a URL is handled by the browser according to the URL's "scheme". The "scheme" of a URL is the section before the ":". The term "protocol" is often mistakenly used for a "scheme". The difference is that the scheme is how the browser handles a URL and the protocol is how the browser communicates with a service. If a scheme or its associated protocol used by a browser is insecure or obsolete, vulnerabilities can be exploited resulting in exposed data or unrestricted access to the browser's system. The browser must be configured to disable the use of insecure and obsolete schemas (protocols). +This policy disables the listed protocol schemes in Google Chrome, URLs using a scheme from this list will not load and cannot be navigated to. If this policy is left not set or the list is empty all schemes will be accessible in Google Chrome.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57595 + V-44761 + CCI-000381 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc. +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Block access to a list of URLs. +- Policy State: Enabled +- Policy Value 1: javascript://* + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy. +2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist. +3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding. + + + + + + + + + + + + + SRG-APP-000047 + <GroupDescription></GroupDescription> + + DTBC-0023 + Cloud print sharing must be disabled. + <VulnDiscussion>Policy enables Google Chrome to act as a proxy between Google Cloud Print and legacy printers connected to the machine. If this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google account. If this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it’s printers with Google Cloud Print. If this policy is not set, this will be enabled but the user will be able to change it.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57599 + V-44765 + CCI-001374 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Printing + Policy Name: Enable Google Cloud Print proxy + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If CloudPrintProxyEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the CloudPrintProxyEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBC-0025 + Network prediction must be disabled. + <VulnDiscussion>Enables network prediction in Google Chrome and prevents users from changing this setting. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set, this will be disabled but the user will be able to change it.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57603 + V-44769 + CCI-000366 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Enable network prediction +Policy State: Enabled +Policy Value: Do not predict network actions on any network connection + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If "NetworkPredictionOptions" is not displayed under the “Policy Name” column or it is not set to "2" under the “Policy Value” column, this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "NetworkPredictionOptions" value name does not exist or its value data is not set to "2," this is a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0026 + Metrics reporting to Google must be disabled. + <VulnDiscussion>Enables anonymous reporting of usage and crash-related data about Google Chrome to Google and prevents users from changing this setting. If you enable this setting, anonymous reporting of usage and crash-related data is sent to Google. A crash report could contain sensitive information from the computer's memory. If you disable this setting, anonymous reporting of usage and crash-related data is never sent to Google. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set the setting will be what the user chose upon installation / first run.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57605 + V-44771 + CCI-000381 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Enable reporting of usage and crash-related data + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If MetricsReportingEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the MetricsReportingEnabled value name does not exist or its value data is not set to 0, then this is a finding. + +Note: This policy will only display in the chrome://policy tab on domain joined systems. On standalone systems, the policy will not display. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0027 + Search suggestions must be disabled. + <VulnDiscussion>Search suggestion should be disabled as it could lead to searches being conducted that were never intended to be made. Enables search suggestions in Google Chrome's omnibox and prevents users from changing this setting. If you enable this setting, search suggestions are used. If you disable this setting, search suggestions are never used. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set, this will be enabled but the user will be able to change it.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57607 + V-44773 + CCI-000381 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Enable search suggestions + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If SearchSuggestEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SearchSuggestEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0029 + Importing of saved passwords must be disabled. + <VulnDiscussion>Importing of saved passwords should be disabled as it could lead to unencrypted account passwords stored on the system from another browser to be viewed. This policy forces the saved passwords to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog. If disabled, the saved passwords are not imported. If it is not set, the user may be asked whether to import, or importing may happen automatically.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57609 + V-44775 + CCI-000381 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Import saved passwords from default browser on first run + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If ImportSavedPasswords is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the ImportSavedPasswords value name does not exist or its value data is not set to 0, then this is a finding. + + + + + + + + + + + SRG-APP-000080 + <GroupDescription></GroupDescription> + + DTBC-0030 + Incognito mode must be disabled. + <VulnDiscussion>Incognito mode allows the user to browse the Internet without recording their browsing history/activity. From a forensics perspective, this is unacceptable. Best practice requires that browser history is retained. The "IncognitoModeAvailability" setting controls whether the user may utilize Incognito mode in Google Chrome. If 'Enabled' is selected or the policy is left unset, pages may be opened in Incognito mode. If 'Disabled' is selected, pages may not be opened in Incognito mode. If 'Forced' is selected, pages may be opened ONLY in Incognito mode. + 0 = Incognito mode available. + 1 = Incognito mode disabled. + 2 = Incognito mode forced.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57611 + V-44777 + CCI-000166 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Incognito mode availability + Policy State: Enabled + Policy Value: Incognito mode disabled + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If IncognitoModeAvailability is not displayed under the Policy Name column or it is not set to 1 under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the IncognitoModeAvailability value name does not exist or its value data is not set to 1, then this is a finding. + + + + + + + + + + + + SRG-APP-000605 + <GroupDescription></GroupDescription> + + DTBC-0037 + Online revocation checks must be performed. + <VulnDiscussion>By setting this policy to true, the previous behavior is restored and online OCSP/CRL checks will be performed. If the policy is not set, or is set to false, then Chrome will not perform online revocation checks. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57623 + V-44789 + CCI-000185 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Enable online OCSP/CRL checks + Policy State: Enabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If EnableOnlineRevocationChecks is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the EnableOnlineRevocationChecks value name does not exist or its value data is not set to 1, then this is a finding. + + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0038 + Safe Browsing must be enabled. + <VulnDiscussion>Allows you to control whether Google Chrome's Safe Browsing feature is enabled and the mode it operates in. + +If this policy is set to 'NoProtection' (value 0), Safe Browsing is never active. + +If this policy is set to 'StandardProtection' (value 1, which is the default), Safe Browsing is always active in the standard mode. + +If this policy is set to 'EnhancedProtection' (value 2), Safe Browsing is always active in the enhanced mode, which provides better security, but requires sharing more browsing information with Google.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57625 + V-44791 + CCI-001166 + Windows group policy: + 1. Open the “group policy editor” tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Safe Browsing Settings + Policy Name: Safe Browsing Protection Level + Policy State: Enabled + Policy Value: "(1) Safe Browsing is active in the standard mode", or "(2) Safe Browsing is active in the enhanced mode. This mode provides better security, but requires sharing more browsing information with Google". + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If SafeBrowsingProtectionLevel is not displayed under the Policy Name column or it is not set to 1 or 2 under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SafeBrowsingProtectionLevel value name does not exist or its value data is not set to 1 or 2, then this is a finding. + + + + + + + + + + + SRG-APP-000231 + <GroupDescription></GroupDescription> + + DTBC-0039 + Browser history must be saved. + <VulnDiscussion>This policy disables saving browser history in Google Chrome and prevents users from changing this setting. If this setting is enabled, browsing history is not saved. If this setting is disabled or not set, browsing history is saved.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57627 + V-44793 + CCI-001199 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Disable saving browser history + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If the policy 'SavingBrowserHistoryDisabled' is not shown or is not set to false, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SavingBrowserHistoryDisabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + + + + + + + + SRG-APP-000456 + <GroupDescription></GroupDescription> + + DTBC-0050 + The version of Google Chrome running on the system must be a supported version. + <VulnDiscussion>Google Chrome is being continually updated by the vendor in order to address identified security vulnerabilities. Running an older version of the browser can introduce security vulnerabilities to the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-57639 + V-44805 + CCI-002605 + Install a supported version of Google Chrome. + + + + Universal method: +1. In the omnibox (address bar) type chrome://settings/help +2. Cross-reference the build information displayed with the Google Chrome site to identify, at minimum, the oldest supported build available. As of July 2019, this is 74.x.x. +3. If the installed version of Chrome is not supported by Google, this is a finding. + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBC-0052 + Deletion of browser history must be disabled. + <VulnDiscussion>Disabling this function will prevent users from deleting their browsing history, which could be used to identify malicious websites and files that could later be used for anti-virus and Intrusion Detection System (IDS) signatures. Furthermore, preventing users from deleting browsing history could be used to identify abusive web surfing on government systems.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-89845 + V-75165 + CCI-000169 + Windows group policy: + 1. Open the group policy editor tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Enable deleting browser and download history + Policy State: Disabled + Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If the policy "AllowDeletingBrowserHistory" is not shown or is not set to false, this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "AllowDeletingBrowserHistory" value name does not exist or its value data is not set to "0", this is a finding. + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBC-0053 + Prompt for download location must be enabled. + <VulnDiscussion>If the policy is enabled, the user will be asked where to save each file before downloading. If the policy is disabled, downloads will start immediately, and the user will not be asked where to save the file. If the policy is not configured, the user will be able to change this setting.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-94633 + V-79929 + CCI-000169 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Ask where to save each file before downloading + Policy State: Enabled + Policy Value: N/A + + + + Universal method: +1. In the omnibox (address bar) type chrome:// policy +2. If "PromptForDownloadLocation" is not displayed under the "Policy Name" column or it is not set to "true" under the "Policy Value" column, then this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "PromptForDownloadLocation" value name does not exist or its value data is not set to "1", this is a finding. + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBC-0055 + Download restrictions must be configured. + <VulnDiscussion>Configure the type of downloads that Google Chrome will completely block, without letting users override the security decision. If you set this policy, Google Chrome will prevent certain types of downloads, and will not let user bypass the security warnings. When the "Block dangerous downloads" option is chosen, all downloads are allowed, except for those that carry SafeBrowsing warnings. When the "Block potentially dangerous downloads" option is chosen, all downloads allowed, except for those that carry SafeBrowsing warnings of potentially dangerous downloads. When the "Block all downloads" option is chosen, all downloads are blocked. When this policy is not set, (or the "No special restrictions" option is chosen), the downloads will go through the usual security restrictions based on SafeBrowsing analysis results. + +Note that these restrictions apply to downloads triggered from web page content, as well as the 'download link...' context menu option. These restrictions do not apply to the save / download of the currently displayed page, nor does it apply to saving as PDF from the printing options. See https://developers.google.com/safe-browsing for more info on SafeBrowsing. +0 = No special restrictions +1 = Block dangerous downloads +2 = Block potentially dangerous downloads +3 = Block all downloads</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-94635 + V-79931 + CCI-000169 + If the system is on the SIPRNet, this requirement is NA. +Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Allow download restrictions +Policy State: 1 or 2 +Policy Value: N/A + + + + If the system is on the SIPRNet, this requirement is NA. +Universal method: +1. In the omnibox (address bar) type chrome:// policy +2. If "DownloadRestrictions" is not displayed under the "Policy Name" column or it is not set to "1" or "2" under the "Policy Value" column, then this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "DownloadRestrictions" value name does not exist or its value data is not set to "1" or "2", then this is a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0057 + Safe Browsing Extended Reporting must be disabled. + <VulnDiscussion>Enables Google Chrome's Safe Browsing Extended Reporting and prevents users from changing this setting. Extended Reporting sends some system information and page content to Google servers to help detect dangerous apps and sites. +If the setting is set to "True", then reports will be created and sent whenever necessary (such as when a security interstitial is shown). +If the setting is set to "False", reports will never be sent. +If this policy is set to "True" or "False", the user will not be able to modify the setting. +If this policy is left unset, the user will be able to change the setting and decide whether to send reports or not.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-96299 + V-81585 + CCI-001166 + Windows group policy: +1. Open the “group policy editor” tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Safe Browsing settings\ +Policy Name: Enable Safe Browsing Extended Reporting +Policy State: Disabled +Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "SafeBrowsingExtendedReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "SafeBrowsingExtendedReportingEnabled" value name does not exist or its value data is not set to "0", this is a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0058 + WebUSB must be disabled. + <VulnDiscussion>Allows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to connected USB devices. +If this policy is left not set, ”3” will be used, and the user will be able to change it. +2 = Do not allow any site to request access to USB devices via the WebUSB API +3 = Allow sites to ask the user to grant access to a connected USB device</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-96301 + V-81587 + CCI-000381 + Windows group policy: + 1. Open the “group policy editor” tool with gpedit.msc + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings + Policy Name: Control use of the WebUSB API + Policy State: Enabled + Policy Value: 2 + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "DefaultWebUsbGuardSetting" is not displayed under the "Policy Name" column or it is not set to "2", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "DefaultWebUsbGuardSetting" value name does not exist or its value data is not set to "2", this is a finding. + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBC-0060 + Chrome Cleanup must be disabled. + <VulnDiscussion>If set to "False", prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled. +If set to "True" or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled. +This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-96305 + V-81591 + CCI-000169 + Windows group policy: +1. Open the "group policy editor" tool with gpedit.msc. +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome +Policy Name: Enable Chrome Cleanup on Windows +Policy State: Disabled +Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "ChromeCleanupEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit. + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "ChromeCleanupEnabled" value name does not exist or its value data is not set to "0", this is a finding. + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBC-0061 + Chrome Cleanup reporting must be disabled. + <VulnDiscussion>If unset, should Chrome Cleanup detect unwanted software, it may report metadata about the scan to Google in accordance with policy set by “SafeBrowsingExtendedReportingEnabled”. Chrome Cleanup will then ask the user if they wish to clean up the unwanted software. The user can choose to share results of the cleanup with Google to assist with future unwanted software detection. These results contain file metadata and registry keys as described by the Chrome Privacy Whitepaper. +If set to “false”, should Chrome Cleanup detect unwanted software, it will not report metadata about the scan to Google, overriding any policy set by “SafeBrowsingExtendedReportingEnabled”. Chrome Cleanup will ask the user if they wish to clean up the unwanted software. Results of the cleanup will not be reported to Google and the user will not have the option to do so. +If set to “true”, should Chrome Cleanup detect unwanted software, it may report metadata about the scan to Google in accordance with policy set by “SafeBrowsingExtendedReportingEnabled”. Chrome Cleanup will ask the user if they wish to clean up the unwanted software. Results of the cleanup will be reported to Google and the user will not have the option to prevent it. +This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-96307 + V-81593 + CCI-000169 + Windows group policy: +1. Open the “group policy editor” tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome +Policy Name: Control how Chrome Cleanup reports data to Google +Policy State: Disabled +Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "ChromeCleanupReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "ChromeCleanupReportingEnabled" value name does not exist or its value data is not set to "0", this is a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0063 + Google Cast must be disabled. + <VulnDiscussion>If this policy is set to ”True” or is not set, Google Cast will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the “Cast toolbar” icon. +If this policy set to ”False”, Google Cast will be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-96311 + V-81597 + CCI-000381 + Windows group policy: +1. Open the “group policy editor” tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Google Cast +Policy Name: Enable Google Cast +Policy State: Disabled +Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "EnableMediaRouter" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "EnableMediaRouter" value name does not exist or its value data is not set to "0", this is a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0064 + Autoplay must be disabled. + <VulnDiscussion>This allows a user to control if videos can play automatically with audio content (without user consent) in Google Chrome. + +If the policy is set to "True", Google Chrome is allowed to autoplay media. If the policy is set to "False", Google Chrome is not allowed to autoplay media. The "AutoplayAllowlist" policy can be used to override this for certain URL patterns. By default, Google Chrome is not allowed to autoplay media. The "AutoplayAllowlist" policy can be used to override this for certain URL patterns.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-96295 + V-81581 + CCI-000381 + Windows group policy: +1. Open the “group policy editor” tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Allow media autoplay +Policy State: Disabled +Policy Value: N/A + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "AutoplayAllowed" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "AutoplayAllowed" value name does not exist or its value data is not set to "0", this is a finding. + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBC-0065 + URLs must be allowlisted for Autoplay use. + <VulnDiscussion>Controls the allowlist of URL patterns that autoplay will always be enabled on. If the "AutoplayAllowed" policy is set to "True" then this policy will have no effect. If the "AutoplayAllowed" policy is set to "False", then any URL patterns set in this policy will still be allowed to play.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-96303 + V-81589 + CCI-001170 + Windows group policy: +1. Open the “group policy editor” tool with gpedit.msc. +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome +- Policy Name: Allow media autoplay on a allowlist of URL patterns. +- Policy State: Enabled +- Policy Value 1: [*.]mil +- Policy Value 2: [*.]gov + +Note: Policy values are examples. + + + + Universal method: +1. In the omnibox (address bar), type chrome://policy. +2. If “AutoplayAllowlist” under the “Policy Name” column may be set to a list of administrator-approved URLs under the “Policy Value” column. This requirement is optional. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the “AutoplayAllowlist” key may contain a list of administrator-approved URLs. This requirement is optional. + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0066 + Anonymized data collection must be disabled. + <VulnDiscussion>Enable URL-keyed anonymized data collection in Google Chrome and prevent users from changing this setting. +URL-keyed anonymized data collection sends URLs of pages the user visits to Google to make searches and browsing better. +If you enable this policy, URL-keyed anonymized data collection is always active. +If you disable this policy, URL-keyed anonymized data collection is never active. +If this policy is left not set, URL-keyed anonymized data collection will be enabled but the user will be able to change it.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-101303 + V-91203 + CCI-001166 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Enable URL-keyed anonymized data collection +Policy State: Disabled +Policy Value: NA + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If "UrlKeyedAnonymizedDataCollectionEnabled" is not displayed under the “Policy Name” column or it is not set to "0" under the “Policy Value” column, this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the “UrlKeyedAnonymizedDataCollectionEnabled" value name does not exist or its value data is not set to "0," this is a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0067 + Collection of WebRTC event logs must be disabled. + <VulnDiscussion>If the policy is set to “true”, Google Chrome is allowed to collect WebRTC event logs from Google services (e.g., Google Meet), and upload those logs to Google. +If the policy is set to “false”, or is unset, Google Chrome may not collect nor upload such logs. +These logs contain diagnostic information helpful when debugging issues with audio or video calls in Chrome, such as the time and size of sent and received RTP packets, feedback about congestion on the network, and metadata about time and quality of audio and video frames. These logs do not contain audio or video contents from the call. +This data collection by Chrome can only be triggered by Google's web services, such as Google Hangouts or Google Meet.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-101305 + V-91205 + CCI-001166 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Allow collection of WebRTC event logs from Google services +Policy State: Disabled +Policy Value: NA + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If "WebRtcEventLogCollectionAllowed" is not displayed under the “Policy Name” column or it is not set to "0" under the “Policy Value” column, this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "WebRtcEventLogCollectionAllowed" value name does not exist or its value data is not set to "0," this is a finding. + + + + + + + + + + + SRG-APP-000266 + <GroupDescription></GroupDescription> + + DTBC-0068 + Chrome development tools must be disabled. + <VulnDiscussion>While the risk associated with browser development tools is more related to the proper design of a web application, a risk vector remains within the browser. The developer tools allow end users and application developers to view and edit all types of web application related data via the browser. Page elements, source code, javascript, API calls, application data, etc. may all be viewed and potentially manipulated. Manipulation could be useful for troubleshooting legitimate issues, and this may be performed in a development environment. Manipulation could also be malicious and must be addressed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-106629 + V-97525 + CCI-001312 + Windows group policy: +1. Open the "group policy editor" tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome +Policy Name: Control where Developer Tools can be used +Policy State: Enabled +Policy Value: Disallow usage of the Developer Tools + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If the policy "DeveloperToolsAvailability" is not shown or is not set to "2", this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the key "DeveloperToolsAvailability" does not exist or is not set to "2", this is a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0069 + Guest Mode must be disabled. + <VulnDiscussion>If this policy is set to true or not configured, Google Chrome will enable guest logins. Guest logins are Google Chrome profiles where all windows are in incognito mode. + +If this policy is set to false, Google Chrome will not allow guest profiles to be started.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-111829 + V-102867 + CCI-001166 + Windows group policy: +1. Open the "group policy editor" tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Enable guest mode in browser +Policy State: Disabled + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If BrowserGuestModeEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the BrowserGuestModeEnabled value name does not exist or its value data is not set to 0, this is a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0070 + AutoFill for credit cards must be disabled. + <VulnDiscussion>Enabling Google Chrome's AutoFill feature allows users to auto complete credit card information in web forms using previously stored information. +If this setting is disabled, Autofill will never suggest or fill credit card information, nor will it save additional credit card information that the user might submit while browsing the web. + +If this setting is enabled or has no value, the user will be able to control Autofill for credit cards in the UI.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-111831 + V-102869 + CCI-001166 + Windows group policy: +1. Open the "group policy editor" tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Enable AutoFill for credit cards +Policy State: Disabled + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If AutofillCreditCardEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the AutofillCreditCardEnabled value name does not exist or its value data is not set to 0, this is a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0071 + AutoFill for addresses must be disabled. + <VulnDiscussion>Enabling Google Chrome's AutoFill feature allows users to auto complete address information in web forms using previously stored information. +If this setting is disabled, Autofill will never suggest or fill address information, nor will it save additional address information that the user might submit while browsing the web. + +If this setting is enabled or has no value, the user will be able to control Autofill for addresses in the UI.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-111833 + V-102871 + CCI-001166 + Windows group policy: +1. Open the "group policy editor" tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Enable AutoFill for addresses +Policy State: Disabled + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If AutofillAddressEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the AutofillAddressEnabled value name does not exist or its value data is not set to 0, this is a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBC-0072 + Import AutoFill form data must be disabled. + <VulnDiscussion>This policy forces the autofill form data to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog. +If disabled, the autofill form data is not imported. + +If it is not set, the user may be asked whether to import, or importing may happen automatically.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-111835 + V-102873 + CCI-001166 + Windows group policy: +1. Open the "group policy editor" tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ +Policy Name: Import autofill form data from default browser on first run +Policy State: Disabled + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If ImportAutofillFormData is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the ImportAutofillFormData value name does not exist or its value data is not set to 0, this is a finding. + + + + + + + + + + + + SRG-APP-000416 + <GroupDescription></GroupDescription> + + DTBC-0056 + Chrome must be configured to allow only TLS. + <VulnDiscussion>If this policy is not configured then Google Chrome uses a default minimum version, which is TLS 1.0. Otherwise, it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". +When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored. +"tls1" = TLS 1.0 +"tls1.1" = TLS 1.1 +"tls1.2" = TLS 1.2</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + V-81583 + CCI-002450 + Windows group policy: + 1. Open the “group policy editor” tool with gpedit.msc. + 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ + Policy Name: Minimum SSL version enabled + Policy State: Enabled + Policy Value: TLS 1.2 + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.2", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.2", this is a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBC-0073 + Web Bluetooth API must be disabled. + <VulnDiscussion>Setting the policy to 3 lets websites ask for access to nearby Bluetooth devices. Setting the policy to 2 denies access to nearby Bluetooth devices. + +Leaving the policy unset lets sites ask for access, but users can change this setting. + +2 = Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API +3 = Allow sites to ask the user to grant access to a nearby Bluetooth device</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + SV-34246 + V-26961 + CCI-000381 + Windows group policy: +1. Open the “group policy editor” tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings + Policy Name: Control use of the Web Bluetooth API + Policy State: Enabled + Policy Value: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If DefaultWebBluetoothGuardSetting is not displayed under the Policy Name column or it is not set to 2 under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultWebBluetoothGuardSetting value name does not exist or its value data is not set to 2, then this is a finding. + + + + + + + + + + + SRG-APP-000383 + <GroupDescription></GroupDescription> + + DTBC-0074 + Use of the QUIC protocol must be disabled. + <VulnDiscussion>QUIC is used by more than half of all connections from the Chrome web browser to Google's servers, and this activity is undesirable in the DoD. + +Setting the policy to Enabled or leaving it unset allows the use of QUIC protocol in Google Chrome. + +Setting the policy to Disabled disallows the use of QUIC protocol.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + CCI-001762 + Windows group policy: +1. Open the “group policy editor” tool with gpedit.msc. +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google Chrome. +- Policy Name: Allow QUIC protocol +- Policy State: Disabled +- Policy Value: N/A + + + + Universal method: +1. In the omnibox (address bar), type chrome://policy. +2. If QuicAllowed is not displayed under the Policy Name column or it is not set to False under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\. +3. If the QuicAllowed value name does not exist or its value data is not set to 0, this is a finding. + + + + + + + + + + + SRG-APP-000080 + <GroupDescription></GroupDescription> + + DTBC-0045 + Session only based cookies must be disabled. + <VulnDiscussion>Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits. + +For URLs not covered by the patterns specified here, or for all URLs if this policy is not set, the global default value will be used either from the 'DefaultCookiesSetting' policy, if it is set, or the user's personal configuration otherwise.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4081 + DPMS Target + + CCI-000166 + Windows group policy: +1. Open the group policy editor tool with gpedit.msc +2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings. +- Policy Name: Limit cookies from matching URLs to the current session +- Policy State: Disabled +- Policy Value: N/A + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy. +2. If the policy "CookiesSessionOnlyForUrls" exists and has any defined values, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls. +3. If this key exists and has any defined values, this is a finding. + + + + + + + + + + + + NIWC Atlantic + SOT-WIN2K22-01\degthat + + SOT-WIN2K22-01 + 192.168.40.189 + + SOT-WIN2K22-01 + + SOT-WIN2K22-01. + Microsoft Windows Server 2022 Standard + 21H2 + 12th Gen Intel(R) Core(TM) i7-12700 + Intel64 Family 6 Model 151 Stepping 2 + 2112 + 8192 + VMware, Inc. + VMware-56 4d 39 21 2d 79 b3 63-39 74 36 fd c1 91 8c 5f + VMW201.00V.21805430.B64.2305221830 + VMware20,1 + + + [00000001] Intel(R) 82574L Gigabit Network Connection + 192.168.40.189 + 00:0C:29:91:8C:5F + + + + + fail + SV-57545 + V-44711 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Disable firewall traversal) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240001 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Policies\Google\Chrome' +Object Requirement : name must be equal to 'RemoteAccessHostFirewallTraversal' +State ID : oval:mil.disa.stig.chrome:ste:240001 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If RemoteAccessHostFirewallTraversal is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows registry: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding. + + + + + fail + SV-57557 + V-44723 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable tracking user's location) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240002 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DefaultGeolocationSetting' +State ID : oval:mil.disa.stig.chrome:ste:240002 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultGeolocationSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultGeolocationSetting value name does not exist or its value data is not set to 2, then this is a finding. + + + + + fail + SV-57553 + V-44719 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Disable pop-ups) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240004 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DefaultPopupsSetting' +State ID : oval:mil.disa.stig.chrome:ste:240004 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultPopupsSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the value name DefaultPopupsSetting does not exist or its value data is not set to 2, then this is a finding. + +Note: If AO Approved exceptions to this rule have been enabled, this is not a finding. + + + + fail + SV-57561 + V-44727 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (Extensions installation are blocklisted by default) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240005 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome\ExtensionInstallBlocklist' +Object Requirement : name must be equal to '1' +State ID : oval:mil.disa.stig.chrome:ste:240005 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_sz' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '*' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If ExtensionInstallBlocklist is not displayed under the Policy Name column or it is not set to * under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlocklist + 3. If the a registry value name of 1 does not exist under that key or its value is not set to *, then this is a finding. + + + + fail + SV-57563 + V-44729 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (Extensions that are approved for use are allowlisted) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240006 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome\ExtensionInstallAllowlist' +Object Requirement : name must be equal to '1' +State ID : oval:mil.disa.stig.chrome:ste:240006 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_sz' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to 'oiigbmnaadbkfbmpbfijlflahbdbdgdf' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If ExtensionInstallAllowlist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding. + +Windows method: +1. Start regedit +2. Navigate to the key HKLM\Software\Policies\Google\Chrome\ExtensionInstallAllowlist +3. If the ExtensionInstallAllowlist key is not set to 1 and oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator-approved extension IDs, then this is a finding. + + + + fail + SV-57567 + V-44733 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Set default search provider name) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240007 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DefaultSearchProviderName' +State ID : oval:mil.disa.stig.chrome:ste:240007 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_sz' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to 'Google Encrypted' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultSearchProviderName is displayed under the Policy Name column or it is not set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted) under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultSearchProviderName value name does not exist or it is not set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted), then this is a finding. + + + + + fail + SV-57569 + V-44735 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (The default search provider URL must be set to perform encrypted searches.) + +--- + +Test ID : oval:navy.navwar.niwcatlantic.scc.chrome:tst:121 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : One and only one item may match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DefaultSearchProviderSearchURL' +State ID : oval:navy.navwar.niwcatlantic.chrome:ste:121 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', value must match the pattern '^https' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + If the system is on the SIPRNet, this requirement is NA. + +Universal method: +1. In the omnibox (address bar) type chrome://policy. +2. If DefaultSearchProviderSearchURL is not displayed under the Policy Name column or it is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\. +3. If the DefaultSearchProviderSearchURL value name does not exist or its value data is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ), this is a finding. + + + + fail + SV-57571 + V-44737 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Enable default search provider) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240009 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DefaultSearchProviderEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240009 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If DefaultSearchProviderEnabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultSearchProviderEnabled value name does not exist or its value data is not set to 1, then this is a finding. + +Note: This policy will only display in the chrome://policy tab on domain joined systems. On standalone systems, the policy will not display. + + + + fail + SV-57575 + V-44741 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Disable Password Manager) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240011 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'PasswordManagerEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240011 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If PasswordManagerEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the PasswordManagerEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + fail + SV-57587 + V-44753 + CCI-001695 + Result : false +Tests : false (All child checks must be true.) + : false (Disable background processing) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240017 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'BackgroundModeEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240017 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If BackgroundModeEnabled is not displayed under the Policy Name column and it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the BackgroundModeEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + fail + SV-57593 + V-44759 + CCI-001374 + Result : false +Tests : false (All child checks must be true.) + : false (Disable Google data synchronization) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240020 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'SyncDisabled' +State ID : oval:mil.disa.stig.chrome:ste:240020 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If SyncDisabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SyncDisabled value name does not exist or its value data is not set to 1, then this is a finding. + + + + + fail + SV-57595 + V-44761 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (The URL protocol schema javascript is disabled) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:2400211 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome\URLBlocklist' +Object Requirement : name must be equal to '1' +State ID : oval:mil.disa.stig.chrome:ste:2400211 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_sz' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to 'javascript://*' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy. +2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist. +3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding. + + + + + + fail + SV-57599 + V-44765 + CCI-001374 + Result : false +Tests : false (All child checks must be true.) + : false (Disable cloud print sharing) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240023 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome\' +Object Requirement : name must be equal to 'CloudPrintProxyEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240023 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If CloudPrintProxyEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the CloudPrintProxyEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + fail + SV-57603 + V-44769 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Disable network prediction) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240025 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'NetworkPredictionOptions' +State ID : oval:mil.disa.stig.chrome:ste:240025 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If "NetworkPredictionOptions" is not displayed under the “Policy Name” column or it is not set to "2" under the “Policy Value” column, this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "NetworkPredictionOptions" value name does not exist or its value data is not set to "2," this is a finding. + + + + fail + SV-57605 + V-44771 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Disable Google metrics reporting) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240026 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'MetricsReportingEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240026 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If MetricsReportingEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the MetricsReportingEnabled value name does not exist or its value data is not set to 0, then this is a finding. + +Note: This policy will only display in the chrome://policy tab on domain joined systems. On standalone systems, the policy will not display. + + + + fail + SV-57607 + V-44773 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Enable search suggestion) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240027 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'SearchSuggestEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240027 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If SearchSuggestEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SearchSuggestEnabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + fail + SV-57609 + V-44775 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Password history=VAR) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240029 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'ImportSavedPasswords' +State ID : oval:mil.disa.stig.chrome:ste:240029 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If ImportSavedPasswords is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the ImportSavedPasswords value name does not exist or its value data is not set to 0, then this is a finding. + + + + fail + SV-57611 + V-44777 + CCI-000166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable incognito mode) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240030 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'IncognitoModeAvailability' +State ID : oval:mil.disa.stig.chrome:ste:240030 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If IncognitoModeAvailability is not displayed under the Policy Name column or it is not set to 1 under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the IncognitoModeAvailability value name does not exist or its value data is not set to 1, then this is a finding. + + + + + fail + SV-57623 + V-44789 + CCI-000185 + Result : false +Tests : false (All child checks must be true.) + : false (Perform online revocation checks) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240037 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'EnableOnlineRevocationChecks' +State ID : oval:mil.disa.stig.chrome:ste:240037 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If EnableOnlineRevocationChecks is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the EnableOnlineRevocationChecks value name does not exist or its value data is not set to 1, then this is a finding. + + + + + fail + SV-57625 + V-44791 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Safe Browsing is enabled) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240038 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +State Operator : One or more item-state comparisons may be true. +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'SafeBrowsingProtectionLevel' +State ID : oval:mil.disa.stig.chrome:ste:240038 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '1' +State ID : oval:mil.disa.stig.chrome:ste:24003801 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If SafeBrowsingProtectionLevel is not displayed under the Policy Name column or it is not set to 1 or 2 under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SafeBrowsingProtectionLevel value name does not exist or its value data is not set to 1 or 2, then this is a finding. + + + + fail + SV-57627 + V-44793 + CCI-001199 + Result : false +Tests : false (All child checks must be true.) + : false (Save browser history) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240039 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'SavingBrowserHistoryDisabled' +State ID : oval:mil.disa.stig.chrome:ste:240039 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If the policy 'SavingBrowserHistoryDisabled' is not shown or is not set to false, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the SavingBrowserHistoryDisabled value name does not exist or its value data is not set to 0, then this is a finding. + + + + + notchecked + SV-57639 + V-44805 + CCI-002605 + +--- + +Title : CAT II, V-221584, SV-221584r850366, SRG-APP-000456 +Test Action ID : ocil:navy.navwar.niwcatlantic.scc.chrome:testaction:421 +Question : Universal method: + : 1. In the omnibox (address bar) type chrome://settings/help + : 2. Cross-reference the build information displayed with the Google Chrome site to identify, at minimum, the oldest supported build available. As of July 2019, this is 74.x.x. + : 3. If the installed version of Chrome is not supported by Google, this is a finding. + : + : References: + : SV-57639 + : V-44805 + : CCI-002605 +Result : NOT_TESTED + + + + + Universal method: +1. In the omnibox (address bar) type chrome://settings/help +2. Cross-reference the build information displayed with the Google Chrome site to identify, at minimum, the oldest supported build available. As of July 2019, this is 74.x.x. +3. If the installed version of Chrome is not supported by Google, this is a finding. + + + + fail + SV-89845 + V-75165 + CCI-000169 + Result : false +Tests : false (One or more child checks must be true.) + : false (Check to make sure that google chrome is set to not allow deletion of browser and download history.) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240052 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'AllowDeletingBrowserHistory' +State ID : oval:mil.disa.stig.chrome:ste:240052 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If the policy "AllowDeletingBrowserHistory" is not shown or is not set to false, this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "AllowDeletingBrowserHistory" value name does not exist or its value data is not set to "0", this is a finding. + + + + fail + SV-94633 + V-79929 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (Prompt for download location) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:640053 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'PromptForDownloadLocation' +State ID : oval:mil.disa.stig.chrome:ste:640053 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome:// policy +2. If "PromptForDownloadLocation" is not displayed under the "Policy Name" column or it is not set to "true" under the "Policy Value" column, then this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "PromptForDownloadLocation" value name does not exist or its value data is not set to "1", this is a finding. + + + + fail + SV-94635 + V-79931 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Google\Chrome\DownloadRestrictions is set to 1 or 2) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:610055 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +State Operator : One or more item-state comparisons may be true. +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DownloadRestrictions' +State ID : oval:mil.disa.stig.chrome:ste:6100550 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +State ID : oval:mil.disa.stig.chrome:ste:6100551 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + If the system is on the SIPRNet, this requirement is NA. +Universal method: +1. In the omnibox (address bar) type chrome:// policy +2. If "DownloadRestrictions" is not displayed under the "Policy Name" column or it is not set to "1" or "2" under the "Policy Value" column, then this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "DownloadRestrictions" value name does not exist or its value data is not set to "1" or "2", then this is a finding. + + + + fail + SV-96299 + V-81585 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Check SafeBrowsingExtendedReportingEnabled value.) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:66005700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'SafeBrowsingExtendedReportingEnabled' +State ID : oval:mil.disa.stig.chrome:ste:66005700 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "SafeBrowsingExtendedReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "SafeBrowsingExtendedReportingEnabled" value name does not exist or its value data is not set to "0", this is a finding. + + + + fail + SV-96301 + V-81587 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (WebUSB must be disabled.) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:67005800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DefaultWebUsbGuardSetting' +State ID : oval:mil.disa.stig.chrome:ste:67005800 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "DefaultWebUsbGuardSetting" is not displayed under the "Policy Name" column or it is not set to "2", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "DefaultWebUsbGuardSetting" value name does not exist or its value data is not set to "2", this is a finding. + + + + fail + SV-96305 + V-81591 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (Chrome Cleanup must be disabled.) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:68006000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'ChromeCleanupEnabled' +State ID : oval:mil.disa.stig.chrome:ste:68006000 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "ChromeCleanupEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit. + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "ChromeCleanupEnabled" value name does not exist or its value data is not set to "0", this is a finding. + + + + fail + SV-96307 + V-81593 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (Chrome Cleanup reporting must be disabled.) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:68006100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'ChromeCleanupReportingEnabled' +State ID : oval:mil.disa.stig.chrome:ste:68006100 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "ChromeCleanupReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "ChromeCleanupReportingEnabled" value name does not exist or its value data is not set to "0", this is a finding. + + + + fail + SV-96311 + V-81597 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Google Cast must be disabled.) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:52006300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'EnableMediaRouter' +State ID : oval:mil.disa.stig.chrome:ste:52006300 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "EnableMediaRouter" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "EnableMediaRouter" value name does not exist or its value data is not set to "0", this is a finding. + + + + fail + SV-96295 + V-81581 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Autoplay is disabled) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:66005500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'AutoplayAllowed' +State ID : oval:mil.disa.stig.chrome:ste:66005500 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "AutoplayAllowed" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "AutoplayAllowed" value name does not exist or its value data is not set to "0", this is a finding. + + + + notchecked + SV-96303 + V-81589 + CCI-001170 + +--- + +Title : CAT II, V-221596, SV-221596r820742, SRG-APP-000210 +Test Action ID : ocil:navy.navwar.niwcatlantic.scc.chrome:testaction:621 +Question : Universal method: + : 1. In the omnibox (address bar), type chrome://policy. + : 2. If “AutoplayAllowlist” under the “Policy Name” column may be set to a list of administrator-approved URLs under the “Policy Value” column. This requirement is optional. + : + : Windows method: + : 1. Start regedit. + : 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + : 3. If the “AutoplayAllowlist” key may contain a list of administrator-approved URLs. This requirement is optional. + : + : References: + : SV-96303 + : V-81589 + : CCI-001170 +Result : NOT_TESTED + + + + + Universal method: +1. In the omnibox (address bar), type chrome://policy. +2. If “AutoplayAllowlist” under the “Policy Name” column may be set to a list of administrator-approved URLs under the “Policy Value” column. This requirement is optional. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the “AutoplayAllowlist” key may contain a list of administrator-approved URLs. This requirement is optional. + + + + fail + SV-101303 + V-91203 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable URL-keyed anonymized data collection) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:690066 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'UrlKeyedAnonymizedDataCollectionEnabled' +State ID : oval:mil.disa.stig.chrome:ste:690066 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If "UrlKeyedAnonymizedDataCollectionEnabled" is not displayed under the “Policy Name” column or it is not set to "0" under the “Policy Value” column, this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the “UrlKeyedAnonymizedDataCollectionEnabled" value name does not exist or its value data is not set to "0," this is a finding. + + + + fail + SV-101305 + V-91205 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable WebRTC event log collection) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:700067 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'WebRtcEventLogCollectionAllowed' +State ID : oval:mil.disa.stig.chrome:ste:700067 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If "WebRtcEventLogCollectionAllowed" is not displayed under the “Policy Name” column or it is not set to "0" under the “Policy Value” column, this is a finding. +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the "WebRtcEventLogCollectionAllowed" value name does not exist or its value data is not set to "0," this is a finding. + + + + fail + SV-106629 + V-97525 + CCI-001312 + Result : false +Tests : false (All child checks must be true.) + : false (Chrome Developer Tools Availability must be disallowed.) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:68006200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DeveloperToolsAvailability' +State ID : oval:mil.disa.stig.chrome:ste:68006200 (registry_state) +State Requirement : for check = 'all', type, at least one of the following must be true: +State Requirement : type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, at least one of the following must be true: +State Requirement : value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If the policy "DeveloperToolsAvailability" is not shown or is not set to "2", this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the key "DeveloperToolsAvailability" does not exist or is not set to "2", this is a finding. + + + + fail + SV-111829 + V-102867 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable Browser Guest Mode) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240069 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'BrowserGuestModeEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240069 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If BrowserGuestModeEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the BrowserGuestModeEnabled value name does not exist or its value data is not set to 0, this is a finding. + + + + fail + SV-111831 + V-102869 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable auto filling of credit card information) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240070 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'AutofillCreditCardEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240070 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If AutofillCreditCardEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the AutofillCreditCardEnabled value name does not exist or its value data is not set to 0, this is a finding. + + + + fail + SV-111833 + V-102871 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable AutoFill for addresses) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240071 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'AutofillAddressEnabled' +State ID : oval:mil.disa.stig.chrome:ste:240071 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If AutofillAddressEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the AutofillAddressEnabled value name does not exist or its value data is not set to 0, this is a finding. + + + + fail + SV-111835 + V-102873 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Disable Browser Guest Mode) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240072 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome' +Object Requirement : name must be equal to 'ImportAutofillFormData' +State ID : oval:mil.disa.stig.chrome:ste:240072 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If ImportAutofillFormData is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit +2. Navigate to HKLM\Software\Policies\Google\Chrome\ +3. If the ImportAutofillFormData value name does not exist or its value data is not set to 0, this is a finding. + + + + + fail + V-81583 + CCI-002450 + Result : false +Tests : false (All child checks must be true.) + : false (Minimum SSL version enabled is enabled and set to TLS 1.2) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:12400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Policies\Google\Chrome' +Object Requirement : name must be equal to 'SSLVersionMin' +State ID : oval:mil.disa.stig.chrome:ste:12400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to 'tls1.2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: + 1. In the omnibox (address bar) type chrome://policy + 2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.2", this is a finding. +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.2", this is a finding. + + + + fail + SV-34246 + V-26961 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Web Bluetooth API must be disabled.) + +--- + +Test ID : oval:navy.navwar.niwcatlantic.scc.chrome:tst:801 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : One and only one item may match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Policies\Google\Chrome' +Object Requirement : name must be equal to 'DefaultWebBluetoothGuardSetting' +State ID : oval:navy.navwar.niwcatlantic.chrome:ste:801 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy +2. If DefaultWebBluetoothGuardSetting is not displayed under the Policy Name column or it is not set to 2 under the Policy Value column, then this is a finding. + +Windows method: + 1. Start regedit + 2. Navigate to HKLM\Software\Policies\Google\Chrome\ + 3. If the DefaultWebBluetoothGuardSetting value name does not exist or its value data is not set to 2, then this is a finding. + + + + fail + CCI-001762 + Result : false +Tests : false (All child checks must be true.) + : false (Use of the QUIC protocol is disabled) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:13800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Policies\Google\Chrome' +Object Requirement : name must be equal to 'QuicAllowed' +State ID : oval:mil.disa.stig.chrome:ste:10 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Universal method: +1. In the omnibox (address bar), type chrome://policy. +2. If QuicAllowed is not displayed under the Policy Name column or it is not set to False under the Policy Value column, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\. +3. If the QuicAllowed value name does not exist or its value data is not set to 0, this is a finding. + + + + pass + CCI-000166 + Result : true +Tests : true (All child checks must be true.) + : true (Disable session only cookies) + +--- + +Test ID : oval:mil.disa.stig.chrome:tst:240045 (registry_test) +Result : true +Check Existence : No collected items may exist. +Check : Result is based on check existence only. +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls' + + + + + Universal method: +1. In the omnibox (address bar) type chrome://policy. +2. If the policy "CookiesSessionOnlyForUrls" exists and has any defined values, this is a finding. + +Windows method: +1. Start regedit. +2. Navigate to HKLM\Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls. +3. If this key exists and has any defined values, this is a finding. + + + 2.44 + 2.44 + 2.4390243902439 + 10 + 1 + 0 + + diff --git a/compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_IE_11_STIG-2.5.7.xml b/compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_IE_11_STIG-2.5.7.xml new file mode 100644 index 0000000..010e9fd --- /dev/null +++ b/compliance-scans/SOT-WIN2K22-01_SCC-5.8_2024-02-01_121035_XCCDF-Results_IE_11_STIG-2.5.7.xml @@ -0,0 +1,11170 @@ + + + + + accepted + Microsoft Internet Explorer 11 STIG SCAP Benchmark - NIWC Enhanced with Manual Questions + This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. + Portions of this document were developed at Naval Information Warfare Center Atlantic by employees of the Federal Government in the course of their official duties. Pursuant to title 17 Section 105 of the United States Code this software is not subject to copyright protection and is in the public domain. The Government assumes no responsibility whatsoever for its use by other parties, and the software is provided "AS IS" without warranty or guarantee of any kind, express or implied, including, but not limited to, the warranties of merchantability and of fitness for a particular purpose. In no event shall the Government be liable for any claim, damages or other liability, whether in an action of contract, tort or other dealings in the software. The Government has no obligation hereunder to provide maintenance, support, updates, enhancements, or modifications. We would appreciate acknowledgement if the software is used. This software can be redistributed and/or modified freely provided that any derivative works bear some notice that they are derived from it, and any modified versions bear some notice that they have been modified. + This content stream was enhanced with OCIL manual questions derived from the STIG Manual by the NIWC SCC team. +Timestamp: 2023-08-31T12:53:48 +Tool Version: 1.0 +STIG Manual Version: 2.4 +SCAP Benchmark Version: 2.5 +DISA Automated rules added: 134 +NIWC Automated rules added: 3 +Manual rules added: 0 + This data is metadata to be used for the creation of CKL reports. +version:--:2 +classification:--:UNCLASSIFIED +customname:--: +stigid:--:IE_11_STIG +description:--:This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. +filename:--:U_MS_IE11_V2R4_STIG_Manual-xccdf.xml +releaseinfo:--:Release: 4 Benchmark Date: 27 Apr 2023 +title:--:Microsoft Internet Explorer 11 Security Technical Implementation Guide +uuid:--: +notice:--: +source:--:STIG.DOD.MIL + + + DISA+NIWC + STIG.DOD.MIL + + Enhanced Content 2.5.7 Date: 2023-08-31, based on Release: 2.5 Benchmark Date: 27 Apr 2023 + 3.4.0.34222 + 1.10.0 + + 2.5.7 + + DISA + DISA + DISA + STIG.DOD.MIL + + + I - Mission Critical Classified + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + I - Mission Critical Public + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + I - Mission Critical Sensitive + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + II - Mission Support Classified + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + II - Mission Support Public + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + II - Mission Support Sensitive + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + III - Administrative Classified + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + III - Administrative Public + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + III - Administrative Sensitive + <ProfileDescription></ProfileDescription> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CAT I Only + This profile only includes rules that are Severity Category I. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_RestrictedSitesZone_LocalComputer_var + WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_InternetZone_LocalComputer_var + WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + UserdataPersistence_RestrictedSitesZone_LocalComputer_var + UserdataPersistence_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 3 + + + UserdataPersistence_InternetZone_LocalComputer_var + UserdataPersistence_InternetZone_LocalComputer_var + 3 + 0 + 3 + + + UsePop-upBlocker_RestrictedSitesZone_LocalComputer_var + UsePop-upBlocker_RestrictedSitesZone_LocalComputer_var + 0 + 0 + 1 + 3 + + + UsePop-upBlocker_InternetZone_LocalComputer_var + UsePop-upBlocker_InternetZone_LocalComputer_var + 0 + 0 + 1 + 3 + + + UseOnlyMachineSettings_LocalComputer_var + UseOnlyMachineSettings_LocalComputer_var + 1 + 1 + + + TurnonCrossSiteScriptingFilter_RestrictedSitesZone_LocalComputer_var + TurnonCrossSiteScriptingFilter_RestrictedSitesZone_LocalComputer_var + 0 + 0 + 3 + + + TurnoffManagingSmartScreenFilter_LocalComputer_var + TurnoffManagingSmartScreenFilter_LocalComputer_var + 1 + 0 + 1 + + + TurnOnProtectedMode_RestrictedSitesZone_LocalComputer_var + todo - description needed + 0 + 0 + 3 + + + TurnOnProtectedMode_InternetZone_LocalComputer_var + todo - description needed + 0 + 0 + 3 + + + TurnOffSecuritySettingsCheckFeature_LocalComputer_var + TurnOffSecuritySettingsCheckFeature_LocalComputer_var + 0 + 0 + 1 + + + TurnOffInPrivateBrowsing_LocalComputer_var + TurnOffInPrivateBrowsing_LocalComputer_var + 0 + 1 + 0 + + + TurnOffCrashDetection_LocalComputer_var + TurnOffCrashDetection_LocalComputer_var + 1 + 1 + + + ScriptingOfJavaApplets_RestrictedSitesZone_LocalComputer_var + ScriptingOfJavaApplets_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + ScriptActiveXControlsMarkedSafeForScripting_RestrictedSitesZone_LocalComputer_var + ScriptActiveXControlsMarkedSafeForScripting_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + RunNETFrameworkReliantComponentsSignedWithAuthenticode_RestrictedSitesZone_LocalComputer_var + RunNETFrameworkReliantComponentsSignedWithAuthenticode_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + RunNETFrameworkReliantComponentsSignedWithAuthenticode_InternetZone_LocalComputer_var + RunNETFrameworkReliantComponentsSignedWithAuthenticode_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_RestrictedSitesZone_LocalComputer_var + RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_InternetZone_LocalComputer_var + RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + RunActiveXControlsAndPlugins_RestrictedSitesZone_LocalComputer_var + RunActiveXControlsAndPlugins_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + PreventDeletingWebsitesthattheUserhasVisited_LocalComputer_var + PreventDeletingWebsitesthattheUserhasVisited_LocalComputer_var + 0 + 1 + 0 + + + OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_RestrictedSitesZone_LocalComputer_var + OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_RestrictedSitesZone_LocalComputer_var + 3 + 3 + 0 + + + OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_InternetZone_LocalComputer_var + OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_InternetZone_LocalComputer_var + 3 + 3 + 0 + + + NavigateSub-framesAcrossDifferentDomains_RestrictedSitesZone_LocalComputer_var + NavigateSub-framesAcrossDifferentDomains_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + LooseXAMLFiles_RestrictedSitesZone_LocalComputer_var + LooseXAMLFiles_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + LooseXAMLFiles_InternetZone_LocalComputer_var + LooseXAMLFiles_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + LogonOptions_RestrictedSitesZone_LocalComputer_var + LogonOptions_RestrictedSitesZone_LocalComputer_var + 196608 + 0 + 65536 + 131072 + 196608 + + + LogonOptions_InternetZone_LocalComputer_var + LogonOptions_InternetZone_LocalComputer_var + 65536 + 0 + 65536 + 131072 + 196608 + + + LaunchingProgramsAndUnsafeFiles_RestrictedSitesZone_LocalComputer_var + LaunchingProgramsAndUnsafeFiles_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + LaunchingProgramsAndUnsafeFiles_InternetZone_LocalComputer_var + LaunchingProgramsAndUnsafeFiles_InternetZone_LocalComputer_var + 1 + 0 + 1 + 3 + + + LaunchingApplicationsAndFilesInIFRAME_RestrictedSitesZone_LocalComputer_var + LaunchingApplicationsAndFilesInIFRAME_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + LaunchingApplicationsAndFilesInIFRAME_InternetZone_LocalComputer_var + LaunchingApplicationsAndFilesInIFRAME_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + JavaPermissions_RestrictedSitesZone_LocalComputer_var + JavaPermissions_RestrictedSitesZone_LocalComputer_var + 0 + 0 + 65536 + 131072 + 196608 + 8388608 + + + JavaPermissions_LockedDownTrustedSitesZone_LocalComputer_var + JavaPermissions_LockedDownTrustedSitesZone_LocalComputer_var + 0 + 0 + 65536 + 131072 + 196608 + 8388608 + + + JavaPermissions_LockedDownRestrictedSitesZone_LocalComputer_var + JavaPermissions_LockedDownRestrictedSitesZone_LocalComputer_var + 0 + 0 + 65536 + 131072 + 196608 + 8388608 + + + JavaPermissions_LockedDownLocalMachineZone_LocalComputer_var + JavaPermissions_LockedDownLocalMachineZone_LocalComputer_var + 0 + 0 + 65536 + 131072 + 196608 + 8388608 + + + JavaPermissions_LockedDownIntranetZone_LocalComputer_var + JavaPermissions_LockedDownIntranetZone_LocalComputer_var + 0 + 0 + 65536 + 131072 + 196608 + 8388608 + + + JavaPermissions_LocalMachineZone_LocalComputer_var + JavaPermissions_LocalMachineZone_LocalComputer_var + 0 + 0 + 65536 + 131072 + 196608 + 8388608 + + + InitializeScriptActiveXControlsNotMarkedAsSafe_RestrictedSitesZone_LocalComputer_var + InitializeScriptActiveXControlsNotMarkedAsSafe_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + InitializeScriptActiveXControlsNotMarkedAsSafe_InternetZone_LocalComputer_var + InitializeScriptActiveXControlsNotMarkedAsSafe_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + IncludeLocalDirectoryPathWhenUploadingFilesToAServer_RestrictedSitesZone_LocalComputer_var + IncludeLocalDirectoryPathWhenUploadingFilesToAServer_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 3 + + + IncludeLocalDirectoryPathWhenUploadingFilesToAServer_InternetZone_LocalComputer_var + IncludeLocalDirectoryPathWhenUploadingFilesToAServer_InternetZone_LocalComputer_var + 3 + 0 + 3 + + + IncludeAllNetworkPaths_LocalComputer_var + IncludeAllNetworkPaths_LocalComputer_var + 0 + 0 + 1 + + + DownloadUnsignedActiveXControls_RestrictedSitesZone_LocalComputer_var + DownloadUnsignedActiveXControls_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + DownloadUnsignedActiveXControls_InternetZone_LocalComputer_var + DownloadUnsignedActiveXControls_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + DownloadSignedActiveXControls_RestrictedSitesZone_LocalComputer_var + DownloadSignedActiveXControls_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + DownloadSignedActiveXControls_InternetZone_LocalComputer_var + DownloadSignedActiveXControls_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + DoNotAllowUsersChangePolicies_LocalComputer_var + DoNotAllowUsersChangePolicies_LocalComputer_var + 1 + 1 + + + DoNotAllowUsersAddDeleteSites_LocalComputer_var + DoNotAllowUsersAddDeleteSites_LocalComputer_var + 1 + 1 + + + ConfigureDeleteBrowsingHistoryonexit_LocalComputer_var + ConfigureDeleteBrowsingHistoryonexit_LocalComputer_var + 0 + 0 + 1 + + + Check for signatures on downloaded programs - Local Computer - variable + Check for Signature on Downloaded Programs - Local Computer - variable + yes + no + yes + + + Check for Server Certificate Revocation - Local Computer - variable + Check for Server Certificate Revocation - Local Computer - variable + 1 + 0 + 1 + + + AutomaticPromptingFileDownloads_InternetZone_LocalComputer_var + AutomaticPromptingFileDownloads_InternetZone_LocalComputer_var + 3 + 0 + 3 + + + Allow Software to Run or Install Even if the Signature is Invalid - Local Computer - variable + Allow Software to Run or Install Even if the Signature is Invalid - Local Computer - variable + 0 + 0 + 1 + + + AllowScriptlets_RestrictedSitesZone_LocalComputer_var + AllowScriptlets_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 3 + + + AllowScriptlets_InternetZone_LocalComputer_var + AllowScriptlets_InternetZone_LocalComputer_var + 3 + 0 + 3 + + + AllowScriptingOfInternetExplorerWebBrowserControl_RestrictedSitesZone_LocalComputer_var + AllowScriptingOfInternetExplorerWebBrowserControl_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 3 + + + AllowScriptingOfInternetExplorerWebBrowserControl_InternetZone_LocalComputer_var + AllowScriptingOfInternetExplorerWebBrowserControl_InternetZone_LocalComputer_var + 3 + 0 + 3 + + + AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_RestrictedSitesZone_LocalComputer_var + AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 3 + + + AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_InternetZone_LocalComputer_var + AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_InternetZone_LocalComputer_var + 3 + 0 + 3 + + + AllowMETAREFRESH_RestrictedSitesZone_LocalComputer_var + AllowMETAREFRESH_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AllowFileDownloads_RestrictedSitesZone_LocalComputer_var + AllowFileDownloads_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AllowDragDropOrCopyPasteFiles_RestrictedSitesZone_LocalComputer_var + AllowDragDropOrCopyPasteFiles_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AllowDragDropOrCopyPasteFiles_InternetZone_LocalComputer_var + AllowDragDropOrCopyPasteFiles_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AllowCutCopyPasteOperationsFromClipboardViaScript_RestrictedSitesZone_LocalComputer_var + AllowCutCopyPasteOperationsFromClipboardViaScript_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AllowCutCopyPasteOperationsFromClipboardViaScript_InternetZone_LocalComputer_var + AllowCutCopyPasteOperationsFromClipboardViaScript_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AllowBinaryAndScriptBehaviors_RestrictedSitesZone_LocalComputer_var + AllowBinaryAndScriptBehaviors_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AllowApprovedDomainsToUseTDCActiveXControl_RestrictedSitesZone_LocalComputer_var + AllowApprovedDomainsToUseTDCActiveXControl_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 3 + + + AllowApprovedDomainsToUseTDCActiveXControl_InternetZone_LocalComputer_var + AllowApprovedDomainsToUseTDCActiveXControl_InternetZone_LocalComputer_var + 3 + 0 + 3 + + + AllowActiveScripting_RestrictedSitesZone_LocalComputer_var + AllowActiveScripting_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AccessDataSourcesAcrossDomains_RestrictedSitesZone_LocalComputer_var + AccessDataSourcesAcrossDomains_RestrictedSitesZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + AccessDataSourcesAcrossDomains_InternetZone_LocalComputer_var + AccessDataSourcesAcrossDomains_InternetZone_LocalComputer_var + 3 + 0 + 1 + 3 + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI015-IE11 + The Internet Explorer warning about certificate address mismatch must be enforced. + <VulnDiscussion>This parameter warns users if the certificate being presented by the website is invalid. Since server certificates are used to validate the identity of the web server it is critical to warn the user of a potential issue with the certificate being presented by the web server. This setting aids to prevent spoofing attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59339 + V-46475 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page 'Turn on certificate address mismatch warning' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page 'Turn on certificate address mismatch warning' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "WarnOnBadCertRecving" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000175 + <GroupDescription></GroupDescription> + + DTBI018-IE11 + Check for publishers certificate revocation must be enforced. + <VulnDiscussion>Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated. + +Satisfies: SRG-APP-000605</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59341 + V-46477 + CCI-000185 + If the system is on the SIPRNet, this requirement is NA. + +Open Internet Explorer. +From the menu bar, select "Tools". +From the "Tools" drop-down menu, select "Internet Options". From the "Internet Options" window, select the "Advanced" tab from the "Advanced" tab window, scroll down to the "Security" category, and select the "Check for publisher's certificate revocation" box. + +Note: Manual entry in the registry key: + +HKCU\Software\Microsoft\Windows\Current Version\WinTrust\Trust Providers\Software Publishing for the value "State", set to "REG_DWORD = 23C00", may first be required. + + + + If the system is on the SIPRNet, this requirement is NA. + +Open Internet Explorer. +From the menu bar, select "Tools". +From the "Tools" drop-down menu, select "Internet Options". From the "Internet Options" window, select the "Advanced" tab, from the "Advanced" tab window, scroll down to the "Security" category, and verify the "Check for publisher's certificate revocation" box is selected. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing Criteria + +If the value "State" is "REG_DWORD = 23C00", this is not a finding. + + + + + + + + + + + SRG-APP-000209 + <GroupDescription></GroupDescription> + + DTBI022-IE11 + The Download signed ActiveX controls property must be disallowed (Internet zone). + <VulnDiscussion>Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. Signed code is better than unsigned code in that it may be easier to determine its author, but it is still potentially harmful, especially when coming from an untrusted zone. This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by untrusted publishers. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed controls cannot be downloaded.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59345 + V-46481 + CCI-001169 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Download signed ActiveX controls' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Download signed ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1001" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000209 + <GroupDescription></GroupDescription> + + DTBI023-IE11 + The Download unsigned ActiveX controls property must be disallowed (Internet zone). + <VulnDiscussion>Unsigned code is potentially harmful, especially when coming from an untrusted zone. This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. If you enable this policy setting, users can run unsigned controls without user intervention. If you select "Prompt" in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59347 + V-46483 + CCI-001169 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Download unsigned ActiveX controls' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Download unsigned ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1004" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI024-IE11 + The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone). + <VulnDiscussion>ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. This increases the risk of malicious code being loaded and executed by the browser. If you enable this policy setting, ActiveX controls are run, loaded with parameters and scripted without setting object safety for untrusted data or scripts. If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. This setting is not recommended, except for secure and administered zones.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59365 + V-46501 + CCI-001170 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Initialize and script ActiveX controls not marked as safe' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Initialize and script ActiveX controls not marked as safe' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI031-IE11 + The Java permissions must be disallowed (Internet zone). + <VulnDiscussion>Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59371 + V-46507 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Java permissions' to 'Enabled', and select 'Disable Java' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI032-IE11 + Accessing data sources across domains must be disallowed (Internet zone). + <VulnDiscussion>The ability to access data zones across domains could cause the user to unknowingly access content hosted on an unauthorized server. Access to data sources across multiple domains must be controlled based upon the site being browsed. This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59373 + V-46509 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Access data sources across domains' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Access data sources across domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1406" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI036-IE11 + Functionality to drag and drop or copy and paste files must be disallowed (Internet zone). + <VulnDiscussion>Content hosted on sites located in the Internet zone are likely to contain malicious payloads and therefore this feature should be blocked for this zone. Drag and drop or copy and paste files must have a level of protection based upon the site being accessed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59375 + V-46511 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow drag and drop or copy and paste files' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow drag and drop or copy and paste files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value for "1802" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI038-IE11 + Launching programs and files in IFRAME must be disallowed (Internet zone). + <VulnDiscussion>This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Launching of programs in IFRAME must have a level of protection based upon the site being accessed. If you enable this policy setting, applications can run and files can be downloaded from IFRAMEs on the pages in this zone without user intervention. If you disable this setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59377 + V-46513 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Launching applications and files in an IFRAME' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Launching applications and files in an IFRAME' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1804" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI039-IE11 + Navigating windows and frames across different domains must be disallowed (Internet zone). + <VulnDiscussion>Frames that navigate across different domains are a security concern, because the user may think they are accessing pages on one site while they are actually accessing pages on another site. It is possible that a website hosting malicious content could use this feature in a manner similar to cross-site scripting (XSS). This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59379 + V-46515 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Navigate windows and frames across different domains' to 'Enabled', and select 'Disable' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Navigate windows and frames across different domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3 Criteria: If the value "1607" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000231 + <GroupDescription></GroupDescription> + + DTBI042-IE11 + Userdata persistence must be disallowed (Internet zone). + <VulnDiscussion>Userdata persistence must have a level of protection based upon the site being accessed. It is possible for sites hosting malicious content to exploit this feature as part of an attack against visitors browsing the site. This policy setting allows you to manage the preservation of information in the browser's history, in Favorites, in an XML store, or directly within a web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is not appropriately configured. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59381 + V-46517 + CCI-001199 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Userdata persistence' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Userdata persistence' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1606" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI044-IE11 + Clipboard operations via script must be disallowed (Internet zone). + <VulnDiscussion>A malicious script could use the clipboard in an undesirable manner, for example, if the user had recently copied confidential information to the clipboard while editing a document, a malicious script could harvest that information. It might be possible to exploit other vulnerabilities in order to send the harvested data to the attacker. Allow paste operations via script must have a level of protection based upon the site being accessed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59385 + V-46521 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow cut, copy or paste operations from the clipboard via script' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow cut, copy or paste operations from the clipboard via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1407" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000219 + <GroupDescription></GroupDescription> + + DTBI046-IE11 + Logon options must be configured to prompt (Internet zone). + <VulnDiscussion>Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate servers with those captured credentials. Care must be taken with user credentials, automatic logon performance, and how default Windows credentials are passed to the websites. This policy setting allows management of settings for logon options. If you enable this policy setting, you can choose from varying logon options. “Anonymous logon” disables HTTP authentication and uses the guest account only for the Common Internet File System (CIFS) protocol. “Prompt for user name and password” queries users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session. “Automatic logon only in Intranet zone” queries users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. “Automatic logon with current user name and password” attempts logon using Windows NT Challenge Response. If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for login. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setting, logon is set to “Automatic logon only in Intranet zone”. If you do not configure this policy setting, logon is set to “Automatic logon only in Intranet zone”. The most secure option is to configure this setting to “Enabled”; “Anonymous logon”, but configuring this setting to “Enabled”; “Prompt for user name and password”, provides a reasonable balance between security and usability.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59387 + V-46523 + CCI-001184 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Logon options' to 'Enabled', and select 'Prompt for user name and password' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Logon options' must be 'Enabled', and 'Prompt for user name and password' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1A00" is REG_DWORD = 65536 (decimal), this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI061-IE11 + Java permissions must be configured with High Safety (Intranet zone). + <VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59389 + V-46525 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Intranet Zone -> 'Java permissions' to 'Enabled', and select 'High Safety' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Intranet Zone -> 'Java permissions' must be 'Enabled', and 'High Safety' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Criteria: If the value "1C00" is REG_DWORD = 65536, (Decimal), this is not a finding. + + + + + + + + + + + SRG-APP-000207 + <GroupDescription></GroupDescription> + + DTBI062-IE11 + Anti-Malware programs against ActiveX controls must be run for the Intranet zone. + <VulnDiscussion>This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, Internet Explorer always checks with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59865 + V-46999 + CCI-001662 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Intranet Zone 'Don't run antimalware programs against ActiveX controls' to 'Enabled' and select 'Disable' in the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Intranet Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI091-IE11 + Java permissions must be configured with High Safety (Trusted Sites zone). + <VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59407 + V-46543 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Trusted Sites Zone -> 'Java permissions' to 'Enabled', and select 'High Safety' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Trusted Sites Zone -> 'Java permissions' must be 'Enabled', and 'High Safety' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Criteria: If the value "1C00" is REG_DWORD = 65536, (Decimal), this is not a finding. + + + + + + + + + + + SRG-APP-000207 + <GroupDescription></GroupDescription> + + DTBI092-IE11 + Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone. + <VulnDiscussion>This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, Internet Explorer always checks with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59875 + V-47009 + CCI-001662 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Trusted Sites Zone 'Don't run antimalware programs against ActiveX controls' to 'Enabled' and select 'Disable' in the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Trusted Sites Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI1000-IE11 + Dragging of content from different domains within a window must be disallowed (Internet zone). + <VulnDiscussion>This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. If you enable this policy setting, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. If you disable this policy setting, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog box. If you do not configure this policy setting, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog box.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59409 + V-46545 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Internet Zone 'Enable dragging of content from different domains within a window' to 'Enabled', and select 'Disabled' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Internet Zone 'Enable dragging of content from different domains within a window' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2708" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI1005-IE11 + Dragging of content from different domains across windows must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. If you enable this policy setting, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. If you enable this policy setting, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. If you do not configure this policy setting, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog box.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59411 + V-46547 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Restricted Sites Zone 'Enable dragging of content from different domains across windows' to 'Enabled', and select 'Disabled' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Restricted Sites Zone 'Enable dragging of content from different domains across windows' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2709" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000112 + <GroupDescription></GroupDescription> + + DTBI1010-IE11 + Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer). + <VulnDiscussion>Users often choose to install software such as ActiveX controls that are not permitted by their organization's security policy. Such software can pose significant security and privacy risks to networks. This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting, prompts for ActiveX control installations will be blocked for Internet Explorer processes. If you disable this policy setting, prompts for ActiveX control installations will not be blocked and these prompts will be displayed to users. If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59413 + V-46549 + CCI-001695 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000112 + <GroupDescription></GroupDescription> + + DTBI1020-IE11 + Internet Explorer Processes Restrict ActiveX Install must be enforced (iexplore). + <VulnDiscussion>Users often choose to install software such as ActiveX controls that are not permitted by their organization's security policy. Such software can pose significant security and privacy risks to networks. This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting, prompts for ActiveX control installations will be blocked for Internet Explorer processes. If you disable this policy setting, prompts for ActiveX control installations will not be blocked and these prompts will be displayed to users. If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59417 + V-46553 + CCI-001695 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI1025-IE11 + Dragging of content from different domains within a window must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. If you enable this policy setting, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting. If you disable this policy setting, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog box. If you do not configure this policy setting, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog box.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59419 + V-46555 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Restricted Sites Zone 'Enable dragging of content from different domains within a window' to 'Enabled', and select 'Disabled' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Restricted Sites Zone 'Enable dragging of content from different domains within a window' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2708" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000207 + <GroupDescription></GroupDescription> + + DTBI1046-IE11 + Anti-Malware programs against ActiveX controls must be run for the Internet zone. + <VulnDiscussion>This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, Internet Explorer always checks with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59863 + V-46997 + CCI-001662 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Internet Zone 'Don't run antimalware programs against ActiveX controls' to 'Enabled' and select 'Disable' in the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Internet Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000207 + <GroupDescription></GroupDescription> + + DTBI1051-IE11 + Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone. + <VulnDiscussion>This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, Internet Explorer always checks with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59871 + V-47005 + CCI-001662 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Don't run antimalware programs against ActiveX controls' to 'Enabled' and select 'Disable' in the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000278 + <GroupDescription></GroupDescription> + + DTBI1060-IE11 + Prevent bypassing SmartScreen Filter warnings must be enabled. + <VulnDiscussion>This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious. If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79201 + V-64711 + CCI-001242 + If the system is on the SIPRNet, this requirement is NA. + +Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent bypassing SmartScreen Filter warnings” to ”Enabled”. + + + + If the system is on the SIPRNet, this requirement is NA. + +The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent bypassing SmartScreen Filter warnings” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter. + +Criteria: If the value "PreventOverride" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + SRG-APP-000209 + <GroupDescription></GroupDescription> + + DTBI1065-IE11 + Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled. + <VulnDiscussion>This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the internet. If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79203 + V-64713 + CCI-001169 + If the system is on the SIPRNet, this requirement is NA. + +Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet” to ”Enabled”. + + + + If the system is on the SIPRNet, this requirement is NA. + +The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter. + +Criteria: If the value "PreventOverrideAppRepUnknown" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI1070-IE11 + Prevent per-user installation of ActiveX controls must be enabled. + <VulnDiscussion>This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79205 + V-64715 + CCI-001170 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent per-user installation of ActiveX controls” to ”Enabled”. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent per-user installation of ActiveX controls” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX. + +Criteria: If the value "BlockNonAdminActiveXInstall" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + SRG-APP-000427 + <GroupDescription></GroupDescription> + + DTBI1075-IE11 + Prevent ignoring certificate errors option must be enabled. + <VulnDiscussion>This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as “expired”, “revoked”, or “name mismatch” errors) in Internet Explorer. If you enable this policy setting, the user cannot continue browsing. If you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79207 + V-64717 + CCI-002470 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> ”Prevent ignoring certificate errors” to ”Enabled”. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> ”Prevent ignoring certificate errors” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings. + +Criteria: If the value "PreventIgnoreCertErrors" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + SRG-APP-000278 + <GroupDescription></GroupDescription> + + DTBI1080-IE11 + Turn on SmartScreen Filter scan option for the Internet Zone must be enabled. + <VulnDiscussion>This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79209 + V-64719 + CCI-001242 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> ”Turn on SmartScreen Filter scan” to ”Enabled”, and select ”Enable” from the drop-down box. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> ”Turn on SmartScreen Filter scan” must be ”Enabled” and ”Enable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3. + +Criteria: If the value "2301" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + SRG-APP-000278 + <GroupDescription></GroupDescription> + + DTBI1085-IE11 + Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled. + <VulnDiscussion>This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79211 + V-64721 + CCI-001242 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> ”Turn on SmartScreen Filter scan” to ”Enabled”, and select ”Enable” from the drop-down box. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> ”Turn on SmartScreen Filter scan” must be ”Enabled” and ”Enable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4. + +Criteria: If the value "2301" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI1090-IE11 + The Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone). + <VulnDiscussion>ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. This increases the risk of malicious code being loaded and executed by the browser. If you enable this policy setting, ActiveX controls are run, loaded with parameters and scripted without setting object safety for untrusted data or scripts. If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. This setting is not recommended, except for secure and administered zones.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79213 + V-64723 + CCI-001170 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Intranet Zone >> ”Initialize and script ActiveX controls not marked as safe” to ”Enabled”, and select ”Disable” from the drop-down box. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Intranet Zone >> ”Initialize and script ActiveX controls not marked as safe” must be ”Enabled” and ”Disable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1. + +Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI1095-IE11 + The Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone). + <VulnDiscussion>ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. This increases the risk of malicious code being loaded and executed by the browser. If you enable this policy setting, ActiveX controls are run, loaded with parameters and scripted without setting object safety for untrusted data or scripts. If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. This setting is not recommended, except for secure and administered zones.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79215 + V-64725 + CCI-001170 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Trusted Sites Zone >> ”Initialize and script ActiveX controls not marked as safe” to ”Enabled”, and select ”Disable” from the drop-down box. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Trusted Sites Zone >> ”Initialize and script ActiveX controls not marked as safe” must be ”Enabled” and ”Disable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2. + +Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI1105-IE11 + Run once selection for running outdated ActiveX controls must be disabled. + <VulnDiscussion>This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very important to keep ActiveX controls up to date because malicious or compromised webpages can target security flaws in out-of-date ActiveX controls.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-87395 + V-72757 + CCI-000381 + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, set "Remove the Run this time button for outdated ActiveX controls in IE" to "Enabled". + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, verify "Remove the Run this time button for outdated ActiveX controls in IE" is set to “Enabled”. + +Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext + +If the value "RunThisTimeEnabled" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI1110-IE11 + Enabling outdated ActiveX controls for Internet Explorer must be blocked. + <VulnDiscussion>This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very important to keep ActiveX controls up to date because malicious or compromised webpages can target security flaws in out-of-date ActiveX controls.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-87397 + V-72759 + CCI-000381 + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, set "Turn off blocking of outdated ActiveX controls for Internet Explorer" to "Disabled". + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, verify "Turn off blocking of outdated ActiveX controls for Internet Explorer" is set to “Disabled”. + +Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext + +If the value "VersionCheckEnabled" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI1115-IE11 + Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone. + <VulnDiscussion>This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the Internet and Restricted Sites security zones. If you enable this policy setting, users will not be able to run the TDC ActiveX control from all sites in the specified zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-87399 + V-72761 + CCI-000381 + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Pane >> Security Page >> Internet Zone, set the "Allow only approved domains to use the TDC ActiveX control" to “Enabled”. + +In the Options window, select "Enable" from the “Only allow approved domains to use the TDC ActiveX control" drop-down box. + + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone, verify "Allow only approved domains to use the TDC ActiveX control" is “Enabled”. + +In the Options window, verify the “Only allow approved domains to use the TDC ActiveX control" drop-down box is set to “Enable”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 + +Criteria: + +If the value "120c" is REG_DWORD = “3”, this is not a finding. + + + + + + + + + + + + + SRG-APP-000209 + <GroupDescription></GroupDescription> + + DTBI112-IE11 + The Download signed ActiveX controls property must be disallowed (Restricted Sites zone). + <VulnDiscussion>ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. Signed code is better than unsigned code in that it may be easier to determine its author, but it is still potentially harmful, especially when coming from an untrusted zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59437 + V-46573 + CCI-001169 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Download signed ActiveX controls' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Download signed ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1001" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI1120-IE11 + Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone. + <VulnDiscussion>This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the Internet and Restricted Sites security zones. If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-87401 + V-72763 + CCI-000381 + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone, set the "Allow only approved domains to use the TDC ActiveX control" to “Enabled”. + +In the Options windows, select "Enable" from the “Only allow approved domains to use the TDC ActiveX control" drop-down box. + + + + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone, verify "Allow only approved domains to use the TDC ActiveX control" is “Enabled”. + +In the Options window, verify the “Only allow approved domains to use the TDC ActiveX control" drop-down box is set to “Enable”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 + +Criteria: + +If the value "120c" is REG_DWORD = “3”, this is not a finding. + + + + + + + + + + + + + SRG-APP-000209 + <GroupDescription></GroupDescription> + + DTBI1125-IE11 + VBScript must not be allowed to run in Internet Explorer (Internet zone). + <VulnDiscussion>This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without user intervention. By selecting "Prompt" in the drop-down box, users are asked to choose whether to allow VBScript to run. By selecting "Disable" in the drop-down box, VBScript is prevented from running. If this policy setting is not configured or disabled, VBScript will run without user intervention.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-89849 + V-75169 + CCI-001169 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> "Allow VBScript to run in Internet Explorer" to "Enabled" and select "Disable" from the drop-down box. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> "Allow VBScript to run in Internet Explorer" must be "Enabled", and "Disable" must be selected from the drop-down box. + +Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 + +If the value for "140C" is not REG_DWORD = 3, this is a finding. + + + + + + + + + + + SRG-APP-000209 + <GroupDescription></GroupDescription> + + DTBI113-IE11 + The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone). + <VulnDiscussion>Unsigned code is potentially harmful, especially when coming from an untrusted zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. They must also be digitally signed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59439 + V-46575 + CCI-001169 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Download unsigned ActiveX controls' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Download unsigned ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1004" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000209 + <GroupDescription></GroupDescription> + + DTBI1130-IE11 + VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone). + <VulnDiscussion>This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without user intervention. By selecting "Prompt" in the drop-down box, users are asked to choose whether to allow VBScript to run. By selecting "Disable" in the drop-down box, VBScript is prevented from running. If this policy setting is not configured or disabled, VBScript will run without user intervention.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-89851 + V-75171 + CCI-001169 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> "Allow VBScript to run in Internet Explorer" to "Enabled" and select "Disable" from the drop-down box. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> "Allow VBScript to run in Internet Explorer" must be "Enabled", and "Disable" must be selected from the drop-down box. + +Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 + +If the value for "140C" is not REG_DWORD = 3, this is a finding. + + + + + + + + + + + SRG-APP-000266 + <GroupDescription></GroupDescription> + + DTBI1135-IE11 + Internet Explorer Development Tools Must Be Disabled. + <VulnDiscussion>While the risk associated with browser development tools is more related to the proper design of a web application, a risk vector remains within the browser. The developer tools allow end users and application developers to view and edit all types of web application related data via the browser. Page elements, source code, javascript, API calls, application data, etc. may all be viewed and potentially manipulated. Manipulation could be useful for troubleshooting legitimate issues, and this may be performed in a development environment. Manipulation could also be malicious and must be addressed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-106631 + V-97527 + CCI-001312 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Toolbars >> “Turn off Developer Tools” to “Enabled”. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Toolbars >> “Turn off Developer Tools” must be “Enabled”. +Procedure: Use the Windows Registry Editor to navigate to the following key: HKEY_LOCAL_Machine\SOFTWARE\Policies\Microsoft\Internet Explorer\IEDevTools +Criteria: If the value "Disabled" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI114-IE11 + The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone). + <VulnDiscussion>ActiveX controls not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59441 + V-46577 + CCI-001170 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Initialize and script ActiveX controls not marked as safe' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Initialize and script ActiveX controls not marked as safe' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI115-IE11 + ActiveX controls and plug-ins must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. ActiveX controls not marked as safe should not be executed. If you enable this policy setting, controls and plug-ins can run without user intervention. If you disable this policy setting, controls and plug-ins are prevented from running.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59443 + V-46579 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run ActiveX controls and plugins' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run ActiveX controls and plugins' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1200" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI116-IE11 + ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows management of whether ActiveX controls marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically without user intervention. ActiveX controls not marked as safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59445 + V-46581 + CCI-001170 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Script ActiveX controls marked safe for scripting' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Script ActiveX controls marked safe for scripting' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1405" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI119-IE11 + File downloads must be disallowed (Restricted Sites zone). + <VulnDiscussion>Sites located in the Restricted Sites Zone are more likely to contain malicious payloads and therefore downloads from this zone should be blocked. Files should not be able to be downloaded from sites that are considered restricted. This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59447 + V-46583 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow file downloads' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow file downloads' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1803" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI121-IE11 + Java permissions must be disallowed (Restricted Sites zone). + <VulnDiscussion>Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59451 + V-46587 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Java permissions' to 'Enabled', and select 'Disable Java' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI122-IE11 + Accessing data sources across domains must be disallowed (Restricted Sites zone). + <VulnDiscussion>The ability to access data zones across domains could cause the user to unknowingly access content hosted on an unauthorized server. This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59453 + V-46589 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Access data sources across domains' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Access data sources across domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1406" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI123-IE11 + The Allow META REFRESH property must be disallowed (Restricted Sites zone). + <VulnDiscussion>It is possible that users will unknowingly be redirected to a site hosting malicious content. 'Allow META REFRESH' must have a level of protection based upon the site being browsed. This policy setting allows you to manage whether a user's browser can be redirected to another web page if the author of the web page uses the Meta Refresh setting to redirect browsers to another web page.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59455 + V-46591 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow META REFRESH' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow META REFRESH' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1608" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI126-IE11 + Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone). + <VulnDiscussion>Content hosted on sites located in the Restricted Sites zone are more likely to contain malicious payloads and therefore this feature should be blocked for this zone. Drag and drop or copy and paste files must have a level of protection based upon the site being accessed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59457 + V-46593 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow drag and drop or copy and paste files' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow drag and drop or copy and paste files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1802" is REG_DWORD=3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI128-IE11 + Launching programs and files in IFRAME must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Launching of programs in IFRAME must have a level of protection based upon the site being accessed. If you enable this policy setting, applications can run and files can be downloaded from IFRAMEs on the pages in this zone without user intervention. If you disable this setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59461 + V-46597 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Launching applications and files in an IFRAME' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Launching applications and files in an IFRAME' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1804" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI129-IE11 + Navigating windows and frames across different domains must be disallowed (Restricted Sites zone). + <VulnDiscussion>Frames navigating across different domains are a security concern, because the user may think they are accessing pages on one site while they are actually accessing pages on another site. It is possible that a website hosting malicious content could use this feature in a manner similar to cross-site scripting (XSS). This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59463 + V-46599 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Navigate windows and frames across different domains' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Navigate windows and frames across different domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1607" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000231 + <GroupDescription></GroupDescription> + + DTBI132-IE11 + Userdata persistence must be disallowed (Restricted Sites zone). + <VulnDiscussion>Userdata persistence must have a level of protection based upon the site being accessed. This policy setting allows you to manage the preservation of information in the browser's history, in Favorites, in an XML store, or directly within a web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is not appropriately configured.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59465 + V-46601 + CCI-001199 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Userdata persistence' to 'Enabled', and select 'Disable' from the drop-down box + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Userdata persistence' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1606" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI133-IE11 + Active scripting must be disallowed (Restricted Sites Zone). + <VulnDiscussion>Active scripts hosted on sites located in this zone are more likely to contain malicious code. Active scripting must have a level of protection based upon the site being accessed. This policy setting allows you to manage whether script code on pages in the zone are run.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59467 + V-46603 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow active scripting' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow active scripting' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1400" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI134-IE11 + Clipboard operations via script must be disallowed (Restricted Sites zone). + <VulnDiscussion>A malicious script could use the clipboard in an undesirable manner, for example, if the user had recently copied confidential information to the clipboard while editing a document, a malicious script could harvest that information. It might be possible to exploit other vulnerabilities in order to send the harvested data to the attacker. Allow paste operations via script must have a level of protection based upon the site being accessed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59469 + V-46605 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow cut, copy or paste operations from the clipboard via script' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow cut, copy or paste operations from the clipboard via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1407" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000219 + <GroupDescription></GroupDescription> + + DTBI136-IE11 + Logon options must be configured and enforced (Restricted Sites zone). + <VulnDiscussion>Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate servers with those captured credentials. Care must be taken with user credentials, automatic logon performance, and how default Windows credentials are passed to the websites. This policy setting allows management of settings for logon options. If you enable this policy setting, you can choose from varying logon options. “Anonymous logon” disables HTTP authentication and uses the guest account only for the Common Internet File System (CIFS) protocol. “Prompt for user name and password” queries users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session. “Automatic logon only in Intranet zone” queries users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. “Automatic logon with current user name and password” attempts logon using Windows NT Challenge Response. If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for login. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setting, logon is set to “Automatic logon only in Intranet zone”. If you do not configure this policy setting, logon is set to “Automatic logon only in Intranet zone”. The most secure option is to configure this setting to “Enabled”; “Anonymous logon”. This will prevent users from submitting credentials to servers in this security zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59471 + V-46607 + CCI-001184 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Logon options' to 'Enabled', and select 'Anonymous logon' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Logon options' must be 'Enabled', and 'Anonymous logon' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1A00" is REG_DWORD = 196608 (decimal), this is not a finding. + + + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBI300-IE11 + Configuring History setting must be set to 40 days. + <VulnDiscussion>This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. The delete Browsing History option can be accessed using Tools, Internet Options, "General" tab, and then click Settings under Browsing History. If you enable this policy setting, a user cannot set the number of days that Internet Explorer keeps track of the pages viewed in the History List. The number of days that Internet Explorer keeps track of the pages viewed in the History List must be specified. Users will not be able to delete browsing history. If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History List. Users can delete browsing history.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59473 + V-46609 + CCI-000169 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Disable Configuring History' to 'Enabled', and enter '40' in 'Days to keep pages in History'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Disable Configuring History' must be 'Enabled', and '40' entered in 'Days to keep pages in History'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel Criteria: If the value "History" is REG_DWORD = 1, this is not a finding. AND Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History Criteria: If the value "DaysToKeep" is REG_DWORD = 40 (decimal), this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI318-IE11 + Internet Explorer must be set to disallow users to add/delete sites. + <VulnDiscussion>This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system. If you do not configure this policy setting, users will be able to add or remove sites from the Trusted Sites and Restricted Sites zones at will and change settings in the Local Intranet zone. This configuration could allow sites that host malicious mobile code to be added to these zones, and users could execute the code.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59479 + V-46615 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Do not allow users to add/delete sites' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Do not allow users to add/delete sites' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "Security_zones_map_edit" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI319-IE11 + Internet Explorer must be configured to disallow users to change policies. + <VulnDiscussion>Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet and websites listed in the Restricted Sites zone in the browser. This setting prevents users from changing the Internet Explorer policies on the machine. Policy changes should be made by administrators only, so this setting should be enabled. If you enable this policy setting, you disable the "Custom level" button and "Security" level for this zone slider on the Security tab in the Internet Options dialog box. If this policy setting is disabled or not configured, users will be able to change the settings for security zones. It prevents users from changing security zone policy settings that are established by the administrator.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59481 + V-46617 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Do not allow users to change policies' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Do not allow users to change policies' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "Security_options_edit" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI320-IE11 + Internet Explorer must be configured to use machine settings. + <VulnDiscussion>Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet and websites listed in the Restricted Sites zone in the browser. This setting enforces consistent security zone settings to all users of the computer. Security zones control browser behavior at various websites and it is desirable to maintain a consistent policy for all users of a machine. This policy setting affects how security zone changes apply to different users. If you enable this policy setting, changes that one user makes to a security zone will apply to all users of that computer. If this policy setting is disabled or not configured, users of the same computer are allowed to establish their own security zone settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59483 + V-46619 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Use only machine settings' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Use only machine settings' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "Security_HKLM_only" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI325-IE11 + Security checking features must be enforced. + <VulnDiscussion>This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk. If you enable this policy setting, the security settings check will not be performed. If you disable or do not configure this policy setting, the security settings check will be performed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59485 + V-46621 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off the Security Settings Check feature' to 'Disabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off the Security Settings Check feature' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Security Criteria: If the value "DisableSecuritySettingsCheck" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI350-IE11 + Software must be disallowed to run or install with invalid signatures. + <VulnDiscussion>Microsoft ActiveX controls and file downloads often have digital signatures attached that certify the file's integrity and the identity of the signer (creator) of the software. Such signatures help ensure unmodified software is downloaded and the user can positively identify the signer to determine whether you trust them enough to run their software.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59489 + V-46625 + CCI-001170 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Allow software to run or install even if the signature is invalid' to 'Disabled'. + + + + + Note: Some legitimate software and controls may have an invalid signature. You should carefully test such software in isolation before it is allowed to be used on an organization's network. + +The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Allow software to run or install even if the signature is invalid' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Download Criteria: If the value "RunInvalidSignatures" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000233 + <GroupDescription></GroupDescription> + + DTBI356-IE11 + The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on. + <VulnDiscussion>This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used. If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59861 + V-46995 + CCI-001084 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Advanced Page 'Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows' to 'Enabled'. + + + + Note: If McAfee ENS Web Control is being used, this is Not Applicable. + +The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Advanced Page 'Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "Isolation64Bit" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000175 + <GroupDescription></GroupDescription> + + DTBI365-IE11 + Checking for server certificate revocation must be enforced. + <VulnDiscussion>This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure. If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked. If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. + +Satisfies: SRG-APP-000605</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59493 + V-46629 + CCI-000185 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Check for server certificate revocation' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Check for server certificate revocation' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "CertificateRevocation" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + + SRG-APP-000131 + <GroupDescription></GroupDescription> + + DTBI370-IE11 + Checking for signatures on downloaded programs must be enforced. + <VulnDiscussion>This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it has not been modified or tampered with) on user computers before downloading executable programs. If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to the user computers. If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to the user computers. If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to the user computers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59497 + V-46633 + CCI-001779 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Check for signatures on downloaded programs' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Check for signatures on downloaded programs' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Download Criteria: If the value "CheckExeSignatures" is REG_SZ = yes, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI375-IE11 + All network paths (UNCs) for Intranet sites must be disallowed. + <VulnDiscussion>Some UNC paths could refer to servers not managed by the organization, which means they could host malicious content; and therefore, it is safest to not include all UNC paths in the Intranet Sites zone. This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable this policy setting, all network paths are mapped into the Intranet Zone. If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59499 + V-46635 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> 'Intranet Sites: Include all network paths (UNCs)' to 'Disabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> 'Intranet Sites: Include all network paths (UNCs)' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Criteria: If the value "UNCAsIntranet" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI385-IE11 + Script-initiated windows without size or position constraints must be disallowed (Internet zone). + <VulnDiscussion>This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows including the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows including the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59501 + V-46637 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow script-initiated windows without size or position constraints' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow script-initiated windows without size or position constraints' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2102" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI390-IE11 + Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows including the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows including the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59503 + V-46639 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow script-initiated windows without size or position constraints' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow script-initiated windows without size or position constraints' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2102" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI395-IE11 + Scriptlets must be disallowed (Internet zone). + <VulnDiscussion>This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone are more likely to contain malicious code. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets. If you do not configure this policy setting, a scriptlet can be enabled or disabled by the user.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59505 + V-46641 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow Scriptlets' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow Scriptlets' must be 'Enabled', and 'Disable' from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1209" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI415-IE11 + Automatic prompting for file downloads must be disallowed (Internet zone). + <VulnDiscussion>This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. Users may accept downloads that they did not request, and those downloaded files may include malicious code. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the information bar instead of the file download dialog. Users can then click the information bar to allow the file download prompt.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59507 + V-46643 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Automatic prompting for file downloads' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Automatic prompting for file downloads' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2200" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI425-IE11 + Java permissions must be disallowed (Local Machine zone). + <VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59509 + V-46645 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Local Machine Zone -> 'Java permissions' to 'Enabled', and select 'Disable Java' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Local Machine Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000207 + <GroupDescription></GroupDescription> + + DTBI426-IE11 + Anti-Malware programs against ActiveX controls must be run for the Local Machine zone. + <VulnDiscussion>This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you disable this policy setting, Internet Explorer always checks with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your Anti-Malware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59869 + V-47003 + CCI-001662 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Local Machine Zone 'Don't run antimalware programs against ActiveX controls' to 'Enabled' and select 'Disable' in the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page ->Local Machine Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI430-IE11 + Java permissions must be disallowed (Locked Down Local Machine zone). + <VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59511 + V-46647 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Local Machine Zone -> 'Java permissions' to 'Enabled', and select 'Disable Java' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Local Machine Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI435-IE11 + Java permissions must be disallowed (Locked Down Intranet zone). + <VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59513 + V-46649 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Intranet Zone -> 'Java permissions' to 'Enabled', and select 'Disable Java' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Intranet Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Criteria: If the value" 1C00" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI440-IE11 + Java permissions must be disallowed (Locked Down Trusted Sites zone). + <VulnDiscussion>Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59517 + V-46653 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Trusted Sites Zone -> 'Java permissions' to 'Enabled', and select 'Disable Java' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Trusted Sites Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI450-IE11 + Java permissions must be disallowed (Locked Down Restricted Sites zone). + <VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down box. Use of the Custom permission will control permissions settings individually. Use of the Low Safety permission enables applets to perform all operations. Use of the Medium Safety permission enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus adds capabilities like scratch space (a safe and secure storage area on the client computer) and a user-controlled file I/O. Use of the High Safety permission enables applets to run in their sandbox. If you disable this policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59527 + V-46663 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Restricted Sites Zone -> 'Java permissions' to 'Enabled', and select 'Disable Java' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Restricted Sites Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI455-IE11 + XAML files must be disallowed (Internet zone). + <VulnDiscussion>These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Windows Presentation Foundation. If you enable this policy setting and the drop-down box is set to Enable, XAML files will be automatically loaded inside Internet Explorer. Users will not be able to change this behavior. If the drop-down box is set to Prompt, users will receive a prompt for loading XAML files. If you disable this policy setting, XAML files will not be loaded inside Internet Explorer. Users will not be able to change this behavior. If you do not configure this policy setting, users will have the freedom to decide whether to load XAML files inside Internet Explorer.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59529 + V-46665 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow loading of XAML files' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow loading of XAML files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2402" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI460-IE11 + XAML files must be disallowed (Restricted Sites zone). + <VulnDiscussion>These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Windows Presentation Foundation. If you enable this policy setting and the drop-down box is set to Enable, XAML files will be automatically loaded inside Internet Explorer. Users will not be able to change this behavior. If the drop-down box is set to Prompt, users will receive a prompt for loading XAML files. If you disable this policy setting, XAML files will not be loaded inside Internet Explorer. Users will not be able to change this behavior. If you do not configure this policy setting, users will have the freedom to decide whether to load XAML files inside Internet Explorer.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59533 + V-46669 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow loading of XAML files' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow loading of XAML files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2402" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000233 + <GroupDescription></GroupDescription> + + DTBI485-IE11 + Protected Mode must be enforced (Internet zone). + <VulnDiscussion>Protected Mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can write to in the registry and the file system. If you enable this policy setting, Protected Mode will be turned on. Users will not be able to turn off Protected Mode. If you disable this policy setting, Protected Mode will be turned off. It will revert to Internet Explorer 6 behavior that allows for Internet Explorer to write to the registry and the file system. Users will not be able to turn on Protected Mode. If you do not configure this policy, users will be able to turn on or off Protected Mode.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59545 + V-46681 + CCI-001084 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Turn on Protected Mode' to 'Enabled', and select 'Enable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Turn on Protected Mode' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2500" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000233 + <GroupDescription></GroupDescription> + + DTBI490-IE11 + Protected Mode must be enforced (Restricted Sites zone). + <VulnDiscussion>Protected Mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can write to in the registry and the file system. If you enable this policy setting, Protected Mode will be turned on. Users will not be able to turn off Protected Mode. If you disable this policy setting, Protected Mode will be turned off. It will revert to Internet Explorer 6 behavior that allows for Internet Explorer to write to the registry and the file system. Users will not be able to turn on Protected Mode. If you do not configure this policy, users will be able to turn on or off Protected Mode.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59549 + V-46685 + CCI-001084 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Turn on Protected Mode' to 'Enabled' and select 'Enable', from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Turn on Protected Mode' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2500" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI495-IE11 + Pop-up Blocker must be enforced (Internet zone). + <VulnDiscussion>This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59553 + V-46689 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Use Pop-up Blocker' to 'Enabled', and select 'Enable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Use Pop-up Blocker' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1809" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI500-IE11 + Pop-up Blocker must be enforced (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59555 + V-46691 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Use Pop-up Blocker' to 'Enabled', and select 'Enable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Use Pop-up Blocker' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1809" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI515-IE11 + Websites in less privileged web content zones must be prevented from navigating into the Internet zone. + <VulnDiscussion>This policy setting allows a user to manage whether websites from less privileged zones, such as Restricted Sites, can navigate into the Internet zone. If this policy setting is enabled, websites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If "Prompt" is selected in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If this policy setting is disabled, the potentially risky navigation is prevented. The Internet Explorer security feature will be on in this zone as set by the Protection from Zone Elevation feature control. If this policy setting is not configured, websites from less privileged zones can open new windows in, or navigate into, this zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59557 + V-46693 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Web sites in less privileged Web content zones can navigate into this zone' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Web sites in less privileged Web content zones can navigate into this zone' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2101" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI520-IE11 + Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone. + <VulnDiscussion>This policy setting allows you to manage whether websites from less privileged zones, such as Restricted Sites, can navigate into the Restricted zone. If this policy setting is enabled, websites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If Prompt is selected in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If this policy setting is disabled, the potentially risky navigation is prevented. The Internet Explorer security feature will be on in this zone as set by the Protection from Zone Elevation feature control. If this policy setting is not configured, websites from less privileged zones can open new windows in, or navigate into, this zone.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59559 + V-46695 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Web sites in less privileged Web content zones can navigate into this zone' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Web sites in less privileged Web content zones can navigate into this zone' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2101" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI575-IE11 + Allow binary and script behaviors must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to manage dynamic binary and script behaviors of components that encapsulate specific functionality for HTML elements, to which they were attached. If you enable this policy setting, binary and script behaviors are available. If you select "Administrator approved" in the drop-down box, only the behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are available.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59565 + V-46701 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow binary and script behaviors' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow binary and script behaviors' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2000" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI580-IE11 + Automatic prompting for file downloads must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. Users may accept downloads that they did not request, and those downloaded files may include malicious code. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the information bar instead of the file download dialog. Users can then click the information bar to allow the file download prompt.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59569 + V-46705 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Automatic prompting for file downloads' to 'Enabled', and select 'Disable' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Automatic prompting for file downloads' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2200" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBI590-IE11 + Internet Explorer Processes for MIME handling must be enforced. (Reserved) + <VulnDiscussion>Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explorer Processes policy setting determines whether Internet Explorer requires all file-type information provided by web servers to be consistent. For example, if the MIME type of a file is text/plain but the MIME data indicates the file is really an executable file, Internet Explorer changes its extension to reflect this executable status. This capability helps ensure executable code cannot masquerade as other types of data that may be trusted. If you enable this policy setting, Internet Explorer examines all received files and enforces consistent MIME data for them. If you disable or do not configure this policy setting, Internet Explorer does not require consistent MIME data for all received files and will use the MIME data provided by the file. MIME file-type spoofing is a potential threat to an organization. Ensuring these files are consistent and properly labeled helps prevent malicious file downloads from infecting your network.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59573 + V-46709 + CCI-001166 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBI592-IE11 + Internet Explorer Processes for MIME handling must be enforced (Explorer). + <VulnDiscussion>Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explorer Processes policy setting determines whether Internet Explorer requires all file-type information provided by web servers to be consistent. For example, if the MIME type of a file is text/plain but the MIME data indicates the file is really an executable file, Internet Explorer changes its extension to reflect this executable status. This capability helps ensure executable code cannot masquerade as other types of data that may be trusted. If you enable this policy setting, Internet Explorer examines all received files and enforces consistent MIME data for them. If you disable or do not configure this policy setting, Internet Explorer does not require consistent MIME data for all received files and will use the MIME data provided by the file. MIME file-type spoofing is a potential threat to the organization. Ensuring these files are consistent and properly labeled helps prevent malicious file downloads from infecting the network. This guide recommends configuring this policy as "Enabled" for all environments specified in this guide.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59575 + V-46711 + CCI-001166 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBI594-IE11 + Internet Explorer Processes for MIME handling must be enforced (iexplore). + <VulnDiscussion>Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explorer Processes policy setting determines whether Internet Explorer requires all file-type information provided by web servers to be consistent. For example, if the MIME type of a file is text/plain but the MIME data indicates that the file is really an executable file, Internet Explorer changes its extension to reflect this executable status. This capability helps ensure that executable code cannot masquerade as other types of data that may be trusted. If you enable this policy setting, Internet Explorer examines all received files and enforces consistent MIME data for them. If you disable or do not configure this policy setting, Internet Explorer does not require consistent MIME data for all received files and will use the MIME data provided by the file. MIME file-type spoofing is a potential threat to an organization. Ensuring these files are consistent and properly labeled helps prevent malicious file downloads from infecting the network. This guide recommends configuring this policy as "Enabled" for all environments specified in this guide.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59577 + V-46713 + CCI-001166 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBI595-IE11 + Internet Explorer Processes for MIME sniffing must be enforced (Reserved). + <VulnDiscussion>MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. When set to "Enabled", MIME sniffing will never promote a file of one type to a more dangerous file type. Disabling MIME sniffing configures Internet Explorer processes to allow a MIME sniff that promotes a file of one type to a more dangerous file type. For example, promoting a text file to an executable file is a dangerous promotion because any code in the supposed text file would be executed. MIME file-type spoofing is a potential threat to an organization. Ensuring these files are consistently handled helps prevent malicious file downloads from infecting the network. This guide recommends you configure this policy as "Enabled" for all environments specified in this guide. Note: This setting works in conjunction with, but does not replace, the Consistent MIME Handling settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59579 + V-46715 + CCI-001166 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBI596-IE11 + Internet Explorer Processes for MIME sniffing must be enforced (Explorer). + <VulnDiscussion>MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. When set to "Enabled", MIME sniffing will never promote a file of one type to a more dangerous file type. Disabling MIME sniffing configures Internet Explorer processes to allow a MIME sniff that promotes a file of one type to a more dangerous file type. For example, promoting a text file to an executable file is a dangerous promotion because any code in the supposed text file would be executed. MIME file-type spoofing is a potential threat to an organization. Ensuring these files are consistently handled helps prevent malicious file downloads from infecting the network. This guide recommends configuring this policy as "Enabled" for all environments specified in this guide. Note: This setting works in conjunction with, but does not replace, the Consistent MIME Handling settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59581 + V-46717 + CCI-001166 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBI597-IE11 + Internet Explorer Processes for MIME sniffing must be enforced (iexplore). + <VulnDiscussion>MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. When set to "Enabled", MIME sniffing will never promote a file of one type to a more dangerous file type. Disabling MIME sniffing configures Internet Explorer processes to allow a MIME sniff that promotes a file of one type to a more dangerous file type. For example, promoting a text file to an executable file is a dangerous promotion because any code in the supposed text file would be executed. MIME file-type spoofing is a potential threat to an organization. Ensuring these files are consistently handled helps prevent malicious file downloads from infecting the network. This guide recommends configuring this policy as "Enabled" for all environments specified in this guide. Note: This setting works in conjunction with, but does not replace, the Consistent MIME Handling settings.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59583 + V-46719 + CCI-001166 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI599-IE11 + Internet Explorer Processes for MK protocol must be enforced (Reserved). + <VulnDiscussion>The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from compressed files. Because the MK protocol is not widely used, it should be blocked wherever it is not needed. Setting this policy to "Enabled"; blocks the MK protocol for Windows Explorer and Internet Explorer, which causes resources that use the MK protocol to fail. Disabling this setting allows applications to use the MK protocol API. This guide recommends configuring this setting to "Enabled" to block the MK protocol unless it is specifically needed in the environment. Note: Because resources that use the MK protocol will fail when deploying this setting, ensure none of the applications use the MK protocol.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59585 + V-46721 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI600-IE11 + Internet Explorer Processes for MK protocol must be enforced (Explorer). + <VulnDiscussion>The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from compressed files. Because the MK protocol is not widely used, it should be blocked wherever it is not needed. Setting this policy to "Enabled"; blocks the MK protocol for Windows Explorer and Internet Explorer, which causes resources that use the MK protocol to fail. Disabling this setting allows applications to use the MK protocol API. This guide recommends you configure this setting to "Enabled" to block the MK protocol unless it is specifically needed in the environment. Note: Because resources that use the MK protocol will fail when deploying this setting, ensure none of the applications use the MK protocol.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59587 + V-46723 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI605-IE11 + Internet Explorer Processes for MK protocol must be enforced (iexplore). + <VulnDiscussion>The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from compressed files. Because the MK protocol is not widely used, it should be blocked wherever it is not needed. Setting this policy to "Enabled"; blocks the MK protocol for Windows Explorer and Internet Explorer, which causes resources that use the MK protocol to fail. Disabling this setting allows applications to use the MK protocol API. This guide recommends you configure this setting to "Enabled" to block the MK protocol unless specifically needed in the environment. Note: Because resources that use the MK protocol will fail when deploying this setting, ensure none of the applications use the MK protocol.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59589 + V-46725 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000233 + <GroupDescription></GroupDescription> + + DTBI610-IE11 + Internet Explorer Processes for Zone Elevation must be enforced (Reserved). + <VulnDiscussion>Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a local computer have the fewest security restrictions and reside in the Local Machine Zone, which makes the Local Machine Security Zone a prime target for malicious attackers. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. This approach stops content running in one zone from gaining the elevated privileges of another zone. If you disable this policy setting, no zone receives such protection from Internet Explorer processes. Because of the severity and relative frequency of zone elevation attacks, this guide recommends that you configure this setting as "Enabled" in all environments.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59591 + V-46727 + CCI-001084 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000233 + <GroupDescription></GroupDescription> + + DTBI612-IE11 + Internet Explorer Processes for Zone Elevation must be enforced (Explorer). + <VulnDiscussion>Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a local computer have the fewest security restrictions and reside in the Local Machine Zone, which makes the Local Machine Security Zone a prime target for malicious attackers. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. This approach stops content running in one zone from gaining the elevated privileges of another zone. If you disable this policy setting, no zone receives such protection from Internet Explorer processes. Because of the severity and relative frequency of zone elevation attacks, this guide recommends configuring this setting as "Enabled" in all environments.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59593 + V-46729 + CCI-001084 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000233 + <GroupDescription></GroupDescription> + + DTBI614-IE11 + Internet Explorer Processes for Zone Elevation must be enforced (iexplore). + <VulnDiscussion>Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a local computer have the fewest security restrictions and reside in the Local Machine Zone, which makes the Local Machine Security Zone a prime target for malicious attackers. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. This approach stops content running in one zone from gaining the elevated privileges of another zone. If you disable this policy setting, no zone receives such protection from Internet Explorer processes. Because of the severity and relative frequency of zone elevation attacks, this guide recommends that you configure this setting as "Enabled" in all environments.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59595 + V-46731 + CCI-001084 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI630-IE11 + Internet Explorer Processes for Restrict File Download must be enforced (Reserved). + <VulnDiscussion>In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click the wrong button and accept the download. If you configure the Restrict File Download\Internet Explorer Processes policy setting to "Enabled", file download prompts that are not user-initiated are blocked for Internet Explorer processes. If you configure this policy setting as "Disabled", prompting will occur for file downloads that are not user-initiated for Internet Explorer processes. Note: This setting is configured as "Enabled" in all environments specified in this guide to help prevent attackers from placing arbitrary code on users' computers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59597 + V-46733 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI635-IE11 + Internet Explorer Processes for Restrict File Download must be enforced (Explorer). + <VulnDiscussion>In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click the wrong button and accept the download. If you configure the Restrict File Download\Internet Explorer Processes policy setting to "Enabled", file download prompts that are not user-initiated are blocked for Internet Explorer processes. If you configure this policy setting as "Disabled", prompting will occur for file downloads that are not user-initiated for Internet Explorer processes. Note: This setting is configured as "Enabled" in all environments specified in this guide to help prevent attackers from placing arbitrary code on users' computers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59645 + V-46779 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI640-IE11 + Internet Explorer Processes for Restrict File Download must be enforced (iexplore). + <VulnDiscussion>In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click the wrong button and accept the download. If you configure the Restrict File Download\Internet Explorer Processes policy setting to "Enabled", file download prompts that are not user-initiated are blocked for Internet Explorer processes. If you configure this policy setting as "Disabled", prompting will occur for file downloads that are not user-initiated for Internet Explorer processes. Note: This setting is configured as "Enabled" in all environments specified in this guide to help prevent attackers from placing arbitrary code on users' computers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59647 + V-46781 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI645-IE11 + Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved). + <VulnDiscussion>Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force the user to interact with a window containing malicious code. The Scripted Window Security Restrictions security feature restricts pop-up windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user, or which hide other windows' title and status bars. If you enable the Scripted Window Security Restrictions\Internet Explorer Processes policy setting, pop-up windows and other restrictions apply for Windows Explorer and Internet Explorer processes. If you disable or do not configure this policy setting, scripts can continue to create pop-up windows, and create windows that hide other windows. Recommend configuring this setting to "Enabled" to help prevent malicious websites from controlling the Internet Explorer windows or fooling users into clicking on the wrong window.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59653 + V-46787 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI647-IE11 + Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer). + <VulnDiscussion>Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force a user to interact with a window that contains malicious code. The Scripted Window Security Restrictions security feature restricts pop-up windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user, or which hide other windows' title and status bars. If you enable the Scripted Window Security Restrictions\Internet Explorer Processes policy setting, pop-up windows and other restrictions apply for Windows Explorer and Internet Explorer processes. If you disable or do not configure this policy setting, scripts can continue to create pop-up windows and create windows that hide other windows. This guide recommends configuring this setting to "Enabled" to help prevent malicious websites from controlling the Internet Explorer windows or fooling users into clicking on the wrong window.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59655 + V-46789 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value "explorer.exe is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI649-IE11 + Internet Explorer Processes for restricting pop-up windows must be enforced (iexplore). + <VulnDiscussion>Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force a user to interact with a window that contains malicious code. The Scripted Window Security Restrictions security feature restricts pop-up windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user, or which hide other windows' title and status bars. If you enable the Scripted Window Security Restrictions\Internet Explorer Processes policy setting, pop-up windows and other restrictions apply for Windows Explorer and Internet Explorer processes. If you disable or do not configure this policy setting, scripts can continue to create pop-up windows and create windows that hide other windows. This guide recommends configuring this setting to "Enabled" to help prevent malicious websites from controlling the Internet Explorer windows or fooling users into clicking on the wrong window.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59657 + V-46791 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI650-IE11 + .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone). + <VulnDiscussion>This policy setting allows you to manage whether .NET Framework-reliant components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select "Prompt" in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59663 + V-46797 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run .NET Framework-reliant components not signed with Authenticode' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run .NET Framework-reliant components not signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2004" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI655-IE11 + .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone). + <VulnDiscussion>This policy setting allows you to manage whether .NET Framework-reliant components that are signed with Authenticode can be executed from Internet Explorer. It may be possible for malicious content hosted on a website to take advantage of these components. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute signed managed components. If you select "Prompt" in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setting, Internet Explorer will execute signed managed components.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59665 + V-46799 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run .NET Framework-reliant components signed with Authenticode' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run .NET Framework-reliant components signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2001" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI670-IE11 + Scripting of Java applets must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts can access applets automatically without user intervention. If you select "Prompt" in the drop-down box, users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts can access applets automatically without user intervention. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59667 + V-46801 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Scripting of Java applets' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Scripting of Java applets' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1402" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI690-IE11 + AutoComplete feature for forms must be disallowed. + <VulnDiscussion>This AutoComplete feature suggests possible matches when users are filling in forms. It is possible that this feature will cache sensitive data and store it in the user's profile, where it might not be protected as rigorously as required by organizational policy. If you enable this setting, the user is not presented with suggested matches when filling in forms. If you disable this setting, the user is presented with suggested possible matches when filling forms. If you do not configure this setting, the user has the freedom to turn on the auto-complete feature for forms. To display this option, the user opens the Internet Options dialog box, clicks the "Contents" tab, and clicks the "Settings" button.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59673 + V-46807 + CCI-000381 + Set the policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Disable AutoComplete for forms' to 'Enabled'. + + + + The policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Disable AutoComplete for forms' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "Use FormSuggest" is REG_SZ = no, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI715-IE11 + Crash Detection management must be enforced. + <VulnDiscussion>The 'Turn off Crash Detection' policy setting allows you to manage the crash detection feature of add-on management in Internet Explorer. A crash report could contain sensitive information from the computer's memory. If you enable this policy setting, a crash in Internet Explorer will be similar to one on a computer running Windows XP Professional Service Pack 1 and earlier, where Windows Error Reporting will be invoked. If you disable this policy setting, the crash detection feature in add-on management will be functional. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59677 + V-46811 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off Crash Detection' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off Crash Detection' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key:HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: If the value "NoCrashDetection" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI725-IE11 + Turn on the auto-complete feature for user names and passwords on forms must be disabled. + <VulnDiscussion>This policy setting controls automatic completion of fields in forms on web pages. It is possible that malware could be developed which would be able to extract the cached user names and passwords from the currently logged on user, which an attacker could then use to compromise that user's online accounts. If you enable this setting, the user cannot change the 'User name and passwords on forms' or 'prompt me to save passwords'. The Auto Complete feature for" User names and passwords on forms" will be turned on. If you disable this setting, the user cannot change the 'User name and passwords on forms' or 'prompt me to save passwords'. The Auto Complete feature for "User names and passwords on forms" is turned off. The user also cannot opt to be prompted to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto Complete for "User name and passwords on forms", and the option of prompting to save passwords.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59681 + V-46815 + CCI-000381 + Set the policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn on the auto-complete feature for user names and passwords on forms' to 'Disabled'. + + + + The policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn on the auto-complete feature for user names and passwords on forms' must be 'Disabled'. +Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "FormSuggest Passwords" is REG_SZ = 'no', this is not a finding. AND Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "FormSuggest PW Ask" is REG_SZ = 'no', this is not a finding. + + + + + + + + + + + SRG-APP-000206 + <GroupDescription></GroupDescription> + + DTBI740-IE11 + Managing SmartScreen Filter use must be enforced. + <VulnDiscussion>This setting is important from a security perspective because Microsoft has extensive data illustrating the positive impact the SmartScreen filter has had on reducing the risk of malware infection via visiting malicious websites. This policy setting allows users to enable the SmartScreen Filter, which will warn if the website being visited is known for fraudulent attempts to gather personal information through 'phishing' or is known to host malware. If you enable this setting the user will not be prompted to enable the SmartScreen Filter. It must be specified which mode the SmartScreen Filter uses: On or Off. If the feature is On, all website addresses not contained on the filters allow list, will be sent automatically to Microsoft without prompting the user. If this feature is set to Off, the feature will not run. If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59685 + V-46819 + CCI-001166 + If the system is on the SIPRNet, this requirement is NA. + +Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> "Prevent Managing SmartScreen Filter" to "Enabled", and select "On" from the drop-down box. + + + + + If the system is on the SIPRNet, this requirement is NA. + +The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> "Prevent Managing SmartScreen Filter" must be "Enabled", and "On" selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter + +Criteria: If the value "EnabledV9" is "REG_DWORD = 1", this is not a finding. + + + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBI760-IE11 + Browser must retain history on exit. + <VulnDiscussion>Delete Browsing History on exit automatically deletes specified items when the last browser window closes. Disabling this function will prevent users from deleting their browsing history, which could be used to identify malicious websites and files that could later be used for anti-virus and Intrusion Detection System (IDS) signatures. Furthermore, preventing users from deleting browsing history could be used to identify abusive web surfing on government systems.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59695 + V-46829 + CCI-000169 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Allow deleting browsing history on exit' to 'Disabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Allow deleting browsing history on exit' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy Criteria: If the value "ClearBrowsingHistoryOnExit" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000089 + <GroupDescription></GroupDescription> + + DTBI770-IE11 + Deleting websites that the user has visited must be disallowed. + <VulnDiscussion>This policy prevents users from deleting the history of websites the user has visited. If you enable this policy setting, websites the user has visited will be preserved when the user clicks "Delete". If you disable this policy setting, websites that the user has visited will be deleted when the user clicks "Delete". If you do not configure this policy setting, the user will be able to select whether to delete or preserve websites the user visited when the user clicks "Delete".</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59707 + V-46841 + CCI-000169 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Prevent Deleting Web sites that the User has Visited' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Prevent Deleting Web sites that the User has Visited' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy Criteria: If the value "CleanHistory" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000080 + <GroupDescription></GroupDescription> + + DTBI780-IE11 + InPrivate Browsing must be disallowed. + <VulnDiscussion>InPrivate Browsing lets the user control whether or not Internet Explorer saves the browsing history, cookies, and other data. User control of settings is not the preferred control method. The InPrivate Browsing feature in Internet Explorer makes browser privacy easy by not storing history, cookies, temporary Internet files, or other data. If you enable this policy setting, InPrivate Browsing will be disabled. If you disable this policy setting, InPrivate Browsing will be available for use. If you do not configure this setting, InPrivate Browsing can be turned on or off through the registry.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59713 + V-46847 + CCI-000166 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Privacy -> 'Turn off InPrivate Browsing' to 'Enabled'. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Privacy -> 'Turn off InPrivate Browsing' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy Criteria: If the value "EnableInPrivateBrowsing" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI800-IE11 + Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone). + <VulnDiscussion>This policy setting controls whether a page may control embedded WebBrowser control via script. Scripted code hosted on sites located in this zone is more likely to contain malicious code. If you enable this policy setting, script access to the WebBrowser control is allowed. If you disable this policy setting, script access to the WebBrowser control is not allowed. If you do not configure this policy setting, script access to the WebBrowser control can be enabled or disabled by the user. By default, script access to the WebBrowser control is only allowed in the Local Machine and Intranet Zones.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59715 + V-46849 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow scripting of Internet Explorer WebBrowser controls' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow scripting of Internet Explorer WebBrowser controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1206" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI810-IE11 + When uploading files to a server, the local directory path must be excluded (Internet zone). + <VulnDiscussion>This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. If you do not configure this policy setting, the user can choose whether path information will be sent when uploading a file via a form. By default, path information will be sent.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59719 + V-46853 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Include local path when user is uploading files to a server' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Include local path when user is uploading files to a server' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "160A" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI815-IE11 + Internet Explorer Processes for Notification Bars must be enforced (Reserved). + <VulnDiscussion>This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification Bar is displayed for Internet Explorer processes. If you enable this policy setting, the Notification Bar will be displayed for Internet Explorer processes. If you disable this policy setting, the Notification Bar will not be displayed for Internet Explorer processes. If you do not configure this policy setting, the Notification Bar will be displayed for Internet Explorer processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59723 + V-46857 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI820-IE11 + Security Warning for unsafe files must be set to prompt (Internet zone). + <VulnDiscussion>This policy setting controls whether or not the 'Open File - Security Warning' message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file shared by using Windows Explorer, for example). If you enable this policy setting and set the drop-down box to "Enable", these files open without a security warning. If you set the drop-down box to " Prompt", a security warning appears before the files open. If you disable this policy these files do not open. If you do not configure this policy setting, the user can configure how the computer handles these files.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59725 + V-46859 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Show security warning for potentially unsafe files' to 'Enabled', and select 'Prompt' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Show security warning for potentially unsafe files' must be 'Enabled', and 'Prompt' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1806" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI825-IE11 + Internet Explorer Processes for Notification Bars must be enforced (Explorer). + <VulnDiscussion>This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification Bar is displayed for Internet Explorer processes. If you enable this policy setting, the Notification Bar will be displayed for Internet Explorer processes. If you disable this policy setting, the Notification Bar will not be displayed for Internet Explorer processes. If you do not configure this policy setting, the Notification Bar will be displayed for Internet Explorer processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59727 + V-46861 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI830-IE11 + ActiveX controls without prompt property must be used in approved domains only (Internet zone). + <VulnDiscussion>This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. If the user were to disable the setting for the zone, malicious ActiveX controls could be executed without the user's knowledge. Disabling this setting would allow the possibility for malicious ActiveX controls to be executed from non-approved domains within this zone without the user's knowledge. Enabling this setting enforces the default value and prohibits the user from changing the value. Websites should be moved into another zone if permissions need to be changed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59729 + V-46865 + CCI-001170 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow only approved domains to use ActiveX controls without prompt' to 'Enabled', and select 'Enable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> ' Allow only approved domains to use ActiveX controls without prompt' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "120b" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI835-IE11 + Internet Explorer Processes for Notification Bars must be enforced (iexplore). + <VulnDiscussion>This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification Bar is displayed for Internet Explorer processes. If you enable this policy setting, the Notification Bar will be displayed for Internet Explorer processes. If you disable this policy setting, the Notification Bar will not be displayed for Internet Explorer processes. If you do not configure this policy setting, the Notification Bar will be displayed for Internet Explorer processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59735 + V-46869 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI840-IE11 + Cross-Site Scripting Filter must be enforced (Internet zone). + <VulnDiscussion>The Cross-Site Scripting Filter is designed to prevent users from becoming victims of unintentional information disclosure. This setting controls if the Cross-Site Scripting (XSS) Filter detects and prevents cross-site script injection into websites in this zone. If you enable this policy setting, the XSS Filter will be enabled for sites in this zone, and the XSS Filter will attempt to block cross-site script injections. If you disable this policy setting, the XSS Filter will be disabled for sites in this zone, and Internet Explorer will permit cross-site script injections.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59745 + V-46879 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Turn on Cross-Site Scripting Filter' to 'Enabled', and select 'Enable' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Turn on Cross-Site Scripting Filter' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1409" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI850-IE11 + Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting controls whether a page may control embedded WebBrowser Control via script. Scripted code hosted on sites located in this zone is more likely to contain malicious code. If you enable this policy setting, script access to the WebBrowser Control is allowed. If you disable this policy setting, script access to the WebBrowser Control is not allowed. If you do not configure this policy setting, script access to the WebBrowser Control can be enabled or disabled by the user. By default, script access to the WebBrowser Control is only allowed in the Local Machine and Intranet Zones.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59749 + V-46883 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow scripting of Internet Explorer WebBrowser controls' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow scripting of Internet Explorer WebBrowser controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1206" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI860-IE11 + When uploading files to a server, the local directory path must be excluded (Restricted Sites zone). + <VulnDiscussion>This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. If you do not configure this policy setting, the user can choose whether path information will be sent when uploading a file via a form. By default, path information will be sent.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59751 + V-46885 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Include local path when user is uploading files to a server' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Include local path when user is uploading files to a server' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "160A" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI870-IE11 + Security Warning for unsafe files must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting controls whether or not the 'Open File - Security Warning' message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file shared by using Windows Explorer, for example). If you enable this policy setting and set the drop-down box to "Enable", these files open without a security warning. If you set the drop-down box to "Prompt", a security warning appears before the files open. If you disable this policy these files do not open. If you do not configure this policy setting, the user can configure how the computer handles these files.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59755 + V-46889 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Show security warning for potentially unsafe files' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Show security warning for potentially unsafe files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1806" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000210 + <GroupDescription></GroupDescription> + + DTBI880-IE11 + ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone). + <VulnDiscussion>This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. If the user were to disable the setting for the zone, malicious ActiveX controls could be executed without the user's knowledge. Disabling this setting would allow the possibility for malicious ActiveX controls to be executed from non-approved domains within this zone without the user's knowledge. Enabling this setting enforces the default value and prohibits the user from changing the value. Websites should be moved into another zone if permissions need to be changed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59759 + V-46893 + CCI-001170 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow only approved domains to use ActiveX controls without prompt' to 'Enabled', and select 'Enable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow only approved domains to use ActiveX controls without prompt' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "120b" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI890-IE11 + Cross-Site Scripting Filter property must be enforced (Restricted Sites zone). + <VulnDiscussion>The Cross-Site Scripting Filter is designed to prevent users from becoming victims of unintentional information disclosure. This setting controls if the Cross-Site Scripting (XSS) Filter detects and prevents cross-site script injection into websites in this zone. If you enable this policy setting, the XSS Filter will be enabled for sites in this zone, and the XSS Filter will attempt to block cross-site script injections. If you disable this policy setting, the XSS Filter will be disabled for sites in this zone, and Internet Explorer will permit cross-site script injections.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59761 + V-46895 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Turn on Cross-Site Scripting Filter' to 'Enabled', and select 'Enable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Turn on Cross-Site Scripting Filter' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1409" is REG_DWORD = 0, this is not a finding. + + + + + + + + + + + + + SRG-APP-000112 + <GroupDescription></GroupDescription> + + DTBI900-IE11 + Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved). + <VulnDiscussion>Users often choose to install software such as ActiveX controls that are not permitted by their organization's security policy. Such software can pose significant security and privacy risks to networks. This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting, prompts for ActiveX control installations will be blocked for Internet Explorer processes. If you disable this policy setting, prompts for ActiveX control installations will not be blocked and these prompts will be displayed to users. If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59763 + V-46897 + CCI-001695 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' to 'Enabled'. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI910-IE11 + Status bar updates via script must be disallowed (Internet zone). + <VulnDiscussion>This policy setting allows you to manage whether script is allowed to update the status bar within the zone. A script running in the zone could cause false information to be displayed on the status bar, which could confuse the user and cause them to perform an undesirable action. If you enable this policy setting, script is allowed to update the status bar. If you disable this policy setting, script is not allowed to update the status bar. If you do not configure this policy setting, status bar updates via scripts will be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59769 + V-46903 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Allow updates to status bar via script' to 'Enabled', and select 'Disable' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Allow updates to status bar via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2103" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI920-IE11 + .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone). + <VulnDiscussion>Unsigned components are more likely to contain malicious code and it is more difficult to determine the author of the application - therefore they should be avoided if possible. This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select "Prompt" in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59773 + V-46907 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Run .NET Framework-reliant components not signed with Authenticode' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Run .NET Framework-reliant components not signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2004" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI930-IE11 + .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone). + <VulnDiscussion>It may be possible for someone to host malicious content on a website that takes advantage of these components. This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute signed managed components. If you select "Prompt" in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setting, Internet Explorer will not execute signed managed components.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59787 + V-46921 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Run .NET Framework-reliant components signed with Authenticode' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Run .NET Framework-reliant components signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2001" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI940-IE11 + Scriptlets must be disallowed (Restricted Sites zone). + <VulnDiscussion>This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone are more likely to contain malicious code. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets. If you do not configure this policy setting, a scriptlet can be enabled or disabled by the user.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59793 + V-46927 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Allow Scriptlets' to 'Enabled', and select 'Disable' from the drop-down box. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Allow Scriptlets' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1209" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + + + SRG-APP-000141 + <GroupDescription></GroupDescription> + + DTBI950-IE11 + Status bar updates via script must be disallowed (Restricted Sites zone). + <VulnDiscussion>A script running in the zone could cause false information to be displayed on the status bar, which could confuse the user and cause an undesirable action. This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this policy setting, script is allowed to update the status bar. If you disable this policy setting, script is not allowed to update the status bar. If you do not configure this policy setting, status bar updates via scripts will be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59805 + V-46939 + CCI-000381 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Allow updates to status bar via script' to 'Enabled', and select 'Disable' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Allow updates to status bar via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2103" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000516 + <GroupDescription></GroupDescription> + + DTBI985-IE11 + When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode. + <VulnDiscussion>This setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode. Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. If you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. If you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59841 + V-46975 + CCI-000366 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Advanced Page 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' to 'Enabled'. + + + + Note: If McAfee ENS Web Control is being used, this is Not Applicable. + +The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Advanced Page 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "DisableEPMCompat" is REG_DWORD = 1, this is not a finding. + + + + + + + + + + + + SRG-APP-000039 + <GroupDescription></GroupDescription> + + DTBI990-IE11 + Dragging of content from different domains across windows must be disallowed (Internet zone). + <VulnDiscussion>This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. If you enable this policy setting, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting. If you disable this policy setting, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting. If you do not configure this policy setting, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog box.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59847 + V-46981 + CCI-001414 + Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Internet Zone 'Enable dragging of content from different domains across windows' to 'Enabled', and select 'Disabled' from the drop-down box. + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Internet Zone 'Enable dragging of content from different domains across windows' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2709" is REG_DWORD = 3, this is not a finding. + + + + + + + + + + + SRG-APP-000416 + <GroupDescription></GroupDescription> + + DTBI014-IE11 + Turn off Encryption Support must be enabled. + <VulnDiscussion>This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by allowing you to turn on/off support for TLS and SSL. TLS is a protocol for protecting communications between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other's list of supported protocols and versions and pick the most preferred match. + +Satisfies: SRG-APP-000514, SRG-APP-000555, SRG-APP-000625, SRG-APP-000630, SRG-APP-000635</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-59337 + V-46473 + CCI-002480 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" to "Enabled". + +Select only "Only use TLS 1.2" from the drop-down box. + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" must be "Enabled". + +Verify the only option selected is "Only use TLS 1.2" from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols. + +Criteria: If the value for "SecureProtocols" is not REG_DWORD = "2048", this is a finding. + + + + + + + + + + + SRG-APP-000416 + <GroupDescription></GroupDescription> + + DTBI1100-IE11 + Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled. + <VulnDiscussion>This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by blocking an insecure fallback to SSL when TLS 1.0 or greater fails. + +Satisfies: SRG-APP-000514, SRG-APP-000555, SRG-APP-000625, SRG-APP-000630, SRG-APP-000635</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + SV-79219 + V-64729 + CCI-002480 + Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> "Allow fallback to SSL 3.0 (Internet Explorer)" to "Enabled", and select "No Sites" from the drop-down box. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> "Allow fallback to SSL 3.0 (Internet Explorer)" must be "Enabled", and "No Sites" selected from the drop-down box. If "Allow fallback to SSL 3.0 (Internet Explorer)" is not "Enabled" or any other drop-down option is selected, this is a finding. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings. + +Criteria: If the value "EnableSSL3Fallback" is REG_DWORD=0, this is not a finding. + + + + + + + + + + + SRG-APP-000456 + <GroupDescription></GroupDescription> + + DTBI999-IE11 + The version of Internet Explorer running on the system must be a supported version. + <VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously. + +Organization-defined time periods for updating security-relevant software may vary based on a variety of factors including, for example, the security category of the information system or the criticality of the update (i.e., severity of the vulnerability related to the discovered flaw). + +This requirement will apply to software patch management solutions that are used to install patches across the enclave and also to applications that are not part of that patch management solution. For example, many browsers today provide the capability to install their own patch software. Patch criticality, as well as system criticality, will vary. Therefore, the tactical situations regarding the patch management process will also vary. This means the time period used must be a configurable parameter. Time frames for application of security-relevant software updates may depend on the Information Assurance Vulnerability Management (IAVM) process.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> + + DISA + 4095 + DPMS Target + + CCI-002635 + For Windows 10 General Availability Channel, remove or disable the Internet Explorer 11 application. + +To disable Internet Explorer 11 as a standalone browser, set the policy value for "Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Disable Internet Explorer 11 as a standalone browser" to "Enabled" with the option value set to "Never" or "Once per user". + + + + Internet Explorer 11 is no longer supported on Windows 10 General Availability Channel. + +If Internet Explorer 11 is installed and enabled on Windows 10 General Availability Channel, this is a finding. + +If Internet Explorer 11 is installed and enabled on an unsupported OS, this is a finding. + + + + + + + + + + + + NIWC Atlantic + SOT-WIN2K22-01\degthat + + SOT-WIN2K22-01 + 192.168.40.189 + + SOT-WIN2K22-01 + + SOT-WIN2K22-01. + Microsoft Windows Server 2022 Standard + 21H2 + 12th Gen Intel(R) Core(TM) i7-12700 + Intel64 Family 6 Model 151 Stepping 2 + 2112 + 8192 + VMware, Inc. + VMware-56 4d 39 21 2d 79 b3 63-39 74 36 fd c1 91 8c 5f + VMW201.00V.21805430.B64.2305221830 + VMware20,1 + Workstation + + [00000001] Intel(R) 82574L Gigabit Network Connection + 192.168.40.189 + 00:0C:29:91:8C:5F + + + + 3 + 3 + 3 + 3 + 3 + 3 + 3 + 3 + 65536 + 3 + 3 + 3 + 3 + 3 + 3 + 3 + 3 + 0 + 3 + 3 + 3 + 3 + 3 + 3 + 3 + 3 + 196608 + 1 + 1 + 1 + 0 + 0 + 1 + yes + 0 + 3 + 3 + 3 + 3 + 0 + 0 + 0 + 0 + 0 + 3 + 3 + 0 + 0 + 0 + 0 + 3 + 3 + 3 + 3 + 3 + 3 + 1 + 1 + 0 + 0 + 0 + 3 + 3 + 1 + 3 + 3 + 3 + 3 + 3 + 0 + 3 + 3 + 3 + + fail + SV-59339 + V-46475 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Turn on certificate address mismatch warning) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'WarnOnBadCertRecving' +State ID : oval:mil.disa.fso.ie:ste:42100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page 'Turn on certificate address mismatch warning' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "WarnOnBadCertRecving" is REG_DWORD = 1, this is not a finding. + + + + pass + SV-59341 + V-46477 + CCI-000185 + Result : true +Tests : true (All child checks must be true.) + : true (Check for publishers certificate revocation must be enforced.) + +--- + +Test ID : oval:navy.navwar.niwcatlantic.scc.ie:tst:21 (ntuser_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : key must be equal to 'Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing' +Object Requirement : name must be equal to 'State' +Exclude Items If : enabled equals 'false' +State ID : oval:navy.navwar.niwcatlantic.scc.ie:ste:21 (ntuser_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '146432' + +Collected Item/State Result : true +Message : enabled + : key equals 'Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing' + : name equals 'State' + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-1000' + : username equals 'SOT-WIN2K22-01\soteriaadmin' + : account_type equals 'local' + : logged_on equals 'false' + : enabled equals 'true' + : date_modified equals '133512768490000000' + : days_since_modified equals '1' + : filepath equals 'C:\Users\soteriaadmin\ntuser.dat' + : last_write_time equals '133444592780000000' + : type equals 'reg_dword' + : value equals '146432' + +Collected Item/State Result : true +Message : enabled + : key equals 'Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing' + : name equals 'State' + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-1004' + : username equals 'SOT-WIN2K22-01\degthat' + : account_type equals 'local' + : logged_on equals 'true' + : enabled equals 'true' + : date_modified equals '133512799700000000' + : days_since_modified equals '1' + : filepath equals 'C:\Users\degthat\ntuser.dat' + : last_write_time equals '133512768690000000' + : type equals 'reg_dword' + : value equals '146432' + +Collected Item/State Result : true +Message : enabled + : key equals 'Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing' + : name equals 'State' + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-500' + : username equals 'SOT-WIN2K22-01\xadmin' + : account_type equals 'local' + : logged_on equals 'false' + : enabled equals 'true' + : date_modified equals '133444605280000000' + : days_since_modified equals '79' + : filepath equals 'C:\Users\Administrator\ntuser.dat' + : last_write_time equals '133444591300000000' + : type equals 'reg_dword' + : value equals '146432' + + + + + If the system is on the SIPRNet, this requirement is NA. + +Open Internet Explorer. +From the menu bar, select "Tools". +From the "Tools" drop-down menu, select "Internet Options". From the "Internet Options" window, select the "Advanced" tab, from the "Advanced" tab window, scroll down to the "Security" category, and verify the "Check for publisher's certificate revocation" box is selected. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing Criteria + +If the value "State" is "REG_DWORD = 23C00", this is not a finding. + + + + fail + SV-59345 + V-46481 + CCI-001169 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download signed ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1001' +State ID : oval:mil.disa.fso.ie:ste:42200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Download signed ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1001" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59347 + V-46483 + CCI-001169 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download unsigned ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1004' +State ID : oval:mil.disa.fso.ie:ste:42300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Download unsigned ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1004" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59365 + V-46501 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Initialize and script ActiveX controls not marked as safe) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1201' +State ID : oval:mil.disa.fso.ie:ste:42400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Initialize and script ActiveX controls not marked as safe' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59371 + V-46507 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:42600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59373 + V-46509 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Access data sources across domains) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1406' +State ID : oval:mil.disa.fso.ie:ste:42700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Access data sources across domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1406" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59375 + V-46511 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow drag and drop or copy and paste files) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1802' +State ID : oval:mil.disa.fso.ie:ste:42800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow drag and drop or copy and paste files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value for "1802" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59377 + V-46513 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching applications and files in an IFRAME) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:42900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1804' +State ID : oval:mil.disa.fso.ie:ste:42900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Launching applications and files in an IFRAME' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1804" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59379 + V-46515 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Navigate windows and frames across different domains) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1607' +State ID : oval:mil.disa.fso.ie:ste:43000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Navigate windows and frames across different domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\3 Criteria: If the value "1607" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59381 + V-46517 + CCI-001199 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Userdata persistence) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1606' +State ID : oval:mil.disa.fso.ie:ste:43100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Userdata persistence' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1606" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59385 + V-46521 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow cut, copy, or paste operations from the clipboard via script) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1407' +State ID : oval:mil.disa.fso.ie:ste:43200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow cut, copy or paste operations from the clipboard via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1407" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59387 + V-46523 + CCI-001184 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Logon options) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1A00' +State ID : oval:mil.disa.fso.ie:ste:43300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '65536' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Logon options' must be 'Enabled', and 'Prompt for user name and password' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1A00" is REG_DWORD = 65536 (decimal), this is not a finding. + + + + fail + SV-59389 + V-46525 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:43400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '65536' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Intranet Zone -> 'Java permissions' must be 'Enabled', and 'High Safety' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Criteria: If the value "1C00" is REG_DWORD = 65536, (Decimal), this is not a finding. + + + + fail + SV-59865 + V-46999 + CCI-001662 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Don't run antimalware programs against ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:56600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' +Object Requirement : name must be equal to '270C' +State ID : oval:mil.disa.fso.ie:ste:56600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Intranet Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59407 + V-46543 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:43500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '65536' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Trusted Sites Zone -> 'Java permissions' must be 'Enabled', and 'High Safety' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Criteria: If the value "1C00" is REG_DWORD = 65536, (Decimal), this is not a finding. + + + + fail + SV-59875 + V-47009 + CCI-001662 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Don't run antimalware programs against ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:56900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' +Object Requirement : name must be equal to '270C' +State ID : oval:mil.disa.fso.ie:ste:56900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Trusted Sites Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59409 + V-46545 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Enable dragging of content from different domains within a window) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:54900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2708' +State ID : oval:mil.disa.fso.ie:ste:54900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Internet Zone 'Enable dragging of content from different domains within a window' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2708" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59411 + V-46547 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer-> Internet Control Panel\Security Page\Restricted Sites Zone\Enable dragging of content from different domains across windows) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:54800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2709' +State ID : oval:mil.disa.fso.ie:ste:54800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Restricted Sites Zone 'Enable dragging of content from different domains across windows' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2709" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59413 + V-46549 + CCI-001695 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Internet Explorer Processes must be Enabled) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:53500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:53500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59417 + V-46553 + CCI-001695 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Internet Explorer Processes must be Enabled) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:53600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:53600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59419 + V-46555 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone/Enable dragging of content from different domains within a window) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:55000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2708' +State ID : oval:mil.disa.fso.ie:ste:55000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Restricted Sites Zone 'Enable dragging of content from different domains within a window' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2708" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59863 + V-46997 + CCI-001662 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Don't run antimalware programs against ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:56500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '270C' +State ID : oval:mil.disa.fso.ie:ste:56500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Internet Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59871 + V-47005 + CCI-001662 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Don't run antimalware programs against ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:56800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '270C' +State ID : oval:mil.disa.fso.ie:ste:56800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-79201 + V-64711 + CCI-001242 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverride is a REG_DWORD equal to 1) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\PhishingFilter' +Object Requirement : name must be equal to 'PreventOverride' +State ID : oval:mil.disa.fso.ie:ste:57800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + If the system is on the SIPRNet, this requirement is NA. + +The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent bypassing SmartScreen Filter warnings” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter. + +Criteria: If the value "PreventOverride" is REG_DWORD = 1, this is not a finding. + + + + + fail + SV-79203 + V-64713 + CCI-001169 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverrideAppRepUnknown is a REG_DWORD equal to 1) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\PhishingFilter' +Object Requirement : name must be equal to 'PreventOverrideAppRepUnknown' +State ID : oval:mil.disa.fso.ie:ste:57200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + If the system is on the SIPRNet, this requirement is NA. + +The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter. + +Criteria: If the value "PreventOverrideAppRepUnknown" is REG_DWORD = 1, this is not a finding. + + + + + fail + SV-79205 + V-64715 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX\BlockNonAdminActiveXInstall is a REG_DWORD equal to 1) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Security\ActiveX' +Object Requirement : name must be equal to 'BlockNonAdminActiveXInstall' +State ID : oval:mil.disa.fso.ie:ste:57400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent per-user installation of ActiveX controls” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX. + +Criteria: If the value "BlockNonAdminActiveXInstall" is REG_DWORD = 1, this is not a finding. + + + + + fail + SV-79207 + V-64717 + CCI-002470 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\PreventIgnoreCertErrors is a REG_DWORD equal to 1) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'PreventIgnoreCertErrors' +State ID : oval:mil.disa.fso.ie:ste:57500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> ”Prevent ignoring certificate errors” must be ”Enabled”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings. + +Criteria: If the value "PreventIgnoreCertErrors" is REG_DWORD = 1, this is not a finding. + + + + + fail + SV-79209 + V-64719 + CCI-001242 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301 is a REG_DWORD equal to 0) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2301' +State ID : oval:mil.disa.fso.ie:ste:57700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> ”Turn on SmartScreen Filter scan” must be ”Enabled” and ”Enable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3. + +Criteria: If the value "2301" is REG_DWORD = 0, this is not a finding. + + + + + fail + SV-79211 + V-64721 + CCI-001242 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2301 is a REG_DWORD equal to 0) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2301' +State ID : oval:mil.disa.fso.ie:ste:57600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> ”Turn on SmartScreen Filter scan” must be ”Enabled” and ”Enable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4. + +Criteria: If the value "2301" is REG_DWORD = 0, this is not a finding. + + + + + fail + SV-79213 + V-64723 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1201 is a REG_DWORD equal to 3) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' +Object Requirement : name must be equal to '1201' +State ID : oval:mil.disa.fso.ie:ste:57900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Intranet Zone >> ”Initialize and script ActiveX controls not marked as safe” must be ”Enabled” and ”Disable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1. + +Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + + fail + SV-79215 + V-64725 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1201 is a REG_DWORD equal to 3) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:57300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2' +Object Requirement : name must be equal to '1201' +State ID : oval:mil.disa.fso.ie:ste:57300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Trusted Sites Zone >> ”Initialize and script ActiveX controls not marked as safe” must be ”Enabled” and ”Disable” selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2. + +Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + + fail + SV-87395 + V-72757 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Check if HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\RunThisTimeEnabled is set to 0) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58500 (registry_test) +Result : false +Check Existence : All collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext' +Object Requirement : name must be equal to 'RunThisTimeEnabled' +State ID : oval:mil.disa.fso.ie:ste:58500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, verify "Remove the Run this time button for outdated ActiveX controls in IE" is set to “Enabled”. + +Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext + +If the value "RunThisTimeEnabled" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-87397 + V-72759 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Check if HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\VersionCheckEnabled is set to 1) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows\CurrentVersion\Policies\Ext' +Object Requirement : name must be equal to 'VersionCheckEnabled' +State ID : oval:mil.disa.fso.ie:ste:58600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, verify "Turn off blocking of outdated ActiveX controls for Internet Explorer" is set to “Disabled”. + +Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext + +If the value "VersionCheckEnabled" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-87399 + V-72761 + CCI-000381 + Result : false +Tests : false (One or more child checks must be true.) + : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow only approved domains to use the TDC ActiveX control) + : true (All child checks must be true.) + : true (The OS Version is equal to or greater than 6.3) + : true (The OS Build is equal to or greater than 14393) + : false (All child checks must be true.) + : false (All child checks must be true.) (negated) + : true (The OS Version is equal to or greater than 6.3) + : true (The OS Build is equal to or greater than 14393) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '120c' +State ID : oval:mil.disa.fso.ie:ste:58300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58700 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentVersion' +State ID : oval:mil.disa.fso.ie:ste:58700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '6.3' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentVersion' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '6.3' + : windows_view equals '64_bit' + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58701 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentBuildNumber' +State ID : oval:mil.disa.fso.ie:ste:58701 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '14393' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentBuildNumber' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '20348' + : windows_view equals '64_bit' + + + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone, verify "Allow only approved domains to use the TDC ActiveX control" is “Enabled”. + +In the Options window, verify the “Only allow approved domains to use the TDC ActiveX control" drop-down box is set to “Enable”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 + +Criteria: + +If the value "120c" is REG_DWORD = “3”, this is not a finding. + + + + fail + SV-59437 + V-46573 + CCI-001169 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download signed ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1001' +State ID : oval:mil.disa.fso.ie:ste:43600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Download signed ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1001" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-87401 + V-72763 + CCI-000381 + Result : false +Tests : false (One or more child checks must be true.) + : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow only approved domains to use the TDC ActiveX control) + : true (All child checks must be true.) + : true (The OS Version is equal to or greater than 6.3) + : true (The OS Build is equal to or greater than 14393) + : false (All child checks must be true.) + : false (All child checks must be true.) (negated) + : true (The OS Version is equal to or greater than 6.3) + : true (The OS Build is equal to or greater than 14393) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '120c' +State ID : oval:mil.disa.fso.ie:ste:58400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58700 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentVersion' +State ID : oval:mil.disa.fso.ie:ste:58700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '6.3' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentVersion' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '6.3' + : windows_view equals '64_bit' + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58701 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentBuildNumber' +State ID : oval:mil.disa.fso.ie:ste:58701 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '14393' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentBuildNumber' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '20348' + : windows_view equals '64_bit' + + + + + + In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone, verify "Allow only approved domains to use the TDC ActiveX control" is “Enabled”. + +In the Options window, verify the “Only allow approved domains to use the TDC ActiveX control" drop-down box is set to “Enable”. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 + +Criteria: + +If the value "120c" is REG_DWORD = “3”, this is not a finding. + + + + fail + SV-89849 + V-75169 + CCI-001169 + Result : false +Tests : false (One or more child checks must be true.) + : false (Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow VBScript to run in Internet Explorer' setting is set to 'Enable' and 'Disable' selected from the drop-down box in Group Policy.) + : false (All child checks must be true.) (negated) + : true (The OS Version is equal to or greater than 6.3) + : true (The OS Build is equal to or greater than 15063) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '140C' +State ID : oval:mil.disa.fso.ie:ste:58800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58700 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentVersion' +State ID : oval:mil.disa.fso.ie:ste:58700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '6.3' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentVersion' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '6.3' + : windows_view equals '64_bit' + +--- + +Test ID : oval:mil.disa.fso.ie:tst:59000 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentBuildNumber' +State ID : oval:mil.disa.fso.ie:ste:59000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '15063' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentBuildNumber' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '20348' + : windows_view equals '64_bit' + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> "Allow VBScript to run in Internet Explorer" must be "Enabled", and "Disable" must be selected from the drop-down box. + +Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 + +If the value for "140C" is not REG_DWORD = 3, this is a finding. + + + + fail + SV-59439 + V-46575 + CCI-001169 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download unsigned ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1004' +State ID : oval:mil.disa.fso.ie:ste:43700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Download unsigned ActiveX controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1004" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-89851 + V-75171 + CCI-001169 + Result : false +Tests : false (One or more child checks must be true.) + : false (Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone->'Allow VBScript to run in Internet Explorer' setting is set to 'Enable' and 'Disable' selected from the drop-down box in Group Policy.) + : false (All child checks must be true.) (negated) + : true (The OS Version is equal to or greater than 6.3) + : true (The OS Build is equal to or greater than 15063) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '140C' +State ID : oval:mil.disa.fso.ie:ste:58900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58700 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentVersion' +State ID : oval:mil.disa.fso.ie:ste:58700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '6.3' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentVersion' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '6.3' + : windows_view equals '64_bit' + +--- + +Test ID : oval:mil.disa.fso.ie:tst:59000 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'CurrentBuildNumber' +State ID : oval:mil.disa.fso.ie:ste:59000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be greater than or equal to '15063' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'Software\Microsoft\Windows NT\CurrentVersion' + : name equals 'CurrentBuildNumber' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals '20348' + : windows_view equals '64_bit' + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> "Allow VBScript to run in Internet Explorer" must be "Enabled", and "Disable" must be selected from the drop-down box. + +Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 + +If the value for "140C" is not REG_DWORD = 3, this is a finding. + + + + fail + SV-106631 + V-97527 + CCI-001312 + Result : false +Tests : false (All child checks must be true.) + : false (Developer Tools are disabled) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:59100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\IEDevTools' +Object Requirement : name must be equal to 'Disabled' +State ID : oval:mil.disa.fso.ie:ste:59100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Toolbars >> “Turn off Developer Tools” must be “Enabled”. +Procedure: Use the Windows Registry Editor to navigate to the following key: HKEY_LOCAL_Machine\SOFTWARE\Policies\Microsoft\Internet Explorer\IEDevTools +Criteria: If the value "Disabled" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59441 + V-46577 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1201' +State ID : oval:mil.disa.fso.ie:ste:43800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Initialize and script ActiveX controls not marked as safe' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1201" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59443 + V-46579 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:43900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1200' +State ID : oval:mil.disa.fso.ie:ste:43900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run ActiveX controls and plugins' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1200" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59445 + V-46581 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1405' +State ID : oval:mil.disa.fso.ie:ste:44000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Script ActiveX controls marked safe for scripting' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1405" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59447 + V-46583 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow file downloads) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1803' +State ID : oval:mil.disa.fso.ie:ste:44100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow file downloads' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1803" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59451 + V-46587 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:45300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:45300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59453 + V-46589 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Access data sources across domains) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1406' +State ID : oval:mil.disa.fso.ie:ste:44300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Access data sources across domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1406" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59455 + V-46591 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow META REFRESH) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1608' +State ID : oval:mil.disa.fso.ie:ste:44400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow META REFRESH' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1608" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59457 + V-46593 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow drag and drop or copy and paste files) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1802' +State ID : oval:mil.disa.fso.ie:ste:44500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow drag and drop or copy and paste files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1802" is REG_DWORD=3, this is not a finding. + + + + fail + SV-59461 + V-46597 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching applications and files in an IFRAME) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1804' +State ID : oval:mil.disa.fso.ie:ste:44700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Launching applications and files in an IFRAME' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1804" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59463 + V-46599 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Navigate windows and frames across different domains) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1607' +State ID : oval:mil.disa.fso.ie:ste:44800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Navigate windows and frames across different domains' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1607" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59465 + V-46601 + CCI-001199 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Userdata persistence) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:44900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1606' +State ID : oval:mil.disa.fso.ie:ste:44900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Userdata persistence' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1606" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59467 + V-46603 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active scripting) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:45000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1400' +State ID : oval:mil.disa.fso.ie:ste:45000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow active scripting' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1400" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59469 + V-46605 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow cut, copy, or paste operations from the clipboard via script) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:45100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1407' +State ID : oval:mil.disa.fso.ie:ste:45100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow cut, copy or paste operations from the clipboard via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1407" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59471 + V-46607 + CCI-001184 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Logon options) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:45200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1A00' +State ID : oval:mil.disa.fso.ie:ste:45200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '196608' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Logon options' must be 'Enabled', and 'Anonymous logon' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1A00" is REG_DWORD = 196608 (decimal), this is not a finding. + + + + fail + SV-59473 + V-46609 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Disable Configuring History must be Enabled) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\40 entered in Days to keep pages in History) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51301 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Control Panel' +Object Requirement : name must be equal to 'History' +State ID : oval:mil.disa.fso.ie:ste:51301 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History' +Object Requirement : name must be equal to 'DaysToKeep' +State ID : oval:mil.disa.fso.ie:ste:51300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '40' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Disable Configuring History' must be 'Enabled', and '40' entered in 'Days to keep pages in History'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel Criteria: If the value "History" is REG_DWORD = 1, this is not a finding. AND Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History Criteria: If the value "DaysToKeep" is REG_DWORD = 40 (decimal), this is not a finding. + + + + fail + SV-59479 + V-46615 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Security Zones: Do Not Allow Users to Add/Delete Sites) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:41900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'Security_zones_map_edit' +State ID : oval:mil.disa.fso.ie:ste:41900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Do not allow users to add/delete sites' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "Security_zones_map_edit" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59481 + V-46617 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Security Zones: Do Not Allow Users to Change Policies) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:41800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'Security_options_edit' +State ID : oval:mil.disa.fso.ie:ste:41800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Do not allow users to change policies' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "Security_options_edit" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59483 + V-46619 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Security Zones: Use Only Machine Settings) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:41700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'Security_HKLM_only' +State ID : oval:mil.disa.fso.ie:ste:41700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Use only machine settings' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "Security_HKLM_only" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59485 + V-46621 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Turn off the Security Settings Check feature) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:45700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Security' +Object Requirement : name must be equal to 'DisableSecuritySettingsCheck' +State ID : oval:mil.disa.fso.ie:ste:45700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off the Security Settings Check feature' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Security Criteria: If the value "DisableSecuritySettingsCheck" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59489 + V-46625 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Advanced Page \Allow Software to Run or Install Even if the Signature is Invalid) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:45900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Download' +Object Requirement : name must be equal to 'RunInvalidSignatures' +State ID : oval:mil.disa.fso.ie:ste:45900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + Note: Some legitimate software and controls may have an invalid signature. You should carefully test such software in isolation before it is allowed to be used on an organization's network. + +The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Allow software to run or install even if the signature is invalid' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Download Criteria: If the value "RunInvalidSignatures" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59861 + V-46995 + CCI-001084 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:56400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main' +Object Requirement : name must be equal to 'Isolation64Bit' +State ID : oval:mil.disa.fso.ie:ste:56400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Note: If McAfee ENS Web Control is being used, this is Not Applicable. + +The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Advanced Page 'Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "Isolation64Bit" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59493 + V-46629 + CCI-000185 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Advanced Page \Check for Server Certificate Revocation) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'CertificateRevocation' +State ID : oval:mil.disa.fso.ie:ste:46100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Check for server certificate revocation' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value "CertificateRevocation" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59497 + V-46633 + CCI-001779 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Advanced Page \Check for Signature on Downloaded Programs) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Download' +Object Requirement : name must be equal to 'CheckExeSignatures' +State ID : oval:mil.disa.fso.ie:ste:46200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to 'yes' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> 'Check for signatures on downloaded programs' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Download Criteria: If the value "CheckExeSignatures" is REG_SZ = yes, this is not a finding. + + + + fail + SV-59499 + V-46635 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all network paths (UNCs)) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' +Object Requirement : name must be equal to 'UNCAsIntranet' +State ID : oval:mil.disa.fso.ie:ste:46300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> 'Intranet Sites: Include all network paths (UNCs)' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Criteria: If the value "UNCAsIntranet" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59501 + V-46637 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow script-initiated windows without size or position constraints) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2102' +State ID : oval:mil.disa.fso.ie:ste:46400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow script-initiated windows without size or position constraints' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2102" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59503 + V-46639 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow script-initiated windows without size or position constraints) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2102' +State ID : oval:mil.disa.fso.ie:ste:46500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow script-initiated windows without size or position constraints' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2102" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59505 + V-46641 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow Scriptlets) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1209' +State ID : oval:mil.disa.fso.ie:ste:46600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow Scriptlets' must be 'Enabled', and 'Disable' from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1209" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59507 + V-46643 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for file downloads) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2200' +State ID : oval:mil.disa.fso.ie:ste:46700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Automatic prompting for file downloads' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2200" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59509 + V-46645 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:46800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Local Machine Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59869 + V-47003 + CCI-001662 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Don't run antimalware programs against ActiveX controls) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:56700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0' +Object Requirement : name must be equal to '270C' +State ID : oval:mil.disa.fso.ie:ste:56700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel -> Security Page ->Local Machine Zone 'Don't run antimalware programs against ActiveX controls' must be 'Enabled' and 'Disable' selected in the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Criteria: If the value "270C" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59511 + V-46647 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Locked Down Local Machine Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:46900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:46900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Local Machine Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59513 + V-46649 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Locked Down Intranet Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:47000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:47000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Intranet Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Criteria: If the value" 1C00" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59517 + V-46653 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Locked Down Trusted Sites Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:47100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:47100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Trusted Sites Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59527 + V-46663 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Locked Down restricted Sites Zone\Java permissions) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:47300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4' +Object Requirement : name must be equal to '1C00' +State ID : oval:mil.disa.fso.ie:ste:47300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Restricted Sites Zone -> 'Java permissions' must be 'Enabled', and 'Disable Java' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Criteria: If the value "1C00" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59529 + V-46665 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Loose or un-compiled XAML files) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:47400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2402' +State ID : oval:mil.disa.fso.ie:ste:47400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow loading of XAML files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2402" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59533 + V-46669 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Loose XAML files) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:47500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2402' +State ID : oval:mil.disa.fso.ie:ste:47500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow loading of XAML files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2402" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59545 + V-46681 + CCI-001084 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn On Protected Mode) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2500' +State ID : oval:mil.disa.fso.ie:ste:48000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Turn on Protected Mode' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2500" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59549 + V-46685 + CCI-001084 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn On Protected Mode) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2500' +State ID : oval:mil.disa.fso.ie:ste:48100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Turn on Protected Mode' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2500" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59553 + V-46689 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use Pop-up Blocker) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1809' +State ID : oval:mil.disa.fso.ie:ste:48200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Use Pop-up Blocker' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1809" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59555 + V-46691 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use Pop-up Blocker) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1809' +State ID : oval:mil.disa.fso.ie:ste:48300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Use Pop-up Blocker' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1809" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59557 + V-46693 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Web sites in less privileged Web content zones can navigate into this zone) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2101' +State ID : oval:mil.disa.fso.ie:ste:48400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Web sites in less privileged Web content zones can navigate into this zone' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2101" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59559 + V-46695 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2101' +State ID : oval:mil.disa.fso.ie:ste:48500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Web sites in less privileged Web content zones can navigate into this zone' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2101" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59565 + V-46701 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow binary and script behaviors) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2000' +State ID : oval:mil.disa.fso.ie:ste:48600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow binary and script behaviors' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2000" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59569 + V-46705 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for file downloads) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2200' +State ID : oval:mil.disa.fso.ie:ste:48700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Automatic prompting for file downloads' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2200" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59573 + V-46709 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:48800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59575 + V-46711 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:50200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59577 + V-46713 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:50300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Consistent Mime Handling -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59579 + V-46715 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:48900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:48900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59581 + V-46717 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Internet Explorer Processes must be Enabled) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:51000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59583 + V-46719 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Internet Explorer Processes must be Enabled) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:51100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Mime Sniffing Safety Feature -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59585 + V-46721 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:50400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59587 + V-46723 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:49000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59589 + V-46725 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:49100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59591 + V-46727 + CCI-001084 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:49200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59593 + V-46729 + CCI-001084 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:50500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59595 + V-46731 + CCI-001084 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:50600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Protection From Zone Elevation -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59597 + V-46733 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\ Internet Explorer\Security Features\Restrict File Download\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:49300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59645 + V-46779 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:49400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59647 + V-46781 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:49500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict File Download -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59653 + V-46787 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:49600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59655 + V-46789 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:50700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value "explorer.exe is REG_SZ = 1, this is not a finding. + + + + fail + SV-59657 + V-46791 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:50800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59663 + V-46797 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2004' +State ID : oval:mil.disa.fso.ie:ste:49700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run .NET Framework-reliant components not signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2004" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59665 + V-46799 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2001' +State ID : oval:mil.disa.fso.ie:ste:49800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run .NET Framework-reliant components signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2001" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59667 + V-46801 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Scripting of Java applets) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:49900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1402' +State ID : oval:mil.disa.fso.ie:ste:49900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Scripting of Java applets' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1402" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59673 + V-46807 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Check for publishers certificate revocation must be enforced.) + +--- + +Test ID : oval:navy.navwar.niwcatlantic.scc.ie:tst:2121 (ntuser_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main' +Object Requirement : name must be equal to 'FormSuggest PW Ask' +Exclude Items If : enabled equals 'false' +State ID : oval:navy.navwar.niwcatlantic.scc.ie:ste:2121 (ntuser_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to 'no' + +Collected Item/State Result : not evaluated +Message : enabled + : key does not exist + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-1000' + : username equals 'SOT-WIN2K22-01\soteriaadmin' + : account_type equals 'local' + : logged_on equals 'false' + : enabled equals 'true' + : date_modified equals '133512768490000000' + : days_since_modified equals '1' + : filepath equals 'C:\Users\soteriaadmin\ntuser.dat' + +Collected Item/State Result : not evaluated +Message : enabled + : key does not exist + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-1004' + : username equals 'SOT-WIN2K22-01\degthat' + : account_type equals 'local' + : logged_on equals 'true' + : enabled equals 'true' + : date_modified equals '133512799700000000' + : days_since_modified equals '1' + : filepath equals 'C:\Users\degthat\ntuser.dat' + +Collected Item/State Result : not evaluated +Message : enabled + : key does not exist + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-500' + : username equals 'SOT-WIN2K22-01\xadmin' + : account_type equals 'local' + : logged_on equals 'false' + : enabled equals 'true' + : date_modified equals '133444605280000000' + : days_since_modified equals '79' + : filepath equals 'C:\Users\Administrator\ntuser.dat' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Disable AutoComplete for forms' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "Use FormSuggest" is REG_SZ = no, this is not a finding. + + + + fail + SV-59677 + V-46811 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Turn Off Crash Detection) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:50900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Restrictions' +Object Requirement : name must be equal to 'NoCrashDetection' +State ID : oval:mil.disa.fso.ie:ste:50900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off Crash Detection' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key:HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions Criteria: If the value "NoCrashDetection" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59681 + V-46815 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (AutoComplete feature for forms must be disallowed..) + +--- + +Test ID : oval:navy.navwar.niwcatlantic.scc.ie:tst:2161 (ntuser_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main' +Object Requirement : name must be equal to 'Use FormSuggest' +Exclude Items If : enabled equals 'false' +State ID : oval:navy.navwar.niwcatlantic.scc.ie:ste:2161 (ntuser_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to 'no' + +Collected Item/State Result : not evaluated +Message : enabled + : key does not exist + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-1000' + : username equals 'SOT-WIN2K22-01\soteriaadmin' + : account_type equals 'local' + : logged_on equals 'false' + : enabled equals 'true' + : date_modified equals '133512768490000000' + : days_since_modified equals '1' + : filepath equals 'C:\Users\soteriaadmin\ntuser.dat' + +Collected Item/State Result : not evaluated +Message : enabled + : key does not exist + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-1004' + : username equals 'SOT-WIN2K22-01\degthat' + : account_type equals 'local' + : logged_on equals 'true' + : enabled equals 'true' + : date_modified equals '133512799700000000' + : days_since_modified equals '1' + : filepath equals 'C:\Users\degthat\ntuser.dat' + +Collected Item/State Result : not evaluated +Message : enabled + : key does not exist + : sid equals 'S-1-5-21-462987543-1079722614-3829819227-500' + : username equals 'SOT-WIN2K22-01\xadmin' + : account_type equals 'local' + : logged_on equals 'false' + : enabled equals 'true' + : date_modified equals '133444605280000000' + : days_since_modified equals '79' + : filepath equals 'C:\Users\Administrator\ntuser.dat' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn on the auto-complete feature for user names and passwords on forms' must be 'Disabled'. +Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "FormSuggest Passwords" is REG_SZ = 'no', this is not a finding. AND Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "FormSuggest PW Ask" is REG_SZ = 'no', this is not a finding. + + + + fail + SV-59685 + V-46819 + CCI-001166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Managing SmartScreen Filter) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\PhishingFilter' +Object Requirement : name must be equal to 'EnabledV9' +State ID : oval:mil.disa.fso.ie:ste:51400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + If the system is on the SIPRNet, this requirement is NA. + +The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> "Prevent Managing SmartScreen Filter" must be "Enabled", and "On" selected from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter + +Criteria: If the value "EnabledV9" is "REG_DWORD = 1", this is not a finding. + + + + fail + SV-59695 + V-46829 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Delete Browsing History\Configure Delete Browsing History on exit) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Privacy' +Object Requirement : name must be equal to 'ClearBrowsingHistoryOnExit' +State ID : oval:mil.disa.fso.ie:ste:51600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Allow deleting browsing history on exit' must be 'Disabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy Criteria: If the value "ClearBrowsingHistoryOnExit" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59707 + V-46841 + CCI-000169 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Delete Browsing History\Prevent Deleting Web sites that the User has Visited) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Privacy' +Object Requirement : name must be equal to 'CleanHistory' +State ID : oval:mil.disa.fso.ie:ste:51700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> 'Prevent Deleting Web sites that the User has Visited' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy Criteria: If the value "CleanHistory" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59713 + V-46847 + CCI-000166 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\InPrivate\Turn off InPrivate Browsing) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Privacy' +Object Requirement : name must be equal to 'EnableInPrivateBrowsing' +State ID : oval:mil.disa.fso.ie:ste:51800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Privacy -> 'Turn off InPrivate Browsing' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy Criteria: If the value "EnableInPrivateBrowsing" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59715 + V-46849 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow scripting of Internet Explorer web browser control) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:51900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1206' +State ID : oval:mil.disa.fso.ie:ste:51900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Allow scripting of Internet Explorer WebBrowser controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1206" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59719 + V-46853 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Include local directory path when uploading files to a server) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '160A' +State ID : oval:mil.disa.fso.ie:ste:52000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Include local path when user is uploading files to a server' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "160A" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59723 + V-46857 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Notification Bar\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:54100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:54100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59725 + V-46859 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching programs and unsafe files) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1806' +State ID : oval:mil.disa.fso.ie:ste:52100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Show security warning for potentially unsafe files' must be 'Enabled', and 'Prompt' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1806" is REG_DWORD = 1, this is not a finding. + + + + fail + SV-59727 + V-46861 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Notification Bar\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:54200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' +Object Requirement : name must be equal to 'explorer.exe' +State ID : oval:mil.disa.fso.ie:ste:54200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Criteria: If the value "explorer.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59729 + V-46865 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Only allow approved domains to use ActiveX controls without prompt) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '120B' +State ID : oval:mil.disa.fso.ie:ste:52200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> ' Allow only approved domains to use ActiveX controls without prompt' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "120b" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59735 + V-46869 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Notification Bar\Internet Explorer Processes) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:54300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND' +Object Requirement : name must be equal to 'iexplore.exe' +State ID : oval:mil.disa.fso.ie:ste:54300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features-> Notification Bar-> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Criteria: If the value "iexplore.exe" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59745 + V-46879 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting (XSS) Filter must be Enabled and Enable selected) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '1409' +State ID : oval:mil.disa.fso.ie:ste:52300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> 'Turn on Cross-Site Scripting Filter' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "1409" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59749 + V-46883 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow scripting of Internet Explorer web browser control) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1206' +State ID : oval:mil.disa.fso.ie:ste:52400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow scripting of Internet Explorer WebBrowser controls' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1206" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59751 + V-46885 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Include local directory path when uploading files to a server) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52500 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '160A' +State ID : oval:mil.disa.fso.ie:ste:52500 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Include local path when user is uploading files to a server' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "160A" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59755 + V-46889 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching programs and unsafe files) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1806' +State ID : oval:mil.disa.fso.ie:ste:52600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Show security warning for potentially unsafe files' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1806" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59759 + V-46893 + CCI-001170 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '120B' +State ID : oval:mil.disa.fso.ie:ste:52700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Allow only approved domains to use ActiveX controls without prompt' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "120b" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59761 + V-46895 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52800 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1409' +State ID : oval:mil.disa.fso.ie:ste:52800 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Turn on Cross-Site Scripting Filter' must be 'Enabled', and 'Enable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1409" is REG_DWORD = 0, this is not a finding. + + + + fail + SV-59763 + V-46897 + CCI-001695 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Internet Explorer Processes must be Enabled) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:52900 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL' +Object Requirement : name must be equal to '(Reserved)' +State ID : oval:mil.disa.fso.ie:ste:52900 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> 'Internet Explorer Processes' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value "(Reserved)" is REG_SZ = 1, this is not a finding. + + + + fail + SV-59769 + V-46903 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow status bar updates via script must be Enabled and Disable selected) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:53000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2103' +State ID : oval:mil.disa.fso.ie:ste:53000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Allow updates to status bar via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2103" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59773 + V-46907 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components not signed with Authenticode) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:53100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2004' +State ID : oval:mil.disa.fso.ie:ste:53100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Run .NET Framework-reliant components not signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2004" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59787 + V-46921 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components signed with Authenticode) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:53200 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2001' +State ID : oval:mil.disa.fso.ie:ste:53200 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone 'Run .NET Framework-reliant components signed with Authenticode' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2001" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59793 + V-46927 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow Scriptlets) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:53300 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '1209' +State ID : oval:mil.disa.fso.ie:ste:53300 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : for check = 'all', value, the following must be true: +State Requirement : value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Allow Scriptlets' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1209" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59805 + V-46939 + CCI-000381 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow status bar updates via script must be Enabled and Disabled selected) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:53400 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4' +Object Requirement : name must be equal to '2103' +State ID : oval:mil.disa.fso.ie:ste:53400 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone 'Allow updates to status bar via script' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "2103" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59841 + V-46975 + CCI-000366 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Advanced Page/Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode ) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:55600 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Internet Explorer\Main' +Object Requirement : name must be equal to 'DisableEPMCompat' +State ID : oval:mil.disa.fso.ie:ste:55600 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + Note: If McAfee ENS Web Control is being used, this is Not Applicable. + +The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Advanced Page 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value "DisableEPMCompat" is REG_DWORD = 1, this is not a finding. + + + + + fail + SV-59847 + V-46981 + CCI-001414 + Result : false +Tests : false (All child checks must be true.) + : false (Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Enable dragging of content from different domains across windows) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:54700 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3' +Object Requirement : name must be equal to '2709' +State ID : oval:mil.disa.fso.ie:ste:54700 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '3' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Security Page-> Internet Zone 'Enable dragging of content from different domains across windows' must be 'Enabled', and 'Disabled' selected from the drop-down box. Procedure: Use the windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value "2709" is REG_DWORD = 3, this is not a finding. + + + + fail + SV-59337 + V-46473 + CCI-002480 + Result : false +Tests : false (All child checks must be true.) + : false ('turn off encryption support' setting is handled by Group Policy.) + : false (TLS 1.2 must be selected for the IE option 'turn off encryption support' via Group Policy.) + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58000 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : Result is based on check existence only. +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'SecureProtocols' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58001 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'SecureProtocols' +State ID : oval:mil.disa.fso.ie:ste:58000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '2048' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" must be "Enabled". + +Verify the only option selected is "Only use TLS 1.2" from the drop-down box. + +Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols. + +Criteria: If the value for "SecureProtocols" is not REG_DWORD = "2048", this is a finding. + + + + fail + SV-79219 + V-64729 + CCI-002480 + Result : false +Tests : false (All child checks must be true.) + : false ('Allow Fallback to SSL 3.0 (Internet Explorer)' is set to 'Enabled' with 'Allow insecure fallback for:' set to 'No Sites') + +--- + +Test ID : oval:mil.disa.fso.ie:tst:58100 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings' +Object Requirement : name must be equal to 'EnableSSL3Fallback' +State ID : oval:mil.disa.fso.ie:ste:58100 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +Additional Information : Collected Item did not meet the check existence requirement. + + + + + The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> "Allow fallback to SSL 3.0 (Internet Explorer)" must be "Enabled", and "No Sites" selected from the drop-down box. If "Allow fallback to SSL 3.0 (Internet Explorer)" is not "Enabled" or any other drop-down option is selected, this is a finding. + +Procedure: Use the Windows Registry Editor to navigate to the following key: + +HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings. + +Criteria: If the value "EnableSSL3Fallback" is REG_DWORD=0, this is not a finding. + + + + pass + CCI-002635 + Result : true +Tests : true (One or more child checks must be true.) + : false (All child checks must be true.) + : true (One or more child checks must be true.) + : true (64-bit Microsoft Edge is installed) (negated) + : false (32-bit Microsoft Edge is installed) (negated) + : false (Internet Explorer 11 is disabled as a standalone browser) + : false (Internet Explorer 11 optional feature disabled or not installed) + : false (The OS is Windows Enterprise LTSC) + : true (The OS is Windows Server) + +--- + +Test ID : oval:mil.disa.stig.edge:tst:100 (registry_test) +Result : false +Check Existence : No collected items may exist. +Check : Result is based on check existence only. +Object Requirement : Collect any available items. +Include Items If : value equals 'Microsoft Edge' + +Collected Item/State Result : not evaluated + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge' + : name equals 'DisplayName' + : last_write_time equals '133511143300000000' + : type equals 'reg_sz' + : value equals 'Microsoft Edge' + : windows_view equals '64_bit' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.stig.edge:tst:101 (registry_test) +Result : true +Check Existence : No collected items may exist. +Check : Result is based on check existence only. +Object Requirement : Collect any available items. +Include Items If : value equals 'Microsoft Edge' + +--- + +Test ID : oval:mil.disa.stig.win:tst:25689301 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +State Operator : One or more item-state comparisons may be true. +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Policies\Microsoft\Internet Explorer\Main' +Object Requirement : name must be equal to 'NotifyDisableIEOptions' +State ID : oval:mil.disa.stig.win:ste:20000000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '0' +State ID : oval:mil.disa.stig.win:ste:20000001 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '1' +State ID : oval:mil.disa.stig.win:ste:20000002 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_dword' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to '2' +Additional Information : Collected Item did not meet the check existence requirement. + +--- + +Test ID : oval:mil.disa.stig.win:tst:25689300 (wmi57_test) +Result : false +Check Existence : Zero or more collected items may exist. +Check : All collected items must match the given state(s). +Object Requirement : namespace must be equal to 'root\cimv2' +Object Requirement : wql must be equal to 'SELECT installstate FROM win32_optionalfeature WHERE name = 'Internet-Explorer-Optional-amd64'' +State ID : oval:mil.disa.stig.win:ste:20000020 (wmi57_state) +State Requirement : for all 'result' the following must be true: + : at least one installstate must be equal to '2' + +Collected Item/State Result : false + : namespace equals 'root\cimv2' + : wql equals 'SELECT installstate FROM win32_optionalfeature WHERE name = 'Internet-Explorer-Optional-amd64'' + : collected 'result' result: + : installstate = '1' +Additional Information : Collected Item did not meet the check requirement. + +--- + +Test ID : oval:mil.disa.stig.win:tst:22070601 (registry_test) +Result : false +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal (case insensitive) to 'EditionId' +State ID : oval:mil.disa.stig.win:ste:22070602 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', type must be equal to 'reg_sz' +State Requirement : check_existence = 'at_least_one_exists', value must be equal to 'EnterpriseS' + +Collected Item/State Result : false + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'SOFTWARE\Microsoft\Windows NT\CurrentVersion' + : name equals 'EditionId' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals 'ServerStandard' + : windows_view equals '64_bit' +Additional Information : Collected Item did not meet the check requirement. + +--- + +Test ID : oval:mil.disa.stig.win:tst:25291002 (registry_test) +Result : true +Check Existence : One or more collected items must exist. +Check : All collected items must match the given state(s). +Object Requirement : hive must be equal to 'HKEY_LOCAL_MACHINE' +Object Requirement : key must be equal to 'SOFTWARE\Microsoft\Windows NT\CurrentVersion' +Object Requirement : name must be equal to 'ProductName' +State ID : oval:mil.disa.stig.win:ste:25291000 (registry_state) +State Requirement : check_existence = 'at_least_one_exists', value must match the pattern '^(?i)Windows Server .*$' + +Collected Item/State Result : true + : hive equals 'HKEY_LOCAL_MACHINE' + : key equals 'SOFTWARE\Microsoft\Windows NT\CurrentVersion' + : name equals 'ProductName' + : last_write_time equals '133512799040000000' + : type equals 'reg_sz' + : value equals 'Windows Server 2022 Standard' + : windows_view equals '64_bit' + + + + + Internet Explorer 11 is no longer supported on Windows 10 General Availability Channel. + +If Internet Explorer 11 is installed and enabled on Windows 10 General Availability Channel, this is a finding. + +If Internet Explorer 11 is installed and enabled on an unsupported OS, this is a finding. + + + 1.46 + 1.46 + 1.45985401459854 + 20 + 2 + 0 + + diff --git a/compliance-statements/PM-ComplianceStatements.xlsx b/compliance-statements/PM-ComplianceStatements.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..3346ddcd87efc802d66e128c09eb22155d00d8eb GIT binary patch literal 12438 zcmeHtgP7(|p82|}@1^@sA0E3^|W;!4MKpZ##fCPXB)fBX~aWb}X(p7S| zGj`Obb+fj@&j$x3&jo0fUH?@;u#r zi36pEnmOj?uQ}n5@B(=#7OXXh<13zw=c8t|Hr9;+VFPUnu#x^l-O4&xtaSZ@$0S{7 z7zqv<>ZiHLSbPi^y1LOOnSeC=rd|bRp-p~?a!fN6R35+W?4>~!g!O?I*iwyR_MzpT z4H=a+1h(%b)9~AqNHZ4Z6rMVl+ce_fk%XQrs4hBRC$NC@c9!2 zOf3N9EF29W!kSvDxs6J5ROn$(-s!MvHJu7k0aBOUE;?f=a2zt{%<^6KRY(z3nu zupy^nPoYD%v#W9N0+O!$Vr>LUK7QgW9~zDI;4o$mv8nVxXfP9-lU64xRbkd#8Q?u7w1WSTPG5k zJ{PKiAE#Bte24S}I|P+G-CtusT7Avnt`cNcK=Gs^q`HYU_b_oh(|10l@Bqjg#x8X{ zm5wsxXkfZn={00UaD9)dtZ2q=UTu)$z(MG)Yh=}ZDU{iT^z20=lQpD3$c%W$I4(L! zl6&o|QO|rnobBGn`mVQZ=~)+^p#SuoG8X z2TKE6Tg%^~*S~EB zVDh6*1ouF)I^~409laa{gEly+zzqfoye_QE) zs!Ui|6?Olcy6C-m-4Aa)-c;tV%JNxR+jfZ_+51!dEBrlo0}g&*aUP`{^JizlXRmT8 zgRt4YF{>gu<>%8j8R(>osRo3FmX;qoD@Tqa2aAP69b}c!a*QHZLHM!5LSFQwh)GQc#jYIZ)Vqq|(#1`;`&j_#$S`k6AN(v}iOOQgBS?amAjPe<%6=FP~s`Srl z$v*iJi1?_4Xg4j8!aDInb;(K@G!EpRf}U$4y<|ajB=q1XnfT6Er2@nn7!CDgfM~2K z(QCy33U0HWAI(sBf`J-{0ybd0|8c)LT>tO|;AAU%RY;GIME1 zWUaGIU8||Tm;^7EV7s$3-4LRr6fr!2%WL1SKvVkTsfP^W zKWfpx3vt-Q;;%EjeG2`ozV#54Cojz~`utePFU?_L%-OUQ__(-(X0^)V84wNL@>%oK z_==1(u2DYG!;&YkiBVYBeYD6kIp6BSUN7`e(4zEQg4GD4+be zHF_N2t8;ccTFI!v3_-Tt?J*fz87%s=&xGsRq`x6*0hmZ)$RslDIuI)A3`^p=1!m@O zF|k2)rDYzvJAnVG1GkbUtj#ZR9cRw@Hol1H)`45nyrYdq=j#Qy)HZ2T+|0L|as9hD zh5o0;({6v5T6oL#u|)s?;2#?A=;Ur??D(5=9MM{~+5QOcO*i2S4}LW{x!MT2EPO0< z0=n$vFFo1$z4o|zvOjLWyhHf4Lr?-$d=QNzew5IRRiTfmm%TTAbD#0fJ)3mNQY(pk zJfzjx@K7U5_#W0cGVf(japK@eBfQrNmDC;e!?m>5A#beDlfK-RG@`F}jA1#5kP6(j zX;f-ch`h+SJ!T5)J>%F0-DSI&AZ%#=SMpS0>@f*Oa%tFQ<~9+`e5opUn`tpfVqj$I zY%S960b`$81Y!^?vgG{K{>?PuaHL&^U#aCVkjUEF8AekRO_Sj27>k`EBBFg{?+(%~ z+KWe2{z*l9{VbZ^K+Nxnhj^GtN;B=T)r~B{68W5p@amwThilxfMEIVvmyc9V)YS7a zVRyaO?+G|Iml_SZ>w3Z>wGmZ;RluJ_=ANg&0Vib|&!nC5f zdQiUg=tu#4fJ_xbC|&{w!r{U8$M$h{>bN>;iPkn2@~UBe5GO z!uiO|rjy9PAzeEj%hKz-^+Qcmp|&h50JR%S4TM|U+nT%w5IcLAJ`TG{bBKn_fhlnU z@(IistM+0SAxs4zGdygxwE(#Khufl2LJ?*q;*@Y8Muui;|b2#r+Oam z+)|dzIhZ+X$#0OdyE_-ocfce!NS@|HD68k3+R_N7P26h#zb=g`UULWws$-Nz{)BJB zct$8!p?iF6GSHaz8(FzEkZu%aTPE?t_t0HNAr2(IcCqPxeJx@im`K0{nviSlsHer< z9J&PciS4fm7Wfozn<97k(dT8V&MqW}Ns6202TGROH0@<@&)2oh4iu71nsW)3U7Z|b zE_&XBF(EGJ3npWxky+MkeoDi1E)E?*=oi08?z`yvA^qSt)^ApwW4TBP zRCs!qfok`fvf{b?@_x1HVV+W12`Wwi4p^)I^un*vtVNnRsLT-^>9;oXWolo2D#S?C zFk^e+Tsr_&9dmjuQm4m@!U0<}ZOy3=XIk)q4eF}K0w2Shhj5)6AMcphIyQDFwBuQa zr<+z{H}Dh1In)A*?Fk6-nT)s8r;pr-E_RwgKX4SxZX3fgkmjQIz+A>P3jo}AW`J{y zTfgX>zc8pKPFgoqnpm7KMLfLWO+@Em#Bl>P=b=Ygi+i~;V+UgnV|0lqTe5G7gSL4IE(?B>Xbzx zHI@B#T*UskcQKaB!?#olO1uaAmm3_1Fk+(KUQV>wc)(75jRx74F$(1K(}OIFqx)~D zrOsw;;Ptkls*j`>5|HkT`5aqIL^~uvx4rzs42yAh|IXeoJI2w_OT`TBBcN5sddT*s zL)JalPiI*g^M}60{x=oSsj}x8nAb`C%^_1iJ&@HohK3hW@0y2Hv^GJRx}tVT<_CA( znty;Mo9uR|EDj??C%~h%JW6h@ej$yp*zvB;v&rN&$2p-T^oJ%?ZBU|4P*NrLhw>M5 zBYsD#k!)w{t(9HAPR$h-o5=S*qd*g5ObSK`$F{KmN-F>6yS8*hC zem7*m71kwDOsPSO?RP`o4x+*!bE6(8Kqu4s#@6#2aoIDWaXq>?e{eYgS2vITr;u*w zZRqD??L7K9Av#y$j&=ckuke=>i3iuOccIlIuj+ks_-W3v@(73h`A&_)qdTh~q-z2sBa}E{tNa=kL+j z9^bC-D>iRPT`TKOSjJHF$(eRd$I^CFhCH(eWsZ|@F~YoBlz{@TeQ^i4Utb8SIlUcM zPMc+poxN|A9zJN-~=td z*49rRjg(~Fvc%Z;2_j+RY=}6D1_|=9e0ZPtKPLS>Xz-mfPyoOH{%?DnzbE}pX2#aW zbicO@za>J)>Z6fZtjJwx54^CBu1_r6u_S97<5r2Q#75ak*bR-x@+wS>3GG-&pd{?q z3gn-^qzc$_Cr$Bz0Xwc@-x1dz;7yW^E)Z4h5@%XTXt)3)MPE9Kif(g!JT9Hir#jL+ zMAKltCZyCl3f1e|V$! zF9lDWeVG!qA37wyx!Z)zf1NaHQ0yzwC)7b~oWQj-RH`ou73f3>cRB$Ea-QCd1VqQc zWC>r-l6KimhIj#B6#2SpX$?tU&313CKv?j;!cQE6r3?KW22R{9B-L_{C6dy?lp zv?e;#NflC|T}X97o7`8%7AZY1wMoZ|gC2`1eCR+8&o8=Q#ae^cN6#8vjZ;M+X3PP} zg^ddwN69vE`arpd*}OK@Q{`dQwFzDAx)z+$*x>nGCEw~0JlNI^VVEj@3LdTA&}@?; z)1&!ZWL?ePdC3zUxuz>iIU#X}<`CN81`F4gB^0Bt`!Pssuz~y?2^8b7a%Wlb>2kO|U(OCLL%X2|%G9iFou%#fXb?dy8FA5QIhJ?FTt-daJS>-4_3I7mcW_rBhfjm247 z#>PoIBM7fKtK2j^C5_bghkHB+;mz)&7wAjiL)dpI{y97Zs-ua2_|>`k9Ow!Rd@N+F^9??GYudq$3vc zh@iN9Fr*HW{J{}=jmh8j9(Eh<5m&qKV}hi^{!~jOI#WEi%R;mqm*bLD!cdug@lg%@8{l8A)Ve55{9SHSJO99e8L?0o9SlOI(c$ z4Wr>qoE(=W$xChMicV1j=$=hHj%pM7Ov8IEld6Pz$vDRngp=#$%T0ml^}tH`n|Y>Fr+r-$_p|_H$(0Yj&9k zl70?D^tTDPdV{x5MnTaRFUz-*wOD|R5#D96q*1RV5z%bhlk$==F2zp3Y6u#yc4tLM zT`RdUk>(nH4t1tN`7}}SD0Ar+8$B&!+EU({Q33;zaPLN;6)l)5QMj+ceY#dLbL6wH z7+I(cbJ-|A!5J#p57V-#clUyL%3r% zlz)jo!~{EO&k&`kKD|Av^8Hx4h({t*Njiv}0UZ;5tdrtmtG&C0vw3NU@aMPP3#Ynh z`YHMVv`uQx(UeE^f!6fU8AjO_gBC0Yro-qD2$sTxWX=Ahq>2-LoHq9j7SK(UM9h}= zNc-r$^KOtWL^GOb`HIah7~(lLcdq&=7-+SjLP;E2i89|I8RFACllo|MX?&A`%#+yp z)>Nu~@H`sZ8GKZDnfCBboI`GmJw)aqtLXAMGI;)*ij{URrTyzT<;08FUpw%kV>`e& z_E-@UciZ}b+5z_pJX<ZH`?0ngZ6!zr=Y*UHIAEvN|l0NE1t|Y2QL$9~9lhM5T zP*_2&N-WSMVd{6mD+Ma#AvBf+yP&HKKUZrVI#Yhw(2JMXf}1{i0MXK)5Oy)I8l0#7 zxxGs>8jKJbDWyAt*0A}o)v2}UWq*o*pZ(bIJy+e@#Uj|Gftwt>L#ANjc#b1jr$X}- z=&@QoiOqG^K?H(4+}%L1OGvpk54>EWugag!P>Jj8A2#w@cw|)Cst? zXls1^kK45TkLn!lZ{Zi6=I#GS`2B6q&C$%**vXOZ_tWn&I4f~EW{Dm?0z#7|Hp7n{VvbL4I}{#Q;)z~M%^oQF%>@+GF@U_dg#Wd5 ztKz3wz-l0plC|qenD`{2!KkH844ed4Pi>Jj5sLPF+ARU5;tw2T9)_1h+NjK~2x2xx zh2g0?F*uo=s_9P=<52=#S?|a7&P{K ztQ=pWW1{7t)Iv>9l1TTS^B`-LoB&2LyaKD_5wYsDHqeJ}`c+Vd;}h3RGu^Oyaba#E zji2(EC5tVQ2h+yzDEgTSZkP++&AGq6^v{v|?3!3>SAAJo0?3BFpNw$PvkYeJ)!hKs zE`*-#%I4%0vE)CsX8Y+?xuShn+Ridtopep7llHzhKNVD>wQQ8NPIpv#ijr2CUB7f)o(Y2PGY)HG`!dY|w>rz`g^ zB5>Ax62v*V!j-&KlX!Q}B8hzE+jxCFJw18b+q<|!K+4@*0;ykzAE=F&1BSUz^RW#ABO$$W^9IpD2K@BDZ_J^s$pLnCooFk0HzU9HFS z!yk;iE0q|&haO9)1H*!WDTj4%^QNsWxZg}cjm@lS)A_syI1SC)z zN@zJFcTg`81e*@;z`vg*J%YKp&3Dj!2kHgAipy4x*i%B~2Vk7@Hj#+_sE6^8n6hA@EH(WUlaGhj^Q8{}Toi}RO~p$W@*L9Pa{p@*O| z0l*wFMi3G~Xec2y5EGSl4wOYy>BXNwO`$MsGt$qQGtg@>n824Ap4=c}4F&?`0=!T;DVWGu&UCWXMc=$#AqULWL>|Hm;@uwG@DmfCzuGhy`&BBlF?3a}2XhD+YQY1`~SEoL;}u+=aQp9d|-h46uXnv^?0K;6;fw zGLinyHfoippHc^N(u&Cunp+(R0w5!nhgaQIuf0Wcy?W_&f+rydalYHDO_8qcHm3 zWWSFXd>o26tjpzQkd*C%@PhQnej7QGA!H31>0$WRIZy4|eE&&<479?b6!F}e+4=2> zkN!s85eXoui>CZ+ibi|m8=y*H5{_w+i+Cosf)1fvBBs z{&>f$7Nf`>OxckdGTQh9C++rFqOwvTf8>@-1R?E);KWfqemO!vcH|af4S`!>SjDkS zTwxdnoQM$lL5=6H|S{uj4dOCcsDdo4{Z zF+M`2G9)fdRin%}!NjVpK>l57+|N&yCHW@kLLQ>+wv1cS|rY~uRFwP=(tN!T; z5nXhBOr(pei@c4Eh^3(q?srH0D|+FR(+ds$8=z?TJph3GN5pqD(|0g7Qgm`Kw=w;_ z^bn<@ZA-|C>}~Vq1p9J{zJzWG<=xfZ zoy@yK%XiO*gyzT8Jab_}C@T{6PBa+lFLJIAh50_~BWuVypjqTEq{%C%Ov@8B&;&VT zM-O>MGH1`eI@L>&H7VDmL3N}J_7_;yvyY0}GvJ+zb37MVHtx{L`ZhJxM_|^TPt|Mr zv~hVvFzR#+htPV79puMt$!m)2O*M_ z9e4B4HSuOd!Ph7RRl7hLsdfM9n4(_z5kKRcVpxl}I*O?|+V&!aa?dff-#R5+Wz;0y zta=AsAsItxxO4`MTgULM#z5em#Pief9KtZz%qh?_^^ zsE)B`$p!WhJzCoC$Iqp;LsGR3(!aHJ>0ZUwtL~E?u4lCf(e)P-FfnG)_4z6MW|={V z4^(H;eHq}yiW<*VQC?xXJTRX*sD$LP=BT18~Ms7^uat>0N4kY zK+{;X=6io)zPfH17R+Ra9ivH2aF!jzjJ$4%vr)j2A}hwkiyFlIgQf|VrUbojt*!8O ztvo1?D4mC~og0UxV?t&KI>u8BSH}(=N9}7N+**neFGN zciEzzXDc4kk4ZtAa+T&^xUVTj#F^c`U!BzP+6))Wh}Zx@j>OjTiE^R!{0)k~h~{R` ziz0`MuJE_-tHFde+d4|p=*UFG9~cU?tQR3TY3@>=sZQS0BkS7tatan>9!+szU8!K< zuzWf;N&+MBp7C5ct*RfpM5|mrI)f#`-|2!)oJ37N>$M?A$N3(PQUt%B)xH4ufGM2g9Yn*S~Md*y>`#3XrUUT;QCE?F+37mJB9z zoPfdw+L4r4&`uVN({i-G>ItXYXak5Kx`>`yJdm+YZ_I$pG^0>L>CAe&KOr1NJ(^+< zmQ60}CG@1YZb18bCbF5r@yBOGaun%+1QSOCS7lE+REP>u3sm^w7wvFWguPV8%v}=p z6R*myRk$5~d`^7C;o=_0CQDGH=uuVgp)l&-YeE-hTjInP9OPnZawH;RyU>`8U{xhu zK0O%An07~>F}D8aDkf1dUbp<)*M;X>?H=I`>S1JSDCb~n=SXL0>tOsZkmCOk9&fJJ zD?wK_kRG{zUHS>`^QoLhmM?U*&}fbpbG-1j=Cn?uh?%&i@#76@BZ0}Gq3781bylXy zrL`i|C%y6+N>Snnc|e3E!7PVpnFE4OK{rPscv(XL_DOfXyS-1!`N!R*?!-wNbg~}E zoX=L@m$9w0EES_@*7_5s;Q(+r!TLQcelpgwO9 z)jrc-1K_a*fk1LohH&VY8xH#DXJace(oPFb=`sW}Uc<%F zJ@!g&7P0fd8u=>f71R!+Vysuy1|SKIrZRaI)CcvZUGgvO4J zR+;64LOdY?6)7#>>6_Ia?8s+&Ummw2zlRYdP4xK%a}bnZJ)Q?H7B1);#3qFc=L*b@ ztZG;~ur%^XnnN8ZF*I~16b8m9@8Yb9+)f$jc_;79W5!11^*KyRhgdji-9B{{8asjE zasQOf254S39ATdN?WWwUwINfeWUU5X`V-AAHWl;^?6-_S@4>A~UU=2EOkU0$V>36$ z6Inq3^CoQ}97E}&Y+-ofS-7h_ov;-}UYcOfB#gWK>;P0sAHE6dfnXaMI>cnguq_s) z<&=mRF=~Jto@0+STrT)FmeuhENN(!U2Z(JW+Ml-YKd4(1ob!gMI&Lxb4smWZFMKy6 zU^61tu_|;L>|W>u;~f`(f8lVtgZnCusd&{JYU;6nbFLDlv*)GG+=hvmQk!A^L9u7$ zTbLqKnw14K6tynPDOT^J8@4ZKTdU5GPY&vL5YWo&3G+MipJJeUoKKk65?%j S0f6^!Kfkwd4xs(*>i+>9hb(je literal 0 HcmV?d00001 diff --git a/patch-scans/1-2024-01-30-SoteriaWKS-Before.nessus b/patch-scans/1-2024-01-30-SoteriaWKS-Before.nessus new file mode 100644 index 0000000..30c8a66 --- /dev/null +++ b/patch-scans/1-2024-01-30-SoteriaWKS-Before.nessus @@ -0,0 +1,63854 @@ + + +Credentialed Patch Audit +bw_prevent_core_updates +yes + +scan.enable_utf8_output +no + +bw_prevent_plugin_updates +yes + +plugin_set +58321;58484;173677;23735;33218;26020;29749;91230;109799;109800;109730;91231;23750;31607;180360;17307;10974;10975;11283;10978;10979;10973;10977;11287;10976;10980;10981;10982;11288;14718;10983;11289;10984;11291;11290;11382;10985;11292;10986;11293;10987;11381;11294;11056;11379;11295;12039;11285;11296;11380;11297;11383;11547;11594;17630;12199;14337;12270;17629;17988;20933;20807;16217;17635;15782;15627;17986;24736;19771;24741;20134;24744;20808;24737;24019;20744;24740;24739;19377;10999;10798;99766;99765;99764;99768;99767;99769;99770;99771;99775;99773;99776;99774;99772;99777;99778;99780;99783;99781;99779;99782;99785;99786;99784;99787;99788;99790;99789;99791;99793;99794;99792;99795;99797;99800;99796;99798;99799;99806;99801;99802;99805;99803;99804;99807;99808;99809;99810;99811;99814;97416;99815;99812;99816;99813;99817;99818;99819;99821;99822;99824;99823;99829;99828;99830;99825;99831;99832;99833;99826;99834;99835;99836;99838;99839;99837;99827;99841;99820;99840;99842;99843;99844;99845;99846;99847;99848;99850;99854;99852;99849;99855;99851;99856;99857;99859;99861;99860;99862;99858;99853;99863;99864;99865;99868;99869;99866;99870;99871;99867;99873;99872;99874;99875;99878;99877;99876;99879;99880;99881;99884;99885;99883;99887;99886;99882;99888;99890;99889;99894;99893;99892;99891;99895;99898;99896;99897;99900;99901;99902;99903;99905;99904;99908;99909;99910;99911;99913;99912;99914;99915;99916;99937;99899;99936;99939;99938;99941;99942;99943;99944;99946;99945;99940;99949;99947;99948;99951;99950;99952;99953;100683;100685;100684;100687;100811;100688;100686;100812;100689;100692;100693;100691;100696;100698;100695;100697;100694;100690;100699;100701;100700;100813;100702;100814;101848;100723;101306;101849;101307;101308;101851;101850;101309;101852;100722;101310;101311;101853;101855;101854;101313;101314;101315;102222;102480;102223;102221;102479;102224;102225;102226;102227;102228;102229;102231;102232;102233;102234;101312;102235;102230;102237;102238;102236;102239;102240;102241;102242;102243;102245;102998;102999;102997;102244;103000;103001;103002;103003;103007;103005;103004;103008;103009;103006;103010;103011;103012;103014;103015;103016;103018;103019;103017;103020;103021;103022;103024;103025;103023;103026;103027;103028;103030;103029;103031;103013;103033;103034;103032;103056;103055;103058;103060;103061;103057;103059;103062;103065;103063;103067;103066;103068;103069;103064;103071;103070;103072;103073;103074;103076;103075;103078;103077;103079;103080;103082;103083;103084;103086;103085;103088;103733;103087;103734;103735;103736;103737;103738;103739;103820;103740;103821;104576;104577;103878;103879;103937;104578;103938;103939;103940;103081;103942;104278;103941;104279;104277;104280;104281;104282;104283;104284;104285;104286;104287;104288;104290;104293;104289;104292;104294;104295;104296;104326;104327;104325;104330;104328;104291;104331;104332;104329;104333;104463;104334;104902;104903;104905;104907;104906;104908;104909;104910;104911;105164;104912;104913;104904;104914;104915;104916;104918;104919;104920;104921;104917;104922;104923;104924;104925;104928;104929;104926;104931;104930;104927;104933;104934;104932;104935;105046;105301;105302;105303;105047;105304;105305;105306;105307;105308;105309;105311;105312;105313;105314;105315;105317;105316;105318;105319;105310;105320;105322;105323;105618;106144;105321;106145;105655;106146;106147;106148;106152;106151;106153;106150;106154;106155;106149;106156;106158;106159;106160;106161;106162;106163;106164;106166;106167;106165;106402;106403;106404;106405;106760;106406;106762;106157;106763;106761;106764;106765;106767;106768;106769;106771;106770;106773;106774;106772;106775;106777;106776;106778;108455;108456;108457;108458;108459;106766;108461;108460;108462;108464;108465;108466;108467;108468;108469;108470;108463;108471;108472;108474;108473;108475;109470;109472;109471;109473;109474;109475;109477;109476;109478;109479;109480;109481;109482;109485;109483;109484;109487;109486;109488;109489;109490;109491;109492;109493;109494;109495;109496;109497;109498;109499;109500;109502;109503;109504;109505;109506;109507;109508;109509;109510;109511;109512;109513;109514;109515;109516;109620;109813;109619;110126;109501;110127;110128;110130;110131;110132;110133;110134;110135;110137;110136;110139;110138;110140;110141;110129;110142;110143;110145;110146;110147;110148;110149;110150;110151;110153;110152;110154;110155;110156;110617;110730;110731;110732;110735;110733;110736;110734;110737;110738;110739;110740;110741;110144;110742;110743;110744;110745;110746;110747;110748;110826;110827;110828;110825;110842;110841;110843;110844;110846;110845;110848;110849;110847;110850;110851;110852;110853;110855;110856;110854;110859;110857;110860;110861;110862;110863;110865;110866;110858;110867;110868;110869;110870;110872;110873;110874;110875;110871;110864;110877;110879;110878;110880;110881;110883;110882;110876;111182;111183;111643;111644;111184;111646;111647;111648;111649;111650;117540;117541;117542;117543;117544;117545;117546;117548;117547;117549;117550;117552;117551;111645;117553;117554;117555;117556;117558;117559;117560;117561;117562;117564;117557;117565;117566;117567;117568;117563;117569;117570;117572;117573;117575;117576;117574;117577;117571;117578;117579;117580;117581;117583;117584;117585;112237;112238;117430;117586;117725;117726;117727;117582;117729;117730;117728;117732;117733;117735;117734;117736;117737;117738;117740;117739;117742;118049;117741;117744;117731;117743;117745;117747;117748;117746;117751;117749;117750;117752;117753;117754;117755;117756;117757;117758;117759;117760;117762;117761;117763;118367;118411;118366;118414;118412;118413;118415;118416;118417;118418;118419;118420;118421;118424;118425;118423;118426;118427;118429;118428;118430;118422;118431;118433;118432;118434;118435;118437;118438;118436;118440;118439;118737;118736;118739;118738;118742;118740;118743;118741;118756;118755;118758;118757;118759;118761;119059;118760;119060;119061;119062;119063;119064;119065;119068;119067;119069;119070;119071;119072;119073;119074;119564;119513;119514;119066;119515;119517;119519;119516;119518;119522;119521;119524;119525;119523;119526;119527;119520;119528;119530;119531;119532;119529;119565;119896;119897;119898;119533;119899;119900;119902;119904;119903;119901;119905;119906;119907;119910;119912;119913;119909;119911;119914;119915;119916;119917;119918;119921;119922;119919;119920;119923;119924;119925;119926;119927;119928;119929;119930;119908;119933;119934;119931;119935;119932;119936;120992;120990;120991;120993;120994;120995;120996;120974;120997;120998;120999;121000;121001;121002;121275;121276;121277;121278;122166;122167;122171;122170;122168;122172;122173;122174;122201;122202;122203;122204;122205;122206;122207;122208;122209;122210;122211;122213;122212;122169;122214;122215;122217;122216;122218;122373;122374;122375;122376;122378;122379;122380;122377;122381;122382;122385;122383;122384;122386;122387;122388;122414;122688;122459;122687;122690;122691;122692;122693;122694;122695;122696;122689;122697;122698;122770;122700;122703;122699;122701;122702;122704;122706;122707;122708;122705;122709;122710;123102;123103;123107;123108;123105;123106;123110;123104;123112;123111;123114;123113;123115;123116;123118;123117;123119;123120;123121;123584;123583;123109;123585;123587;123586;123588;123589;123590;123591;123592;123593;123594;123595;123597;123598;123599;123596;123600;123603;123602;123605;123601;123608;123610;123604;123606;123613;123612;123611;123607;123615;123616;123614;123609;123618;123617;123619;123620;123621;123624;123623;123626;123622;123627;123625;123628;123629;123630;123843;123844;123847;123845;123846;123848;123850;123851;123854;123852;123855;123853;123857;123849;123858;123859;123860;123863;123862;123861;123864;123865;123866;123869;123867;123856;123870;123868;123871;123872;123873;123874;123875;123876;123877;123878;123879;123881;123882;123884;123883;123880;123885;123887;123886;123889;123888;123890;123891;123892;123893;123894;123895;123898;123896;123897;123900;123901;123902;123903;123904;123905;123906;123907;123908;123910;123911;123909;123913;123899;123768;123912;123697;123698;123699;123702;123703;123705;123704;123706;123701;123700;123707;123708;123709;123711;123710;123713;123714;123715;123712;123716;123717;123718;123719;123720;123722;123723;123724;123721;123725;123727;123726;123728;123730;123729;123731;123732;123733;123735;123734;123736;123738;123737;123739;123740;123741;123742;123744;124376;123745;124375;123746;124377;124378;123743;124379;124381;124380;124382;124384;124385;124383;124386;124387;124388;124390;124392;124391;124394;124393;124395;124389;124396;124398;124397;124432;124434;124430;124433;124431;124435;124436;124437;124438;124440;124441;124442;124443;124444;124445;124446;124447;124448;124449;124450;124610;124612;124611;124614;124439;124613;124615;124617;124616;124619;124620;124618;124625;124621;124622;124623;124624;124626;124630;124627;124629;124632;124631;124634;124628;124633;124635;124729;124636;124732;124731;124735;124733;124730;124736;124734;124739;124737;124740;124738;124741;124742;124743;124744;124746;124745;124747;124749;124750;124748;124751;124877;124879;124878;124880;124881;124882;124883;124884;124885;124887;124888;124886;124890;124889;124891;124893;124892;124894;124896;124895;124899;124897;124900;124898;124901;124902;124903;124904;124907;124905;124906;124909;124908;124910;124911;124913;124912;124914;124915;124916;124917;124918;124920;124919;124921;124924;124923;124922;124925;124928;124929;124927;124930;124931;124933;124932;124934;124926;124935;124936;124938;124941;124939;124940;124942;124943;124937;124945;124946;124947;124944;124948;124949;124950;124951;124952;124954;124955;124958;124956;124957;124959;124960;124953;124962;124963;124961;124964;124966;124968;124965;124967;124969;124794;124792;124791;124795;124793;124796;124797;124799;124801;124798;124802;124800;124803;124804;124805;124806;124807;124809;124811;124808;124812;124813;124814;124810;124815;124817;125100;124816;124818;124819;124821;124823;124824;124825;124822;124827;124828;124829;124820;124830;124826;125301;124832;124831;124834;124833;124835;124837;125101;124836;124971;124970;124972;124974;124973;124975;124976;124978;124977;124979;124981;124980;124982;124984;124983;124985;124986;124987;124989;124988;124990;124991;124994;124992;124996;124993;124997;124995;124998;125000;125001;124999;125003;125005;125002;125004;125007;125006;125008;125009;125010;125102;125279;125103;125489;125492;125491;125490;125493;125494;125495;125496;125498;125499;125497;125501;125502;125503;125500;125505;125507;125504;125506;125509;125508;125510;125511;125512;125513;125514;125488;125515;125516;125517;125518;125519;125520;125521;125522;125523;125524;125525;125526;125527;125528;125530;125529;125557;125556;125559;125558;125561;125560;125563;125562;125564;125565;125567;125566;125568;125569;125570;125572;125573;125574;125575;125576;125577;125578;125579;125580;125581;125582;125584;125583;125571;125585;125586;125587;125588;125753;126267;126266;125752;126270;126269;126271;126268;126272;126274;126277;126276;126278;126275;126279;126283;126280;126282;126281;126285;126273;126284;126287;126288;126286;126289;126290;126291;126293;126292;126294;126295;126296;126298;126415;126416;126417;126297;126299;126418;126419;126420;126422;126423;126421;126424;126425;126426;126427;126429;126428;126430;126431;126432;126433;126536;126929;126538;126535;126539;126540;126541;126542;126543;126544;126545;126546;126547;126548;126549;126550;126551;126552;126553;126554;126555;126556;126843;126844;126845;126537;126846;126847;126848;126849;126850;126851;126852;126930;126853;126854;126855;126859;126856;126857;126860;126861;126858;126862;126863;126865;126867;126868;126866;126869;126870;126871;126872;126873;126874;126875;126876;126877;126878;126879;126880;126881;126931;126932;126933;126934;126935;126997;126998;126999;127000;127001;127002;127003;127004;127005;127007;126864;127006;127009;127008;127010;127011;127012;127013;127015;127014;127017;127018;127016;127020;127019;127021;127022;127023;127024;127025;127026;127027;127028;127029;127564;128086;128087;128089;128090;128092;128091;128094;128095;128096;128093;128088;128098;128097;128099;128101;128100;128104;128102;128105;128103;128183;128184;128186;128188;128187;128189;128191;128190;128185;128193;128194;128196;128192;128197;128198;128199;128200;128201;128202;128195;128889;128204;128203;128888;128890;128893;128891;128892;128894;128895;128898;128896;128901;128900;128899;128897;128902;128903;128905;128904;128906;128908;128907;128911;128909;128912;128913;128914;128915;128916;128918;128917;128910;128920;128921;128922;128923;128924;128796;128797;128798;128799;128800;128801;128919;128802;128803;128804;128805;128806;128808;128807;128809;128812;128813;128814;128810;128815;128816;128817;128811;128818;128819;128820;128821;128822;128825;128823;128824;128827;128826;128828;128829;128830;128832;128831;128833;128834;128835;128836;128837;128839;128841;128840;128842;128843;128926;128838;128925;128844;128927;128928;128930;128931;128932;128933;128934;128929;128935;128937;128936;128938;128939;128940;128941;128942;128943;128944;128945;128946;128947;128950;128951;128948;128949;128953;128952;128955;128954;128957;128958;128959;128960;129115;129116;128956;129117;129118;129119;129120;129121;129122;129124;129125;129126;129123;129130;129127;129128;129129;129132;129131;129134;129133;129135;129174;129173;129175;129176;129177;129179;129178;129180;129181;129182;129183;129187;129185;129184;129188;129186;129136;129189;129190;129191;129192;129195;129193;129196;129194;129198;129200;129199;129201;129197;129203;129202;129205;129204;129206;129207;129208;129210;129209;129211;129213;129212;129214;129215;129216;129217;129218;129220;129221;129219;129222;129223;129224;129225;129226;129227;129228;129229;129230;129231;129232;129233;129234;129235;129236;129239;129240;129237;129242;129241;129238;129244;129243;129246;129245;129247;129248;129249;129250;129251;129252;129253;129254;129255;129259;129258;129257;129261;129428;129429;129430;129431;129256;129432;129434;129433;129435;129260;129436;129437;129439;129440;129442;129443;129438;129444;129445;129446;129447;129449;129450;129448;129451;129452;129441;129454;129453;130805;130806;130807;130808;130809;130811;130813;130814;130810;130812;130815;130816;130817;130820;130822;130819;130821;130818;130823;130824;130825;130827;130826;130829;130828;130831;130833;130834;130830;130836;130835;130837;130832;130840;130841;130842;130838;130843;130839;130844;130845;130846;130847;130849;130848;130850;130851;130852;130853;130855;130854;130856;130858;130857;130859;130860;130861;130862;130863;130866;130865;130868;130869;130867;130870;130872;130871;130873;130874;130875;130877;130876;130878;130879;130880;130881;130882;130883;130637;130638;130639;130640;130642;130643;130641;130864;130644;130645;130646;130647;130650;130648;130652;130654;130651;130653;130649;130660;130655;130656;130659;130657;130658;130662;130661;130663;130665;130664;130666;130668;130667;130669;130670;130672;130671;130674;130673;130675;130676;130677;130678;130679;130681;130680;130683;130685;130682;130687;130686;130688;130684;130689;130690;130692;130696;130693;130695;130691;130694;130697;130698;130699;130701;130700;130703;130702;130704;130705;130706;130707;130708;130709;130710;130714;130711;130712;130715;130717;130716;130713;130718;130721;130720;130719;130722;130723;130724;130725;130726;130727;130728;130730;130729;130731;130732;130734;130733;130736;130735;131341;131343;131344;131345;131346;131347;131348;131349;131350;131351;131352;131355;131353;131356;131342;131358;131357;131359;131354;131360;131362;131363;131364;131366;131361;131368;131367;131365;131369;131370;131371;131372;131473;131474;131476;131475;131478;131477;131479;131480;131481;131482;131484;131472;131483;131485;131486;131489;131487;131488;131491;131492;131490;131493;131495;131494;131496;131497;131499;131498;131501;131500;131502;131505;131503;131504;131506;131507;131508;131509;131510;131511;131512;131513;131515;131514;131517;131845;131516;131846;131848;131847;131849;131850;131851;131852;131854;131853;131855;131857;131859;131860;131856;131858;131863;131862;131864;131866;131865;131867;131869;131861;131870;131871;131872;131873;131874;131875;131876;131877;131878;131881;131879;131880;131882;131868;131884;131883;131885;131887;131886;131891;131889;131893;131890;131892;131894;131895;131897;131896;131898;131899;131900;131901;131902;131903;131904;131905;131906;131907;131908;131910;131909;131911;131912;131576;131913;131578;131579;131577;131581;131582;131583;131584;131580;131888;131585;131586;131589;131587;131588;131590;131591;131593;131594;131592;131595;131597;131596;131598;131599;131600;131601;131602;131603;131604;131605;131606;131608;131607;131609;131611;131613;131610;131614;131612;131616;131618;131617;131615;131619;131914;131621;131624;131620;131623;131626;131628;131629;131622;131627;131630;131631;131634;131633;131635;131636;131637;131639;131640;131641;131642;131638;131643;131645;131644;131647;131646;131650;131648;131649;131651;131652;131625;131653;131654;131655;131656;131658;131659;131657;131660;131661;131663;131662;131664;131665;131667;131669;131668;131632;131670;131666;131671;131673;131674;131672;131798;131796;131797;131800;131801;131802;131807;131806;131799;131804;131803;131805;131808;131810;131811;131809;131812;131813;131815;131814;131816;131818;131817;131820;131821;131819;131824;131825;131822;131826;131827;131823;132272;132273;132274;132271;132276;132275;132278;132277;132279;132281;132282;132280;132283;132286;132285;132284;132287;132289;132290;132291;132292;132293;132294;132296;132288;132295;132297;132298;132299;132300;132301;132302;132121;132122;132123;132124;132126;132127;132128;132129;132130;132131;132132;132133;132125;132135;132136;132137;132138;132139;132140;132141;132142;132134;132144;132143;132146;132147;132150;132151;132148;132149;132152;132153;132154;132155;132156;132145;132157;132158;132160;132161;132162;132163;132164;132165;132166;132167;132168;132169;132170;132171;132173;132159;132172;132174;132175;132176;132177;132178;132179;132181;132182;132184;132183;132180;132185;132186;132188;132189;132190;132191;132192;132194;132193;132187;132195;132196;132199;132198;132197;132200;132202;132201;132203;132205;132204;132206;132209;132208;132210;132207;132211;132212;132213;132214;132216;132217;132218;132219;132215;132353;132355;132354;132220;132357;132358;132359;132360;132361;132363;132362;132365;132364;132366;132367;132368;132369;132370;132371;132372;132356;132373;132376;132374;132375;132377;132378;132594;132596;132597;132595;132598;132379;132600;132599;132602;132601;132603;132605;132604;132606;132608;132607;132612;132611;132609;132610;132613;132614;132616;132617;132618;132615;132619;132620;132621;132622;132623;132626;132625;132627;132628;132629;132630;132631;132632;132624;132795;132794;132796;132797;132798;132801;132800;132804;132802;132803;132805;132806;132807;132808;132810;132811;132809;132813;132815;132812;132799;132814;132816;132817;132820;132818;132819;132822;132823;132824;132825;132826;132827;132828;132829;132830;132833;132832;132831;132834;132835;132836;132837;132839;132821;132840;132838;132841;132843;132844;132845;133744;132846;133895;133897;132842;133898;133896;133899;133901;133900;133903;133902;133904;133905;133906;133907;133909;133910;133911;133912;133913;133916;133915;133914;133917;133918;133908;133922;133919;133923;133921;133920;133925;133926;133924;133928;133927;133932;133931;133929;133933;133930;133934;133936;133937;133935;133939;133940;133938;133975;133976;133974;133978;133977;133979;133980;133982;133981;133985;133983;133986;133984;133988;133987;133989;133991;133993;133992;133990;133994;133995;133996;133997;133998;133999;134000;134002;134003;134001;134004;134006;134005;134007;134008;134009;134010;134011;134012;134014;134013;134016;134015;134017;134018;134476;134019;134387;134478;134477;134479;134480;134482;134481;134483;134484;134485;134486;134487;134488;134489;134491;134493;134492;134495;134496;134494;134498;134497;134499;134500;134501;134502;134490;134505;134503;134506;134504;134507;134508;134509;134511;134510;134512;134513;134514;134515;134516;134517;134518;134519;134521;134522;134523;134520;134525;134524;134526;134527;134528;134531;134533;134532;134530;134534;134529;134536;134535;134537;134538;134541;134542;134539;134543;134544;134547;134545;134548;134549;134546;134551;134552;134550;134554;134553;134540;134555;134733;134734;134735;134737;134738;134739;134740;134741;134742;134743;134744;134745;134736;134746;134747;134749;134778;134779;134780;134781;134777;134748;134782;134783;134784;134786;134788;134785;134789;134787;134791;134792;134794;134793;134790;134795;134796;134797;134798;134800;134799;134801;134802;134803;134805;134804;134806;134808;134807;134809;134810;134811;134812;134813;134814;134816;134817;134815;134818;134819;134820;135118;135117;135119;135120;135121;135122;135124;135125;135123;134845;135127;135128;135126;135129;135130;135132;135131;135133;135134;135135;135136;135138;135139;135140;135137;135141;135142;135143;135145;135147;135146;135148;135149;135152;135151;135150;135144;135153;135154;135155;135156;135158;135157;135505;135502;135501;135503;135504;135507;135508;135510;135509;135511;135512;135513;135514;135506;135516;135515;135518;135517;135521;135522;135520;135519;135523;135524;135525;135527;135528;135529;135531;135526;135530;135533;135532;135534;135535;135536;135538;135539;135540;135541;135542;135537;135543;135544;135546;135545;135547;135548;135551;135549;135550;135554;135552;135556;135557;135555;135553;135558;135559;135562;135560;135561;135564;135565;135566;135563;135567;135570;135569;135571;135568;135605;135606;135608;135610;135611;135609;135612;135607;135613;135614;135615;135617;135619;135618;135621;135616;135622;135623;135620;135625;135624;135627;135628;135626;135630;135629;135631;135635;135632;135636;135634;135633;135638;135639;135637;135640;135641;135643;135644;135642;135646;135645;135647;135648;135649;135651;135653;135650;135656;135654;135655;135657;135658;135652;135660;135662;135659;135734;135735;135661;135737;135736;135739;135738;135742;135740;135741;135745;135746;135744;136217;135743;136219;136218;136220;136224;136223;136226;136222;136225;136227;136228;136229;136221;136231;136232;136230;136234;136233;136236;136237;136238;136240;136239;136242;136243;136241;136244;136245;136247;136246;136248;136252;136250;136253;136251;136235;136254;136255;136256;136249;136257;136258;136260;136261;136259;136264;136263;136266;136265;136267;136268;136269;136270;136271;136272;136273;136262;136275;136274;136276;136278;136277;136854;136856;136855;136857;136859;136860;136858;136861;136862;136863;136864;136865;136866;136868;136869;136870;136867;136871;137012;137013;137015;137014;137016;137017;137018;137020;137021;137022;137023;137024;137025;137027;137028;137030;137019;137029;137032;137033;137031;137034;137035;137026;137461;137465;137036;137462;137464;137466;137467;137468;137469;137470;137471;137472;137473;137474;137475;137476;137477;137478;137479;137480;137481;137482;137483;137484;137485;137463;137487;137488;137486;137489;137490;137491;137492;137494;137493;137496;137497;137499;137501;137500;137503;137502;137504;137505;137506;137498;137507;137508;137510;137509;137511;137512;137513;137514;137515;137495;137517;137518;137519;137521;137522;137520;137516;137523;137524;137526;137527;137525;137528;137795;137796;137794;137798;137799;137800;137797;137802;137804;137801;137805;137806;137807;137809;137808;137811;137803;137810;137812;137814;137813;137815;137816;137818;137931;137932;137933;137934;137937;137935;137936;137939;137938;137940;137942;137941;137817;137943;137944;137945;137946;137947;137948;137949;137950;137951;137953;137954;137952;137955;137956;137958;137960;137959;137961;137957;137962;137963;137964;137965;137966;137967;137968;137969;137971;137972;137974;137973;137975;137976;137977;137978;137980;137979;137981;137982;137983;137986;137987;137985;137988;137989;137990;137991;137992;137970;137984;137994;137995;137993;137996;137998;137999;138000;138002;138001;138003;138004;138005;138006;138007;138008;138010;138009;138011;138012;139124;139126;139125;139128;139127;137997;139129;139130;139132;139134;139131;139135;139136;139137;139133;139138;139140;139141;139142;139144;139145;139143;139146;139147;139148;139149;139150;139152;139139;139151;139153;139156;139155;139157;139154;139158;139159;139160;139743;139741;139938;139161;139939;139940;139942;139742;139943;139941;139945;139944;139946;139949;139947;139950;139948;139951;139954;139953;139955;139956;139952;139957;139958;139960;139959;139962;139963;139964;139965;139966;139967;139968;139969;139970;139971;139972;139973;139974;139975;139976;139977;139978;139961;139979;139980;139982;139983;139985;139987;139986;139988;139989;139981;139990;139991;139992;139993;139994;139995;139996;139997;139999;140000;139984;139998;140001;140002;140003;140005;140006;140007;140008;140004;140009;140010;140012;140011;140014;140015;140017;140136;140016;140013;140137;140139;140138;140141;140144;140140;140143;140146;140142;140148;140147;140149;140150;140145;140151;140153;140155;140156;140154;140152;140158;140159;140160;140161;140157;140164;140162;140163;140166;140165;140167;140317;140318;140319;140321;140320;140322;140324;140323;140326;140329;140327;140325;140330;140328;140332;140333;140331;140335;140336;140337;140334;140338;140339;140340;140341;140344;140342;140343;140345;140346;140348;140347;140349;140350;140351;140352;140353;140354;140357;140356;140358;140355;140360;140940;140359;140939;140943;140941;140945;140946;140947;140944;140942;140948;140949;140951;140950;140952;140955;140953;140956;140957;140960;140959;140958;140961;140962;140963;140964;140966;140965;140967;140968;140969;140970;140971;140972;140973;140974;140975;140976;140977;140979;140980;140954;140978;140981;140982;140983;140984;140986;140987;140988;140989;140990;140994;140991;140993;140992;140995;140996;140998;140997;140819;140818;140820;140822;140821;140823;140824;140826;140825;140828;140827;140829;140830;140832;140831;140833;140834;140985;140835;140836;140837;140839;140838;140840;140841;140843;140842;140846;140844;140845;140848;140849;140847;140851;140850;140853;140852;140854;140856;140858;140857;140860;140859;140861;140862;140855;140864;140865;140866;140867;140869;140868;140870;140871;140872;140873;140874;140875;140863;140877;140878;140879;140876;140880;140882;140883;140884;140885;140886;140887;140888;140889;140893;140890;140891;140881;140892;140895;140896;140898;140897;140900;140901;140899;140903;140894;140904;140902;140906;140905;140907;140909;140908;140912;140913;140911;140914;140910;140915;140916;140917;141000;140999;141001;141002;141004;141005;141007;141006;141003;141008;141316;141324;141319;141337;141326;141315;141332;141323;141333;141328;141321;141338;141336;141330;141329;141327;141325;141335;141339;141334;141331;141380;141320;141377;141750;141715;141768;141675;141647;141646;141718;141737;141752;141671;141670;141722;141765;141682;141665;141726;141705;141758;141724;141700;141721;141655;141674;141706;141658;141660;141676;141659;141769;141668;141712;141766;141731;141645;141742;141672;141745;141739;141697;141678;141749;141693;141763;141666;141730;141733;141692;141714;141684;141717;141751;141740;141764;141878;142083;142096;142113;142074;142098;142092;142106;142122;142062;142100;142075;142073;142118;142084;142124;142064;142125;142117;142070;142066;142132;142072;142127;142087;142109;142067;142121;142085;142102;142093;142130;142101;142129;142069;142134;142123;142111;142089;142063;142061;142082;142103;142076;142088;142128;142120;142133;142116;142119;142091;142081;142090;142079;142068;142086;142126;142071;142094;142065;142080;142077;142110;142112;142099;142131;142180;142184;142179;142168;142203;142148;142175;142200;142177;142173;142164;142167;142161;142147;142201;142187;142157;142154;142166;142152;142170;142172;142204;142265;142244;142298;142255;142271;142267;142288;142340;142266;142282;142287;142290;142237;142277;142294;142342;142289;142263;142269;142346;142286;142256;142319;142231;142281;142240;142261;142315;142348;142349;142310;142314;142358;142262;142357;142234;142337;142361;143229;142280;142304;142227;142257;142305;142242;142339;142303;142238;142259;142251;142347;142328;142313;142343;142268;142312;142352;142235;142278;142300;142308;142232;142307;142354;142317;142284;142326;142327;142333;142345;142322;142353;142306;142254;142292;142299;142309;142335;142293;142350;142330;142329;142316;142332;142320;142331;142285;142296;142276;142279;142273;142295;142360;142270;142274;142249;142297;142252;142302;142321;142253;142260;142233;142236;142344;142245;142301;142355;142243;142336;142334;142258;142341;142230;142323;142246;142543;142505;142576;142562;142557;142585;142567;142561;142578;142538;142554;142512;142508;142579;142534;142536;142565;142558;142544;142507;142516;142511;142514;142525;142559;142566;142545;142547;142528;142584;142582;142568;143254;142530;142553;143259;143257;143415;143393;143413;143394;143408;143407;143400;143409;143403;143396;143416;143391;143404;143387;143412;143395;142531;143385;143411;143390;143399;143417;143406;143414;143418;143389;143402;144131;144118;144178;144128;144181;144192;144162;144168;144119;144194;144159;144186;144145;144155;144154;144169;144164;144130;144180;144142;144139;144195;144160;144170;144176;144161;144150;144156;144138;144149;144153;144229;144220;144255;144267;144258;144239;144238;144151;144224;144230;144244;144221;144270;144268;144269;144245;144253;144219;144252;144271;144233;144240;144263;144251;144228;144226;144261;144231;144236;144235;144242;144249;144222;144256;144272;144265;144653;144670;144698;144668;144686;144664;144685;144655;144697;144687;144661;144682;144675;144663;144674;144676;144665;144662;144660;144677;144678;144667;144656;144695;144699;144680;144693;144684;144690;144688;144689;144683;144703;144700;144702;144692;144671;144715;144731;144722;144659;144734;144718;144728;144727;144726;144716;144741;144719;144739;144742;144724;144720;144721;144829;145099;145116;145210;145151;145137;145188;145207;144831;145184;145202;145168;145103;145182;145162;145160;145209;145211;145111;145098;145159;145216;145201;145147;145163;145161;145100;145212;145129;145213;145127;145158;145180;145166;145206;145113;145106;145183;145145;145173;145174;145134;145102;145176;145157;145125;145155;145130;145128;145146;145135;145186;145139;145153;145117;145104;145148;145171;145144;145170;145185;145133;145189;145169;145177;145101;145109;145140;145121;145215;145143;145136;145105;145203;145782;145118;145214;145777;145709;145730;145110;145773;145737;145770;145761;145754;145733;145726;145712;145753;145715;145749;145752;145721;145741;145764;145732;145719;145756;145774;145744;145757;145743;145731;145734;145779;145766;145771;145742;145718;145738;145785;145778;145750;145745;145748;145783;145727;145717;145713;145740;146151;146179;146121;145755;146182;145723;146160;146138;146147;146110;146152;146158;146178;146157;146128;146154;146167;146159;146190;146108;146181;146140;146193;146149;146175;146153;146120;146172;146161;146131;146112;146177;146124;146168;146123;146180;146186;146114;146117;146176;146118;146183;146113;146115;146107;146126;146136;146116;146188;146164;146127;146139;146109;146165;146189;146132;146134;146142;146143;146150;146148;146185;146171;146236;146246;146173;146218;146217;146252;146169;146239;146230;146235;146229;146263;146225;146240;146255;146227;146222;146226;146253;146219;146237;146231;146224;146261;146254;146245;146256;146249;146250;146262;146228;146251;146232;146258;146259;146238;146220;146732;146243;146678;146710;146764;146767;146257;146221;146680;146742;146647;146697;146734;146753;146741;146702;146687;146644;146713;146738;146754;146655;146659;146765;146686;146650;146646;146705;146668;146704;146671;146641;146739;146701;146651;146752;146707;146660;146744;146696;146709;146708;146675;146731;146681;146743;146664;146663;146672;146684;146728;146645;146703;146733;146727;146740;146747;146690;146642;146652;146682;146692;146698;146711;146656;146694;146760;146761;146722;146706;146719;146661;146714;146712;146674;146723;146762;146730;146748;146693;146717;146720;146670;146657;146758;146721;146695;146759;146679;146716;146755;146766;146756;146724;146735;146648;147480;146683;146654;147546;147587;147505;147455;147530;147542;147492;147608;147477;147588;147456;147536;147471;147582;147430;147583;147552;147513;147539;147614;147487;147600;147499;147613;147453;147457;147526;147540;147431;147574;147596;147472;147531;147423;147462;147533;147549;147607;147577;147573;147557;147580;147527;147479;146658;147468;147547;147458;147478;147516;147520;147503;147422;147448;147541;147442;147427;147428;147535;147534;147521;147465;147569;147566;147590;147449;147585;147599;147538;147603;147598;147474;147446;147493;147466;147611;147491;147444;147490;147460;147562;147467;147559;147451;147438;147595;147616;147525;147551;147605;147561;147507;147459;147517;147489;147619;147443;147432;147461;147495;147592;147424;147425;147584;147475;147518;147555;147441;147601;147510;147609;147528;147114;147118;147081;147035;147129;147433;147045;147124;147117;147042;147029;147088;147100;147126;147074;147046;147125;147102;147080;147049;147064;147132;147054;147131;147105;147092;147041;147028;147057;147061;147119;147040;147107;147079;147122;147055;147066;147130;147110;147128;147104;147103;147089;147084;147043;147047;147069;147032;147095;147065;147083;147038;147094;147090;147031;147109;147111;147052;147077;147093;147063;147112;147133;147071;147044;147097;147059;147073;147120;147056;147053;147037;147123;147085;147039;147033;147051;147072;147113;147062;147096;147075;147078;147127;147058;147070;147115;147048;147025;147121;147076;147036;147067;147099;147082;147101;147106;147034;147108;147091;147581;147086;147560;147473;147578;147615;147604;147504;147470;147543;147508;147488;147594;147445;147602;147512;147589;147553;147486;147572;147567;147610;147439;147501;147434;147550;147483;147514;147440;147522;147593;147496;147426;147537;147556;147485;147497;147565;147482;147506;147617;147509;147481;147670;147666;147476;147523;147672;147668;147686;147664;147683;147679;147690;147681;147673;147494;147702;147674;147703;147696;147669;147676;147693;147677;147689;147699;147694;147701;147665;147692;147675;147671;147698;147691;147687;147667;147684;147700;147695;148067;148077;147682;147678;148043;148050;148046;148082;148055;148057;148059;148084;148062;148060;148047;148073;148041;148075;148083;148079;148056;148065;148049;148044;148076;148052;148078;148069;148058;148063;148042;148061;148086;148054;148071;148068;148064;148048;148081;148070;148576;148040;148589;148582;148630;148618;148628;148580;148634;148597;148631;148638;148626;148596;148605;148611;148612;148625;148619;148585;148598;148608;148601;148613;148607;148583;148620;148602;148575;148595;148633;148074;148577;148629;148627;148624;148635;148637;148586;148622;148579;148604;148609;148603;148587;148621;148592;148617;148591;148584;148581;148578;148616;148593;148640;148632;149096;148590;149116;149165;149102;149107;149097;149161;149130;149197;149176;149175;149154;149095;149190;149153;149144;149147;149182;149137;149177;149124;149155;149187;149178;149171;149148;149140;149186;149104;149166;149115;149173;149141;149110;149114;149156;149157;149134;149111;149183;149149;149158;149131;149098;149109;149118;149170;149200;149117;149125;149184;149194;149202;149198;149132;149169;149129;149143;149099;149100;149201;149136;149168;149160;149167;149163;149139;149120;149128;149159;149188;149122;149123;149119;149105;149146;149108;149204;149196;149101;149112;149106;149162;149126;149142;149127;149121;149133;149145;149181;149189;149193;149150;149164;149172;149192;149199;149151;149191;149565;149588;149138;149583;149625;149615;149563;149622;149552;149582;149597;149559;149576;149601;149607;149543;149551;149556;149623;149531;149595;149532;149544;149561;149638;149591;149632;149538;149626;149618;149624;149585;149575;149540;149631;149619;149599;149593;149586;149587;149617;149610;149606;149604;149620;149578;149574;149621;149608;149547;149581;149592;150167;150192;149546;149630;150170;150216;150227;150166;150210;150174;150189;150214;150181;150208;150197;150225;150198;150224;150221;150175;150217;150211;150231;150229;150184;150178;150187;150179;150226;150186;150204;150176;150219;150177;150169;150213;150209;150202;150195;150185;150188;150207;150205;150199;150250;150278;150247;150263;150277;150265;150252;150271;150254;150253;150264;150249;150268;150258;151039;151031;151045;151043;151040;151048;151032;151052;151042;151033;151041;151034;151026;151029;151036;151047;151035;151046;151038;151161;151174;151172;151171;151169;151180;151182;151157;151167;151166;151175;151185;151177;151173;151162;151179;151176;151178;151156;151160;151183;151168;151163;151184;151186;151159;151170;151181;151164;151256;151158;151221;151165;151232;151257;151228;151250;151249;151242;151258;151223;151245;151244;151233;151237;151236;151227;151235;151222;151229;151259;151231;151220;151263;151248;151246;151262;151260;151225;151230;151247;151238;151234;151251;151243;151252;151241;151255;151240;151239;151253;151261;151254;151226;151224;151297;151344;151324;151336;151294;151307;151314;151330;151348;151325;151326;151331;151299;151349;151323;151337;151327;151332;151316;151295;151320;151312;151342;151317;151311;151313;151340;151319;151296;151334;151329;151341;151350;151321;151322;151338;151335;151303;151302;151328;151345;151310;151300;151347;151339;151315;151301;151304;151305;151308;151298;151343;151318;151351;151306;151333;151415;151309;151896;151902;151392;151399;151388;151895;151421;151420;151408;151398;151402;151382;151381;151419;151409;151400;151397;151389;151894;151417;151414;151379;151404;151384;151898;151416;151405;151394;151391;151385;151418;151395;151380;151411;151401;151376;151393;151387;151412;151390;151406;151396;151386;151383;151413;151568;151544;151537;151556;151378;151403;151538;151560;151565;151562;151536;151563;151548;151547;151535;151534;151552;151558;151543;151564;151549;151545;151541;151533;151561;151570;151550;151569;151555;151540;151566;151553;151542;151546;151551;151559;151554;151567;151557;151539;151769;151773;151788;151776;151782;151767;151785;151768;151779;151766;151783;151781;151787;151784;151774;151772;151777;151789;151786;151780;151775;152336;152343;151771;151770;152309;152279;152334;152321;152295;152302;152303;152274;152324;152331;152308;152319;152289;152340;152294;152275;152314;152338;152330;152304;152316;152284;152328;152293;152345;152276;152299;152337;152310;152342;152290;152326;152296;152277;152313;152339;152317;152286;152292;152311;152285;152287;152305;152315;152280;152323;152333;152281;152307;152306;152298;152301;152278;152344;152282;152329;152325;152320;152300;152332;152341;152312;152318;152327;152322;152283;152291;152297;152335;152409;152408;152400;152396;152403;152407;152404;152399;152402;152397;152406;153064;152401;152405;153052;153067;153070;153049;153084;153058;153048;153085;153053;153076;153063;153079;153071;153057;153075;153054;153080;153078;153081;153065;153059;153086;153082;153068;153066;153055;153050;153077;153051;153056;153060;153262;153357;153069;153289;153333;153339;153346;153318;153313;153328;153276;153298;153287;153314;153270;153295;153280;153311;153264;153323;153281;153319;153290;153338;153342;153312;153305;153348;153275;153301;153355;153279;153268;153316;153292;153273;153302;153272;153271;153359;153299;153320;153354;153260;153300;153340;153329;153315;153358;153308;153324;153332;153297;153331;153347;153349;153327;153343;153353;153309;153307;153261;153330;153288;153293;153321;153326;153266;153306;153344;153282;153360;153263;153325;153274;153304;153317;153322;153337;153294;153334;153283;153296;153352;153286;153267;153345;153335;153350;153284;153356;153310;153336;153278;153341;153277;153303;153291;153269;153259;153351;153606;153265;153628;153648;153634;153651;153633;153629;153653;153657;153642;153607;153664;153639;153610;153640;153650;153644;153638;153660;153609;153603;153662;153602;153608;153605;153658;153604;153641;153637;153663;153646;153654;153655;153649;153645;153661;153647;153714;153659;153717;153656;155469;153697;153730;153715;153747;153739;153755;153758;153692;153746;153673;153732;153708;153719;153681;153675;153693;153688;153720;153726;153700;153761;153735;153718;153716;153680;153671;153760;153713;153677;153698;153740;153674;153734;153749;153721;153703;153682;153672;153686;153737;153754;153759;153728;153704;153722;153710;153695;153738;153687;153701;153712;153702;153711;153733;153736;153683;153679;153706;153684;153678;153731;153696;153699;153707;153748;153676;153685;153729;153724;153705;153670;153727;154371;154001;153723;154000;154398;154393;154403;154363;154407;154372;154365;154399;154364;154359;154397;154362;154361;154375;154404;154411;154385;154373;154388;154392;154389;154358;154387;154390;154396;154400;154401;154406;154386;154391;154367;154394;154409;154402;154380;154382;154379;154360;154366;154395;154378;154369;154377;154383;154376;154374;154408;154384;154357;154368;154370;154795;154788;154799;154810;154794;154811;154786;154787;154789;154807;154793;154812;154805;154796;154792;154813;154790;154803;154801;154809;154802;154785;154791;154804;154797;154798;154800;155267;155281;154806;155269;155285;155280;155286;155139;155288;155141;155272;155140;155284;155283;155240;155142;155273;155279;155287;155290;155266;155235;155242;155275;155270;155265;155282;155260;155138;155131;155248;155117;155251;155271;155291;155239;155277;155237;155261;155262;155238;155268;155241;155129;155228;155246;155229;155247;155230;155120;155244;155278;155236;155255;155118;155257;155259;155263;155264;155276;155254;155256;155250;155121;155233;155128;155119;155249;155289;155258;155227;155252;155253;155274;155226;155243;155231;155130;155234;155504;155478;155480;155500;155521;155488;155508;155510;155535;155490;155514;155481;155532;155516;155512;155477;155506;155476;155534;155460;155494;155518;155503;155484;155489;155530;155475;155509;155472;155529;155513;155531;155479;155519;155526;155507;155485;155515;155473;155524;155533;155491;155492;155498;155474;155527;155537;155495;155502;155517;155520;155505;155487;155497;155536;155522;155496;155528;155501;155523;155471;155482;155493;155511;155486;155525;155499;155483;156312;156306;156294;156296;156298;156305;156311;156302;156303;156308;156304;156301;156295;156313;156310;156299;156307;156309;156300;156293;156373;156344;156347;156350;156297;156372;156351;156357;156362;156358;156354;156365;156367;156383;156359;156343;156374;156355;156369;156360;156371;156352;156346;156379;156378;156349;156381;156364;156382;156356;156363;156376;156348;156353;156368;156366;156345;156377;156536;156489;156518;156534;156508;156533;156490;156529;156510;156535;156516;156519;156487;156509;156530;156506;156491;156507;156527;156513;156520;156495;156492;156504;156522;156541;156498;156540;156532;156511;156494;156524;156521;156537;156526;156488;156531;156502;156493;156496;156500;156497;156517;156539;156514;156523;156538;156505;156525;156515;156528;156501;156552;156503;156499;156512;156542;156400;156413;156404;156407;156414;156408;156415;156412;156409;156401;156416;156410;156411;156406;156402;156424;156405;156423;156430;156428;156429;156431;156425;156438;156427;156432;157209;157192;157169;157186;157206;157193;157212;157179;157217;157178;157203;157208;157194;157171;157170;157187;157219;157197;157216;157195;157211;157173;157196;157204;157184;157177;157175;157191;157218;157220;157213;157207;157222;157174;157200;157172;157210;157201;157215;157185;157926;157925;157927;157922;157924;157928;157923;157912;157916;157913;157917;157914;157918;157915;157955;157941;157991;157983;157950;157947;157979;157964;157980;158023;157984;157978;157951;158011;158025;157958;158016;157954;157972;157981;158005;157969;158018;157990;158007;157949;157940;158020;158002;158019;158009;157937;157944;158017;158012;157946;158000;157987;157965;158003;157971;157988;157966;157976;158024;157998;158006;157970;157985;157942;158027;157992;157959;157977;158028;157956;158001;158013;157999;157962;157933;158010;157993;157973;157945;157994;157986;158021;157974;157997;158014;157934;157996;157952;157982;157930;157995;158008;157967;157963;157960;158029;157957;157989;157943;158022;157968;157931;157936;157975;157961;157953;158030;157948;158015;158004;158040;158306;158282;158313;158300;158310;158302;158289;158276;158299;158317;158274;158294;158284;158288;158293;158318;158311;158312;158320;158295;158297;158292;158309;158280;158298;158279;158285;158301;158303;158286;158277;158290;158278;158291;158283;158304;158281;158275;158315;158287;158308;158314;158296;158405;158419;158421;158399;158374;158413;158426;158432;158422;158396;158365;158424;158369;158397;158423;158407;158394;158412;158428;158373;158379;158382;158388;158391;158434;158372;158371;158409;158406;158408;158414;158363;158389;158410;158385;158431;158384;158393;158376;158398;158427;158362;158386;158420;158416;158370;158380;158411;158400;158381;158425;158377;158404;158417;158401;158418;158367;158387;158378;158366;158364;158493;158375;158482;170504;158476;158477;158484;158491;158472;158483;158481;158465;158469;158480;158478;158485;158462;158486;158470;158466;158461;158487;158490;158468;158532;158479;158553;158552;158533;158526;158529;158538;158550;158524;158534;158548;158523;158551;158525;158536;158531;158530;158544;158547;158542;158539;158540;158541;158535;158543;158522;158549;158537;158545;158546;158527;159094;159082;159104;158528;159081;159080;159101;159085;159084;159095;159102;159086;159093;159096;159083;159087;159103;159091;159097;159099;159089;159088;159100;159098;159240;159250;159265;159249;159267;159252;159251;159261;159245;159247;159262;159264;159258;159259;159260;159241;159244;159253;159246;159263;159254;159256;159266;159242;159322;159627;159831;159832;159846;159853;159850;159879;159836;159858;159871;159840;159869;159872;159851;159847;159852;170503;159839;159834;159857;159874;159873;159880;159837;159859;159875;159867;159835;159844;159862;159845;159863;159841;159877;159881;159866;159856;159861;159865;170502;159855;159833;159854;159864;159860;159848;159849;159842;159868;159870;159878;159838;159802;159800;159876;159781;159799;159804;159772;159777;159791;159788;159796;159790;159798;159801;159815;159783;159797;159787;159812;159795;159786;159773;159780;159782;159792;159808;159775;159803;159785;159778;159811;159793;159805;159807;159810;159806;159794;159774;159814;159809;159813;159784;159789;159776;159779;159942;160013;159972;159994;159995;160045;159933;159969;159984;159997;160041;159991;160035;159945;159937;159943;160012;159946;159989;160042;159968;160046;159970;160011;160038;160002;160003;159992;159949;160007;160001;159980;160008;159979;159944;159967;159988;160040;159918;160044;159952;159953;160019;160004;159941;159983;160017;159973;160009;160014;159971;160005;159986;159939;159993;160018;160126;160010;160118;160047;160043;159940;160121;160114;160124;160107;160127;160133;160113;160122;160117;160109;160119;160135;160130;160136;160112;160137;160116;160129;160105;160132;160131;160128;160111;160110;160134;160108;160156;160106;160120;160123;160115;160171;160153;160174;160146;160176;160170;160143;160175;160163;160160;160177;160168;160141;160159;160154;160152;160178;160149;160142;160150;160169;160166;160172;160158;160162;160157;160155;160145;160165;160151;160173;160144;160167;160140;160164;160148;160138;160147;160589;160139;160620;160593;160618;160582;160616;160625;160600;160614;160623;160580;160617;160606;160594;170505;160584;160583;160603;160592;160608;160615;160587;160595;160585;160613;160612;160597;160605;160601;160611;160599;160610;160598;160602;160626;160581;160604;160596;160609;160622;160586;160590;160619;160638;160607;160591;160654;160661;160627;160656;160666;160655;160662;160649;160645;160660;160678;160676;160665;160673;160646;160651;160648;160663;160647;160677;160644;160650;160675;160642;160653;160659;160657;160658;160652;160703;160697;160694;160709;160685;160705;160707;160702;160695;160687;160693;160713;163407;160701;160706;163409;160691;160690;160711;160704;160696;160689;160712;160708;160700;160686;160688;160692;160699;160698;160710;161561;161533;161584;161517;161587;161600;161589;161585;161607;161545;161588;161599;161597;161571;161575;161527;161567;161586;161566;161553;161541;161602;161570;161532;161551;161554;161521;161560;161579;161595;161569;161557;161547;161666;161565;161530;161523;161592;161563;161534;161535;161572;161581;161544;161608;161580;161516;161552;161546;161577;161562;161526;161593;161529;161518;161543;161601;161582;161549;161558;161555;161578;161590;161531;161536;161559;161520;161564;161598;161528;161540;161594;161522;161573;161583;161603;161542;161752;161537;161629;161627;161729;161856;161890;161877;161875;161870;161876;161858;161855;161878;161857;161881;161879;161859;161863;161853;161851;161887;161852;161871;161886;161880;161849;161885;161860;161872;161891;161884;161889;161850;161854;161888;161861;161862;162153;161873;162150;162147;162162;162155;162146;162156;162141;162151;162163;162148;162154;162142;162144;162157;162145;162280;162295;162286;162282;162276;162278;162294;162271;162247;162253;162254;162279;162269;162283;162284;162248;162265;162273;162255;162292;162256;162258;162260;162268;162281;162291;162277;162264;162252;162266;162267;162250;162262;162259;162270;162257;162249;162289;162274;162272;162275;162288;162285;162293;162261;162251;162287;162246;162344;162353;162349;162352;162360;162343;162351;162362;162370;162375;162369;162350;162348;162364;162372;162365;162355;162342;162367;162371;162335;162336;162346;162366;162345;162361;162359;162354;162347;162363;162337;162357;162341;162358;162368;162374;162356;162373;162338;162453;162340;162440;162465;162430;162439;162454;162441;162451;162460;162456;162461;162457;162433;162450;162448;162432;162434;162459;162443;162449;162447;162462;162442;162464;162458;162437;162463;162473;162438;162429;162445;162446;162455;162452;162435;162444;162436;162885;162894;162869;162888;162889;162917;162905;162906;162901;162867;162895;162887;162855;162868;162863;162879;162862;162918;162897;162919;162890;162872;162893;162899;162916;162878;162873;162915;162857;162921;162865;162902;162877;162875;162884;162920;162876;162967;162858;162908;162907;162914;162861;162859;162870;162874;162871;162891;162860;162864;162903;162909;162923;162922;162900;162896;162892;162904;162866;162856;163190;163222;163223;163191;163221;163220;163206;163158;163184;163151;163188;163224;163134;163187;163196;163132;163200;163157;163142;163195;163217;163189;163150;163197;163193;163202;163127;163192;163161;163140;163130;163199;163163;163194;163204;163125;163182;163159;163152;163156;163198;163160;163154;163123;163139;163141;163137;163131;163162;163149;163219;163214;163164;163175;163172;163186;163118;163180;163201;163181;163210;163115;163168;163176;163119;163138;163145;163174;163208;163178;163209;163177;163136;163166;163171;163146;163121;163144;163129;163116;163211;163122;163216;163120;163203;163143;163212;163185;163218;163207;163183;163169;163155;163167;163165;163213;163126;163147;163153;163205;163124;163251;163148;163133;163128;163173;163170;163179;163547;163531;163590;163532;163580;163555;163554;163553;163565;163570;163568;163630;163536;163559;163557;163549;163560;163551;163527;163541;163526;163528;163574;163552;163573;163562;163546;163533;163534;163537;163535;163567;163529;163548;163543;163556;163563;163566;163550;163572;163564;163569;163539;163540;163571;163530;163544;163538;163542;163558;163624;163619;163627;163610;163618;163595;163603;163608;163616;163598;163586;163615;163601;163611;163597;163600;163628;163612;163592;163609;163607;163623;163583;163584;163617;163620;163593;163602;163626;163596;163606;163594;163621;163625;176375;163585;163622;164236;163613;164249;164233;164223;164175;164243;164190;164189;164199;164240;164250;164170;164248;164201;164205;164200;164209;164228;164181;164213;164214;164246;164173;164165;164198;164226;164237;164161;164182;164207;164210;164191;164178;164187;164166;164239;164229;164242;164212;164215;164225;164162;164203;164244;164183;164206;164230;164202;164164;164192;164247;164251;164218;164204;164219;164171;164197;164208;164222;164245;164186;164216;164235;164193;164172;164232;164167;164188;164163;165078;165071;165058;165059;165031;165073;165035;165047;165057;165021;165048;165065;165045;165049;165043;165029;165074;165041;165050;165033;165044;165063;165055;165056;165030;165039;165042;165018;165052;165054;165024;165060;165034;165022;165027;165046;165023;165040;165075;165053;165037;165019;165032;165036;165064;165051;165026;165069;165070;165020;165061;165038;165412;165414;165025;165028;165395;165364;165386;165381;165370;165378;165379;165389;165383;165363;165391;165375;165408;165371;165385;165393;165402;165361;165367;165343;165358;165398;165341;165397;165377;165390;165340;165342;165362;165351;165401;165357;165411;165415;165356;165373;165344;165382;165404;165352;165416;165345;165354;165353;165380;165388;165360;165392;165369;165350;165410;165406;165366;165413;165405;165396;165384;165376;165368;165399;165338;165374;165400;165403;165365;165407;165372;165394;165359;165409;165387;165339;165786;165807;165805;165804;165815;165829;165802;165792;165828;165817;165824;165809;165823;165800;165796;165795;165779;165821;165826;165830;165816;165812;165781;165819;165811;165799;165793;165797;165818;165801;165810;165785;165803;165780;165822;165787;165782;165798;165788;165827;165806;165783;165852;165845;165854;165849;165855;165851;165841;165857;165859;165840;165838;165843;165832;165848;165864;165860;165834;165861;165844;165831;165837;165850;165858;165846;165833;165862;165842;165847;165839;165856;165835;165836;165853;165897;165916;165877;165866;165898;165919;165881;165920;165878;165865;165899;165888;165908;165869;165889;165905;165912;165873;165900;165895;165909;165883;165913;165921;165868;165892;165894;165917;165896;165906;165893;165882;165870;165876;165884;165907;165867;165880;165903;165914;165904;165886;165871;165885;165910;165902;165879;165872;165890;165891;165875;165918;165901;165887;165874;165911;165915;165966;165943;165935;165957;165968;165962;165979;165978;165970;165945;165927;165976;165972;165949;165960;165964;165932;165975;165940;165952;165936;165955;165926;165950;165931;165961;165948;165941;165951;165956;165944;165977;165967;165946;165937;165947;165973;165963;165933;165953;165930;165974;165929;165928;165954;165924;165938;165965;165939;165925;165969;165971;165934;165942;165958;166666;166651;166635;166660;166640;166632;166656;166636;166641;166658;166639;166654;166647;166643;166653;166650;166667;166664;166657;166621;166644;166637;166628;166638;166648;166652;166642;166627;166655;166633;166645;166625;166665;166663;166646;166626;166662;166649;166661;166659;166634;166620;166837;166818;166868;166815;166872;166817;166875;166841;166862;166838;166813;166874;166809;166865;166863;166858;166866;166855;166870;166826;166852;166849;166864;166851;166814;166810;166876;166840;166839;166820;166859;166831;166811;166844;166845;166832;166819;166828;166869;166833;166854;166821;166829;166835;166842;166877;166871;166827;166867;166836;166860;166830;166816;166812;166857;166846;166853;166825;166843;166850;166847;166848;166974;166834;166873;166975;166977;166971;166976;166973;166979;166970;166978;166972;166968;167047;167366;167396;167409;167378;167380;167384;167419;167426;167401;167420;167415;167411;167422;167364;167428;167416;167414;167360;167385;167374;167391;167425;167365;167410;167394;167389;167373;167376;167382;167402;167369;167403;167370;167407;167413;167368;167405;167355;167359;167406;167367;167381;167395;167417;167363;167404;167390;167388;167387;167392;167358;167377;167408;167357;167361;167427;167371;167354;167423;167372;167375;167383;167356;167424;167400;167379;167418;167386;168506;168527;167362;168523;167421;168526;168514;168508;168511;168531;168510;168528;168525;168535;168532;168513;168515;168517;168519;168512;168529;168524;168530;168504;168505;168967;168522;168521;169000;168995;169012;169002;168966;168997;168979;169013;169005;168976;168968;169014;168977;168994;169004;168975;168973;169007;168985;168960;168969;168988;168971;168970;168972;168962;169006;168992;168978;168987;168986;168999;168998;168983;169001;168984;169011;168961;168991;169009;168989;168963;169010;168996;168990;169008;168974;168965;168993;169333;169311;169310;169303;169336;169325;169320;169306;169331;169326;169319;169329;169302;169313;169324;169340;169341;169334;169321;169339;169322;169328;169312;169308;169337;169330;169314;169327;169335;169338;169301;169305;169307;169323;169401;169332;169309;169399;169374;169395;169384;169388;169386;169375;169393;169404;169365;169396;169403;169364;169390;169372;169368;169394;169400;169398;169376;169377;169402;169367;169369;169362;169373;169488;169397;169381;169356;169366;169385;169387;169405;169406;169391;169360;169378;169389;169355;169357;169392;169370;169371;169358;169379;169380;169359;169580;169363;169361;169383;169547;169581;169557;169535;169577;169532;169575;169570;169564;169569;169556;169555;169550;169529;169552;169531;169561;169540;169545;169578;170014;169533;169565;169558;169536;169548;169562;169563;169549;169551;169541;169539;169560;169559;169566;169538;169546;169573;169567;169579;169534;169554;169528;169543;169544;169530;169553;169542;169568;169626;169611;169646;169609;169638;169588;169603;169652;169667;169600;169615;169650;169613;169618;169621;188839;169660;169664;169657;169654;169651;169666;169589;169669;169642;169599;169644;169634;169648;169681;169619;169633;169653;169684;169607;169622;169602;169623;169617;169683;169620;169590;169668;169662;169677;169593;169610;169643;169608;169629;169625;169703;169670;169655;169616;169674;169601;169627;169604;169672;169680;169663;169641;169675;169595;169628;169639;169679;169597;169645;169592;169682;169591;169596;169612;169658;169594;169624;169640;169661;169637;169656;169678;169676;169671;169614;169598;169606;169659;169647;169791;169762;169804;169869;169853;169825;169864;169743;169820;169772;169798;169764;169871;169848;169750;169737;169859;169818;169849;169810;169826;169822;169733;169856;169769;169809;169812;169815;169857;169729;169866;169739;169741;169819;169821;169854;169851;169751;169740;169752;169800;169843;169862;169811;169868;169855;169766;169754;169830;169749;169858;169790;169753;169757;169827;169794;169824;169808;169795;169735;169773;169845;169748;169793;169813;169792;169763;169870;169803;169728;169847;169867;169816;169770;169823;169852;169805;169850;169872;169801;169828;169797;169731;169799;169738;169742;169846;169829;169796;169723;169817;169765;169865;169983;169844;169874;169744;169873;169771;169987;169863;169814;170847;170823;170797;170812;170799;170818;170816;170786;170835;170817;170833;170846;170821;170837;170800;170802;170842;170828;170822;188948;170808;170792;170789;170831;170838;170796;170809;170805;170845;170827;170841;170787;170839;170813;170795;170804;170830;170848;170798;170820;170794;170793;170801;170832;170850;170803;170807;170819;170790;170849;170834;170825;170810;170814;170843;170826;170806;170815;170829;170836;170844;170811;170791;171140;171149;170840;171148;171176;171173;171175;171166;171174;171116;171137;171119;171202;171139;171125;171182;171171;171201;171239;171170;171146;171117;171144;171178;171126;171205;171150;171172;171199;171195;171154;171203;171151;171168;171180;171141;171181;171206;171177;171169;171204;171120;171190;171282;171308;171319;171313;171370;171294;171307;171287;171281;171279;171369;171303;171274;171297;171278;171312;171296;171291;171328;171280;171293;171326;171298;171286;171327;171306;171290;171323;171277;171272;171310;171300;171309;171311;171305;171318;171329;171368;171275;171299;171273;171324;171302;171271;171304;171289;171301;171288;171283;171331;171284;171330;171276;172199;171295;171292;172218;172201;171325;172231;172215;172185;172235;172233;172193;172207;172197;172203;172214;172237;172234;172210;172202;172194;172189;172200;172205;172206;172204;172236;172196;172195;172219;172183;172187;172198;172308;172321;172337;172262;172309;172307;172334;172288;172332;172295;172335;172286;172283;172339;172341;172328;172345;172340;172331;172343;172305;172314;172322;172285;172319;172273;172303;172324;172316;172320;172274;172302;172326;172313;172317;172300;172272;172310;172304;172330;172352;172336;172306;172269;172333;172278;172263;172353;172270;172271;172292;172315;172297;172293;172279;172275;172323;172311;172296;172287;172354;172268;172267;172294;172312;172280;172347;172346;172265;172342;172350;172284;172266;172348;172301;172264;172298;172344;172291;172282;172299;172688;172259;172351;172706;172728;172349;172705;172689;172718;172699;172707;172720;172685;172686;172709;172715;172697;172704;172695;172692;172701;172724;172727;172723;172713;172729;172703;173032;172721;172700;172684;172681;172712;172698;172696;172683;172725;172716;172719;172708;172722;172714;172690;172691;172726;172694;172702;172687;172710;172693;172730;172682;173365;172717;173360;173359;173362;173353;173363;173368;173355;173366;173370;173367;173361;173357;173356;173352;173364;173351;173358;173354;174218;174209;174190;174207;173369;174183;174210;174188;174217;174187;174191;174204;174199;174201;174189;174205;174193;174213;174182;174206;174184;174203;174202;174212;174208;174186;174200;174192;174211;174185;174867;174847;174849;174868;174845;174850;174859;174857;174828;174822;174861;174841;174858;174880;174869;174856;174879;174865;174830;174821;174870;174848;174824;174872;174823;174871;174817;174852;174842;174884;174877;174820;174827;174818;174874;174826;174843;174873;174825;174829;174882;174838;174844;174831;174833;174834;174836;174863;174860;174876;174878;174846;174851;174835;174819;174862;174881;174840;174837;174866;174864;174816;174814;174875;174855;175205;174839;174832;175222;174815;175217;175226;175224;175227;175166;175197;175229;175171;175221;175214;175219;175184;175182;175223;175228;175175;175190;175168;175173;175174;175230;175216;175212;175183;175225;175218;175186;175196;175181;175195;175215;175198;175209;175207;175199;175164;175185;175169;175208;175172;175187;175179;175206;175213;175203;175194;175200;175180;175165;175170;175167;175210;175188;175189;175202;175176;175201;175211;175220;175177;175204;175178;175161;175163;175162;175245;175264;175255;175276;175273;175242;175237;175275;175267;175235;175240;175246;175274;175244;175265;175261;175256;175248;175239;175251;175250;175241;175234;175253;175238;175269;175258;175247;175268;175236;175249;175266;175257;175271;175254;175231;175260;175270;175233;175272;175252;175232;175243;175259;175319;175311;175312;175318;175292;175310;175313;175299;175302;175294;175314;175365;175360;175309;175322;175315;175316;175300;175321;175323;175298;175291;175289;175301;175293;175297;175320;175326;175324;175305;175290;175296;175308;175317;175325;175352;175550;175295;175543;175519;175507;175536;175544;175542;175529;175526;175545;175353;175510;175538;175520;175534;175500;175530;175504;175512;175518;175521;175491;175527;175515;175508;175522;175501;175356;175502;175524;175490;175498;175499;175492;175503;175511;175516;175488;175493;175514;175523;175513;175495;175494;175505;175506;175497;175496;175509;175780;175776;175799;175777;175771;175736;175772;175735;175785;175778;175800;175784;175773;175737;175779;175738;175788;175781;175795;175775;175796;175797;175783;175774;175787;175786;175789;175741;175794;175739;175790;175746;175744;175748;175793;175745;175747;175740;175750;175730;175752;175754;175798;175764;175749;175765;175731;175751;175743;175742;175766;175753;175756;175767;175755;175768;175732;175769;175770;175757;175734;175733;176012;176001;176049;176005;176018;176040;176002;176016;176014;176050;176003;176047;176008;176004;176011;176006;176048;176007;176010;176015;176022;176009;176013;176017;176024;176020;176021;176029;176027;176019;176023;175997;176030;176028;176032;176039;176031;176038;176033;175998;176034;175999;176035;176000;176612;176609;176573;176613;176610;176611;176572;176604;176588;176606;176582;176578;176575;176594;176605;176581;176574;176580;176584;176614;176576;176583;176590;176592;176589;176591;176593;176598;176585;176596;176595;176579;176597;176599;176569;176600;176570;176601;176571;176850;176568;176602;176603;176867;176878;176807;176877;176869;176875;176879;176872;176881;176857;176873;176848;176870;176851;176808;176812;176862;176880;176852;176825;176827;176853;176813;176859;176819;176815;176876;176811;176809;176829;176817;176835;176854;176858;176820;176855;176847;176863;176810;176841;176826;176836;176860;176864;176866;176822;176833;176803;176828;176839;176823;176824;176834;176868;176865;176780;176830;176843;176802;176845;176874;176806;176778;176882;176842;176784;176782;176844;176776;176837;176777;176840;176789;176849;176792;176883;176779;176788;176772;176805;176794;176846;176804;176783;176781;176795;176786;176793;176787;176818;176814;176797;176775;176801;176799;176790;176821;176774;176798;176773;176800;176785;176796;177048;177019;177026;177043;177028;177013;177031;177074;177032;177029;177008;177014;177020;177017;177016;177018;177021;177075;177049;177036;176990;177073;177022;177076;177030;177034;177039;177038;177041;176993;176995;176997;177035;177037;176999;177046;177027;177040;177042;177025;177023;177001;176996;177009;176994;177044;177000;176992;177011;176991;177002;176998;177033;177003;177045;177047;177010;177006;177005;177007;176989;176988;177004;177171;177172;177165;177134;177167;177168;177175;177160;177200;177182;177201;177204;177185;177179;177183;177162;177202;177206;177137;177139;177141;177135;177174;177143;177163;177207;177203;177138;177147;177136;177166;177149;177176;177170;177161;177140;177180;177155;177190;177146;177164;177142;177148;177177;177169;177186;177173;177178;177151;177154;177156;177181;177157;177184;177132;177150;177152;177153;177133;177970;177953;177969;177978;177962;177948;177982;177965;177943;177960;177955;177985;177983;177980;177979;177984;177949;177941;177967;177944;177954;177958;177964;177972;177940;177947;177957;177945;177942;177956;177973;177976;177939;177975;177963;177977;177946;177974;177981;177971;177961;177938;177959;177950;177952;177951;177966;177968;178058;178073;178093;178069;178095;178059;178062;178091;178067;178077;178096;178086;178097;178090;178078;178083;178081;178070;178065;178071;178068;178082;178074;178072;178079;178061;178092;178075;178084;178087;178060;178089;178076;178063;178088;178085;178080;178094;178066;178369;178368;178064;178370;178371;178388;178379;178385;178378;178347;178350;178373;178357;178352;178377;178389;178363;178346;178386;178354;178364;178351;178395;178383;178367;178359;178372;178391;178355;178394;178392;178348;178387;178349;178361;178381;178345;178358;178380;178360;178362;178390;178375;178376;178374;178356;178384;178365;178393;178353;178366;178344;178867;178882;178880;178382;178855;178890;178896;178863;178869;178889;178895;178873;178854;178868;178887;178861;178856;178901;178866;178892;178865;178881;178883;178879;178857;178897;178871;178900;178874;178878;178891;178876;178899;178898;178886;178885;178858;178877;178862;178859;178893;178853;178888;178870;178875;178894;178872;178864;178860;179024;179009;179008;178884;179005;179022;179004;178992;178990;179025;178997;179015;179011;179016;179003;179010;179012;179013;178983;178994;179002;178987;178977;178998;178985;179014;178980;178988;178982;178978;179023;179006;178979;179007;178993;178996;178999;179018;179017;179000;179019;178984;178989;178986;178976;179020;178991;179021;178981;178995;179001;179100;179102;179091;179111;179103;179099;179101;179090;179112;179083;179098;179079;179094;179109;179093;179084;179089;179105;179107;179086;179113;179080;179096;179095;179097;179077;179104;179087;179110;179081;179078;179085;179092;179108;179106;179088;179273;179283;179272;179267;179082;179275;179266;179286;179261;179284;179279;179276;179265;179270;179260;179277;179259;179271;179262;179263;179268;179281;179278;179258;179269;179264;179274;179285;179280;179254;179256;179288;179287;179252;179282;179255;179517;179549;179251;179257;179253;179530;179552;179532;179566;179561;179522;179511;179540;179551;179520;179562;179514;179559;179535;179557;179521;179550;179529;179525;179524;179543;179553;179564;179565;179526;179516;179541;179563;179513;179554;179537;179558;179536;179546;179568;179542;179518;179528;179555;179531;179545;179567;179533;179539;179556;179512;179538;179534;179519;179527;179544;179547;179569;179523;179510;188219;179560;179515;188818;179548;188262;188784;188539;189043;189050;188692;188325;188224;188937;188757;188788;188205;188836;188399;188302;188140;188249;188734;188457;188308;188967;188172;188300;188306;188744;188168;188180;188979;188239;189042;188298;188532;188421;188728;188278;188271;188203;188246;189060;189057;188309;188878;188876;188667;188871;188882;189027;188197;188799;188363;188717;188251;188708;188958;188200;188243;188248;188236;188930;188681;188242;188864;188307;188449;188315;188225;189034;188244;188995;188316;188282;189052;188796;188296;188100;188680;188691;188171;188389;188729;188210;188918;188512;188807;188317;189002;188087;188827;188226;188821;188173;188850;188237;188230;189061;188218;188660;188164;188630;188263;189012;189005;188288;188932;188739;188106;188194;188597;188366;188220;188890;188595;188806;188270;188811;188834;188550;188944;188928;188196;188623;188832;188408;188272;188996;188231;188129;188294;188880;188952;188202;188204;188425;188763;188234;188523;189046;188256;188188;188250;188241;188822;189053;188631;188602;188116;188190;188957;188574;188972;188240;188960;188865;188214;188862;189006;188245;188665;188484;188179;188181;188292;188704;188286;188193;188599;188163;188430;188285;188174;188108;188699;188861;188518;188376;188931;188323;189024;188867;188762;188335;188538;188212;188187;188189;188962;188290;188576;188191;188303;188590;188393;188808;188490;188919;188146;188350;188542;188557;188714;188933;188167;188766;188571;188340;188407;188257;188894;188649;188895;188934;188311;188261;188276;188252;188177;188604;188175;189018;188760;188840;188843;188233;188092;188892;188745;188162;188794;188222;188268;188299;188259;188195;188267;188287;188873;188908;188975;188751;188216;188536;188283;188778;188247;188289;188804;188297;189065;188142;188422;188733;188461;188170;189011;188719;188770;188910;188809;188644;188380;188976;188123;188221;188281;188789;188138;188301;188852;188498;188253;188943;188416;189000;188990;189008;189014;188786;188122;189036;188983;188857;188687;188284;188659;188320;188280;188775;188310;188893;188260;188125;188305;188211;188137;188184;188815;188824;188413;188898;188295;188674;188988;188215;188754;188232;188207;188228;188992;188165;188504;188182;188090;188208;188213;188479;189033;188336;188926;188749;188853;188917;188697;188313;188906;188169;188755;188201;188277;188496;188716;188198;188500;188468;188274;188625;188669;188192;188419;188737;188621;188279;188885;188312;188846;189016;188678;188868;189039;188700;188959;188444;188554;188782;188235;188265;188258;189023;188685;188414;188581;188199;188598;188185;188634;189063;188293;188863;188886;188178;188238;188610;188446;189019;188291;188229;189022;188135;188217;188223;188968;188275;188176;188505;188639;188269;188153;188671;188186;188273;188965;188848;188206;188488;188562;188254;189047;188672;188450;188337;188494;188209;188980;188998;188322;188622;188314;188266;188405;188353;188530;189032;188732;188109;188264;188227;188152;188854;188119;188079;188735;188795;188695;188346;188166;188354;189021;188632;188370;188911;188731;188887;188499;188964;188473;188703;188304;188095;188907;188720;188540;188628;188453;188825;188183;188358;189056;188813;188083;189045;188747;188772;188715;188489;188356;189048;188635;188723;188513;188637;188872;188761;188769;188130;188355;188787;189025;188662;189062;188472;188548;188912;188343;188255;188970;188991;188945;189017;188404;188144;188624;188462;189067;189049;188966;188373;188710;188445;188502;188145;188654;188615;188913;188823;188361;188909;189009;188463;188686;188953;188098;188319;188565;188149;188758;188344;188401;189001;188546;188454;188969;188675;188547;188978;188947;188764;188439;188620;188679;189015;188924;188411;188347;188367;188651;188752;188410;188904;188560;188521;188641;188837;188800;188111;188387;188127;188549;188128;188094;188682;188520;188481;188398;188321;188961;188097;188409;188689;188391;188939;188618;189068;188616;188364;188664;189064;188417;188643;188478;188619;189051;188756;188845;189007;188705;188645;188820;188131;188543;188382;188126;188117;188666;188570;188438;188514;188577;188497;188510;188869;188362;188555;188351;188359;188780;188810;188455;188156;188318;188713;188460;188151;188148;188511;188973;188611;188694;188458;188870;188718;188896;188110;188338;188426;188556;188652;188334;189038;188740;188124;188753;188955;188793;188903;188743;188080;188989;188901;188348;188956;188545;188466;188388;188826;188487;188849;189003;188342;188572;188435;188107;188383;188495;188629;189066;188088;188701;188586;188881;188929;188936;188721;188693;188448;188792;188491;189013;188767;188331;188084;188601;188559;188698;188984;188797;188534;188617;188397;188608;188844;188452;188638;188589;188891;188768;188515;189010;188994;188783;188706;188927;189054;188469;188099;188596;188115;188134;188726;188371;188369;188711;188626;188925;188999;188646;188112;188384;188859;188690;188579;188661;188592;188977;188841;188436;188516;188143;188866;189020;188812;188986;188833;188897;188524;188935;188655;188508;188575;188949;188349;188587;188838;189029;188847;188415;188105;188476;188544;188974;188503;188428;188374;188724;188096;188406;189028;188580;188725;188085;188506;188341;188459;188522;188480;189035;188493;188648;188392;188899;188507;188636;188677;188357;188372;188736;188441;188150;188696;188566;188569;188531;188139;188420;188588;189031;188464;188379;188552;188603;188451;188465;188938;188817;188835;188437;188915;188663;188103;188877;188541;188591;188916;188423;188774;188537;188326;188874;188474;188114;188442;188443;188801;188879;188613;188858;188855;188133;188673;188798;188985;188875;188483;189026;188375;188118;188997;188567;188856;188676;188748;188396;188920;188900;188668;188527;188593;188640;188475;188771;188921;188492;188081;189030;188086;188526;188594;188963;188683;188883;188385;188561;188627;188712;188657;188884;188653;188816;188467;188702;188418;188830;188395;188519;188429;188368;188121;188582;188670;188482;188722;188551;188585;188987;188647;188378;188485;188517;188583;188440;189059;188981;188486;188954;188860;188102;188433;188776;188132;188612;188154;188327;188456;188427;188600;188605;188529;188352;188386;188802;188790;188424;188330;188501;188147;188377;188656;188332;188773;188101;188738;188431;188923;188741;188157;188402;188609;188584;188606;188578;188922;188951;188941;188905;188707;188155;188642;188946;188120;188814;188400;189058;188831;188791;188535;188633;188727;188558;188390;188525;188688;188470;188650;188982;188568;188993;188082;188950;188412;188803;188805;189004;188329;188381;188742;188434;188365;188828;189041;188528;188553;188709;188447;188471;188940;188093;188345;189037;188746;188333;188684;188394;189069;188842;188785;188777;188851;189044;188781;188432;188091;188339;188360;188477;188730;188563;189040;188779;188607;188889;188328;188089;188914;188658;188141;188765;188759;188614;188902;189055;188942;188113;188971;188829;188533;188136;188509;188564;188104;188750;188819;188573;188403;188324;188888;189697;189682;189679;189676;189690;189683;189694;189684;189688;189704;189685;189703;189686;189692;189680;189691;189677;189696;189700;189706;189689;189687;189705;189698;189702;189681;189695;189678;189699;189701;189693;111845;121646;111846;121649;121647;121648;121651;121650;121653;121652;121654;111847;121655;121656;121657;111848;121659;121658;111849;121661;121660;121662;111850;121663;121665;121664;121666;111851;121668;111852;121670;121669;111854;111853;121667;121671;111855;121673;121672;111856;111857;121674;111858;121675;121676;111859;121678;121677;111860;121679;121680;111862;121681;121682;121683;111861;121684;121685;111863;121686;111864;121687;121688;121689;111865;121690;121691;121693;121694;121692;111866;121695;121696;121697;111867;111868;121698;121700;111869;111870;121699;121702;121705;121703;111871;121701;121704;121706;121708;121710;111872;121707;111873;121709;121711;121713;121714;121712;111874;121715;121716;121717;111875;121718;121719;121720;111876;111877;121721;121722;111878;121724;121725;121723;111879;121726;121728;121729;111880;111881;121727;111882;111883;121730;121731;111884;121732;121733;111885;121734;121735;121736;111886;111887;111888;121738;121737;121740;121739;111889;121741;121742;121743;121744;121745;121746;121748;121747;111890;121749;121750;121751;121752;111891;121753;111892;121756;111893;121757;121755;121754;121758;111894;121759;121761;121763;121760;121764;111895;121762;121765;111896;121766;111897;111898;121767;111899;121768;121770;121769;111900;121772;121773;121775;121774;121776;111901;111902;121771;121777;121779;111903;121778;121780;121784;121783;121782;111904;121787;121781;121790;111905;121786;121788;121785;121789;111907;111906;121794;121791;121792;121795;121793;111908;121796;111909;121797;121799;111910;121798;111911;121800;111912;111914;121802;121801;121803;111913;111915;121804;111916;111917;121805;121806;111918;121807;111919;121808;111920;121809;121810;121811;111921;121812;111922;121813;111923;121814;111924;121815;111925;121816;111926;121817;121818;111927;121819;111928;111929;121820;111930;121821;121824;121823;121822;121825;121826;121827;121829;121828;121831;111931;121832;121830;111932;121833;121834;121835;111933;121836;121837;111934;121838;111935;121839;111936;121840;111937;121841;111270;121842;111271;121843;111272;111273;121844;111274;121845;111275;121846;121847;111276;121848;121849;121850;111277;121851;111939;111938;121852;121853;111940;121854;111942;111941;121855;121856;111943;121857;121858;111944;121859;111945;121860;111946;121861;121863;121862;121864;121865;121866;121867;121868;111947;111948;121869;121870;121872;111949;121871;121873;121875;121876;111950;121874;121877;112034;112221;121878;121880;121879;121881;121882;121884;112223;121883;117336;121885;117396;121887;121886;117633;121888;117637;121889;121890;118208;117881;118494;121891;121892;121894;121893;121895;121896;119749;121899;121897;121898;121900;111278;121902;121901;121904;121903;111279;121905;121907;111280;121906;111281;121908;111282;121911;121910;121909;121912;111283;111284;121914;111285;121913;111286;121915;121916;121917;121919;121918;111287;121920;121921;121922;111288;121923;111289;121924;111290;121925;111291;121926;121927;111292;121928;121929;111293;121930;111294;121931;121932;111295;111296;111298;121934;121935;111297;121933;121936;121937;121938;121939;111299;121940;121941;121942;111300;121943;111301;111302;121944;121945;111303;111304;121947;121948;111305;121946;121950;121949;111306;121951;121952;111307;121953;111308;121955;111309;121954;121956;121958;121957;111310;121959;111951;121960;121961;111953;111954;121962;111952;111955;121963;121965;111956;121966;121964;111957;121967;111958;111959;121968;121970;121969;121971;111960;121972;111961;121973;111962;111963;121974;121975;121976;111964;121979;121978;121977;112062;112035;121980;121981;121982;121983;121985;112224;121986;121987;121984;112220;121988;121989;121990;112222;117399;117397;121992;117634;121991;117638;121993;121994;121995;119423;121996;118209;121997;121998;118308;122001;121999;122003;122004;122000;122002;122005;122007;122006;122008;122009;119753;122010;119750;122011;122013;122012;122015;122017;122014;122016;122019;122018;122020;122021;122898;122022;122899;122901;122900;122905;122902;122903;122904;133296;133298;133299;133297;133300;122894;122895;122920;122921;122922;122923;122924;122925;125162;125161;122926;125156;125158;125157;125160;125159;125084;125085;125086;125155;125088;125089;124862;124863;124865;124864;124867;124866;124868;124870;125083;124869;125400;125401;125402;126120;126121;125403;126122;126123;126196;126124;126194;126195;126198;126197;126201;126199;126200;126202;126204;126203;126185;126205;126186;126190;126187;126188;126178;126177;126176;126189;126478;126470;126472;126471;126955;128167;128166;128168;126954;128169;128170;128172;128171;128173;128164;128163;128758;128165;128726;128759;128727;128709;129294;129293;128710;129784;129783;129785;129788;129786;129787;129789;130108;129681;130109;129682;129683;129684;129685;129687;129686;132521;132522;132523;132524;132525;132526;132528;132527;132519;132694;132520;132695;132696;132963;132965;132966;132967;132964;132969;132968;122023;122025;122024;122026;122027;122029;122028;122030;122031;122896;122897;122910;122906;122911;122914;122908;122909;122907;122915;122916;122917;122918;122919;122912;122913;124861;125087;126212;126213;126214;126216;126215;125075;125076;125077;125078;125079;125082;125080;125081;124680;124681;125395;125394;125393;125396;125397;125398;126209;126210;125399;126211;126179;126180;126106;126107;126181;126108;126182;126109;126110;128174;126473;128175;128714;128716;128715;128717;128720;128719;128718;128722;128721;128723;128711;128734;128712;128713;128736;128735;128738;128737;129295;129690;129296;129689;129692;129693;129691;130115;130118;130114;130116;129688;130117;130107;130203;130204;131125;130206;130205;132540;132542;132543;132541;132545;132544;132546;132532;132531;132538;132539;132537;132533;131763;132536;132534;132677;132535;132970;132971;132974;132973;132975;132972;132976;132977;126377;126378;132978;126376;126379;126380;126113;126112;126111;126114;126115;126116;126207;126206;126117;126208;126192;126191;126193;126474;126183;126184;128151;128152;128153;128155;128156;128154;128157;128158;128161;128162;128159;128160;128739;128729;129102;128731;128730;128732;128733;129103;129679;129678;129680;128728;129163;129164;130125;129165;130124;130126;130112;130111;130113;130120;130110;130119;130121;130122;130123;130101;130103;130102;130104;130105;130106;132589;132529;132530;131762;133227;132980;132979;133062;133061;132981;132982;132986;132984;132985;132983;133301;133302;133503;133469;133470;133501;133502;133683;133811;133684;133812;133685;134040;134041;134206;134207;134424;134208;134426;134425;135494;135484;134835;135483;135486;135485;135488;135487;135489;135490;135492;135491;135493;136030;136032;136031;136033;136034;136104;136037;136036;136035;136105;136106;136107;136109;136110;136108;136405;136406;136553;136552;136556;136555;136554;136557;136548;136549;136551;136693;136550;136694;136695;137318;137317;137323;137057;137319;137320;137321;137322;137316;137643;137644;137637;137638;137639;137641;137640;137642;137776;137875;137876;137781;137878;137877;138441;138519;138442;138443;138516;138518;138517;139048;139046;139047;139049;139050;139051;139079;139081;139080;139510;139509;139242;139696;139697;139700;139864;140113;139702;140413;140125;141639;140459;141638;141640;140710;140711;140495;141096;141091;140718;141440;141441;141439;141478;141480;141476;141644;141860;143065;143062;143063;141859;143061;143064;143066;143060;143363;143444;144061;144062;144082;144521;144520;144517;144519;144518;132988;132987;132989;132990;133263;133262;133466;133264;133500;133499;133687;133686;133689;133802;133688;133803;134086;134085;134084;134422;134423;134427;135301;134875;135302;135307;135306;135308;135310;135309;135305;135303;135304;135298;135299;135863;135865;135867;135864;135866;135869;135868;135877;135906;135870;135907;136331;136092;136333;136334;136332;136335;136336;136337;136329;136328;136330;136326;136327;136407;136568;136409;136408;136567;136570;136569;136697;136571;136901;136572;137328;137329;137192;137198;137191;137197;137194;137193;137195;137196;137302;137303;137712;137713;137716;137714;137717;137718;137719;137873;137874;138190;138191;138189;138192;138184;138179;138180;138515;138513;138814;138520;138815;139052;139055;139056;139053;139054;139058;139057;139243;139513;139514;139075;139611;139608;139609;139863;139610;139728;139866;139865;140122;140114;140116;140115;140661;140117;140662;140663;140536;140664;140709;140704;140712;140713;140714;140715;141090;140716;141444;141442;141098;141443;141445;141477;141643;141642;141475;142653;141858;142652;142985;142986;142989;142987;142991;142988;143245;143244;143362;143446;143488;143487;144072;133063;144071;144217;133065;133064;133067;133066;133068;133069;133060;133209;133498;133467;133468;133295;133504;133505;133808;133807;133806;133506;133809;133810;133805;133956;133957;133804;134209;134210;134211;134212;134872;134873;134874;135405;135403;135404;135402;135406;135300;135779;135780;135782;135783;135781;135784;135785;135787;135789;135786;135790;135792;135791;135793;135778;135872;135777;135871;135873;136093;136095;136094;136099;136098;136097;136096;136100;136573;136345;136346;136574;136575;136576;136577;136578;136580;136579;136581;136696;136698;136699;137189;137199;137187;137190;137188;137202;137200;137201;137720;137721;137723;137724;137725;137722;137783;137782;137777;137784;137779;137778;137780;138181;138182;138183;138188;138514;138813;138521;138812;138817;138816;139043;139076;139044;139045;139078;139512;139077;139699;139612;139698;139729;140118;140126;140408;140112;140409;140412;140410;140411;140457;140580;140537;140702;140703;140705;140707;140706;140708;140785;141093;141094;141481;141496;141495;141866;141864;141867;141865;142215;142658;142656;142657;142655;142990;142654;143379;143248;143250;143247;143251;143252;143358;144065;143447;143448;144067;144064;144069;144068;144077;144076;144218;144514;144516;144513;144515;144896;145232;144901;145231;145420;145233;146773;146482;145699;145419;145411;146772;146863;146862;146864;146878;146877;147004;147005;147008;147007;147006;147825;147950;147822;147952;147954;148294;148128;148284;148282;148283;148338;148814;148818;148809;148823;148817;148904;149058;148905;149290;149919;149827;149921;149920;149950;150035;149951;149949;150046;150047;150243;150287;150284;150241;150439;150922;150749;150924;150944;150923;151197;151436;151437;151962;151952;151953;151951;151950;152014;152051;152052;152053;152381;152370;152092;152386;152556;152368;152787;152793;152785;152883;152878;153498;152884;153031;153506;153503;153691;153690;153935;153689;153958;153957;153938;153929;153975;155328;144895;155329;155850;144891;144894;144892;145421;144893;144898;145459;145417;145694;145416;146484;146483;145418;146487;145695;146774;146769;146770;146876;146771;147002;147000;147001;147949;147948;147823;147824;147818;147951;147819;148186;147955;148290;148289;148288;148286;148339;148287;148340;148811;148822;148824;148821;148902;148820;149057;149294;149284;149832;149831;149838;149926;150072;149925;150070;150071;150069;150288;150424;150442;150438;150423;150441;150751;150925;150926;150931;150932;150930;150998;151196;153933;151961;151435;151966;152016;152050;152085;152084;152015;152090;152371;152369;152373;152558;152789;152797;152880;152792;152882;152881;153038;153042;153043;153491;153493;153742;153505;153743;153744;153756;153757;153934;153962;153963;153955;153928;153956;153980;154025;153979;155331;155330;155347;155851;144900;144899;145230;144902;145414;145415;145693;145696;145413;146067;145412;146485;146486;146440;146775;146776;146778;146777;146875;146873;146998;146874;146999;146997;146996;147820;146995;147821;147953;148129;148190;148192;148191;148189;148293;148292;148344;148291;148285;148341;148342;148813;148812;148900;148901;148907;149048;148908;149052;149285;149292;149293;149283;149295;149291;149289;149823;149288;149829;149828;149833;149819;149820;149821;149944;149945;149930;150039;150041;150040;150067;150068;150240;150239;150286;150285;150445;150444;150435;150916;150915;150917;150909;150908;150911;150910;150929;151016;153185;153184;151438;151644;151439;151949;151957;151955;151956;151959;151958;152054;152083;152385;152372;152380;152388;152374;152379;152502;152560;152788;152557;152885;152886;152794;153032;153045;153033;153041;153040;153492;153497;153500;153501;153751;153499;153750;153753;153990;153752;153939;153960;153961;153988;153946;153945;153986;155310;153987;155309;155321;155319;155320;155852;156583;156585;156584;156587;156588;148023;156586;148026;148025;148024;148030;148029;148027;148345;148353;148028;148352;148356;148347;148354;148349;148350;148357;148351;148355;148346;148348;148816;148815;148909;148910;149050;149054;149053;149287;149051;149830;149826;149286;149437;149836;149837;149824;149953;149825;149952;150036;150038;150042;150037;150043;150066;150236;150237;150283;150235;150437;150443;150750;150933;150934;150918;150919;150920;150921;150907;153937;151015;153936;151434;151014;151433;151645;151947;151946;151963;151967;151945;151965;151960;151964;152082;152091;152378;152375;152377;152376;152387;152500;152499;152501;152492;152559;152786;152791;152796;152790;152879;153036;153037;153044;153039;153034;153496;153504;153502;153495;153035;153725;153494;153927;153930;153745;153974;153972;153973;155327;153971;155313;155326;155322;156589;156582;156577;155853;156578;156580;156579;156592;156581;128725;128724;156591;156590;11378;54848;54852;54851;54850;54849;54853;54856;18716;54855;54854;18714;37391;18720;18713;18721;18715;18723;18741;18724;18729;18717;18736;18719;18722;18730;54862;18739;18726;18733;18727;18740;18728;18742;18732;18731;18743;18712;18734;18735;18725;18795;18786;18750;18784;18755;18771;18772;18789;18783;18770;18785;18769;18765;18758;18768;18792;18756;18747;18751;18761;18762;18787;18763;18790;18778;18791;18779;18777;18773;18774;18764;18781;37950;18794;18754;18749;18767;18753;18759;18748;18757;18782;18752;18766;18744;18746;18745;18776;18760;18780;18793;18775;18788;18812;18811;18807;18804;18806;18798;18810;18809;18808;18800;18801;18796;18802;18803;18799;18805;19209;19208;18797;19852;19851;19850;19853;19854;19855;19856;19858;19857;19859;19860;19861;54863;19862;19863;19866;19865;19864;19951;19867;19952;20149;20017;20150;20151;20152;54864;20163;54865;20912;20913;20914;20915;20917;20916;20918;20919;20920;21075;21074;21121;21248;21272;21314;21342;21343;21344;21345;21346;21583;21584;21639;21699;21640;21765;21767;21766;22050;22081;22098;22100;22099;22101;22152;22102;24656;22170;22153;22236;22348;22237;22349;22420;54866;22421;22468;22467;24657;23653;24658;54867;23654;24659;24661;24662;23939;24660;24663;23940;24667;24664;24665;24666;24668;24691;24787;24788;24789;24791;24792;24790;24916;24914;24915;25092;24917;24918;25093;25174;25094;25373;25222;25253;25771;25772;25374;25774;25775;54868;25776;25773;25831;25843;25845;25846;25847;25848;25844;25907;26054;25957;26053;26113;26055;26202;27537;26972;27609;28148;28147;28149;28295;28294;28277;28296;28335;29188;29704;29189;29254;28362;31027;31053;31099;31100;31324;31323;31101;31707;31706;31740;31708;31739;31802;31801;31803;31994;32056;32033;32445;32083;32444;32446;33287;33398;54869;33465;32455;33533;33466;33288;33534;33749;33747;33748;33565;33746;33750;33751;33753;33752;33755;33754;33825;33824;34061;34086;34295;34296;34300;34719;34731;34782;34783;34784;34785;34822;34852;34971;34972;35223;35282;35292;35035;35274;35376;54870;35577;54871;35377;35601;35636;35727;35825;35728;35826;35827;36010;36009;36011;36037;36038;36104;36106;36105;36145;36206;36186;36573;38201;38166;38655;38720;38719;38778;38915;39008;39422;39421;39472;39473;39522;39567;39796;39560;39559;40408;54872;40511;40459;40503;40473;40513;40512;40622;40624;40598;40623;40669;40877;40977;41972;54873;42168;42169;42293;42826;42341;42294;54874;43102;43638;43112;54875;43353;44120;44122;44121;44946;44947;45007;44994;50435;54877;54876;45425;45424;45400;45426;45611;45024;46345;45581;46358;54878;54879;54882;47047;54881;54880;47141;47563;47562;47786;48919;48920;47787;54884;54885;54883;48922;48923;49177;49229;54886;48921;49178;49238;49230;54887;50308;54888;49290;54891;54890;50427;50388;50353;54889;50660;50668;51063;54893;50661;51126;50832;54895;51371;54892;51386;50436;51372;54894;51940;51941;51451;52460;51944;51942;54897;52165;51943;52996;54896;52599;54899;52635;53298;54898;54900;53361;54902;52636;53476;54901;54903;53515;53362;53899;54904;53626;54648;53898;54906;54905;54649;55704;55173;55423;55736;55737;55706;55705;55834;55980;55703;56092;55735;55707;56093;56513;56142;56094;57894;57893;57892;57895;57896;59509;59507;59478;59508;59971;59686;59970;59510;60050;60052;60053;60051;60087;61553;60112;61660;61748;61749;60141;61552;61751;61752;61750;62102;62079;62080;62469;62549;62719;62483;62761;62501;62500;63002;62762;63003;63169;63004;63167;63479;63168;63170;63480;63481;64491;63555;64590;64535;64728;63647;64622;64727;64879;65060;65176;65177;65660;64970;65705;65583;65553;65552;65706;65944;65943;65724;65945;65946;66449;66450;66483;66158;66638;66850;66967;66484;67115;67116;67009;69196;68916;69225;69226;67234;69242;69224;69243;69244;69432;69433;69431;69818;69519;69521;69935;69520;69958;70437;69957;70439;70199;70438;70441;70440;70738;70500;70499;70951;70952;70953;71233;70954;71232;71234;71235;71467;71469;71468;71471;71473;71470;71573;71929;71472;71932;71930;71931;72188;72265;72187;72400;72399;72398;72489;72488;72590;72589;72731;72838;72591;72781;73028;72967;72943;73029;73247;73248;73251;73250;73252;73409;73253;73249;73638;73637;73788;73951;74329;74330;74331;74255;73789;74370;74332;74380;74497;76204;76205;76207;76206;76208;76714;76713;76476;76712;76974;76975;77543;77091;77545;77544;77583;77832;77878;77877;77915;77833;77916;77917;77972;78656;78483;78657;78588;78829;78724;78831;78830;78832;79866;79254;79692;79867;79868;79872;79869;79870;80204;79871;80205;80443;80569;80206;80572;80883;80571;80570;81387;81388;81386;81523;81075;82916;81653;82917;81524;82918;82914;82915;82919;82921;82920;82923;82922;82924;82925;82927;83371;82926;83374;83373;83492;83372;84126;84588;84590;84589;84127;84675;84646;84830;84829;85043;85277;85276;84591;85412;85725;85583;85746;85768;85413;85694;86106;86223;86224;86222;86662;86791;86664;86663;86792;87055;86875;87375;87182;87376;87377;87183;87378;87478;87477;87602;87603;87929;88564;87883;88565;88567;88625;88566;88626;88723;88701;88909;88911;88910;88992;89084;89085;88912;89086;89726;89758;89789;89836;89759;89941;89790;89942;90010;90203;90029;90204;90028;90320;90319;90363;90547;90321;90715;90802;90800;90801;90548;90836;90863;91046;91312;91285;91354;91353;91355;91356;91357;91719;91718;91830;91573;91918;91462;91976;92499;92523;92498;92607;92760;92761;92759;92758;93081;93080;93082;93246;93384;93411;93198;93412;93535;93484;93663;93617;93664;93618;93687;93722;93619;93819;94438;93742;94440;94439;94441;94972;94517;95442;94516;95028;95723;95724;95443;95725;95773;96092;96165;96091;96090;96166;96179;96180;96181;96407;96408;96612;96409;96703;97101;96804;97103;97104;97580;97102;97581;97918;97755;97919;99138;99267;99249;99034;99378;99441;99596;99635;99598;99597;99917;100223;100224;100512;100795;100703;100794;100389;100964;101051;101116;101115;101117;101118;101170;101169;101317;101316;101358;101206;101359;101550;101789;101790;101905;101549;101532;102038;101932;102365;102366;102133;102434;102432;102433;102435;103089;103090;103091;102501;103142;103143;103255;103256;103308;103307;103306;103361;103423;103424;103599;103516;103537;103570;103703;103704;103944;103705;103943;103945;104105;104146;104216;104215;104642;104363;104641;104362;104702;104788;104860;104859;104858;105113;105416;105377;106106;106051;105656;106204;106309;106352;106565;106564;106586;106632;106850;107006;107102;107103;107233;107234;108303;108382;108412;108302;108413;108594;108725;108595;108690;108762;108890;108763;109147;109432;109433;109362;109554;109583;109653;109654;109870;109685;109871;109949;109948;110391;109950;110308;110528;110619;110432;110936;110693;111004;111036;111149;111035;111185;111226;111413;111499;111524;111498;111500;111660;111737;111995;112054;111996;117325;112180;117327;117326;117328;117495;117515;117653;117654;117896;118059;118316;118168;118586;118903;118746;119113;119332;119280;119447;119536;119448;119853;121144;119640;121145;121327;121567;121458;121505;121632;122143;122046;122415;122176;122219;122469;122576;123059;122577;122940;122740;123124;123437;123650;123810;123649;123811;123812;125209;124140;125323;125348;124354;126032;125917;126031;126092;126093;126094;126614;126685;126367;126882;127729;127730;127882;128274;128518;128749;127993;128750;128751;128963;129375;129868;129521;130079;130158;130751;130507;131681;131114;132333;131178;132383;132384;132688;132741;133437;132847;133250;132742;133642;133643;133665;134276;133945;134277;134616;134396;134971;134850;135159;135219;135160;135576;135717;135280;135666;135892;136305;136392;136544;136728;136393;136707;136729;137042;137130;137177;137391;137774;137822;137699;138131;137890;137823;138207;139279;139011;139779;139719;139764;140362;140568;140740;142916;141673;141789;143256;143350;144018;143541;144141;144863;145276;145472;147737;148201;145028;146369;147790;148274;148266;148512;149067;148500;148866;149513;149799;149858;149975;150096;150008;150337;150334;151897;151970;153456;153430;153528;152969;156121;156769;156857;155849;156200;156338;157116;158034;158111;157865;157284;158105;158149;158473;158157;158209;158245;158352;158489;158686;158644;158645;158743;158558;158764;158886;159052;158921;159068;159055;159532;159559;159115;159300;159365;159237;159746;159606;159726;159745;160209;159747;160273;160518;160516;160394;160450;160517;160874;161626;161422;161057;161429;161421;161839;162169;161793;161968;162501;161748;162731;162648;162577;162585;162928;162576;162971;162995;163089;163348;163501;163449;163579;163635;164125;164156;164261;164325;164364;164365;164363;164457;164458;164510;164588;164619;164796;164795;164829;164798;165239;164938;165265;165292;165478;168103;165480;165523;165599;165598;165596;165597;176363;165863;166136;166174;166167;166228;166226;166503;167893;166493;166622;166772;166949;167230;167233;167280;167778;167045;167774;168190;167775;167881;167777;168374;168270;168544;168542;168483;168594;168741;168743;168899;168742;168951;168947;169279;169480;169479;169685;169687;169574;170040;170153;170150;170152;170149;170243;170254;170653;170652;170930;170931;170932;170981;171086;171102;171367;171515;171479;171514;171473;171600;171621;172550;172358;172634;172635;173044;173709;173040;173402;173764;173710;173765;173790;174977;174243;175121;174138;174764;175484;175569;176132;175989;176353;176217;176641;176498;176640;176761;176394;177078;177355;177064;177532;177063;177540;177495;178488;178217;177639;177937;178489;178039;178773;179073;179369;179233;179072;179368;180319;180320;181254;181329;181396;181394;181395;181397;181484;181449;181772;181558;181770;181771;182406;181901;182165;182407;182466;182467;182740;182871;182876;182870;182878;182949;182877;183259;183430;183677;183835;183836;183927;183928;185502;185345;185902;185709;186088;186087;186183;186492;186243;186706;186845;186923;187135;187109;187107;187272;187293;187108;189304;189071;189072;54857;189266;54858;189371;54859;189396;54861;54860;10474;121162;97974;97975;97976;97977;97978;97979;97980;97981;97984;97983;97982;97985;97986;97987;99173;99106;99201;99315;99710;99599;99732;100132;100466;100598;100325;100599;100601;100600;100769;101053;101029;101172;101171;101052;101030;101207;101233;101822;102134;101234;102205;102207;102593;102592;102206;102436;102591;102922;102979;102981;103425;102980;103426;103468;103571;103538;104703;103681;103880;104130;104297;104298;104132;104499;104131;105166;104673;104500;104719;105165;105167;105324;105391;105392;105464;105393;105619;106587;105657;106053;106052;108565;106588;108566;108596;109621;109622;109623;109801;109922;110100;110157;110232;110233;110234;111104;110311;110694;111103;111151;111527;111582;111642;112018;112206;121098;121097;121099;121101;121100;121103;121102;121419;121104;121420;121418;133451;124409;122611;125254;133452;125285;133453;125308;125626;125627;133455;133454;133456;126175;127808;133457;128032;133459;129492;133458;133460;133461;131834;133463;133399;133462;133765;131227;101533;133952;101398;136805;137746;136804;101400;101401;101403;101399;101402;101404;101408;101406;101407;101409;101405;101410;101412;101411;101416;101413;101414;101415;101418;101417;101419;101420;101421;101422;101424;101426;101425;101423;101427;101428;101429;101430;101431;101433;101432;101435;101434;101436;101437;101438;101441;101440;101439;101443;101442;101444;101445;101446;101449;101448;101450;101447;101453;101454;101451;101452;101456;101455;101457;101459;101458;101461;101460;101463;101465;101464;101466;101462;101467;101468;101470;101469;101472;101471;101473;101474;101475;101477;101479;101480;101476;101478;101481;101484;101482;101485;101483;101486;101487;101534;119217;104579;119218;119220;119221;104580;119219;119222;119224;119223;119225;119226;119227;119228;119230;119231;119229;119232;104581;119233;104582;119234;119236;119235;104674;119237;104816;105048;105049;119238;119085;105086;119086;119088;119090;119087;119089;119091;144534;119092;144523;144545;144524;122400;144538;122749;122972;144526;144266;123683;144543;125286;144257;144234;144533;144537;126048;125727;126243;144528;126505;126700;144544;128968;127809;144243;144260;144232;144227;128111;144248;144223;144250;129846;144025;144021;144024;144540;130363;144035;130758;144531;144529;144019;144026;131724;144539;144044;144530;144424;144428;144525;144436;144430;144434;144433;144431;144425;144429;144442;59785;40666;24012;11435;31349;31350;73306;73307;40798;40799;40801;40802;40800;40804;40803;40806;40805;77813;49172;52671;42119;53450;43875;57042;45504;47164;44643;50613;51924;48374;56197;55143;57483;63453;58682;61561;66409;64785;70342;69845;71946;74011;77176;79855;83470;77711;84800;86402;87917;89830;91096;92034;96452;94071;106845;102427;104626;99373;109895;111011;118931;117876;111793;119675;117599;120951;122252;122367;125221;124007;127903;129977;133672;132036;134705;136562;142466;146421;139580;144109;154153;149380;151584;153363;150343;156665;159656;163032;166041;163958;169877;174136;56212;40797;42861;179482;23776;134168;137646;141834;135693;156228;185552;149452;181274;150503;154713;158780;157896;152044;159706;134169;171463;34815;40447;186774;43069;185560;44595;46858;48299;50604;52755;56959;53474;58537;55805;59425;62479;62835;61624;64583;63241;63449;66444;65909;65218;66871;69865;70214;71350;70857;71950;73993;73432;74430;77171;77576;79139;78440;84156;80483;84155;84157;84641;84158;85325;86059;86368;86850;88638;89868;91162;87656;87243;93523;55806;141788;144946;146445;154435;32504;147748;149451;150419;164986;171459;177266;185573;137645;136948;23779;141787;62693;54606;156231;152000;154724;185564;124089;88718;54605;147413;147411;147418;148454;151581;147415;154426;152630;156661;162180;171517;165079;185562;182909;62681;145065;63300;151977;154710;161180;163034;145064;62682;94055;22540;62683;91386;91780;111965;99366;112191;122254;134945;109729;138572;127896;141805;160842;153458;149449;91388;157902;172541;72171;72173;78679;89781;100792;102324;93513;97214;104575;95888;109039;121128;122815;118085;133674;135695;72169;174126;179505;174124;172600;185575;186768;161777;44939;141835;146448;108379;124026;62685;126633;62684;62686;62687;133694;118089;137362;140491;147716;153471;161175;164018;171548;185550;50988;74024;118090;43861;59179;144979;133056;146442;141804;137647;136190;149466;157448;158733;151660;156654;154434;162179;163954;168725;164984;172540;166216;186770;43860;161173;109030;161172;124022;141848;149480;153437;162227;169888;171510;178189;185567;186766;109032;139602;144052;139603;154720;155585;140728;141861;149447;152667;185558;152028;154729;131943;62688;131836;69098;53632;23975;69099;51189;55815;61775;59172;99369;84403;88719;104629;109864;122817;112061;118976;132022;127899;138891;134764;141854;145015;146446;154430;147659;148457;156059;151828;152628;150451;157450;153400;159666;163028;158730;171461;172538;164988;185767;51188;182914;138888;55816;144051;156220;151976;186864;154727;134223;62689;157402;150713;154712;150714;154230;164089;141786;136947;137628;154719;152029;185557;153439;134218;137905;137651;62690;156229;157840;137652;22035;62691;24002;21698;27584;38746;34695;35821;30200;33256;39355;40494;49173;52672;53451;42120;43876;57043;44644;45505;47165;48375;50614;55144;51925;56198;57484;58683;61562;63454;64786;69846;66410;70343;71947;77712;74012;77175;79856;83471;84801;89831;86403;87918;91097;92035;96453;94072;102428;99374;104627;109896;106846;111012;111794;117877;118932;117600;119676;120952;122368;122253;124008;125222;127904;129978;134706;133673;136563;142467;132037;139581;146422;154155;144107;150341;149379;153364;151586;156668;163033;159657;166043;163955;169880;174135;66517;185553;181276;20836;56213;62692;187904;186915;66542;137067;179484;148705;150943;150489;69236;69238;69237;150483;69556;150481;69239;150485;150484;150487;150488;150486;150482;150480;100959;100955;18432;42304;18299;18431;106685;106684;106688;106686;106687;106689;108891;108894;108893;108892;108895;106310;106312;106311;106314;106315;106313;106316;108896;108897;109952;109951;109953;109954;109955;109956;109957;118826;118824;118825;118827;118829;118828;119618;118831;119620;119621;118830;119619;119623;119625;119624;119622;119626;119628;119629;119627;119630;119632;119631;119633;122426;122425;122427;122429;122428;132730;132733;132732;139753;139752;132731;139754;143136;144314;139755;143147;143131;144320;145114;145097;145195;144496;145124;143142;144502;144498;151027;151050;152175;151030;144485;151051;152173;152172;152855;150804;152856;152174;152148;152858;152151;152152;152854;152149;155453;155452;155458;155459;155455;156555;155454;155457;155456;156553;156554;158658;158514;158667;156556;158515;156599;156602;156596;156600;156601;158343;158513;158342;158519;158520;158669;158346;158661;158517;158665;158516;158670;158512;158668;158664;158663;158345;158666;158662;158518;158660;158344;158497;158671;158498;158495;158496;158659;158499;162222;162225;162223;162226;173297;162224;173244;173296;173299;173298;173245;173247;173243;173246;168762;168760;168765;168764;168757;168761;165283;165284;165285;170123;168772;168862;170124;168769;168768;168755;170125;168756;168766;168759;168758;168773;168775;168763;168752;168776;168751;168754;168753;168770;168774;168767;168771;187168;169316;169318;169317;169315;168864;168863;174445;168865;174439;178847;168750;168777;174454;174444;174455;174438;174441;174442;174453;174446;174440;178846;178848;178845;174443;178849;187167;187170;187997;187989;187173;187987;187991;187992;187988;187990;187169;187171;187172;187993;187994;187995;187996;63695;63697;63696;63699;187998;63698;63701;63700;64299;63703;63702;63704;63705;63707;63706;63709;63710;63712;63711;63714;63715;63713;63716;63718;63717;63719;63720;63721;63722;63724;63723;63726;63725;63728;63727;63729;63730;63731;63732;63733;63735;63734;63736;64509;63737;63738;63739;63740;63741;63742;63744;63746;63745;63743;63747;63748;63749;64510;66785;67177;66787;66786;66788;66789;66790;67178;67181;67182;67180;67179;68966;68965;68964;68967;68969;70274;70275;68968;70277;70721;72926;72927;70276;72066;72067;72068;72069;76074;72070;72288;76075;72287;76076;76077;76079;76078;73838;73839;73837;73840;73841;73842;76080;73843;74191;74192;74193;74194;74195;77250;74196;77252;77251;77253;77254;77257;77256;77255;77259;77258;77262;77260;77264;77261;77263;77265;77266;81920;77267;80498;80500;80499;81108;81272;81271;81273;81274;81275;81921;80502;81922;81498;81923;81499;81501;81500;81502;84264;84492;84265;84266;84493;84268;84267;84269;84270;84274;84271;85603;84272;84273;84275;85303;85606;85604;85302;85301;85605;85304;85416;85417;85414;85415;85515;86350;85450;86352;86353;86354;86766;86351;86765;86768;94169;86769;94171;94170;94173;86767;92608;88883;88885;88884;88882;92609;94175;94176;94174;92610;92611;94178;92612;92561;92560;92562;92564;92563;92565;94442;94097;94443;94096;94444;94098;94445;93820;94181;93821;94446;95483;94099;95482;94180;93822;96878;96879;96880;96881;99918;100468;100469;100471;100472;22372;22373;22375;22376;100470;100467;22374;22380;22377;22378;22379;22382;22383;22385;22384;22389;22386;22388;22381;22387;22392;22393;22391;22390;22394;14393;14392;14391;14394;14396;14395;14398;14397;14399;14612;14400;14401;14616;14602;14403;14402;14404;14405;14406;14407;14603;14408;14617;14409;14411;14410;14604;14618;14413;14412;14414;14418;14416;14415;14419;14417;14420;14421;14605;14424;14606;14422;14423;14619;14620;14425;14426;14607;14427;14608;14428;14621;14429;14430;14431;14433;14610;14609;14434;14601;14432;18449;14436;14435;18450;14622;14437;14439;14438;15863;18452;18451;18453;18454;18455;18456;22395;18457;22397;18458;22398;22396;22400;22401;22399;22402;18459;22403;22405;22406;22404;64311;64309;22407;64310;63750;64312;64313;63751;63753;63754;63752;64314;63755;63757;63756;64317;64316;64315;64319;63758;63760;63759;64318;64320;63761;64321;63765;63763;63766;63762;63764;63770;63767;63769;64322;63771;64323;63772;63775;63768;63777;63774;63776;63773;63779;64324;63783;63780;63778;63782;63784;63787;63785;63781;64325;63789;63786;64326;64331;63788;64327;64330;64328;64329;64335;64332;64333;64336;64337;64338;64339;64334;64340;64341;64342;63790;63791;64344;64343;63794;63792;63795;63797;63796;63793;64345;64346;64347;64348;64349;64350;64351;64354;63798;64352;63799;64353;63801;63800;64355;64356;64357;63802;63803;63804;64358;63806;63805;64359;64360;63807;63809;63808;63810;63811;63813;63812;63815;63814;63816;63817;63818;63819;63820;63821;63823;63824;63825;63822;63826;63827;46820;65257;46712;65258;65259;65260;46821;47048;65261;47049;65262;47050;47053;47051;47052;46822;47054;46824;65263;46823;30256;47055;31026;47057;47056;46825;47058;47059;47060;46826;65264;65265;46827;30257;30258;30259;30260;30261;30263;30262;30264;30266;30267;65266;30268;30265;30270;30269;30272;30271;30273;65268;65269;46828;65267;30275;30274;30277;30276;30278;30280;30281;30279;30282;30283;30284;30286;30285;30289;30288;30287;28378;28379;28380;28381;28382;28383;28384;28385;28386;28388;28390;28387;28389;28391;28392;28393;28394;28397;28395;28396;28398;28399;28401;28400;28402;28404;28405;28406;28403;28408;28407;28409;28411;28410;28412;28413;28414;28418;28415;28417;28416;28420;28419;28421;28423;28422;28424;28425;28426;28427;28428;28430;28429;28431;28432;28433;28434;28435;28437;28436;28439;28438;28440;65270;65272;65271;65273;65274;65275;32507;28441;28442;47061;28445;28443;28447;65276;28449;28448;28444;28453;28446;28454;28450;28452;28451;28455;28456;46713;46714;46715;46717;46716;46719;46870;46871;46718;30291;46720;30292;30293;30290;30294;30296;30295;30298;30297;30300;30299;30301;30302;30305;30304;30303;30306;65277;30307;30308;65278;65279;28457;28459;28460;46721;28458;65280;28461;28462;28463;28464;28465;28467;28468;28466;28469;28471;28470;65281;28472;30309;30311;30310;65282;30313;30312;30315;30314;30316;30317;30319;30318;30321;30320;30322;30325;30324;30323;30326;30328;30327;65283;30330;65285;65286;30329;65284;65287;28473;28476;65288;28475;28477;28474;28478;28479;28480;28481;28482;28483;65290;28485;65289;28486;28484;28487;28488;28489;28490;28492;28491;28493;28494;28496;28495;65291;28498;28497;28499;28501;28502;28500;28503;28504;28505;28506;28508;28507;28509;28510;28513;28512;28511;28514;28516;28515;28517;28519;28522;28520;28521;28518;31804;28523;28525;28526;28524;28527;28530;28532;28531;28529;28528;28533;28536;28538;28534;28537;28539;28535;28541;28542;28540;28543;28544;28545;28546;28548;28549;28550;28552;28551;28547;28554;28553;28557;28555;28559;28558;30331;28556;30332;30334;30333;30335;30337;30338;30336;30340;30339;30341;30343;30342;30345;30346;30344;30347;30351;30350;30349;30348;30352;30354;30353;30358;30359;30355;30357;30356;46722;30361;30360;28561;28564;28565;28560;28563;28562;28566;28568;28569;28571;28567;28573;28572;28574;28570;28576;28577;28578;65292;28575;28582;28579;28583;28581;28584;28580;65293;28587;28588;28585;28586;28589;28592;28591;28590;28596;28594;28597;28593;28595;28599;28598;28601;28600;28604;28602;28603;28607;28605;28608;28606;28610;28609;28611;28616;28615;28612;28614;28613;28617;28619;52072;47063;46872;52071;46723;47062;28618;28620;28624;28622;28625;28621;28626;28627;28623;65295;28630;28632;28629;28628;30362;65294;28633;30363;28631;30365;28635;28634;28638;28637;28639;30364;28641;28636;28643;28642;28645;28640;28647;28646;28648;28644;28649;28650;65298;65297;65296;32508;32509;65299;65300;32510;32512;32511;32514;30366;32513;30367;32515;32516;30369;30370;30372;30373;30371;30368;30375;30376;30380;30382;30378;30377;30379;30383;30384;30374;30381;30388;30387;30391;30386;30389;30390;30392;30385;30397;30394;30395;30393;30399;30396;30398;30400;30404;30403;30401;30402;30405;30409;30406;30408;30411;30412;30407;30416;30414;30413;30419;30420;30410;30417;30415;30422;30424;30421;30425;30423;30418;30427;30429;30426;30432;30433;30428;30434;30430;30431;30438;30439;30435;30440;30436;30441;30437;30443;30444;30445;30442;30447;30450;30446;30449;30451;30452;30448;30453;30454;30460;30455;30456;30459;30458;30457;30462;65301;30461;30463;30466;30464;30465;30467;30469;30473;30472;30471;30468;30475;30470;30474;30477;30476;30479;30481;30480;30484;30478;30482;30483;30485;30486;30487;30489;30488;30493;30490;30492;30491;30495;30494;30497;30498;30499;30496;30500;30504;30503;30502;30506;30501;30507;30508;30505;30509;30510;30511;30512;30513;30514;30515;30516;30518;47064;30517;28651;28653;28652;28655;28654;28656;28657;28658;28659;28660;65302;28661;28662;65303;28663;28664;28667;28665;65304;28666;28668;28671;65305;28670;28669;28675;28673;65306;28676;28672;28674;28682;28677;28681;28679;28678;28683;28685;28680;28684;28686;28689;28688;28687;28692;28691;28690;28695;28694;28693;28696;28698;28697;28700;28699;28702;28701;28704;28706;28705;28708;28707;28703;28709;28710;47067;47065;28711;47066;47068;47069;47071;47070;47072;47074;47073;47077;47075;47076;47082;47083;47078;47080;47079;47081;47085;47084;47087;47086;47088;47089;47091;47094;47090;47093;47095;47096;47092;47097;47099;30520;30521;47098;30522;30519;30524;30523;65307;30527;30526;30525;30528;30530;30532;30533;30529;30534;30535;30531;30536;30538;30537;30539;30541;30543;30544;30542;30540;30546;30545;30549;30550;30547;30548;30551;30553;30552;30554;30556;30555;30557;30562;30559;30561;30558;30560;30563;30566;30565;30571;30568;30564;30567;30573;30572;30570;30574;30575;30569;30578;30579;30577;30576;30582;30581;30580;30583;30585;30584;30588;30586;30587;30590;30589;30591;30592;30595;28713;30594;28712;28714;30593;32213;28715;28716;32216;32215;30596;32214;32217;28717;30597;28718;28719;28720;28724;28722;28721;28723;28725;28726;28727;28730;28728;28731;28732;65308;28733;28729;28735;28736;28737;65309;28734;28738;28740;28741;65310;28742;28739;28745;28744;65311;28746;28743;28747;28750;28748;28749;28751;28753;28755;28756;28752;28758;30598;28754;30600;30599;30601;30602;28757;30604;30605;30603;30610;30606;30608;30612;30609;30611;30607;30614;30613;30615;30619;30616;30618;30621;30620;30622;30617;30623;30625;30627;30630;30624;30626;30632;30628;30629;30631;30634;30636;30633;30635;30637;28759;28761;28760;65312;30638;30639;28764;28763;28762;28765;28766;30640;30641;28768;30642;30643;30644;28767;30645;28769;30646;30647;28770;28771;30648;28772;28773;30649;28774;30652;30651;30650;28776;28775;28778;30653;28777;28779;28781;28782;28783;28780;28785;28786;28784;28787;28790;28788;28789;28791;65314;65315;28792;28793;28795;65313;28796;65316;28794;28798;28797;28799;28800;28801;28805;28804;28803;28802;28806;28807;28810;28808;28811;28812;28814;28815;28809;28813;28818;28819;28816;28821;28822;28820;65318;28817;28823;65317;65319;28824;32220;65321;65320;32221;32219;32218;32222;32226;32224;32225;32223;32227;30654;30655;30656;32228;32229;30657;30658;30661;30660;28825;28826;30662;65322;30663;30659;28827;65323;30664;28828;28830;28829;30665;30666;30667;30668;28831;28832;28834;28833;30669;28835;28836;30670;28837;30671;31805;28838;30673;30672;30675;30677;30676;30674;30678;28839;30680;30679;30681;28840;30682;28841;30684;30685;30683;30687;30688;30686;30689;30691;30690;30692;30693;30694;28842;30695;28843;28845;28844;28847;28848;28849;28846;28850;28851;28852;28853;28854;28856;28857;28855;28858;28860;28861;28859;28862;28864;28865;28863;28867;28868;28869;28871;28866;28870;28872;28873;28874;28877;28875;28879;28881;28882;28880;28876;28878;28883;28884;28885;28890;28889;28886;28887;28888;28891;28893;28894;28892;28897;28896;28895;28899;28898;28900;28901;28903;28902;65325;65324;65326;65327;28904;28905;30697;30698;30696;30699;28907;30701;30702;28906;30700;30704;30703;30705;30706;30708;30709;30710;30707;30712;30711;30713;30715;30714;30717;30716;30718;30723;30721;30719;30720;30724;30726;30722;30725;30729;30728;30727;30732;30731;30733;30734;30730;30737;30738;30735;30739;30736;30740;30744;30741;30742;30743;30746;30747;30748;30745;30750;30752;30749;30753;30754;30757;30755;30751;30758;30756;30760;30761;30762;30759;30766;30763;30768;30765;30767;30764;30770;30772;30774;30769;30776;30771;30778;30775;30773;30779;30782;30777;30780;30785;30781;30783;30786;30784;65329;65328;28909;28908;28912;65330;28910;28913;28915;28911;28916;28914;28919;28918;28920;28921;28917;28923;28922;28925;28924;28926;30790;28927;30789;30787;30788;30792;30793;30794;30795;30791;30796;30799;30797;30800;30803;30802;30798;30804;30801;30805;30806;30807;30808;30811;30809;30810;30812;30813;30814;30815;30816;30817;30818;30819;32517;32519;32518;32520;32521;32523;32522;32525;32524;32526;32528;32527;32529;32531;32530;32532;32533;32534;32535;32536;32537;32538;28928;30820;30821;30822;30823;28929;30824;30825;28930;30826;30827;30828;30829;30830;30831;30833;30832;28931;30834;30835;30836;30837;28932;30839;28933;30838;30840;28934;30841;30842;30843;28935;28936;30845;30844;30847;30846;28938;28937;30848;30849;30850;30853;30851;30852;28939;28941;30854;28940;28942;28943;28944;28945;65331;28947;65332;28946;28948;28949;28950;28951;28953;28952;28954;30856;30855;30857;28955;30858;28956;30859;30860;30861;28957;30862;28958;30863;28960;28959;30864;30866;30865;30867;30868;28961;30869;28962;30870;30872;30871;28963;30873;30874;28964;28966;28965;30875;30876;30877;30878;30879;28967;28968;30880;28970;28969;28972;28971;65333;28973;28974;28977;28976;28975;28978;28979;28980;28982;28981;28984;28983;28986;28985;28988;28989;28987;28990;28991;28992;28993;28994;28995;28996;28997;28998;29000;28999;29001;29002;29004;29003;29005;29007;29006;29010;29008;29009;29012;29011;29013;29016;29015;29014;29019;29018;29021;29017;29020;30881;29022;29024;29025;29023;65334;29026;29028;29030;29027;29029;29031;29033;29034;32539;29032;32540;32541;32544;32542;32543;32545;32546;65335;32548;32547;29035;29036;29037;29038;29041;29039;29042;29040;29044;29045;29046;29047;29043;29048;29049;29051;29050;29052;29053;29055;29054;29056;29057;29058;29060;29061;29062;29059;29063;29065;29064;29067;29066;29068;29069;29071;29070;29072;29073;29075;29074;29077;29076;29078;29079;29081;65336;29080;29082;65337;65338;65340;65339;65342;65341;65343;65344;32550;32549;32551;65345;32552;32554;32555;32556;32553;32557;32558;32560;32561;32559;32563;32562;32564;32565;32566;32567;32570;32568;32569;32573;32571;32572;32574;32575;32576;32577;32578;32579;32581;32580;32584;32583;32585;32582;32586;32587;32588;32590;32589;32591;32592;32593;32595;32594;32596;32598;32597;32601;32602;32600;32599;32604;32606;32605;32603;32607;32610;32609;32612;32611;32608;32613;32614;32616;32615;32617;32619;32618;32620;32622;32624;32621;32625;32626;32623;32627;32629;32630;32632;32628;32631;32634;32633;32638;32635;32636;32637;32639;32643;32641;32642;32640;32644;32645;32647;32646;32648;32651;32649;32650;32653;32652;32656;32657;32658;32654;32655;32659;32662;32661;32660;32664;32665;32667;32668;32663;32666;32670;32669;32672;32673;32675;32671;32676;32679;32674;32681;32680;32678;32682;32677;32684;32685;32686;32689;32688;32683;32690;32687;32691;32693;32692;32696;32694;32698;32697;32699;32695;32702;32700;32701;32703;32704;32705;32708;32709;32711;32707;32706;32710;32713;32712;32714;32716;32717;32715;32720;32718;32719;32721;32722;32724;32723;32725;32728;32729;32726;32731;32730;32727;29083;29085;29086;29084;29087;29088;29089;29090;29091;29095;29094;29093;29092;29097;29096;29098;29099;29100;29101;29103;29104;29102;29105;29106;29109;29108;29110;29107;29112;29111;29113;29114;29116;29115;29117;29120;29118;29119;29121;29124;29123;29125;29122;29127;29126;29128;29129;29130;29131;29132;29134;29135;29616;29614;29133;29615;29617;29618;29136;65346;29137;29138;29139;29140;29141;29143;29142;29144;30882;30884;30883;30886;30887;30885;30888;30890;30892;30889;30891;30894;30893;29619;30895;30896;65348;65347;29620;29621;29622;29624;29623;29627;29625;29626;29628;29629;29630;29631;29632;29633;29634;29635;29636;29637;29640;29638;29639;29641;29642;29644;29643;29645;29646;29647;29648;29649;29650;29652;29651;29653;29654;29656;29657;29655;29658;29659;29660;29661;29662;29663;29664;29665;29666;29667;29669;29668;29670;29671;29672;29673;29674;29675;29676;29677;29678;29679;29681;29682;29680;29683;29684;31468;31469;31470;31471;31473;31474;31472;32732;31476;31475;31478;31477;31479;31480;31481;29145;29146;29147;29148;29149;29150;29151;29153;29152;29155;29156;29157;29154;29158;29159;29162;29161;29163;29160;29164;29165;29168;29167;29166;29169;29171;29170;29172;29173;65349;65350;65351;65352;65353;65354;65355;65357;65356;65358;65359;65360;65363;65362;65361;65364;29315;29316;29317;29318;29319;29320;29321;29322;29325;29324;29323;29174;29175;29177;30898;29176;30897;30900;30899;30902;30901;30904;30903;30905;30910;30906;30907;30909;30908;30911;30916;30914;30913;30915;30912;30917;30918;30921;30922;30919;30920;30923;30925;30928;30924;30927;30926;30929;30931;30932;30933;30930;30935;30938;30934;30939;30937;30936;30940;30943;30941;30942;30944;30945;30946;30947;30948;30950;30949;30953;30951;30952;30956;30954;30957;31482;31483;30955;31484;31485;31487;31488;31486;31489;31491;31490;31492;31493;31494;31495;31496;31497;31498;31500;31499;31501;31502;31503;31504;31505;31506;31507;31509;31508;31510;31512;31511;31513;31514;31515;29178;32733;32734;32735;32736;32737;32738;32741;32740;32739;32743;32742;32744;32746;32747;32745;32750;32748;32749;32751;32752;32753;32754;32755;32756;32758;32759;32757;32760;32762;32761;32765;32763;32764;32768;32766;32767;32770;32769;32771;32772;32773;32774;32775;32776;32777;32778;32779;32780;32781;32782;32783;32784;32785;32787;32786;32788;32789;32790;32791;32793;32792;32794;32795;32796;32797;32799;32798;32800;32802;32801;32806;32803;32804;32805;32808;32807;32809;32812;32811;32810;32814;32813;32816;32817;32815;32819;32818;32820;32821;32822;32823;32824;32826;32825;32827;32829;32828;32831;32832;32830;32833;65365;29179;36571;29326;37918;29327;29328;29330;29329;29331;29332;29334;29333;29336;29335;32230;32231;65366;32232;32233;32234;32235;32236;32237;32238;32239;65367;32241;32242;32240;32243;32244;32246;32245;32248;32250;32247;32249;32252;32251;32253;32255;32254;32256;32257;32258;32259;32261;32260;32263;32262;32264;32266;32267;32268;32265;32269;32270;32274;32272;32271;32273;32275;32276;32277;32280;32278;32279;32281;32282;32284;32283;32285;32286;32288;32287;32289;32290;32292;32291;29685;32293;29687;29686;29688;31194;31195;31196;31197;31198;31199;31200;31201;31202;31203;31205;31204;31206;31207;31208;31209;31210;31211;31212;31214;31213;31215;65368;29180;29181;29182;29183;29184;31216;29185;29186;31217;31218;31219;31223;31220;31221;31222;31224;31225;31228;31229;31227;31226;31230;31231;31234;31232;31235;31233;31237;31236;31238;31241;31240;31239;31242;31243;31245;31244;31246;31247;31249;31248;31252;31250;31251;31253;31254;31255;31256;31257;31260;31258;31259;31261;31263;31262;31264;31267;31266;31265;31268;31269;33289;31270;31271;33290;33291;33292;33294;33296;33295;33293;33297;33298;30958;33299;65370;65369;65372;65371;65373;65374;65376;65375;65377;65378;65381;65380;65382;65379;65383;65384;65385;65386;65387;30960;30959;30961;30962;30964;30965;30963;30966;30967;30968;30969;30970;30974;30971;30973;30972;30976;30975;30977;30979;30978;30980;30981;30985;30984;30982;30983;30986;30987;30988;30990;32294;65388;30991;30989;30992;30993;30994;30995;30997;30996;30998;31000;30999;31001;31002;31003;31005;31006;31004;31009;31008;31010;31007;31011;31014;31012;31015;31013;31017;31018;31016;31020;31019;31023;31022;31021;31516;31024;31517;31518;31519;31522;31520;31521;31524;31523;31526;31525;31527;31529;31528;31530;31533;31531;31534;31532;31536;31535;31537;31538;31539;31541;31540;31543;31545;31544;31542;31548;31546;31547;31549;31550;31552;31553;31551;31554;31557;31558;31560;31555;31556;31562;31564;31559;31561;31563;31565;31566;32834;31568;31569;31567;31571;31570;31272;65389;34853;65390;31274;31273;31276;31275;31277;31279;31282;31278;31280;31281;31285;31284;31286;31287;31288;31292;31283;31289;31290;31868;31866;31291;31870;31869;31872;31867;31871;31873;31875;31874;31877;31876;31880;31878;31879;31881;31882;31886;31884;31887;31883;31885;31889;31888;31891;31892;31893;31894;31897;31890;31895;31896;31899;31898;31900;31901;31905;31904;31902;31906;31903;31909;31908;31907;31913;31912;31911;31910;31914;31916;31915;31917;31918;31919;31921;31920;31922;31924;31923;31925;31926;31929;31928;31930;31931;31927;31932;31936;31933;31935;31934;31937;31939;31938;65391;31572;31940;31576;31578;31575;31573;31577;32835;31574;32836;32837;32841;32840;32839;32842;32838;32846;32845;32844;32843;32847;32849;32850;32848;32853;32852;32851;32854;32856;32855;32857;32858;32859;32861;32860;32862;32864;32863;32865;32867;32869;32870;32868;32871;32866;32873;32872;32874;32875;32876;32878;32877;32881;32879;32882;32883;32880;32885;32884;31580;31581;31579;32886;31582;31583;31584;31585;32888;32887;32889;65392;32893;32890;32892;32891;32894;32896;32895;32897;32898;32900;32901;32899;32902;32905;32903;32908;32904;32906;32907;32910;32909;32912;32911;32913;32914;32915;32916;32918;32919;32920;32921;32917;32923;32922;32924;32926;32927;32925;32928;32929;32930;32931;32933;32932;32936;32935;32937;32939;32940;32941;32934;32938;32942;32943;32944;32946;32945;32948;32947;32950;32949;32951;32952;32953;32954;65393;33591;33592;33595;33594;33593;33596;33598;33601;33600;33597;33599;33603;33602;33604;33606;33605;32955;33608;32956;33607;65394;32957;32958;32960;32959;32961;32964;32963;32966;32962;32965;32967;32968;32971;32969;32970;32972;32975;32974;32973;32976;32977;32978;32979;32980;32982;32984;32981;32983;32987;32986;32988;32985;32989;32990;32991;32992;32993;32994;32995;31941;31942;31943;33301;31944;31945;33300;33303;33302;33305;33304;33306;33308;33307;33309;33310;33311;33313;33312;33314;33315;33317;33316;33319;33318;33320;33321;32996;33322;32997;32998;32999;33001;33000;33002;33004;33005;33003;33007;33008;33006;33010;33011;33009;33012;33013;33014;33015;37646;65395;37916;65397;65396;38134;65399;65398;33016;32295;32297;32296;65400;65401;65402;65403;35476;35475;35479;35478;35477;35480;33017;35481;33018;33019;33020;33021;33023;33022;33024;33025;33026;33028;33027;33029;33032;33030;33031;33035;33033;33034;33036;33038;33041;33039;33040;33042;33037;33043;33044;33045;33047;33048;33050;33051;33046;33053;33049;33052;33054;33609;33055;65404;65405;33610;33612;33611;33615;33613;33614;33618;33617;33616;33621;33620;33619;33622;33056;33623;32298;33057;36370;65406;37656;37340;36316;36448;37037;36461;37335;36398;33058;33059;38003;36923;33060;33061;33062;33063;33066;33064;33067;33065;33068;33069;33071;33070;33073;33072;33074;33075;33076;36985;37652;36341;37780;38089;36732;38100;37843;37489;36911;36464;37973;36546;65407;36733;36390;36286;37981;37906;36498;35829;37666;35828;37744;35831;35830;35832;35833;35835;35834;35836;35837;35839;35838;35841;35840;35842;35843;35844;35848;35846;35847;35845;35849;35850;35851;35852;35854;35853;34854;33324;33323;33325;34855;33326;33327;33328;33329;33332;33333;33330;33331;33334;33335;33336;33338;33339;33341;33342;33340;33337;33344;33343;33346;33347;33345;33349;33348;33350;33352;33351;33353;33356;33354;33355;33358;33357;33361;33362;33359;33360;33952;33953;33957;33955;33954;33956;33958;33961;33959;33962;33960;33963;33964;33966;33965;33968;33967;33969;33970;33972;33971;33974;33973;33976;33975;33978;33977;33980;33979;33983;33982;33984;33986;33985;33981;33987;33988;33992;33990;33991;33989;33993;33994;33996;33995;33998;33997;33999;34000;34001;34003;34004;34002;34006;34007;34005;34008;34009;37691;33363;37325;37921;38146;36314;37344;37638;36663;37195;37321;65408;36481;65409;36871;65410;37971;37980;36246;37277;37187;38097;37158;36540;36921;37653;37345;37436;38057;38105;37697;36469;37908;36727;37024;37339;37329;37894;36387;37615;65411;37102;36647;37685;36666;36845;37020;36501;36372;37228;38102;36455;36371;37267;37919;37729;36713;37832;37536;36602;37889;37365;37445;36936;37338;37807;37132;37314;37181;33624;33625;33627;33626;33628;33629;33630;33633;33634;33631;33632;33636;33635;33639;33637;33638;33640;33641;33643;33642;33644;33645;33646;33647;33648;33649;33650;33651;33654;33653;33652;33655;33659;33657;33656;33658;33660;33661;33662;33665;33663;33666;33664;33668;33670;33667;33669;33671;33672;33673;33675;33678;33674;33677;33676;33679;33681;33680;33683;33682;33684;33686;33685;34512;34513;34511;34515;34514;34516;34520;34518;34517;34521;34522;34519;34524;34526;34523;34527;34528;34525;34529;34531;34530;34533;34532;34534;34535;34536;34537;34538;34539;34541;34540;33687;33688;33689;33690;33691;33692;33694;33695;33693;33698;33699;33696;33697;33700;33701;33702;33704;33706;33703;33705;33709;33708;33707;33712;33710;33713;33714;33711;33715;33716;33719;33717;33718;33720;33721;33723;33722;33724;33725;33728;33726;33729;33730;33727;33731;33732;34543;33733;33734;34542;34544;34545;34547;34546;34548;34550;34549;34551;34556;34554;34552;34557;34555;34558;34553;34559;34560;34561;34563;34564;34565;34566;34562;34567;34568;34569;34570;34573;34572;34571;34574;34576;34577;34575;34578;65412;65413;34579;34011;34010;65414;34014;34016;34015;34013;34012;34017;34857;34859;34860;34861;34856;34863;34858;34862;34864;34868;34869;34866;34870;34865;34867;34873;34872;34871;34874;34875;34878;34877;34881;34882;34880;34876;34879;34883;34885;34886;34884;34887;34888;34890;34889;34891;34894;34892;34893;34895;34896;34899;34898;34901;34900;34897;34902;34903;34905;34904;34906;34907;34908;34911;34909;34910;34914;34912;34913;34916;34915;34917;34919;34922;34921;34918;34923;34920;34927;34924;34926;34925;34928;34929;34930;34931;34932;37396;65415;37214;37248;36368;37776;37619;37074;65416;37789;37914;36630;36410;37395;37307;36744;37623;36317;36282;37209;37184;36801;37352;37174;36803;36289;37494;37349;36408;37793;36646;36453;37787;37705;37392;36718;37985;65417;37863;36956;36738;38082;37012;37972;36982;37784;37233;36849;37192;37651;37465;36854;37941;37014;37464;37441;36487;37636;36532;37967;37521;36395;37232;36219;36785;37112;37684;36668;36834;37245;36405;37104;38059;36269;36412;36809;37930;36942;37976;37035;36607;36586;38210;38212;38211;38214;38209;38216;38213;38215;38217;38219;38218;38223;38221;38224;38222;38225;38220;38227;38231;38228;38230;38229;38226;38232;38233;38234;38237;38236;38235;38239;38238;38240;38242;38241;38244;38243;38245;38246;38247;38248;38250;38251;38249;38252;38253;38255;65418;38254;35482;38256;35484;35487;35486;35483;35485;35488;35491;35489;35490;35492;35493;35494;35495;35496;35498;35497;65419;65420;65423;65421;65422;65424;65426;65425;35500;65427;35499;35502;35501;65428;43407;43406;43408;43405;34934;34935;65429;34933;35856;35855;35858;35861;35859;35862;35860;35857;35863;35866;35864;35865;35867;37694;36536;36631;37774;36902;37564;37384;65430;37854;36466;36828;37182;36900;36754;37642;37199;36792;36465;36817;36705;36939;37897;37943;37730;37146;37322;38119;37041;38121;36836;37394;36818;37837;37566;37023;36667;37372;37574;37160;37077;37903;36726;36439;37216;37304;37009;37008;36381;38077;37332;36800;36283;36488;36979;36296;38029;36230;37597;37678;37120;37847;36940;37620;37611;37805;36416;36728;37879;36525;36691;37056;36359;38039;36669;37360;34580;37351;34581;34585;34584;34582;34583;34586;34588;34587;34590;34589;34591;34595;34597;34593;34592;34598;34596;34594;34600;34603;34604;34599;34601;34602;34605;34608;34607;34610;34606;34609;34611;34613;34614;34612;34615;34616;34617;34619;34618;34621;34620;34622;34624;34623;34628;34625;34627;34626;34630;34629;34631;34633;34635;34632;34636;34634;34637;34640;34639;34641;34642;34638;34643;34644;34645;34648;34647;34650;34646;34651;34649;34652;34654;34653;34655;34658;34656;34657;34660;34659;34661;34663;34662;34664;34665;34667;34666;34668;65432;65433;35112;65431;65434;35113;35115;35114;35116;35118;35117;35119;35120;35121;65435;65436;35124;35122;35123;35127;35125;35129;35126;35128;35130;35132;35136;35134;35131;35133;35135;35137;35139;35140;35138;35141;35142;35144;35143;35145;35146;35148;35147;35150;35149;35151;35152;38260;38258;38257;38262;38261;38259;38265;38266;38264;38263;38267;38268;38272;38270;38271;38273;38269;38275;38274;38279;38277;38278;38276;38280;38284;38281;38283;38285;36310;38286;38282;36502;37845;37156;37376;37224;36867;37721;37129;36593;36223;37754;37302;37760;37660;37511;37679;36581;37986;37674;37113;37059;37771;37659;37303;38045;37770;36437;36829;36529;36741;36917;37622;36988;36227;37067;36367;36932;37668;37720;36325;36888;37524;37408;37054;37719;38123;65437;37168;36764;38120;36881;36419;38139;36901;36444;38125;36783;38093;36270;37502;36424;36580;37380;37975;37816;37084;37578;37116;37761;37001;36307;37468;36876;37022;37280;36328;36778;36500;36274;37082;37247;36431;37557;38145;36252;36434;37737;37650;36885;36771;37357;37500;37764;37708;37265;37926;37745;37858;37689;36642;37937;36695;37775;38017;38088;37006;37583;37208;38040;37342;36712;38124;38041;38109;36345;37266;38033;36393;38020;36612;37676;37193;35154;35153;37709;35157;35155;35156;35159;35161;35160;35162;35163;35158;35165;35166;35167;35164;35169;38287;35168;38288;38291;38292;38290;38293;38289;38294;38295;38297;38296;38299;38298;38300;38301;38303;38302;38305;38304;38306;38307;38308;38309;38310;38311;38312;38313;38314;38315;38316;38318;38317;38319;38320;38321;38322;38323;38325;38324;38326;38329;38327;38330;38328;38331;38332;38333;38334;38335;38337;38336;38339;38338;38342;38340;38341;38343;38345;38344;38346;38347;38348;38349;38351;38350;38354;38353;38352;38356;38355;38357;38358;39623;39625;39624;39626;39628;39627;39629;39630;39631;38359;39632;38360;37005;38361;38364;38362;38363;38366;38367;38365;38368;38370;38369;38372;38371;38373;38374;38375;38376;38378;38377;38379;38380;38382;38381;38383;38384;38385;38386;38388;38387;38389;38390;38391;38392;38393;38394;38395;38396;38397;38398;38399;38400;38401;38403;38404;38402;38405;38407;38411;38406;38410;38409;38408;38412;38413;38416;38415;38417;38414;38418;38422;38420;38419;38421;38423;38427;38424;38425;38428;38426;38429;38430;38431;38433;38434;38432;38437;38436;38435;38438;38439;38440;38442;38443;38444;38445;38441;38446;34936;65438;36680;35171;36627;35170;65439;65440;65441;44138;44140;44139;44137;44142;44141;44143;44144;44145;44147;44146;44150;44149;44148;44151;44152;44153;44155;44156;44154;44157;44158;44159;44160;44161;44162;44165;44163;44164;44166;44169;44171;44168;44170;44167;44172;44173;44174;44175;44176;44179;44177;44178;44180;44181;44182;44183;44186;44184;44185;44187;44189;44188;44190;44191;44192;65445;65444;65442;65443;65446;35503;35505;35504;35506;65447;35507;35508;35509;35511;35510;35514;35512;35513;35515;35517;35519;35516;35518;35521;35520;35522;35526;35525;35523;35527;35524;35531;35529;35528;35530;35532;35533;35534;35536;35537;35535;35538;35539;35541;35542;35540;35543;35545;39810;65448;65449;35544;39811;39814;39813;39812;35546;35868;35869;35872;35871;35870;35874;35873;35876;35875;35879;35880;35878;35881;35877;35882;35886;35884;35883;35887;35888;35889;35885;35891;35890;35892;35893;35895;35894;35897;35898;35896;35899;39009;35900;39010;39011;39012;39013;39014;39016;39018;39019;39017;39020;39015;39021;39024;39022;39023;39026;39025;39027;39028;39030;39029;39031;39033;39034;39032;39036;39037;39035;39039;39040;39042;39041;39038;39043;39048;39045;39046;39049;39047;39044;39051;39050;39052;39053;39054;39055;39056;37453;38101;36824;36839;37170;37690;37796;36477;37140;36970;37786;37411;36417;36708;36609;37291;36884;36490;37861;36961;36925;36440;38062;36994;37993;36544;38127;37230;37961;36613;39057;39058;39059;39061;39060;39062;39063;39065;39064;39067;39066;39068;39069;39070;39071;39072;39074;39073;39075;39076;39078;39077;39080;39079;39081;39083;39082;39084;39086;39085;39087;39089;39088;39090;39091;39094;39095;39093;39092;39097;39096;39098;39101;39100;39099;39103;39104;39102;39105;39106;39107;39108;39110;39112;39109;39111;39113;39114;37417;39116;39115;37476;37531;36595;36253;37491;37664;37343;37382;37301;36247;37931;37448;38016;37434;37693;37079;37955;36514;37748;38053;36974;37757;37083;37917;37763;37856;37573;37963;36758;37011;36886;36898;37088;39117;39119;39118;39120;39122;39121;39123;39124;39125;39128;39126;39127;39129;39130;39132;39135;39134;39131;39133;39136;39137;39140;39138;39141;39139;39143;39142;39145;39144;39148;39147;39149;39146;39150;39151;39154;39152;39155;39156;39157;39153;39159;39158;39160;39161;39162;39163;39164;39165;39167;39166;39168;39169;39170;39171;39172;39173;39175;39174;39176;43409;39177;43411;43410;43413;43412;65450;43414;43415;39633;38447;38448;38450;38451;38452;38454;38453;38449;38455;38456;38457;38458;38459;38460;38462;38463;38461;38465;38466;38464;38467;38469;38468;38471;38470;38472;38473;38474;38475;38476;38478;38477;38479;38481;38480;38482;38483;38484;38485;38486;38487;38489;38488;38490;38491;38493;38492;38495;38494;38501;38497;38499;38498;38496;38500;38502;38503;38505;38507;38504;38506;38508;38509;38510;38511;38513;38512;38516;38514;38518;38519;38515;38517;38520;38523;38522;38524;38525;38521;38527;38526;38528;38531;38530;38529;38532;38535;38533;38538;38537;38534;38536;38539;38540;38542;38541;38543;65452;65451;44431;44433;44434;44436;44432;44438;44435;44437;38544;38545;38546;38547;38548;38550;38552;38551;38549;38555;38553;38554;38556;38560;38557;38559;38561;38558;38563;38562;38564;38567;38565;38566;38568;38569;38570;38573;38572;38571;38575;38574;38577;38578;38579;38576;38580;38582;38584;38583;38586;38585;38581;38587;38591;38589;38594;38593;38592;38588;38590;38595;38596;38598;38597;38601;38599;38600;38603;38605;38602;38604;38606;38608;38607;38609;38611;38610;39634;39635;38613;38612;39638;39636;39637;39639;39640;39644;39641;39643;39642;39645;39647;39646;39650;39649;39651;39648;39653;39652;39654;39655;39657;39656;39658;39659;39661;39662;39660;38614;38617;38616;38615;38621;38619;38618;38620;38624;38626;38622;38623;38625;38628;38627;38631;38632;38630;38629;38634;38633;38635;38636;39663;38637;38639;39664;39665;38638;39666;39668;39667;39670;39669;39673;39671;39672;39674;39677;39675;39676;39679;39678;39683;39680;39685;39684;39681;39682;39686;39690;39688;39687;39689;39692;39691;39694;42480;39695;39693;42481;39696;42482;42484;42485;42486;42487;42483;42489;42491;42492;42490;42488;42495;42494;42496;42497;42493;42498;42500;42501;42502;42499;42505;42503;42506;42504;42507;42508;42510;42509;42511;39698;42512;39699;39697;39700;39701;39702;39703;39705;39704;50707;39706;50708;39708;39707;39710;39713;39714;39716;39712;39711;39717;39715;39709;39720;39718;39722;39719;39723;39724;39721;39726;39725;39729;39728;39731;39730;39727;39734;39736;39732;39738;39737;39735;39741;39733;39740;39743;39744;39745;39739;39742;42513;42514;42516;42515;42517;42519;42518;42522;42524;42523;42525;42521;42526;42528;42520;42530;42527;42531;42529;42533;42532;42534;42535;42537;42540;42542;42536;42543;42538;42539;42541;42545;42546;42544;42547;42548;42550;42549;42551;39746;42553;39747;42552;65454;65453;39178;39180;39181;39179;52073;39184;39186;39187;39182;39185;39183;39191;39188;39190;39193;39192;39189;39196;39195;39197;39194;39201;39199;39198;39200;39203;39202;39206;39204;39207;39208;39205;39209;39212;39211;39210;39215;39213;39214;39216;39217;39220;39218;39221;39222;39223;39224;39219;39225;39226;39229;39230;39231;39227;39228;41650;39232;41648;41647;41651;41649;41652;41656;41653;41654;41657;41659;41658;41660;41655;41662;41661;41664;41663;41666;41665;41667;41668;41670;41672;41671;41669;41674;41673;39233;39236;39234;41675;39237;39235;39240;39239;39241;39238;39242;39247;39246;39244;39248;39243;39245;39249;39251;39253;39250;39254;39252;39255;39258;39256;39257;39259;39261;39260;41678;41679;39262;41677;41676;41680;41681;41682;41684;41683;39265;39264;39266;39268;39263;39267;39269;39272;39271;39270;39274;39273;39275;39278;39277;39280;39276;39279;39281;39282;39286;39284;39283;39285;39287;39288;41686;41685;39289;41688;41687;41689;41690;41693;41692;41691;41695;41694;41696;41697;41698;41699;41700;41701;41702;41703;41704;41705;41707;41706;41708;41709;41710;41711;41712;41714;41713;41715;39290;39292;39291;39293;39294;39296;39295;39299;39297;39298;39301;39302;39300;65455;42554;42556;42555;42557;42558;42561;42562;42560;42563;42559;42564;42565;42569;42568;42567;42570;42571;42566;39748;42572;39751;42573;39750;39749;39753;39752;39754;39756;39757;39755;39758;65456;65457;39760;39759;65458;65459;39816;39818;39815;39817;39819;65460;39822;39821;39824;39823;39820;39825;39827;39828;39830;39829;39831;39826;39834;39832;39833;39835;39836;39837;39838;39839;39841;39840;65461;52074;52075;65462;39843;39842;52076;43900;43899;43902;43901;43903;50709;47623;47622;47624;47625;47626;47627;47630;47631;47628;47629;47632;47633;47634;47635;47636;47637;47638;47639;47641;47640;47643;47642;43416;43418;43417;43420;43422;43419;43423;43421;43425;43424;43427;43428;43426;43429;43431;43433;43430;43432;43434;47644;47645;43435;47647;47646;47649;47648;47651;47650;43906;43907;43905;43908;43904;43910;43909;43911;43912;43914;43915;43913;43916;43917;43919;43918;43923;43922;43920;43921;43925;43926;43924;43928;43927;43930;43931;43929;43933;43932;43935;43936;43938;43939;43937;43934;43941;43940;43943;43944;43945;43946;43947;43948;43942;43951;43949;43950;43953;43954;43952;43955;43957;43956;43958;43959;43963;43960;43961;43962;43965;43966;43969;43967;43964;43971;43970;43968;43975;43973;43974;43972;43977;43978;43981;43980;43976;43979;43982;43983;41716;43985;43986;43984;41717;41720;41719;41721;41722;41718;41724;41723;41728;41729;41725;41726;41730;41727;41732;41731;41733;41734;41737;41735;41738;41741;41739;41740;41736;41742;41743;41745;41746;41747;41748;41750;41744;41749;41753;41751;41755;41752;41756;41754;41758;41757;41760;41762;41759;41761;41763;41764;41765;41767;41766;41769;41771;41770;41768;41772;41773;41774;41778;41777;41775;41779;41781;41776;41783;41782;41780;41785;41786;41784;41789;41788;41792;41791;41787;41790;41793;41794;41796;41795;41797;41799;41802;41798;41804;41803;41800;41805;41806;41801;43184;43189;43188;43187;43186;43185;43190;43436;43439;43437;43440;43442;43441;43443;43444;43438;43449;43446;43448;43447;43450;43445;43452;43451;43455;43457;43454;43456;43453;43458;43460;43461;43462;43459;43463;43464;43465;43467;43466;43468;43469;65463;43470;43473;43472;43474;43471;43475;43477;43476;43478;43481;43482;43483;43480;43479;43484;43485;43487;43489;43486;41807;43488;41809;41808;41810;41812;41813;41811;41814;41815;41818;41817;41819;41816;41821;41822;41820;41823;41824;41825;41827;41828;41829;41826;41830;41831;41832;41833;41837;41836;41835;41839;41838;41841;41843;41834;41842;41846;41845;41840;41844;41847;41850;41849;41848;41852;41851;41853;41856;41854;41857;41858;41855;41860;41861;41859;41862;41863;41865;41866;41864;41867;41869;41870;41868;41872;41873;41871;41874;41877;41876;41878;41875;41879;41881;41880;41883;41884;41885;41882;41887;41886;41889;41888;41891;41890;43192;43191;43193;43194;43195;43196;43199;43197;43201;43200;43198;43204;41892;43202;41894;43203;41896;41897;41899;41898;41893;41900;41901;41903;41895;41902;41904;41907;41905;41910;41908;41906;41911;41909;41913;41917;41912;41914;41916;41915;41918;41923;41922;41921;41920;41924;41925;41919;41927;41926;41928;41929;41933;41934;41930;41931;41932;41937;41935;43205;43206;41936;43207;43208;43212;43211;43209;43213;43210;43215;43216;43214;43217;43218;43220;43223;43224;43221;43219;43225;43222;43229;43227;43228;43226;43230;43231;43234;43232;45628;43233;45629;43235;45630;45633;45632;45631;45634;45636;45638;45635;45640;45642;45643;45639;45644;45637;45645;45648;45646;45641;45647;45650;43492;45649;43490;43491;43493;43494;43495;43499;43496;43501;43500;43498;43497;43503;43502;43505;43506;43504;43508;43507;43510;43512;43511;43509;43513;43515;43514;43516;43517;43519;43518;43522;43521;43520;43523;43525;43526;43524;43527;43531;43528;43530;43532;43529;43533;43535;43534;43539;43536;43537;43538;43541;43544;43540;43545;43542;43543;43546;43549;43548;43547;43550;43551;43552;43553;43236;43554;43556;43555;43237;43238;43240;43241;43239;43242;43243;43244;43245;43246;43248;43247;43250;43251;43249;43254;43253;43252;43255;43257;43260;43256;43259;43258;43261;43262;43265;43263;43266;43268;43267;43269;43264;43270;43272;43275;43271;43274;43276;43273;43277;43279;43280;45651;43278;45653;45652;48767;48764;48765;48768;48770;48766;48769;48771;48774;48773;43281;48775;48772;43282;43284;43283;43287;43288;43285;43286;43290;43293;43294;43289;43292;43291;43295;43298;43300;43296;43299;43301;43297;43302;43304;43305;43303;43307;43306;43309;43308;43310;43313;43311;43312;45654;43315;43314;45655;45656;45658;44194;44193;45657;43558;44195;43557;43559;44197;44196;44199;44200;44201;44198;44202;44203;44204;44206;44207;44208;44205;44210;44211;44209;44214;44213;44215;44216;44217;44219;44212;44218;44220;43562;43560;43561;43563;43565;43564;43567;43570;43568;43569;43571;43566;43572;43574;43575;43577;43576;43573;43578;43580;43582;43579;43583;43584;43581;44439;43585;44440;44443;44442;44445;44444;44221;44222;44441;44225;44224;44227;44226;44223;44228;44230;44231;44233;44235;44232;44229;44236;44237;44238;44239;44241;44242;44234;44240;44243;44246;44247;44250;44244;44248;44245;44252;44249;44251;44254;44253;44256;44257;44255;44259;44258;44261;44262;44260;44264;44265;44263;44268;44270;44269;44267;44271;44266;44273;44272;44274;44276;44275;44277;44279;44280;44278;44281;44282;44285;44284;44283;44286;44288;44289;44290;44287;44292;44293;44294;44295;44297;44291;44296;44298;44299;44301;45142;45143;45141;45144;44300;45147;45145;45148;45150;45149;45151;45153;45154;45146;45155;45156;45152;42574;42576;42578;42575;42577;42579;42581;42580;42583;42585;42586;42582;42587;42584;42589;42588;42592;42593;42591;42590;42594;42595;42596;42597;42600;42599;42598;42601;42602;42603;42605;42604;42609;42608;42606;42610;42607;42612;42611;42613;42614;42618;42617;42616;42619;42615;42620;42621;42623;42622;42626;42627;42629;42624;42628;42625;42631;42630;42633;42634;42632;42635;42637;42638;42636;42640;42639;42641;42642;42644;42645;42643;42646;42648;42649;42650;42647;45157;42651;45158;45160;45161;45159;45164;45162;45163;45165;45167;45166;45169;45170;45171;45172;45173;45168;45174;45175;42652;42655;42654;42653;42658;42656;42657;42659;42661;42660;42664;42662;42665;42663;42667;42666;42671;42670;42668;42673;42669;42672;42675;42674;42677;42680;42679;42676;42681;42678;42682;42683;42684;42687;42685;42686;42688;42690;42693;42695;42691;42689;42694;42692;42699;42696;42698;42697;42703;42702;42704;42701;42705;42700;42710;42709;42707;42706;42708;42711;42713;42712;42714;42716;42715;42718;42717;42720;46359;46361;42719;46362;46363;46365;46364;46360;46369;46366;46368;46370;46367;42725;42721;42726;42722;42723;42724;42727;42728;42729;42730;42732;42734;42731;42736;42733;42737;42735;42738;42742;42740;42741;42739;42745;42743;42744;42748;42747;42749;42746;42750;42754;42751;42753;42752;42755;42758;42756;42759;42757;42760;42761;42766;42764;42765;42762;42763;42767;42770;42769;42768;42774;42773;42772;42775;42777;42778;42776;42771;42782;42780;42781;42779;42783;65466;52077;65464;65465;44446;44448;44447;44449;44452;44451;44455;44456;44454;44453;44450;44459;44458;44457;44460;44464;44463;44461;44462;44465;44466;44467;44469;44471;44472;44468;44470;44476;44473;44477;44479;44474;44475;44478;44480;44482;44484;44481;44487;44483;44485;44486;44492;44491;44493;44488;44495;44490;44494;44496;44489;44498;44499;44500;44497;44503;44504;44505;44502;44506;44501;44508;44509;44507;44514;44512;44510;44516;44511;44513;44517;44515;44518;44522;44521;44524;44519;44520;44523;44526;44528;44527;44529;44530;44533;44532;44525;44534;44531;44535;44536;44537;44541;44542;44538;44540;44543;44539;45176;45178;44544;45179;45180;45177;45182;45183;45181;45184;45186;45187;45188;45185;45189;45190;45191;45192;45194;45193;45197;45195;45196;45199;45201;45198;45202;45200;45204;45205;45207;45206;45210;45208;45203;45213;45211;45209;45215;45212;45217;45218;45221;45214;45219;45216;45220;45222;45223;45224;45226;45225;45227;45231;45228;45232;45230;45229;45235;45236;45233;45234;45238;45240;45241;45237;45244;45242;45245;45239;45243;45249;45247;45252;45251;45246;45253;45248;45250;45255;45256;45254;45258;45260;45259;45257;45261;46372;46374;46373;46376;46371;46375;46377;46380;46381;46378;46379;46382;46384;45263;45265;46383;45262;45264;45268;45266;45267;45269;45271;45274;45273;45272;45275;45270;45276;45278;45279;45280;45281;45277;45283;45285;45282;45284;45286;45289;45288;45290;45287;45292;45293;45294;45291;45295;45297;45296;45299;45301;45298;45300;45302;45303;45304;45305;45308;45309;45306;45307;45310;45311;45312;45313;45318;45317;45316;45314;45315;45319;45320;45321;45322;45323;45324;45325;45326;45327;45328;45329;45331;45332;45330;45334;45333;45335;46385;45336;46386;46390;46387;46389;46388;46391;46392;46394;46393;46396;46395;46397;46398;46400;46401;46402;46403;46407;46399;47652;46404;46405;46406;47655;47653;47657;47656;47660;47659;47654;47658;47661;47664;47663;47667;47662;47665;47668;47666;47670;47669;47672;53917;47671;53918;53919;53920;53922;53923;53925;53924;49309;53921;49311;49312;49314;49315;49313;49310;52078;52079;49316;52081;52083;52080;52084;52086;52082;52087;52085;49317;52088;49321;49318;49319;49322;49323;49320;49324;49326;49325;49327;49330;49328;49331;49329;49334;49332;49336;49337;49333;49335;49338;49341;49339;49340;49342;49343;49345;49344;49346;49347;49350;49348;49349;43990;43988;43989;43987;43991;43992;43993;43995;43994;43996;43997;43998;44000;43999;44001;44002;44004;44005;44007;44006;44003;44008;44010;44012;44009;44015;44014;44013;44011;44016;44017;44023;44018;44019;44020;44021;44022;44024;44545;44547;44546;44548;44025;44549;44552;44551;44555;44553;44550;44554;44556;44557;44558;44559;44563;44562;44565;44564;44561;44560;44567;44566;44568;44573;44569;44572;44570;44574;44571;44575;44576;44577;44578;44581;44579;44580;46018;46408;44583;46409;44582;44584;46410;46414;46411;46412;46416;46413;46415;46417;46418;46421;46419;46423;46424;46425;46422;46420;46428;46429;46427;46430;46433;46432;46431;46435;46426;46434;42785;42784;44302;43317;43319;43316;43320;43318;43323;45659;43322;45660;43324;43321;45661;45664;45663;45665;45667;45662;45666;45668;45670;45672;45671;45669;45675;45674;45673;45676;45677;45678;45680;45682;45679;45681;45683;45684;45687;45688;45685;45686;45689;45690;45692;45691;45693;45694;45695;45696;45698;45697;45700;45699;45703;45702;45701;45704;45706;45705;45707;45709;45711;45708;45713;45714;45712;45710;45715;45717;45718;45716;45719;45720;45723;45722;45721;45726;45728;45729;45725;45724;45730;45731;45727;45732;45736;45733;45734;45737;45735;45741;45742;45738;45743;45745;45739;45740;45746;45747;45744;43587;43586;43588;45750;43589;45749;45748;45753;45752;45755;45751;45756;45757;45754;45759;45761;45762;45764;45760;45758;45763;45767;45766;45769;45765;45768;45771;45772;45770;45773;45775;45777;45776;45778;45779;45774;45783;45781;45780;45782;45784;45786;45787;45788;45785;45789;45791;45792;45790;45796;45794;45797;45795;45793;45798;45799;45801;45802;45806;45804;45800;45803;45805;45807;45808;45811;45810;45813;45812;45809;45814;45815;45816;45817;45818;45819;45821;45820;45822;45823;45825;45826;45824;45827;45830;45828;45829;45833;45831;45834;45832;45836;45835;45839;45837;45838;45840;45841;45842;45844;45845;45847;45843;45849;45846;45850;45848;45851;45854;45857;45853;45856;45852;45855;45860;45861;45862;45863;45864;45858;45859;45865;45867;45869;45868;45866;45871;45870;45872;45874;45873;45876;45877;45875;45878;45879;45883;45884;45880;45881;45885;45882;45886;45887;45890;45891;45889;45892;45888;45893;45894;45896;45899;45897;45898;45901;45895;45903;45902;45905;45900;45904;45907;45908;45906;45909;45911;45910;45912;45914;45915;45916;45913;45918;45917;45919;45921;46886;45922;45920;46887;46889;46890;46888;46891;46892;46895;46896;46893;46898;46894;46897;46901;46902;46900;46903;46899;46904;53926;65467;46019;43326;43590;43325;46905;46021;46020;46022;46024;46023;46026;46025;46027;46029;46028;46030;46032;46031;46033;46034;46036;46037;46040;46035;46039;46038;46041;46042;46043;46045;46044;46047;46046;46048;46050;46049;46051;46053;46055;46052;46054;46056;46059;46057;46058;46061;46060;46062;46063;46065;46064;46068;46066;46067;46070;46069;46074;46073;46071;46075;46072;46078;46077;46079;46081;46076;46080;46082;46083;46084;46085;46087;46086;46088;46089;46090;46092;46091;46094;46095;46096;46093;46097;46099;46098;46100;46102;46104;46101;46105;46103;46108;46436;46437;46107;46106;46109;46439;46438;46440;46441;46443;46444;46442;46445;46446;46447;46449;46450;46448;46452;46451;46454;46453;46456;46455;46457;46459;46460;46458;46461;46463;46462;46464;46465;46466;46467;46468;46469;46471;46470;46472;46474;46473;46475;46477;46476;46478;46480;46479;46481;46483;46484;46482;46486;46485;46487;46488;46489;46490;46491;46492;46493;46494;46495;46496;46497;46498;46500;46502;46501;46499;46503;46505;46504;46506;46507;46508;46509;46512;46513;46511;46510;46514;46515;46516;46517;46519;46518;46520;46521;46522;46523;46524;46525;46527;46529;46526;46528;46530;46532;46531;46534;46533;46535;46536;46537;46539;46541;46540;46538;46542;46543;46545;46544;46546;46549;46548;46547;46550;46552;46551;46554;46555;46553;46556;46559;46558;46557;46561;46560;46562;46565;46564;46563;46567;46566;46568;46570;46571;46569;46573;46572;46574;46575;46576;46579;46578;46577;46580;46582;46581;46583;46585;46586;46584;46587;46588;46590;46591;46592;46589;46593;46594;46595;46597;46596;46598;46599;46600;46601;46603;46605;46604;46606;46602;46607;46610;46608;46609;46611;46612;53928;53927;53929;53930;53932;53931;53933;53935;53934;53936;53937;53938;53940;53939;53942;53943;53941;53944;53945;53946;53948;53947;53949;53951;53950;53953;53952;53954;53955;53956;53959;53958;53957;53960;53961;53962;53963;53965;53964;53968;53967;53966;53969;53970;53971;53972;52089;52090;52091;53973;52092;52094;52093;52095;52096;52097;52099;52100;52101;52098;52102;52103;52104;46613;46616;46614;46615;46619;46618;46617;46620;46621;46622;46623;46624;46626;46625;46628;46627;46632;46630;46629;46634;46631;46633;54304;54305;46635;54302;54303;54306;54309;54308;54307;54312;54310;54311;54313;54315;54314;54317;54316;54319;54318;54321;54322;54320;54324;54323;53974;53976;53975;53977;53979;53978;53980;53981;53982;53984;53985;53986;53987;53983;53988;53990;53989;53993;53991;53992;53995;53994;53998;53996;53997;53999;54001;54000;54002;54004;54003;54005;54006;52107;52106;52105;54007;52108;52111;52109;52112;46636;52110;52113;46637;46638;46641;46639;46640;46644;46643;46642;46645;46647;46646;54326;54325;54328;54330;54329;54327;54331;54333;54332;54337;54336;54334;54335;54339;54338;54340;54342;54341;54343;54345;54348;54344;54347;54349;54346;54008;54009;54010;54011;54012;54015;54014;54013;54018;54016;54017;54020;54022;54021;54023;54019;54024;54026;54027;54025;54029;54030;54028;54032;54033;54034;54036;54031;54037;54038;54035;54039;54040;54041;54042;54043;54045;54046;54044;54048;54049;54047;54050;54052;54051;54053;54054;54056;54057;52114;54055;52117;52115;52118;46110;46111;52116;46113;46112;46114;46115;46116;46119;46118;46117;46120;46122;46121;46124;46123;46126;46125;46128;46127;46130;46129;46132;46131;46134;46133;46135;46136;46138;46140;46137;46141;46142;46139;46144;46143;46146;46148;46147;46149;46145;46150;46152;46151;46153;46154;46156;46155;46158;46157;46160;46159;46162;46163;46161;46165;46164;46166;46167;46906;46168;46907;46909;46908;46910;46911;46912;46914;46915;46916;46913;46917;46919;46918;46920;46921;46922;46923;46925;46926;46924;46927;46928;46930;46929;46931;46933;46932;46934;46937;46938;46935;46936;46939;46940;46941;46942;46943;54350;54351;45925;45923;45927;45928;45926;45924;45929;45932;45931;45930;45933;45934;45936;45937;45935;45939;45940;45941;45938;45943;45945;45944;45942;45946;45950;45952;45947;45954;45949;45948;45953;45955;45951;45956;45957;45958;46946;46944;46945;46947;45959;46948;46951;46950;46949;46952;46953;46954;46956;45960;46955;45962;45963;45965;45961;45967;45964;45966;45969;45970;45968;45972;45971;45974;45975;45973;45977;45978;45976;45980;45979;45982;45983;45984;45981;45987;45986;45989;45988;45990;45991;45985;45993;45994;45996;45995;45998;45999;45992;45997;46003;46001;46000;46004;46958;46002;46957;46959;46960;46962;46964;46966;46961;46965;46963;46967;46969;46968;46972;46971;46973;46974;46970;46975;46978;46976;46979;46980;46977;46981;46982;46984;46983;46987;46985;46986;46988;54353;46989;65468;50710;54352;50711;50713;50715;50714;50717;50716;50712;50718;50720;50721;50722;50723;50724;50719;50727;50725;50726;50730;50728;50731;50729;50732;50734;50733;50735;50736;50737;50739;50740;50741;50738;50743;50742;50745;50746;50747;50748;50749;50750;50744;50752;50751;50753;50754;50756;50760;50757;50759;50758;50755;50761;46648;46649;46650;46651;46652;46653;46654;46655;50762;46656;46657;46658;46659;46661;46660;54354;46662;54355;54356;54357;54358;54359;54360;54361;54362;54364;54365;54367;54366;54363;54368;54369;54371;54370;54372;54373;54374;54375;54376;54059;54058;54060;54061;54064;54062;54063;54067;54066;54065;54069;54068;54070;54072;54071;54074;54075;54076;54073;54078;54079;54077;54082;54080;54081;54084;54085;54087;54086;54088;54089;54083;54091;54092;54093;54090;54094;54097;54096;54099;54098;54095;54100;54101;54102;54104;54103;54105;54106;52120;52121;52122;52119;52123;52125;52124;52127;52126;52130;52129;52128;48776;48777;52131;52132;48779;48780;48778;48782;48781;48783;48784;48786;48785;48787;48789;48791;48788;48792;48790;48793;48795;48794;48798;48797;48801;48796;48800;48802;48799;54108;54107;48803;54109;54110;54112;54111;54114;54113;54115;54120;54121;54118;54117;54116;54122;54119;54123;54128;54125;54124;54127;54126;54130;54129;54131;54133;54134;54132;54136;54135;54141;54137;54138;54140;54142;54139;54143;54144;54146;54148;54145;54149;54147;54151;54153;54152;54150;48804;54154;48806;48805;48807;48808;48812;48809;48811;48810;46992;48813;46990;46995;46991;46994;46993;54377;46996;54379;54378;54381;54380;54382;54384;54383;54385;54387;54386;54388;54389;54390;54394;54392;54155;54391;54156;54393;50763;50764;54158;54157;54395;54396;54397;54399;54398;54401;54400;54402;54403;54404;54405;48439;48438;48440;48437;48441;48442;48447;48445;48443;48446;48444;48448;48449;48450;48451;48454;48452;48455;48453;48457;48459;48458;48456;48461;48460;48462;48463;48465;48466;48467;48464;48468;48469;48472;48470;48473;48476;48471;48478;48475;48479;48477;48481;48474;48484;48480;48482;48485;48487;48483;48488;48486;48490;48489;48493;48492;48491;48495;48494;48496;48498;48500;48497;48499;48501;48502;48504;48506;48503;48505;48507;48509;48508;48510;46997;46999;46998;54406;47003;47002;47000;47004;47001;47006;47008;47005;47009;47007;47010;47011;47013;47012;47015;47014;54407;54408;54410;54409;54412;54411;54413;54414;54416;54415;54417;54418;54419;54421;54420;54423;54422;54425;54424;48512;48511;48513;48515;48514;48516;48518;48517;48519;48520;48521;48522;48526;48525;48524;48523;48528;48530;48527;48529;48531;48533;48536;48532;48535;48537;48534;48539;48538;48541;48542;48540;48543;48544;48545;48546;48547;48550;48549;48548;48551;48554;48556;48553;48552;48555;48557;48558;48560;48562;48561;48559;48563;48566;48564;48565;54427;54428;54426;54429;54430;54433;54431;54432;54434;54435;54436;54437;54439;54438;54440;54441;54442;54444;54445;54443;54448;54446;54447;54450;54449;54451;54452;54453;54455;54456;54454;54457;54459;54458;54460;54461;54462;54463;54465;54464;54467;54469;54468;54470;54471;54466;54473;48567;54472;48570;48569;48568;48572;48573;48571;48576;48574;48575;48578;48579;48577;48581;48580;48582;48583;48584;48586;48585;48590;48587;48589;48588;48591;48592;48596;48594;48593;48595;48598;48597;48600;48601;48602;48599;48604;48603;48605;48607;48606;48608;48609;48610;48612;48613;48614;48611;48615;48616;48618;50765;48617;50766;50767;50771;50769;50770;50768;50772;50774;50776;50775;54159;50773;54160;54161;54163;54162;54165;54164;54166;54167;54169;54168;48619;48621;48622;48620;54474;54475;48623;54477;54476;54478;54480;54481;54479;54484;54483;54482;54486;54485;54488;54487;54489;54490;54491;54493;54494;54492;54496;54495;54497;54499;54498;54500;54501;54503;54502;54505;54504;54507;54509;54510;54508;54506;54511;54512;54513;54514;54515;54516;54517;54518;54520;54519;54521;54523;54524;54522;54527;54526;54525;54529;54530;54528;54531;54532;54533;54536;54535;54534;54537;54538;54539;54542;54540;54541;54543;54544;54545;54546;48814;48815;48816;48818;48819;48817;48822;48820;48821;48824;48823;48825;48827;48828;48826;48830;48831;48829;48832;48834;48833;48836;48835;48838;48839;48837;48842;48841;48840;48844;48845;48847;48846;48843;48848;48851;48850;48852;48849;48853;48854;48856;48855;48857;48858;48859;48860;48862;48861;48863;48865;48864;48867;48866;48868;48870;48871;48873;48874;48869;48872;48875;48877;48879;48878;48876;48880;48881;48883;48882;48884;48885;48887;48886;48888;48889;48892;48891;48893;48890;48894;50089;50090;50093;50094;50091;50096;50095;50097;50092;50098;50099;50101;50100;50104;50102;48624;50103;48625;48627;48626;48629;48632;48628;48634;48630;48635;48631;48636;48633;48637;48638;48642;48640;48643;48644;48639;48641;48647;48649;48645;48650;48648;48646;48651;48652;48654;48653;48655;48658;48657;48656;48659;48662;50105;48661;48660;50106;48663;50107;50110;50108;50109;50112;50111;50113;50115;50114;50118;50116;50117;50119;50120;50123;50122;50124;50125;50121;50126;50127;50130;50129;50128;50132;50134;50133;50131;50135;50138;50141;50137;50139;50136;50140;50143;50145;50146;50142;50147;50144;50149;50148;48664;48666;48665;50150;48667;48668;48669;48670;48671;48675;48673;48674;48677;48672;48676;48678;48681;48680;48683;48682;48679;48684;48686;48685;48687;48690;48688;48689;48692;48691;48695;48693;48694;48698;48699;48700;48696;48697;48701;48703;48702;48705;48707;48704;48706;48708;48710;48712;48711;48709;48713;50153;50151;50152;50155;50154;48714;50156;50161;50160;50159;50157;50158;50162;50164;50163;50170;50165;50169;50166;50168;50167;50173;50174;50171;50172;50178;50177;50175;50180;50176;50179;50181;50182;50184;50185;50187;50183;50186;50189;50190;50188;50191;50194;50195;50192;50196;48716;50193;48717;48715;48719;48718;48720;48721;48725;48723;48724;48722;48727;48728;48726;48729;48730;48733;48731;48732;48736;48735;48734;48737;48738;48739;48740;50199;50198;50197;50201;50200;50206;50204;50203;50205;50207;50202;50208;50209;50211;50213;50215;50216;50210;50214;50212;50219;50221;50217;50218;50222;50224;52133;50223;50220;50225;52135;52134;52136;52137;52140;52139;52141;52138;52143;52142;52144;52145;52148;52146;52149;52147;54170;54172;54174;54173;54171;54176;54178;54179;54177;54175;54181;54182;54180;54185;54183;54184;54186;54188;54187;50227;50226;50231;50229;50228;50233;50230;50232;50234;50235;50239;50238;50236;50240;50241;50242;50243;50237;50244;50246;50248;50245;50247;50249;50251;50252;50254;50255;50253;50250;50256;50257;50258;50261;50262;50260;50264;50259;50263;50266;50270;50265;50267;50269;50268;51201;50271;51205;51203;51204;51202;51207;51209;51208;51206;51210;51213;51215;51216;51214;51212;51211;51217;51218;51220;51219;51222;51221;54190;54191;51224;51223;54192;54189;54193;54197;54195;54194;54198;54196;54199;54200;54204;54202;54206;54205;54201;54207;54208;54209;54210;54203;54211;54214;54213;54212;54215;54217;54219;54216;54220;54221;54218;54223;54225;54224;54226;54222;54227;54229;54230;54228;54232;54231;54233;54234;54236;54237;54235;54239;54240;54238;54241;54242;54243;54245;54244;54246;54248;54247;54249;54251;54250;54253;54256;54257;54254;54252;54255;54258;51228;51226;51225;51229;51227;51230;51232;51231;51233;51234;51235;51236;51240;51239;51242;51241;51237;51243;51238;51245;51244;51246;52771;52770;51247;52774;52773;52772;52775;52777;52776;54259;54261;54260;52778;52779;52780;52783;52782;52781;49352;49354;49353;52784;49351;49355;49356;49357;49358;49360;49359;49361;49362;49366;49365;49363;49368;49364;49367;49369;49370;49372;49373;49371;49374;49375;49378;49377;49376;49381;49380;49379;49383;49382;49384;49387;49388;49385;49390;49386;49389;49392;49391;49393;49396;49395;49397;49394;49399;49398;49400;49402;49403;49401;49404;49405;49409;49407;49406;49408;49410;49411;49413;49412;49414;49415;49417;49416;49419;49418;49420;49422;49421;49423;49425;49426;49427;49424;49429;49428;49431;49430;49432;49433;49437;49434;49435;49436;49438;49443;49442;49440;49441;49444;49439;49445;49448;49447;49446;49451;49452;49449;49450;49453;49455;49454;49456;49459;49457;49458;49461;49460;49462;49463;49464;49467;49466;49465;49468;49470;49472;49469;49471;49475;49477;49476;49474;49478;49473;49480;49481;49479;49482;49483;49484;49488;49485;49489;49487;49486;49490;49491;49494;49492;49496;49493;49495;49499;49502;49497;49501;49498;49500;49503;49505;49504;49507;49506;49508;49509;49510;49512;49511;49513;49514;49515;49517;49516;49519;49520;49521;49518;49522;65469;49523;49524;49527;49526;49528;49525;49530;49529;49532;49534;49531;49533;49536;49535;49537;49538;49542;49539;49540;49541;49544;49543;49545;49546;49548;49547;49549;49550;49552;49551;49554;49553;49555;49556;49558;49557;49560;49561;49559;49562;49563;49564;49565;49567;49566;49569;49570;49568;49571;49575;49573;49574;49572;49576;49578;49577;49579;49580;49581;49582;49583;49584;49585;49587;49586;49590;49588;49589;49591;49592;49593;49594;49595;49599;49597;49598;49596;49600;49603;49601;49602;49605;49604;49606;49608;49607;49610;49609;49612;49611;49614;49613;49615;49617;49618;49616;49619;49620;49621;49622;49625;49626;49623;49627;49624;49628;52166;52167;52169;52168;52172;52170;52173;52171;52175;52174;52177;52176;50777;52178;50779;65470;50778;52785;52786;52787;52788;52789;52790;52791;52794;52793;52792;49629;65471;52179;65472;52180;52181;52183;52184;52186;52182;52185;52187;52191;52189;52190;52192;52193;52188;52195;50780;50990;52194;50991;50992;50994;50996;50993;50997;50995;50998;51003;51002;51000;50999;51001;51004;51005;51007;51009;51006;51008;51010;51011;51012;51013;51014;51017;51016;51015;51018;51021;51019;51022;51023;51020;51024;51026;51025;51027;51028;51029;51031;51032;51030;51034;51033;51036;51037;51035;51038;51039;51041;51042;51040;51044;51538;51043;51540;51539;51541;51542;51543;51544;51545;51548;51549;51547;51546;51550;51554;51553;51552;51551;53004;51555;53005;53002;53003;53006;53008;53009;53007;52197;52196;52198;52200;52202;52201;52199;52203;52204;52206;52208;52205;52207;52209;52211;52213;52212;52214;52210;52220;52218;52217;52215;52219;52216;52221;52223;52222;49630;49631;49632;50273;50274;50272;50275;50277;50276;50280;50278;50279;50281;50282;50283;51249;50284;51248;51250;51252;51251;51254;51255;51253;50285;51256;51257;51258;51259;51260;51261;51263;51262;51264;51268;51265;51266;51269;51267;51270;51271;51273;51272;51274;51275;51276;51278;51277;51280;51279;51283;51281;51282;51284;51287;51289;51288;51286;51285;51291;51290;51292;53010;53011;53012;51293;53013;53015;53017;53014;53016;53019;53018;53020;53023;53022;53021;53025;53026;53029;53028;53027;53024;53030;53032;53031;53033;53034;53035;53036;53038;53037;53039;53041;53040;53045;53042;53043;53046;53047;53044;54550;54548;54547;54549;65473;50286;50289;51294;50287;51295;50288;51296;51299;51300;51297;51302;51303;51301;51298;51305;51306;51308;51307;51309;51304;51310;51311;51313;51312;51315;51316;51318;51314;51317;51320;51321;51319;51323;51322;51327;51324;51326;51328;51325;51330;51329;51331;51333;51332;51334;52796;52795;51335;52797;52150;52151;52153;52152;52155;52156;52154;52798;52799;52800;65474;52801;52802;52803;52806;52805;52804;52807;52808;52809;52811;52812;52810;52813;52814;52816;52815;52817;54551;54552;50781;54553;50783;50784;50782;50786;50787;50785;54554;50789;50788;54556;54555;54559;54558;54560;54557;54561;54562;54563;50290;50291;50292;54263;65475;54262;54565;54566;54564;54266;54265;54264;54267;51045;51047;51049;51048;51046;51052;51050;51051;51053;51054;54568;54567;51055;53048;53050;53049;53051;53055;53052;53053;53056;53054;53057;53060;53058;53059;53061;53063;53062;53064;53065;53066;53067;53068;53069;53070;53071;53074;53072;53073;53075;53076;53078;53079;53077;53082;53081;53080;53083;53084;53085;53086;53087;53090;53088;53089;53092;53091;53093;53095;53094;53096;53097;53098;53099;53100;53101;53102;53103;53104;53106;53107;53105;53108;53109;53110;53111;53113;53112;53114;53115;53118;53117;53119;53116;53120;53124;53122;53123;53126;53125;53121;53128;53129;53127;53130;53131;53132;53133;53135;53134;53136;53138;53139;54569;53137;53140;54570;54268;54270;54269;52819;54272;52818;54271;52820;54650;54651;54653;54652;54655;54654;54656;54657;54658;54660;54659;54661;54662;54665;54664;54663;54667;54668;54669;54670;54666;54671;54672;54674;54675;54673;54677;54678;54676;54680;54679;54681;54683;54682;54685;54687;54686;54684;54688;52226;52224;54689;52225;52227;52228;52230;52229;52231;52232;52235;52234;52237;52236;52233;52238;52239;52242;52241;52240;52243;52244;52245;52247;52248;52246;52250;52252;52251;52253;52254;52255;52258;52256;52257;52260;52261;52259;52263;52264;52262;52265;52269;52266;52267;52268;52270;52271;52272;52274;52275;52273;52276;52278;52281;52277;52279;52280;52282;52283;52285;52284;52286;52287;52288;52291;52289;52292;52290;52293;52294;52295;52296;52297;52299;52300;52298;52302;52303;52301;52305;52304;55290;55291;55293;55292;55295;55294;55296;55297;55299;55298;55301;55300;55302;55305;55304;55303;55306;52307;52309;52308;52306;52310;52311;52312;52315;52313;52314;52318;52317;52316;52319;52320;52323;52321;52322;52324;52325;52326;52328;52327;52329;52332;52331;52330;52334;52335;52333;52336;52338;52337;52339;52340;52341;52344;52343;52342;52346;52347;52345;52348;52349;52350;52352;52353;52354;52351;52356;52355;52357;52359;52361;52358;52362;52363;52360;52364;52367;52366;52365;52368;52370;52369;52371;52372;52373;52375;52374;52376;52378;52377;52822;52379;52380;52821;52823;52826;52825;52824;52827;52828;52829;52832;52830;52834;52831;52833;52837;52836;52838;52835;52839;52840;52842;52843;52841;52383;52381;52382;52385;52384;52386;52387;52388;52390;52391;52389;52392;52394;52393;52397;52395;52396;52398;52399;52402;52400;52401;52404;52403;52406;52408;52405;52409;52407;52410;52413;52411;52412;52416;52414;52415;52418;52417;52419;52420;52421;52424;52422;52423;52425;52426;52427;52429;52431;52428;52430;52433;52432;52434;52435;52438;52437;52440;52436;52439;52441;52442;52443;52444;52445;52446;52447;52449;52451;52448;52452;52453;52450;55309;55307;55310;55311;55308;55312;55313;55314;55316;55317;55320;55315;55319;55318;55321;55325;55323;55326;55322;55327;55324;55328;55329;55331;55332;55330;55333;55334;55335;55337;55336;55340;55339;55338;55341;55342;55345;55344;55343;55346;55347;55349;55350;55352;55348;55351;55353;55354;55355;55356;55357;55359;55361;55358;55360;55363;55364;55365;55362;55366;55369;55367;55368;55371;55370;55372;55373;55375;55374;55377;55378;54690;54691;55376;54692;54693;54273;55174;55175;72839;55176;55177;54274;52844;52848;52845;52847;52849;52846;52850;52851;52852;52853;52854;52855;52856;52859;52857;52860;52858;52861;52862;52864;55178;55180;55179;52863;55182;55181;55184;55183;55185;55187;55186;55188;55189;55190;55191;55194;55192;55193;55195;55196;55198;55197;55200;55199;55201;55204;55203;55202;55206;55205;55207;55210;55209;55208;55211;55213;55212;55215;55214;55216;55218;55217;55219;55221;55220;55222;55223;55224;55227;55226;55225;55229;55231;55230;55232;55228;55233;55234;55236;55235;55237;55239;55240;55238;55242;55241;55244;55243;55248;55245;55247;55250;55249;55246;55251;54275;52865;52867;52866;52870;52868;52871;52869;52872;52873;52875;52874;52876;52877;52878;52879;52880;52881;52882;52883;52884;52885;52887;52886;52889;52888;52890;52893;52891;52892;52894;52896;52895;52897;52898;52899;52900;52901;52902;52903;52905;52904;52906;52907;52908;52910;52909;52911;52912;52916;52913;52914;52915;52917;52920;52919;52918;52921;52923;52922;52924;52925;52927;52929;52926;52928;52930;52932;52931;52933;52934;52935;52936;52937;52939;52938;52941;52942;52940;54694;54696;54698;54699;54695;54697;54700;54701;54703;54702;54706;54705;54704;54708;54709;54710;54711;54707;54712;54713;54714;53141;53142;53143;53145;54715;53144;53147;53150;53148;53151;53149;53146;53156;53154;53153;53157;53152;53155;53159;53158;53160;53162;53161;53164;53163;53165;53167;53166;53169;53168;53171;53170;53173;53172;53174;53175;53176;53177;53178;53180;53182;53179;53181;53184;53183;53185;53187;53186;53189;53188;53190;54717;54716;54718;54720;54719;54721;54723;54722;54724;54726;54725;54729;54728;54731;54730;54727;54734;54732;54733;54735;54736;54740;54738;54737;54739;54741;54743;54742;54744;54745;54746;54747;54748;55252;54749;55253;54750;53191;53193;53195;53196;53194;53197;53192;54751;54754;54753;54752;54756;54757;54759;54755;54760;54758;54761;54762;54763;54765;54764;54768;54767;54766;54770;54769;54771;54772;54773;54774;54775;54776;54277;54276;54777;54279;54280;54278;54281;54778;54779;54781;54780;54784;54783;54785;54782;54786;54787;54789;54788;54790;54791;54792;54794;54793;54795;54797;54796;54799;54798;54800;54802;54801;54805;54806;54803;54808;54807;54804;54809;54810;65476;59073;65477;54571;54282;55254;55255;55257;55258;55256;55260;55259;55261;55262;55263;55265;55266;55264;55268;55267;55269;55270;55272;55271;55273;65478;65479;54284;54283;65481;65480;65482;65483;54812;54811;54813;54817;54815;54814;54818;54816;54819;54821;54822;54823;55274;54820;55275;55278;55279;55277;55276;55379;55380;55382;55384;55381;54285;65484;55383;72840;65485;65486;65487;65489;65488;65490;65491;72841;65492;65494;65496;65495;65493;65498;65497;65499;65500;65501;65502;72842;59074;65504;65503;65506;65505;65509;72843;65508;65507;72844;72845;65512;65510;65511;59075;65513;65514;65516;65515;72846;65517;72847;65518;65519;65520;65521;65522;72848;65523;65524;65525;65526;65527;65528;71160;65529;65918;65707;71161;71162;65708;65709;66275;65711;65710;66276;66277;71163;66278;71164;65712;71165;66279;69285;69286;69308;65919;69287;69351;69349;69352;66280;69350;69309;69310;69311;69312;69353;74271;74272;77378;72609;74273;77380;77379;74275;74274;87184;79062;77412;77381;74276;79063;77413;87185;77382;80967;77383;77417;77415;77414;83878;83879;91233;77416;88993;86194;80968;88994;91235;86126;91234;91238;91236;102120;102122;102121;91237;102123;102125;102126;102124;102127;104123;69863;102822;76870;83135;103189;91103;126924;76871;84087;89053;103190;81491;77333;85447;94970;103191;79626;14611;87374;77532;97051;81022;83874;89672;102129;102321;102128;92356;102130;102322;99183;92357;102323;99184;102131;73557;136324;136323;136325;73558;76168;73308;86656;85930;90942;95477;88590;73559;77603;78772;82900;84880;88085;81406;88591;89829;92323;73560;95255;107229;90448;107230;107231;107232;111354;152700;111353;125707;73561;125708;73563;73562;73564;74468;73472;74512;94674;73735;110777;79660;73566;73565;111970;111969;111971;111972;33102;40363;25038;32082;164709;165632;164710;164727;164729;164728;164737;164732;164713;164764;164736;164711;164720;164760;164718;164765;164724;164751;164741;164739;164726;164714;164773;164776;164782;164706;164747;164725;164745;164712;164749;164733;164730;164785;164731;164746;164738;164734;164700;164716;164767;164761;164735;164759;164754;164719;164697;164723;164784;164698;164770;164755;164777;164780;164781;164762;164748;164783;164753;164721;164768;164701;164772;164743;164699;164740;164757;164775;164715;164779;164786;164771;164774;164778;164750;164769;164752;164766;164787;164717;164763;164705;164704;164758;164703;164742;164744;164707;164708;164756;165576;176366;166129;166119;164694;166128;166120;166125;166127;166357;166353;166351;166354;166352;166350;166782;166984;167025;167011;166994;167006;167023;166995;167026;167030;166990;166986;167020;166992;167002;167029;166993;167013;166997;167027;167016;167009;167034;166998;167028;167012;167032;167033;167017;166985;167003;167014;166996;167008;167018;166991;167001;166999;167019;167022;167021;167015;167010;166989;167005;167031;167004;167000;170591;167007;166987;166988;170625;168578;168552;170600;168555;168577;168553;168591;168589;168571;168576;168590;168582;168579;168558;168572;168583;168574;168573;169517;168581;168547;168559;168560;168556;168586;168562;168595;168588;168566;168565;168564;168580;168592;168584;168557;168569;168567;168563;168546;168568;168575;168561;168593;168554;168585;168548;168549;168550;168587;168570;170585;170619;170623;169514;168551;170590;170586;170612;170611;170621;170622;170592;170610;170587;170594;170618;170624;170597;170595;170598;170615;170617;173078;173136;173094;173150;173127;173135;173102;173092;173114;173122;173163;173087;173096;173154;173103;173174;173128;173167;173192;173110;173075;173173;173143;173184;173080;173142;173121;173093;173164;173148;173098;173187;173067;173072;173082;173101;173160;173123;173099;173126;173147;173162;173161;173133;173131;173069;173138;173134;173068;173149;173145;173139;173107;173165;173089;173181;173105;173120;173132;173097;173077;173076;173168;173091;173170;173112;173081;173175;173146;173106;173090;173064;173084;173073;173083;173079;173157;173188;173190;173109;173171;173063;173124;173113;173189;173061;173130;173119;173178;173159;173179;173108;173095;173144;173115;173176;173070;173183;173141;173065;173191;173117;173129;173071;173169;173156;173151;173116;173180;173177;173118;173074;173166;173086;173100;173104;173186;173172;173062;173111;173066;173125;173085;173185;173158;173152;173182;173088;173155;173140;173137;173153;173343;173335;173342;173338;173336;173339;173340;173345;173346;173341;173334;173344;173347;173842;173854;173865;173856;173855;173874;173866;173858;173839;173853;173843;174571;174586;174575;174579;175070;175081;175082;175080;175073;175069;175074;175085;175072;175075;175079;175067;175076;175066;175071;175068;176346;176332;176331;176345;176951;176948;176925;176913;176899;176949;176950;176977;176944;176914;176934;176898;176911;176900;176927;176932;176926;176922;176916;176919;176917;176935;176937;176896;177195;177193;176912;177197;177196;177199;177680;177198;177685;177678;177686;177679;177683;177690;177681;177677;177694;177684;177688;177710;177695;177682;177689;177674;177687;177691;177675;177714;178611;178007;178607;178600;178606;178605;178601;178608;178534;178614;178599;178550;178518;178537;178524;178549;178519;178603;178544;178556;178535;178610;178609;178604;178612;178602;178551;178613;178533;178552;179784;179760;179806;179781;179776;179759;179791;179790;179748;179749;179767;179797;179804;179771;179747;179779;179745;179754;179785;179757;180128;180123;180131;180120;180117;180110;180116;180112;180130;180126;180108;180122;180113;180132;180111;180129;180125;180124;180109;180114;180118;180115;180119;180127;180121;181168;181134;181158;181173;181152;181177;181141;181148;181166;181153;181174;181138;181149;181151;181132;181159;181155;181142;181156;181136;181139;181175;181133;181165;181170;181327;181699;181722;181703;181715;181709;181716;181702;181698;181725;181700;181723;181713;182445;182458;182456;182450;182464;182455;182461;182448;182459;182460;182454;182463;182451;182447;182457;182446;182462;182452;182465;182444;182449;182453;183827;183805;182940;183801;183831;183798;183823;183803;183825;183829;183804;183348;183349;183351;183350;183347;183346;183799;183830;183826;183828;183824;183800;183802;184428;184417;184056;184431;184423;184432;184409;184410;184411;184430;184433;184427;184424;184412;184416;184414;184418;184425;184426;184413;184421;184415;184420;184429;184419;184422;185721;185719;185716;185718;185715;185717;185723;185722;185720;185714;186973;186978;186969;186984;186968;186979;186977;186971;186983;186976;186956;186970;186988;186917;186972;186982;186987;186975;186974;186980;186981;187688;187687;187062;187685;187691;187699;187700;187692;187690;187703;187689;187693;187701;187695;187686;187702;187696;187697;187698;187694;189199;189196;189341;189197;189198;189328;189325;189348;189347;189327;189346;189330;189338;189339;189336;189320;189351;189342;109363;189329;109364;109365;109366;109687;109689;109688;109686;109690;109691;109692;109693;110193;109694;110195;110196;110194;110446;110447;110448;110449;110450;110451;110453;110452;110454;110455;110781;110456;110782;110780;110967;111334;111605;111550;111336;111335;111551;111607;111701;111608;111606;112085;112089;112087;117708;117590;112088;112086;117591;117589;117592;118041;117710;117709;118042;118043;118044;118400;118401;118403;118404;118402;118833;118832;118834;118835;118959;119504;119505;119503;118836;119506;119502;119507;119781;119783;119782;119784;119786;119787;119785;119789;109119;119790;119788;109121;109122;109120;109123;109125;109124;109127;109128;109126;109130;109129;109131;109132;109133;109135;109134;109136;109137;109138;109140;109139;109177;109178;109179;109141;109180;109181;121047;121048;121049;121050;121053;121052;121051;121054;121362;121363;121367;121364;121366;121365;121368;122158;122160;122159;122161;122260;122162;122261;122671;122672;122673;122674;122676;122675;122678;122677;122679;123465;122680;122861;123466;123467;124123;123469;123468;124124;124125;123757;124126;124301;124128;124127;124303;124302;125287;124305;124304;124592;124593;124594;125289;125290;125288;125091;125291;125598;125599;125602;125601;125600;125603;125954;126831;125899;125898;125901;126383;125900;126957;126956;126384;127460;126959;126958;126962;126960;126961;126963;127462;127461;127464;127463;127466;127465;128284;127467;128285;128287;128286;128290;128288;128289;129064;129065;129063;129066;129067;129068;129069;129070;129071;129790;129392;129559;129561;129560;129562;129791;129563;129792;129793;129794;129795;130214;130028;129851;130217;130215;130220;130218;130216;130219;130221;130222;130224;130226;130223;130225;130227;130229;130228;130232;130231;130230;130234;130233;130235;130236;130400;130401;130599;130402;130470;130600;130598;130601;130604;130602;130603;130606;130605;130607;130608;131026;131027;131029;131030;131028;131082;131031;131234;131236;131235;131237;132258;131238;132259;132261;132260;132262;132264;132265;132263;132266;132734;132735;133092;133094;133095;133093;133149;133096;133552;133553;133554;133652;133556;133555;133866;133868;133867;134327;134118;134117;134328;134329;134678;134569;134896;134897;134679;134898;134899;135595;135929;135594;135930;135931;135933;136360;135932;136361;136362;136363;136364;136529;136365;136528;136749;136530;136750;136752;136751;136753;137088;137089;137090;137566;137091;137568;137570;137569;137571;137567;138043;138046;138045;138047;138044;138048;138049;138051;138616;138050;138619;138618;138620;138617;138621;138622;138623;138625;138624;138626;138628;138629;138630;138627;138854;138857;139337;138855;138856;139339;139862;139338;139852;139859;139853;139856;139857;139855;139858;139861;140194;140198;140195;140199;140636;140209;140196;143158;140197;140634;143159;141106;141107;141108;141987;140635;141958;141952;141943;141998;141985;141999;141939;141957;141996;141940;141993;141949;141967;141963;141986;141953;141965;141988;141989;141991;141962;141973;141972;141959;141945;141974;141977;141994;141983;141951;141956;141941;141975;142000;141976;141978;141942;141966;141990;142022;141954;141970;141964;141971;141955;141968;141960;141984;141946;141938;141995;141948;142724;141997;141947;142725;142723;142722;142738;142728;142726;143579;142720;142737;142733;142734;143583;143589;143580;143577;143582;143581;143575;143586;143576;156175;143578;144806;144807;144799;144805;144795;144797;144801;144804;144796;144803;145454;145453;144798;145456;145457;145455;145449;145452;144800;146630;145450;146624;146629;146625;146633;147715;146632;146634;146626;146631;146623;146628;146635;146627;147906;147910;146622;147913;147911;147912;147909;147908;147907;147914;148195;148196;148337;148921;148193;148194;148919;148914;148922;148920;148913;149305;148915;149860;149875;149870;149865;149873;149864;149869;149863;149861;149871;150975;149867;150993;150976;169521;150971;169520;150974;150973;150970;150969;150968;169519;150983;150964;150980;169522;150979;150977;150978;150972;150966;150965;150967;169524;169525;169523;150994;151272;151268;151273;151267;151271;151277;151266;151270;151274;151269;151275;151799;151795;151793;151794;151798;151792;151796;151931;152238;152236;152237;153152;151930;152233;153786;153416;153421;152234;153426;153418;153420;153427;153422;153425;153424;153417;153898;153897;153883;153896;153900;153899;154895;154914;154179;154913;154912;154911;155760;155979;155994;155980;156020;155989;155982;156182;156112;156262;155973;156263;160314;158725;158591;160315;158722;180057;157885;158046;157182;157884;157883;158210;157408;158211;158213;158590;158214;158588;158592;158723;158720;158724;158721;159558;158788;158954;158719;159557;159564;159560;159565;159556;159907;160261;160267;160264;160262;160258;159911;160270;160260;160257;160265;160268;160263;160254;160266;160577;160579;161457;160578;161933;161935;161464;160269;161932;161930;161934;163230;161937;162309;161936;161931;163227;163226;163231;163232;163229;163233;163236;163237;163238;163234;163317;163228;163308;163322;163314;163321;163358;163324;163320;163315;163319;163919;163311;163917;163918;164295;164294;165096;165101;165102;165103;165098;165097;165989;165992;165991;166001;165996;165998;165990;165987;165993;165999;166000;166409;166398;165997;166411;166392;166407;166408;166394;166412;166393;166410;167227;166395;166396;167235;167238;167239;167240;167228;167226;167236;168443;168366;168456;168444;168454;168458;168434;168461;168431;168430;168442;168439;168446;168445;168429;168438;168462;168450;168432;168451;168428;168440;168441;168459;168453;168437;168676;170448;170441;170440;170438;170450;170431;170436;170430;170434;170433;170439;170443;170442;170444;170451;171053;170437;171051;171039;171042;171046;171043;171047;171052;171054;171048;171038;171228;171468;171049;171229;171482;171831;171826;171836;171834;171835;171226;171819;171825;171821;171813;171804;171823;171829;171805;171809;171827;171816;171818;171817;171803;171824;171833;171830;171828;171820;171814;171822;172154;172164;172170;172157;171832;172165;172167;172168;172160;172155;172166;172143;172151;172142;172161;172169;172156;172158;172153;172159;172144;172162;172163;173232;173202;173233;173207;173227;173203;173239;173238;173237;173241;173196;173208;173234;173204;173905;173195;173240;173910;173909;173906;173918;173919;173904;173908;174577;174580;174578;174568;174570;174581;175014;175012;174585;175019;175016;175025;175013;175015;175011;175017;175020;175005;175018;175022;175002;175021;175949;175947;175967;175968;175944;175969;175971;175954;175970;175951;175948;175953;175972;175955;175945;175950;176700;176710;176698;176717;176701;176716;176705;176703;176699;176708;176677;176702;176704;176711;176706;176707;176678;176709;176936;176939;176915;176923;176946;176941;176920;176938;176918;176921;176895;176947;176945;176897;176940;177189;176924;177187;177188;177158;177194;177864;177860;177857;177865;177159;177867;177859;177861;177863;177881;177862;177848;177849;177847;177882;177868;177871;177858;178529;177866;178538;178525;177869;178540;178517;178521;178536;178558;178546;178530;178527;178560;178520;178557;178523;178526;178531;178542;178555;178548;178547;178493;178543;178541;178516;178553;178528;178492;178679;178559;178501;178678;178505;178539;178522;178506;178502;178494;178513;178496;178495;178515;178497;178508;178838;178832;178815;178823;178824;178820;178819;178837;178822;178821;178816;178828;178826;178829;178825;178830;178818;178836;178834;178835;178827;178817;179768;179770;179753;179780;179789;179772;179765;179800;179777;179755;179750;179758;179794;179752;179769;179796;179762;179761;179778;179746;179774;179751;179763;179744;179807;179801;180089;180090;179786;180062;180085;180067;180093;180059;180063;180056;180084;180077;180072;180087;180074;180086;180091;180092;181161;181144;181145;181169;181140;180079;181154;181162;181171;181157;181164;181143;181135;181160;181146;181167;181147;181137;181150;181172;181176;181131;181361;181163;181359;181701;181360;181718;181726;181717;181707;181712;181724;181720;181711;181710;181704;181719;181708;181705;181714;181706;181721;182628;182643;182631;182644;182646;182627;182624;182626;182630;182641;182638;182645;182633;182642;182636;182637;182625;182632;182640;182629;182634;182635;182639;183480;183469;183486;182948;183463;183466;183472;183468;183467;183485;183482;183483;183478;183465;183488;183477;183470;183474;183462;183475;183473;183479;183484;183481;183205;183476;183206;183464;183471;183926;183487;183925;184279;184287;184283;184280;184281;184292;184278;184291;184286;184288;184282;184290;184285;184284;185787;184289;185782;185791;185783;185784;185790;185793;185786;185788;185789;185792;186565;186580;185785;186566;186561;186551;186575;186572;186559;186557;186560;186579;186576;186578;186570;186554;186574;186550;186563;186569;186564;186555;186562;186568;186571;186552;186573;186556;186567;186549;186577;187063;187826;187820;187842;187831;187811;187810;187844;187819;187817;187815;187823;187846;187832;187818;187835;187829;187825;187812;187833;187836;187813;187827;187840;187841;187830;187821;187839;187837;187834;187814;187838;187843;187822;187845;187816;187824;189190;187828;189189;189331;189318;189332;189340;189321;189317;189345;189344;189333;189337;189319;189323;189350;189349;189322;189324;189335;182021;181946;181984;181973;181996;181970;182053;182008;182012;160410;163375;170501;181932;160405;166544;178704;174974;189466;189163;160407;160406;160411;183447;160412;162011;166117;166169;173967;173939;174971;176771;180096;180066;180075;180571;180088;183440;183441;183448;184180;178286;178288;178301;178287;180568;189472;180563;183318;182066;183444;183317;183446;184181;184179;183449;184176;184178;185964;185926;185921;185919;185918;185917;185922;185963;187770;187774;185927;185923;182028;181997;182019;181955;182067;182018;181938;182054;181977;182006;182000;181940;181939;182051;182657;183266;183264;185928;187778;182050;182007;187780;189476;182016;189326;182031;182003;189343;182027;181985;181935;187781;181986;181936;160993;165099;176756;179783;171853;160443;187771;160439;160434;160447;160459;160446;168436;160432;160451;160428;160433;160425;160426;163313;162002;164359;163382;163368;166124;163312;166495;173223;167231;171216;168728;168520;170472;174421;174434;174973;175946;173228;176762;177770;180564;177771;178532;179764;183265;180566;182656;185929;184183;187779;163372;163371;162006;189470;189474;163370;165100;163352;164362;166501;166118;167237;171227;168507;170458;174430;173206;174975;173235;175973;176767;176754;180569;177780;177781;178545;183267;184184;182654;179798;180567;185920;189467;160419;186553;160445;160442;189471;160440;187777;160424;160449;160438;160436;160429;160458;160448;160435;160431;160421;160437;160456;160441;160427;160430;160452;160457;161456;160422;160423;162005;163310;163309;163323;164357;163386;163316;163385;165104;163387;166131;168727;168726;167232;166494;170471;171848;176766;174976;177775;173230;175952;177776;179775;182659;178554;182660;180082;180565;185925;184177;189469;182035;187776;182017;181941;181992;182063;182043;181931;189475;187773;182653;182002;181975;187772;182061;181974;182059;181942;182011;181953;181990;181960;182010;183269;160992;160991;160976;160975;162012;162010;173211;179782;173942;176752;173937;180097;179805;180570;180058;183442;183443;184182;183445;185924;182055;189477;182040;186558;182655;181381;181376;181380;181377;181379;181389;181387;181384;181385;181382;181386;181383;181378;181390;181388;182048;181957;182029;181967;182020;182052;181979;181980;182024;182032;187775;189478;182004;182001;182064;182060;181995;181947;189468;181991;189473;181965;182058;182036;189479;181937;182022;182013;182037;182009;181954;182034;181950;182069;189334;182023;181982;182046;181956;182071;181948;182041;181994;181951;182039;182033;182068;182015;181966;181969;182045;181964;181972;182030;182026;181933;181998;181978;182042;181949;181987;181961;182047;181962;182658;181958;181963;181959;181976;182005;181993;182038;181999;181988;181968;182062;182014;182025;181934;182049;181981;181983;181971;183263;182070;182056;181989;182057;181952;182065;182044;183268;69560;69561;69562;69564;69563;69565;69566;69567;78262;69568;69571;69570;69572;69569;69574;69573;69575;69577;69576;78263;69578;69579;69581;69580;69582;69583;69587;69586;69584;69585;69588;78264;69589;78265;78266;78270;78269;78267;78268;69591;69590;69593;69595;69596;69594;69592;69597;69598;69599;69602;69601;69605;69604;69600;69609;69608;69607;69603;69606;69610;69611;69614;69613;69616;69615;69612;69617;69619;69622;69621;69624;69620;69626;69623;69625;69618;69628;69627;69630;69631;69632;69633;69635;69629;69637;69634;69638;69639;69636;69642;69640;69641;69643;69644;69645;69646;69648;69649;69647;69652;69651;69654;69650;69655;69656;69657;69653;69659;69658;69662;69660;69661;69663;69664;69665;69666;69668;69669;69671;69667;69672;69670;69675;69674;69673;69678;69677;69676;69679;69680;69682;69683;69681;69685;69684;69687;69686;69690;69688;69691;69692;69693;69689;69694;69695;69698;69699;69697;69700;69696;69703;69701;69704;69702;69705;69707;69708;69706;69709;69712;69710;69713;69711;69714;69715;69716;69718;69717;69720;69721;69722;69723;69719;69724;69727;69725;69726;69728;69729;69731;69730;69733;69732;69734;69735;69736;69738;69737;69739;69741;69742;69743;69740;69744;69745;69746;69747;69748;69749;73126;69753;69751;69754;69752;69750;69755;69757;69758;69756;69760;69759;69761;69762;69764;69766;69767;69763;69765;69768;69770;69771;69769;70219;70220;70218;70221;70223;70226;70224;70222;70225;70229;70230;70228;70227;70231;70233;70234;70567;70568;70232;70569;70896;70897;70898;70899;70901;70902;70904;70903;70900;70906;70905;70907;70908;71078;71079;71269;71266;71270;72266;71267;71395;71268;71397;71396;71401;71398;71400;71399;71574;71575;71578;71576;71580;71577;71581;71579;72289;72290;71582;72292;72293;72291;72295;72294;72296;72297;72302;72299;72300;72298;72303;72301;72305;72306;72304;72745;72747;72748;72749;72746;72944;72945;72750;72946;72751;72947;72948;72951;72950;72949;73059;73058;73061;73060;73227;73229;73228;73230;73231;73233;73232;73235;73438;73237;73569;73236;73234;73651;73650;73652;73649;73655;73653;78272;78271;73654;78274;78273;78277;78275;78276;78280;78279;78278;78281;78284;78282;78283;78287;78286;78289;78285;78288;78292;78291;78290;78295;78294;78293;78296;78297;78298;78299;78300;78301;78302;78303;78305;78309;78304;78307;78306;78308;78310;78312;78311;78313;78316;78315;78314;78318;78317;78319;78320;78321;78322;78324;78325;78326;78323;78330;78327;78329;78331;78328;78332;78335;78336;78337;78334;78333;78339;78340;78338;78341;78342;78344;78343;78345;78346;78347;78348;78349;78351;78350;78353;78354;78352;78355;78356;78357;78358;78359;78360;78361;78362;78364;78363;78365;78366;78367;78448;78558;78485;78559;78484;78560;78562;78561;78658;78777;78779;78778;78780;78872;78873;78781;78874;78875;79295;79292;79294;79296;79293;79297;79558;79559;79562;79561;79560;79298;79840;79725;79841;79842;79874;79873;79875;80122;80414;80415;80417;80419;80418;80416;80921;80557;80461;80922;81024;81320;81321;81322;81323;81324;81326;81325;81328;81330;81329;81327;81673;81677;81827;81676;81828;81675;82043;81674;81826;82044;82046;81829;82047;82045;82508;82509;82507;82506;82832;82831;82834;82833;82836;82858;82856;82835;82857;83057;82859;83058;83056;83059;83269;83270;83271;83268;83272;83280;83493;83494;83880;83495;83496;83497;83882;83881;83883;83884;83885;83974;83973;83975;83977;83976;83978;84129;84243;84244;84128;84245;84246;84248;84247;84251;84249;84293;84250;84370;84369;84372;84592;84371;84593;84594;84595;84623;84624;84596;84625;84925;84647;84927;84926;84928;84929;84931;84930;85044;84964;85231;85232;85045;85451;85452;85230;85453;85454;85455;85456;85457;85458;85631;85632;85633;85747;85748;85751;85750;85752;85749;86073;86074;86076;86075;86495;86496;86355;86356;86635;86634;86636;86638;87014;86637;86771;86770;87339;87341;87340;87016;87342;87015;87344;87347;87346;87345;87343;87348;87351;87349;87352;87353;87354;87350;87355;87379;87967;87380;87968;87966;87969;87970;87971;87972;87990;87973;87974;88656;87991;88658;88655;88659;88657;88661;88663;88660;88662;88756;88664;89119;89837;89120;89838;89839;89842;89841;89840;89843;89845;89844;89846;89965;89847;89848;89966;89967;90154;90100;90155;90270;90267;90268;90271;90269;90272;90274;90273;90364;90365;90513;90629;90630;90631;90366;90632;90777;90633;90776;90514;90778;90865;90866;90864;91047;90867;91239;91048;91240;91463;91241;91464;91465;91466;91467;91468;91470;91471;91627;91628;91469;91629;91769;91768;92221;91858;92223;92469;92222;92470;92472;92471;92661;92662;92664;93008;93009;92663;93010;93011;93012;93013;93014;93015;93251;93016;93252;93253;93743;93536;93744;93537;93538;93540;93539;93665;93745;93789;94018;94022;94021;94019;94020;94183;94341;94182;94682;94681;94342;94685;94684;94683;94686;94974;94973;94975;94977;94976;95609;95893;95896;95894;95897;95895;95935;95898;96282;96284;96283;96394;96395;96632;96806;96631;96805;96807;97022;96808;96809;97023;97024;97025;97147;97146;97148;97149;97329;97553;97555;97554;97896;97897;97556;99035;97557;99036;99038;99039;99037;99186;99419;99418;99530;99529;99531;99535;99532;99533;99534;99711;99712;99713;99714;100106;100274;100105;100553;100552;100275;100554;100276;100637;100638;100636;100640;100641;100643;100639;100644;100642;100873;100874;101000;101001;101003;101004;100999;101002;101064;101271;101551;101273;101272;101270;101934;101958;102177;101933;101959;102178;102179;102180;102367;102208;102502;102181;102544;102545;102547;102546;102864;102548;102865;102863;102866;102867;102869;102868;102870;102872;102873;102871;102876;102874;102875;102877;103224;103226;103227;103225;103228;103309;103229;103650;103310;103651;103652;103572;103653;103603;103604;103601;103602;103600;103755;103822;103824;103825;104180;104179;103823;104182;104183;104181;104393;104392;104394;104704;104395;104707;104705;105050;104706;105051;105053;105055;105052;105417;105054;105418;105420;105419;105421;105422;109555;109182;109367;109695;109696;109368;109697;117342;109698;109700;109699;109701;110199;110197;110198;110200;110201;110202;110458;110460;110457;110462;110459;110461;110463;110783;110784;111552;111338;111553;111337;111611;111612;111610;111609;111702;112090;112091;112092;112094;112095;112093;112097;112096;117343;117345;117344;117348;117346;117347;117603;117605;117604;117606;117607;117922;117608;117923;117924;118210;118211;118212;118361;118213;118363;118362;118595;118802;118803;118805;119464;119465;118804;119687;119466;119467;119468;119470;119473;119471;119472;119469;119474;119476;124199;119477;119688;119478;119475;121359;121360;121361;119814;119689;119815;119812;119813;105516;105620;106171;105517;106169;106168;106170;106690;106693;106691;106692;106930;106694;106695;106932;106931;106933;106935;106936;106934;107235;107236;107238;107241;107240;107237;107239;108414;108597;108599;108598;108601;108602;108600;108603;108845;108844;108691;108847;108846;108848;109369;108849;108850;108852;108851;109183;109184;109185;121132;109186;121369;121131;121130;121370;122034;123081;122096;122758;122602;122035;122759;123082;122760;123083;123084;123086;123087;123085;123088;123091;123090;123957;123956;123089;123958;124200;124654;124653;124655;125604;125092;125293;125292;125295;125314;125294;125605;125739;125955;125903;127061;127060;125904;125902;127062;127063;126346;127064;127065;127067;127066;127068;127071;127069;127070;127072;127073;127074;127075;127468;127810;127811;127813;127812;127814;127815;127816;127817;127818;127819;128291;128292;128293;128294;128617;129007;129005;129006;129010;129009;129008;129011;129013;129012;129014;129407;129564;129565;129568;129566;129567;129569;129570;129796;129798;129797;129852;130281;130282;130280;130403;130471;130609;130404;130610;131239;131083;131241;131240;131243;131242;131244;132321;132026;132323;132322;132324;132754;132755;132756;132757;133005;133006;133004;133557;133007;133558;133559;133560;133653;133869;133870;134119;134120;133871;134571;134572;134570;134574;134573;134575;134682;134680;134681;135710;135934;135935;135938;135937;136625;136624;135936;136627;136628;137092;136629;137093;137094;136626;137098;137097;137095;137096;137099;137100;137101;138052;138631;138053;138054;138055;138056;138057;138632;138060;138058;138634;138061;138633;138059;138637;138638;138636;138639;138641;138640;138635;138642;138643;139083;139086;139084;139088;139085;139089;139087;139090;139092;139091;139093;139548;140086;139550;139549;140092;140090;140088;140091;140096;140093;140095;140085;148126;140094;140210;140089;140087;140612;140206;140207;141982;140611;141969;141961;141950;141981;141980;141992;141979;142981;142984;141944;142978;142980;142976;142974;142977;142983;142979;142975;143887;142993;143367;144465;144471;144463;173278;144472;144461;144467;144459;144470;144473;144464;144460;144468;144469;144466;144462;144458;145003;144997;144994;144993;145004;145005;145001;144998;145008;145000;145009;144990;144989;145010;144992;144999;145002;144991;144995;144988;145458;145451;146567;146569;146818;146814;146570;146819;147916;147915;147917;147918;147919;148131;148377;148899;148378;148132;149430;149432;148898;149783;149431;149784;149814;149791;149868;149866;149862;149872;150150;151514;151508;151509;151518;151517;151519;151515;151522;151521;151513;151510;151511;151512;151520;151507;151934;153171;151933;153160;153167;153162;153166;153165;153169;153170;153163;153164;153882;153161;153861;153859;153864;153860;153863;153858;154188;154901;154897;154899;154900;155372;155607;155354;156174;155758;156264;156877;156867;156870;156868;156864;156871;158193;157410;158177;158195;158192;158587;158589;158696;158695;158697;158790;158986;159561;159562;159563;158791;159555;160332;160334;160333;159909;159910;161492;161610;162009;162001;161993;161992;161994;161995;162004;161996;162008;161998;162003;161997;162308;162832;162834;162831;162830;162835;162833;162836;163864;163868;163861;163870;163862;163867;163853;163866;164361;163852;164356;164358;163869;164360;168435;164948;165988;166356;165986;165994;168604;168597;168596;168613;168612;168600;168605;168617;168608;168601;168599;168598;168614;168607;168606;170542;170523;170525;170527;170543;170547;170544;170524;170548;170538;170539;170541;170528;170540;170550;170552;170546;170553;171045;171040;171050;170545;171055;171044;171499;171217;171650;171019;171020;171866;171862;171850;171863;171849;171865;171855;172184;172208;171847;171851;172192;172217;172188;173284;172181;173280;173272;173283;173281;173282;173274;173273;173279;173938;173966;173965;173940;173954;173953;173932;173936;173935;173968;173943;173941;173934;173933;174617;174623;173955;174622;174620;175089;174621;174618;175090;175095;175097;175088;175092;175093;175091;176259;176269;176267;176268;175094;175096;176753;176764;176258;176266;176755;176765;176763;176759;176758;177071;176769;177066;177015;177065;177012;177069;177067;177068;177376;177374;177072;177070;177904;177906;177908;178512;177909;177903;178498;177907;178499;178510;177924;178509;178500;178504;178507;178514;178511;178831;178833;179795;178503;179788;179787;179793;179802;179773;179792;179766;179803;179756;179799;180073;180068;180070;180064;180060;180076;180071;180081;180094;180069;180080;180083;180061;181224;180065;181219;181222;180095;181218;181220;181223;181221;181217;181225;181853;181851;181850;181855;181852;181854;181856;181848;181847;181849;182704;182715;182709;182700;182713;182702;182705;182701;182707;182703;182706;182711;182699;182714;182710;182717;182718;182708;182716;182712;183851;183848;183847;183849;183852;183845;183842;183846;183843;183850;183853;183844;183408;183405;184074;183406;183407;184392;184395;184386;184388;184391;184389;184390;184393;184387;186589;184394;186588;186592;186590;186591;186593;187064;186594;187708;187710;187711;187712;187707;187709;189394;189391;189392;189393;189390;189395;90798;157546;157624;157524;157691;157677;157693;157654;157476;157534;157555;157539;157590;157578;157714;157617;157709;157705;157618;157501;157602;157660;157627;157650;157685;157605;157547;157492;157681;157635;157713;157679;157632;157571;157519;157686;157499;157574;157698;157634;157553;157554;157498;157689;157597;157633;157672;157657;157566;157606;157509;157695;157721;157671;157527;157644;157706;157699;157594;157477;157612;157620;157616;157692;157582;157652;157619;157535;157665;157538;157637;157664;157639;157622;157645;157584;157687;157599;157510;157491;157700;157609;157552;157523;157707;157520;157548;157506;157658;157629;157613;157495;157719;157703;157487;157607;157559;157682;157598;157595;157723;157533;157651;157708;157522;157615;157701;157688;157668;157488;157684;157611;157711;157525;157515;157680;157669;157583;157710;157593;157490;157647;157478;157674;157569;157728;157572;157621;157696;157500;157587;157724;157648;157526;157608;157655;157475;157588;157483;157470;157561;157482;157649;157504;157610;157562;157573;157636;157514;157697;157541;157473;157653;157715;157659;179412;157560;179413;157586;157536;157530;157511;157646;157716;157642;157600;157484;157718;157544;157565;157471;157558;157486;158840;157673;157563;157704;157481;157576;157542;157726;157729;157516;157603;157643;157676;157591;157556;157663;158854;157623;158839;157496;157638;157564;157702;157683;157505;157550;157512;158874;157604;158851;157577;157518;157630;157485;157517;157532;157712;158878;157725;157507;157575;157513;157581;157579;157521;157557;157497;157568;157625;157656;157479;157667;157662;157545;157596;157528;157493;157589;157502;157537;157508;157720;159005;157628;157472;157469;157717;157585;157640;157494;157503;157631;157480;157626;157529;157540;157570;157661;157474;157551;157675;157727;157489;157722;157666;157592;157531;157601;157678;157567;157694;157543;157670;157641;157580;157690;157614;158848;158879;157549;158858;158872;158834;158846;158871;158847;158843;158869;158865;158826;158831;158855;158860;158841;158852;158859;158856;158832;158833;158864;158862;158825;158837;158835;158853;158849;158838;158863;158824;158844;158829;158845;158828;158827;158861;179418;161140;179417;158823;167686;167685;161109;161143;161144;161122;161112;161130;161111;161134;161147;161146;161105;161101;161125;161110;161139;161104;161138;161141;161142;161126;161136;161115;161103;161099;161090;161156;161131;161129;161102;161133;161096;161137;161145;161094;161124;161092;161127;161123;161157;161114;161100;161128;161135;161093;161116;161108;161117;161132;161095;161107;161091;161113;161097;161369;167673;167711;167702;167676;167661;167659;167660;167654;167713;161482;167706;167703;167714;161901;161899;161904;161903;161902;167719;161900;167696;167666;167683;167655;167687;167671;167679;167710;167656;167709;167707;167721;167708;167664;167691;167715;167672;163347;163440;163346;163349;167701;163343;167699;163344;163341;163345;167704;163342;167688;163519;167698;163437;167695;167665;163907;167716;163908;167657;167694;164022;163906;164023;164024;164021;164025;163889;163905;163903;167663;163904;167681;167668;167677;167720;164270;167669;164271;167705;164522;164526;167712;164524;164525;167682;164527;164816;167680;167697;167689;165808;166063;165790;166135;165791;166065;165814;167678;166064;165825;166133;167718;167684;166134;167653;167670;166249;167693;167723;167658;167667;167674;167692;167662;167652;167700;167675;165794;167722;167690;166066;167717;166267;166401;166406;166320;166402;166405;166397;166270;166260;166269;166403;166399;166268;166404;166462;166613;166508;166673;166509;166507;166511;166505;166675;166504;166672;166614;166510;166615;166523;166524;166522;166808;166893;166895;166898;166894;166929;166892;166897;167311;167293;167438;167309;167436;167310;167289;167461;167437;167313;167291;167307;167315;167304;167302;167308;167312;167290;167430;167300;167460;167297;167435;167298;167299;167429;167431;167305;167316;167301;167317;167450;167444;167294;167314;167447;167448;167292;167445;167459;167440;167446;167306;167303;167439;167442;167449;167441;167506;167288;167954;167989;167443;167973;167982;167985;167974;167967;167956;167965;167998;167957;167995;167990;167994;167960;167997;168001;167975;167953;167961;167984;167966;167981;167962;167969;167979;167955;167996;167991;167992;167977;167958;167970;167988;167959;167971;167983;168000;167987;167999;167972;167986;167835;167847;167964;167968;168009;167978;167844;167976;167837;167866;167853;167836;167846;167980;167993;167833;167843;167882;167864;168038;168034;167845;167750;168866;168039;168475;168135;168853;168477;168871;168868;169491;168867;169725;168854;170030;169724;170031;170032;170028;169992;170049;170086;170080;170029;170083;170088;170087;170085;170081;170090;170084;170089;170146;170570;170147;179414;179415;170155;170551;170604;170566;170584;170567;170549;170583;170571;170575;170580;170576;170577;170582;170603;170602;170572;170601;170578;170581;170579;170599;170568;170526;170689;170698;171165;171124;171179;171360;171123;171359;171462;171864;171358;171739;171729;171731;171742;171738;171856;171736;171716;171737;171740;171728;171735;171741;171854;171857;172008;171730;171999;172003;172002;172007;172005;171988;171989;172004;172001;171990;172145;172125;172006;172494;172493;172152;172594;173054;173350;173390;173389;173053;173348;173445;173438;173911;173436;173915;173914;173920;173907;173916;174576;179416;174007;174593;174574;174582;174673;174630;174584;174695;174723;174606;174682;175030;175032;175031;175143;175144;175629;175625;175609;175638;175647;175635;175646;175651;175618;175658;175673;175632;175636;175622;175655;175652;175663;175620;175631;175653;175660;175617;175610;175612;175608;175649;175621;175633;175639;175637;175650;175624;175626;175603;175642;175611;175627;175613;175648;175577;175614;175604;175616;175615;175662;175619;175630;175640;175606;175657;175634;175605;175654;175643;175659;175607;175644;175623;175571;175641;175645;176155;176122;176163;176154;176153;176167;176182;176184;176152;176151;176161;176181;176179;176117;176156;176187;176180;176185;176177;176173;176176;176112;176158;176174;176175;176157;176172;176178;176183;176126;176159;176170;176169;176171;176166;176186;176162;176188;176164;176160;176168;176165;176116;176189;176129;176125;176120;176127;176128;176130;176124;176131;176123;176055;176056;176054;176051;176121;176231;176119;176234;176668;176669;176387;176724;176667;176417;176725;176732;176731;177349;177479;177350;177628;177629;177625;177630;177626;177600;177616;177779;177777;177783;177839;177772;177838;177778;177782;178194;178213;178296;178214;177793;178294;178307;178284;178309;178295;178306;178308;178419;178420;178418;178724;178723;178725;178726;178451;178722;179329;178721;178467;179228;179222;179249;179230;179217;179229;179328;179218;179248;179250;179219;179220;179366;179367;179221;179442;179703;179441;179443;179617;179622;179620;179621;179619;179618;179624;179623;179627;179625;179626;179611;179702;179610;179897;179834;179832;179899;180078;180177;180272;179898;179833;180271;180555;180554;181268;180553;181269;180552;181430;181270;181434;181431;181429;181435;181433;181428;181438;181437;181440;181432;181439;181436;181799;181805;181795;181803;181808;181801;181802;181809;181800;181794;181807;181793;181796;181798;181806;181804;181797;181810;182075;182074;181897;182813;181896;182692;182814;182697;182695;182693;182696;182685;182688;182686;182687;182816;182815;182694;183054;183053;183056;182810;183236;183237;183217;183417;183216;183212;183673;183672;183666;183668;183219;183218;183665;183671;183421;183257;183258;183419;183424;183423;183425;183420;183422;183418;183674;183670;183894;183669;183667;183675;183895;184037;183977;183897;183896;183898;184350;184447;184446;184355;184353;184352;184448;184351;185908;184354;185907;185909;184445;186220;185906;186293;186527;186733;186528;186529;186751;186941;186750;186947;186942;186945;186918;186944;186920;186919;186946;186922;187055;186949;186921;187027;187128;186948;186943;187028;187127;187214;187215;187636;187643;187637;187641;187642;187644;187635;187984;188005;188015;188008;188010;187681;188014;188006;188013;188007;187981;187982;187985;188009;188012;187983;189263;188011;189114;189260;189262;189115;189261;189259;189273;189620;189621;189627;189623;189625;189619;189622;189757;189626;189624;27596;31417;33225;32322;30214;32323;41062;42977;42372;34963;45592;34964;43828;40822;25904;44339;148708;153836;27854;34021;61463;11882;16193;186710;144568;142362;142023;143421;143420;181676;143419;141262;106979;122718;106980;156165;156184;14251;72602;90005;90006;35403;62810;69513;62812;62811;58607;23841;11105;34393;24240;25086;24816;24015;26970;19387;32398;24013;18041;22511;22510;72397;72396;72672;31049;179311;137180;25931;137181;131193;186689;117405;106870;106871;117406;122854;117407;124411;126338;183502;55285;76309;55284;73965;179041;74186;170204;11994;73291;73292;73290;62627;176074;168371;180574;87766;96315;76307;81317;169504;81318;76308;135973;135974;174000;174930;176547;174931;180165;177631;177926;77367;178437;77369;77370;76774;176519;76773;44876;87776;25337;24280;24281;42261;54831;84432;25706;33762;19703;38973;38876;76589;38875;25348;87777;25161;35454;20297;177646;177645;186330;12010;57729;28361;46242;12011;31351;46241;10026;34097;34096;38829;24233;28332;136761;38830;136760;58649;58648;110289;110292;110293;110290;66555;66554;24232;58652;51395;70498;88881;49674;73762;55670;72583;77327;82295;38947;20949;35430;43007;51527;51191;33550;50071;55819;65643;65642;42370;53829;71040;84987;71038;14270;11649;12114;68928;68927;93405;93401;93402;93406;93403;34242;11995;11996;23637;42105;35473;69316;69317;55692;67258;33901;55691;40621;27527;25218;25219;33108;96317;20174;45503;29899;103304;103305;103303;145682;145595;25083;21772;145662;145644;145660;145599;145642;145573;145592;145649;145673;145627;145583;145591;145598;145596;145688;145610;145681;145674;145651;145640;145656;145630;145620;145601;145575;145683;145685;145588;145616;145669;145650;145663;145675;145602;145690;145670;145678;145612;145613;145581;145586;145625;145637;145652;145676;145611;145668;145647;145631;145617;145622;145589;145638;145648;145684;145679;145587;145641;145572;145633;145576;145657;145618;145628;145624;145635;145664;145597;145579;145607;145654;145687;145646;145594;145593;145614;145680;145665;145672;145653;145667;145658;145645;145634;145580;145590;145608;145666;145619;145606;145686;145600;145643;145623;145615;145621;145661;145578;145603;145609;145639;145659;145605;145574;145629;145677;145689;145632;145655;145636;145604;145585;145584;145921;145582;145671;145626;146041;145577;145938;145912;145984;145983;145869;145834;145949;145950;145972;145976;145935;145895;145807;145993;145852;145801;146010;145901;145979;145796;145866;145942;145827;145929;145948;145803;145958;146014;145818;145830;145994;145974;146006;145858;145992;146011;146003;145985;146027;146004;145828;145982;146012;146034;145884;146000;145897;146008;145798;145991;145889;145814;145941;145955;146039;145842;145967;145936;145851;145794;145799;145823;145903;145952;145808;145810;146007;145825;146022;145863;146023;145850;145995;145885;145795;146018;145841;145975;145812;145876;145966;145874;145930;145886;145831;145946;145838;145928;145971;145934;145856;145947;145797;145960;145999;145906;145913;146024;145853;145953;145997;145954;146029;145822;145846;145802;145905;145970;145981;145879;145804;145956;146025;145861;145870;145951;145908;146013;145867;145907;146021;145916;145996;145819;145964;145805;146030;145843;145859;146005;145919;145833;145836;145878;145868;145909;145940;145840;145857;146040;145882;145887;145871;145957;145811;145845;145837;145986;145839;145835;145924;145849;145813;145917;146028;145806;145883;145880;145815;145965;145896;145977;145826;145865;146037;145890;145881;145939;145877;145998;145809;145854;146038;145943;146019;145875;145904;145872;145968;145820;145824;145987;145922;146031;145898;146035;145973;146036;145978;145959;146026;145899;145900;145926;146020;145893;145944;145873;145888;145918;146032;145910;146015;145864;146016;145832;145915;145969;145821;145911;145848;145847;145914;146001;145961;145980;146042;145816;145860;145891;145989;145844;145927;145932;145923;145855;145988;145925;145945;145817;145892;145894;145933;145963;146017;145902;145920;145829;145990;145800;145962;145862;146002;146009;145931;145937;145570;145698;146033;146089;145791;146802;146490;146552;145792;146539;146548;146800;146872;146965;146871;146870;146964;146963;147713;147191;146994;147887;148033;147137;148188;148187;148420;148281;148424;148318;148686;148422;148687;148688;148941;148863;149026;148940;149237;149775;149746;149741;149732;149874;149738;150034;149743;149757;149730;149774;149740;149764;149767;149778;149752;149751;149729;149747;149759;149781;149779;149768;149758;149771;149750;149770;149773;149739;150031;149749;149777;149753;149748;149763;149772;150033;149754;149765;149737;149728;149766;149745;149731;149733;149756;149734;150045;149736;150032;149755;149762;149769;149744;149780;149776;149761;150044;150065;150297;150298;150064;150385;150384;150835;150838;150841;150833;150831;150836;150840;150842;150832;150837;150830;150834;150839;151362;151151;151365;151367;151145;151364;151363;151144;151366;151147;151146;152066;151431;151879;151876;152067;152168;151797;152358;152367;152596;152359;152461;152574;152575;152455;152468;152583;152572;152588;152573;152454;152591;152576;152594;153150;153151;152582;153149;153412;153155;153410;153409;152893;153411;153520;153590;153519;153539;153521;153763;153532;154157;154156;154272;154158;154642;154050;154644;154329;154649;154872;154877;154884;154874;154870;154871;154873;154979;155337;154969;155033;155098;155070;155047;155173;155049;155029;155069;155041;155083;155037;155040;155036;155055;155035;155189;155064;155084;155195;155176;155095;155205;155187;155338;155051;155344;155063;155188;155044;155186;155061;155031;155125;155065;155032;155066;155039;155046;155028;155062;155030;155343;155175;155340;155145;155050;155198;155147;155054;155097;155027;155156;155099;155136;155163;155196;155057;155124;155199;155180;155161;155038;155034;155043;155068;155052;155045;155116;155067;155077;155078;155053;155056;155042;155558;155556;155561;155339;155341;155560;155135;155555;155557;155562;155342;155554;155619;155588;155839;155997;156117;155996;155838;156118;156238;156125;156444;156235;156796;156795;156236;156237;156239;157080;157155;157330;157328;157156;157205;157381;158087;158088;158086;158117;158988;157406;159302;158435;158946;158953;158488;158945;159220;158944;160300;160252;160967;160253;160913;160920;160908;160958;160909;160921;160910;160916;160963;160968;160951;160904;160914;160965;160899;160919;160902;160969;160949;160948;160900;160954;160952;160912;160957;160956;160915;160962;160918;160925;160953;160907;160901;160922;160961;160955;160924;160895;160950;160911;160923;160903;160964;160947;160960;160897;161165;161668;161004;161667;161669;161721;161969;161768;162987;162988;162989;162992;162991;162990;163658;163712;163659;164418;164954;163754;164953;165202;165682;164955;164956;166460;166172;167135;167157;167184;166461;167189;167188;167143;167174;167183;167172;167185;167158;167149;167176;167170;167144;167175;167161;167163;167162;167164;167096;167190;167154;167168;167192;167147;167191;167186;167171;167187;167180;167120;167160;167119;167133;167159;167122;167177;167140;167178;167094;167121;167181;167134;167740;168216;168422;168832;169972;169962;170628;169705;171692;173838;174386;174388;171698;174012;174251;176149;175891;176144;175848;175868;175897;175898;175847;175837;175877;175887;175893;176148;175896;175892;175860;175905;175856;175850;175858;175886;175852;175889;175907;175890;175845;175869;175913;175876;175912;175910;175906;175888;175904;175911;175885;176390;177539;177669;177667;177668;177735;178196;177621;178195;179461;179463;179460;179183;179462;181634;181246;181894;181625;183196;183000;183193;183343;183726;183434;184198;185645;183728;183727;185627;185621;185617;185633;185632;185639;185648;185629;185637;185628;185625;185635;185636;185622;185623;185630;185649;185638;185624;185619;185634;185640;185626;185644;185641;185642;185647;185620;185631;187731;185646;185616;187734;187733;185643;185618;187732;187741;187739;187736;187735;187740;187738;187737;187870;187871;188076;188075;187856;187873;187867;187865;187874;187864;187875;187868;187869;187872;187876;187916;187866;189305;189306;21793;21794;188053;188052;21796;189745;21795;21797;21919;21921;21920;21799;21800;21798;21802;21803;21923;21801;21924;21804;67025;21922;21805;21807;21925;21808;21806;21809;21926;21810;67026;21811;21927;21928;21813;21814;21812;21929;21930;21815;21931;21932;21934;21816;21817;23980;21818;21933;67027;21819;21820;23981;21821;21822;21823;21935;21936;21937;21824;21938;21825;21827;21830;21939;21826;21829;21828;21831;21832;21833;21942;21834;21940;21941;21835;21943;21836;67028;21944;21838;21840;21839;21945;21946;21947;21841;21842;21837;21948;67029;21843;21951;21949;21844;21950;21953;21845;21952;21954;21848;21846;21956;21847;67030;21955;21849;21851;21957;67033;21959;21958;21850;21960;21852;67031;21855;21853;67032;21961;21854;23982;21856;21962;67034;21858;21963;21857;23983;21964;21859;21965;21861;21862;21863;21860;21966;21864;21866;21967;21865;21867;21868;21968;21869;21873;21872;21870;21874;21871;21970;21875;21972;21969;21971;21876;21973;21975;21877;21878;21974;21879;21977;21978;21881;21976;21882;21979;21883;21880;21884;21885;21980;21981;21887;21886;21888;21982;21889;21983;21890;21984;21891;21986;21985;21989;21892;21988;21987;21894;21895;21990;21896;21991;21992;21893;21897;21898;22134;21993;22275;22274;21994;67035;21900;22082;21996;22135;21901;21995;22064;21903;21899;21997;21902;21904;21999;22036;22000;21998;21905;22001;22065;22002;22037;22038;22103;21906;22039;22104;22276;22277;22066;22238;22161;22067;22278;22162;22136;22320;22137;22163;22197;22138;22207;22280;22281;67036;22258;22279;22282;22340;22164;22337;22321;22338;22425;22339;22423;22450;22426;22424;22513;22422;22484;22485;22427;22514;22879;22880;36335;67037;36520;36238;37153;37714;37577;36309;37281;36615;37097;37366;23941;23789;23788;24005;23942;23984;23944;23943;24285;24023;24024;24287;24286;24877;24288;36838;24289;24357;24358;24818;24702;24290;24673;67038;24704;24674;24727;24703;24878;24919;25041;25006;24763;24920;25042;25095;24764;25043;25044;67040;67041;67039;25126;25007;67045;67048;67047;67043;67046;67044;67042;67049;25223;43639;25150;25175;43640;25204;25298;67050;25205;25353;25206;43641;25254;25256;25255;25224;25257;25447;43642;25403;67051;25354;25574;38103;25355;36608;25526;25462;37778;25497;25496;25498;25495;25501;25499;25575;25500;25502;25527;43643;25576;25577;25528;26203;25613;25712;25578;43644;43645;25579;25580;25777;43646;43647;25614;25908;25713;67053;25714;67052;43648;67054;25715;38130;25739;25740;25741;25812;43649;37749;36643;25832;67055;25778;25813;25849;26004;26003;67057;67056;25850;27538;25972;26073;26074;25949;43651;25958;43650;26028;43652;25973;26973;26974;26204;26075;26076;26077;26205;43653;26929;26207;43654;43655;37953;26206;43657;43658;37552;43659;37788;43656;36400;27539;37507;27540;27541;27543;27542;37627;37428;67059;43660;67058;37834;36452;37318;37449;37859;38001;36664;67060;29190;36614;36264;43661;37163;36661;29750;37591;43662;29255;29751;29256;67061;29752;43663;43664;29730;67062;29753;29754;29731;29966;29931;43665;43666;29901;43668;30022;29932;43669;29967;30154;43670;29934;43667;43671;29933;30222;30221;30044;31054;31138;43672;43673;30220;31301;31141;31140;31310;31995;31139;43674;43675;31302;31586;31168;31997;43676;31293;31996;31142;31627;31424;43677;43678;31609;31684;31741;43679;31610;32139;31946;31685;31947;31998;31999;43680;43682;43681;43683;32001;32002;32456;32000;43684;32326;43685;32401;43686;43687;43689;33258;43688;33109;33364;43691;33110;33365;33111;43690;43692;33366;33448;33172;33524;43693;33170;33399;33400;33229;33142;33171;43694;43696;33736;43695;33735;43697;33489;33490;33449;43698;33525;43699;43702;43701;37794;43703;43704;33526;43700;43705;34051;43706;67063;34052;43707;43708;33890;34170;34062;43709;43710;34278;34326;34222;43711;34462;43712;34502;34375;36765;34339;34503;43713;34463;37062;37176;35186;43715;36485;43714;43716;37692;35263;37341;43718;35260;43719;35172;35187;43721;43717;35310;43723;35173;43724;43720;43725;35650;43722;35311;35312;35589;35353;35424;35590;43726;43727;43728;35591;35603;35718;38891;36021;35719;35767;35602;35780;35651;35789;38867;43729;43731;43732;43730;35966;36089;35768;43733;38893;38892;35965;35931;38895;43737;43734;36039;43738;38894;43735;43736;43739;36107;43740;43741;43742;36155;38896;38897;43743;38899;36188;38898;36187;43744;43745;38900;38901;38903;38902;43747;38721;43746;43748;67064;43750;67065;43749;38868;67066;43751;43753;43752;39303;43754;43755;38930;39373;43756;39423;43757;39424;43758;39438;43759;43761;43760;43763;39523;39585;43762;39524;43764;43766;43767;43765;43768;40344;39801;40345;43770;43769;40394;43772;40423;43771;43773;40437;43774;40436;40532;43776;43775;40593;40533;40626;40625;43777;40779;40753;40808;43778;43782;43779;43780;43783;43785;43787;43781;43789;40878;43784;43786;43788;40893;40894;40933;40932;43790;43792;40934;43791;43793;43794;43795;41627;43797;43799;43796;42059;43798;42071;42151;43800;43802;43801;43803;43805;43804;42257;43806;42266;42265;42295;42296;42309;67069;67067;67068;42330;67070;67071;67072;67074;43807;67077;67073;67075;43808;43809;67076;43031;43070;43812;43810;43354;43072;43071;43811;43355;43357;43356;43359;43358;43624;43625;43817;44026;43832;43866;44028;44027;43878;44096;44395;44099;44427;44428;44097;44098;44598;44948;44677;44647;44648;44949;44649;44671;44969;44962;45053;44968;45066;45067;45068;45088;45090;45089;45361;45092;45363;45362;45091;45364;45367;45346;45093;45442;45368;45347;45366;45365;45443;46873;45444;45594;46754;46755;45582;46757;46756;46256;46760;46759;46758;46258;46257;46694;46695;46696;46874;46762;46763;46761;47031;47101;48265;47129;47788;47702;47102;48408;47032;47703;47737;47739;48341;47741;47740;47790;47805;47738;47789;47806;48266;48342;47866;47867;48267;48343;47865;48218;48217;48909;48268;48269;48302;48303;48409;48741;48911;48219;47903;48742;48910;48301;48744;48912;48745;48743;49179;49203;67078;49204;49180;49182;49181;67079;49183;49633;49261;67080;49262;49713;49634;49715;49716;49936;49714;49810;49781;49811;49812;49809;49813;50790;50794;50792;50793;49814;50791;50003;50797;50796;50801;50799;50800;50795;50802;50803;50798;50808;50807;50810;51144;50804;50806;50805;51775;50863;50809;51779;51776;51777;51780;50862;51145;51778;51781;51783;51146;51782;51784;53413;51785;51885;53415;53414;51886;51426;51786;53831;53416;51888;51887;53417;53422;53418;53421;52505;53419;53420;53423;52510;52506;52508;52509;53424;52507;53427;53428;53426;52617;52757;52943;53425;52945;53429;53239;53504;53577;52944;53430;53338;53494;53431;53339;53434;53433;53432;53599;53643;53598;53814;53813;53600;53642;53601;53871;54936;53870;53872;67081;53815;67082;67084;54937;54938;55110;55000;55835;67083;55001;55837;55836;55404;55405;67085;55536;55515;55609;56260;56262;56261;56264;56263;56265;56266;55838;56267;55839;56270;56268;56269;55863;55840;55861;55862;55860;55864;55996;55997;55924;56271;56272;56072;56071;56273;56073;56128;56129;56126;56046;56127;56276;56249;56248;56247;56274;56275;56312;56780;56338;56380;56514;56408;56311;56535;56559;56569;56558;56621;56695;56536;56570;56781;56783;56782;56654;56694;56878;56880;56784;56973;67086;56985;57373;57376;56879;57068;57374;57375;57378;57379;57377;57291;57140;57307;57381;57380;57404;57406;57485;57405;57487;57486;57488;57354;57562;57668;57642;57667;57731;57730;57692;57669;57733;57734;57732;57777;67087;57779;57778;57807;57808;57806;57809;57780;57922;57951;57810;57924;57878;57864;57923;57962;57961;57960;57983;57982;58042;63564;57984;57985;58096;58109;58041;58294;58344;58108;58390;58404;58345;58276;58275;58457;58403;58458;58502;58519;58663;58504;58665;58664;58685;58584;58752;58503;58849;58850;58778;58803;58879;58666;58851;59020;59021;67088;59165;59212;59019;59214;59058;59233;58852;59388;59213;59378;59412;59294;59414;59413;59312;59609;59479;59482;59480;59570;59481;59918;59560;59919;59920;59925;59923;59922;59921;59926;59927;59924;59931;59933;59930;59934;59935;59929;59937;59928;59936;59737;59719;59932;59687;67089;59838;59949;59938;59738;59998;60000;59939;59981;59999;60066;59960;60121;67090;60067;60054;67093;67094;67091;61398;61399;61397;61400;61437;67092;60001;61554;61450;61464;61599;61651;61600;61720;61683;61661;61722;61682;61753;61626;61754;61791;61999;62047;61721;61789;62048;61790;62066;62081;62084;62083;62104;62082;62085;62103;62217;62126;62187;62206;62127;62431;62484;62395;62316;62396;62521;62485;62523;62520;62522;62597;62630;62598;62524;62720;62596;62763;62871;62764;62910;62928;62911;67095;62862;63006;63100;63171;62920;63187;63005;62921;63207;63565;63567;63566;63306;63305;63571;63570;63569;63568;63575;63573;63572;63579;63578;63576;63574;63580;63581;63670;63577;63672;63432;63671;63431;63673;64081;67097;64381;64383;67096;64382;64385;64384;64386;64536;64492;64537;64512;64511;64562;64691;64692;64729;64730;64896;65132;65134;64731;65133;65137;65138;65142;65141;65135;65139;65140;65144;65143;65136;65145;65147;65149;65148;65150;65146;65152;65154;65155;65151;65153;65159;65158;65156;65061;65157;64939;65031;65032;64971;65160;65161;65062;65079;65064;65163;65162;65080;65166;65063;65164;65225;65167;65554;65224;65165;65226;65227;65634;65555;65530;65618;65694;65661;65644;65725;65693;67098;65903;65726;65771;66204;65920;65770;65987;65988;65932;66027;66217;66003;66002;66257;66206;66001;66396;66205;66430;66397;66528;66485;66429;66673;66521;66451;66701;66702;66675;66674;66887;66791;66776;66947;66965;66888;66997;66996;66998;67183;66775;66946;68859;69140;68940;67235;68941;68858;69022;69142;69215;69144;69143;69245;69141;69247;69336;69434;69246;69791;69496;69779;69497;69936;69999;70104;70179;69937;70001;70000;69998;79148;79149;79150;79152;79154;70344;79151;79153;70483;70464;70400;79155;70501;70570;70572;70547;70633;70634;70571;70685;70635;70686;70688;70687;70747;70699;70769;79156;79159;79157;79160;79162;79158;79161;79163;79164;79165;79166;79167;79168;79172;79171;79170;79169;79173;79176;79175;79174;71179;71236;71237;71178;71379;71271;71274;71273;71272;71357;71354;71501;71380;71355;71540;71356;71539;71583;71866;71865;71978;71584;71901;72044;71979;72153;72205;72045;72268;72350;72246;72351;72352;72437;72490;72491;72492;72436;72863;72267;72493;72592;72561;72673;72864;72694;72803;72866;72804;72865;72733;72732;72805;72910;72987;73064;73063;72986;73062;72988;73085;73163;73084;73192;73276;73162;73191;73309;74126;73319;73387;73320;73105;73277;73464;73578;73580;73675;73656;73579;73712;73790;74128;74127;73923;74141;73922;74226;73791;74227;74142;74309;74311;74094;74310;74334;74333;74471;74472;74312;74335;74475;74474;76429;74473;76170;76430;76431;76217;76218;76538;76432;76684;76537;76687;76685;76623;76686;76716;76715;76838;76837;76779;76948;76688;76839;76840;77006;77031;77058;77059;77034;77005;77033;77121;77060;77188;77384;77286;77239;77439;77505;77546;77032;77187;77506;77508;77507;77509;77584;77609;77991;77564;77989;77990;77692;77993;77781;77992;77834;77835;77879;77994;77996;78396;79177;77918;78043;78070;77995;78397;79183;79178;79181;79185;79180;78487;79182;78486;78489;79179;78488;79184;78517;79186;78490;78607;78605;78608;78606;79187;78751;78702;78516;78876;78609;79188;78783;78782;78895;79189;79219;79313;79361;79300;79299;79338;79220;79563;79642;78860;79643;79695;79726;79694;79693;79843;79877;79727;79876;79881;79879;79878;80088;80105;79880;80107;80056;80124;80106;80123;80360;80526;80400;80527;80125;80868;80870;80969;80867;81054;80869;81005;81025;81026;81188;81089;81055;81277;81276;81440;81278;81441;81442;81443;81503;81889;81887;81525;81886;81885;81888;81893;81891;81890;81894;81895;81896;81892;81897;81898;81759;81924;81925;81954;81998;81997;81792;82083;82474;82475;82272;82477;82476;82510;82621;82431;82667;82801;82478;82714;82802;82803;82804;82783;82928;83001;83118;83000;82999;83377;83417;83375;83376;83418;83379;83380;83378;83419;83420;83421;83530;83979;84197;83994;84092;84091;84198;84346;84199;84345;84347;84348;84276;84405;84406;84446;84445;84648;84506;84769;84770;84550;84772;84771;85008;85011;85009;85010;85012;85015;85013;85018;85016;85017;85019;85014;84883;85022;85020;84884;85021;85023;85028;85027;85025;85026;85030;84988;85024;85047;85048;85046;85049;85029;85305;85306;85127;85459;85460;85336;85461;85387;85462;85463;85464;85634;85637;86497;85516;85636;86498;85635;86501;86499;86502;86503;86500;86506;86504;86505;86508;86513;86507;86512;86514;86510;86511;86509;86515;86483;86484;86482;86550;86518;86517;86485;86549;86516;86723;86724;86725;86711;86831;86887;86726;86639;86917;87127;86611;86919;86918;87128;87130;87129;87133;87134;87135;87136;87132;87131;87138;87139;87140;87141;87137;87145;87144;87142;87143;87148;87146;87147;87150;87152;87151;87149;87154;87153;87155;87156;87157;87158;87160;87173;87159;87067;87223;87174;87282;87283;87281;87285;87224;87356;87161;87381;87357;87422;87423;87424;87284;87358;87426;87425;87540;87770;87778;87779;87604;87782;87780;87781;87784;87785;87783;87992;87930;88061;88062;88060;88147;88148;88386;88063;88419;88420;88509;88421;88757;88758;88510;88759;88683;88761;88760;88844;88762;89059;88763;89087;89088;89060;89760;89761;89850;89762;89763;89849;89943;89969;89971;89970;89944;90068;89968;90120;90121;90069;90122;90156;90124;90157;90158;90123;90159;90275;90449;90368;90276;90367;90450;90452;90451;90635;90637;90721;90722;90634;90636;90723;90837;90868;91018;91017;91019;91168;91166;91020;91170;91169;91167;91172;91104;91171;91105;91391;91106;91195;91394;91390;91392;91503;91393;91504;91732;91787;91785;91786;91636;91635;91788;92002;92378;92379;92026;92566;92473;92680;92567;92702;92682;92681;92703;92586;92726;92826;92951;92872;92950;93052;92952;93029;93129;93319;93318;93099;93541;93594;93542;93666;93777;93778;93779;93803;93830;93780;93965;93966;93867;94140;94202;94203;94292;94409;94471;93967;95320;94254;95325;95324;95322;94472;95323;95321;95327;95326;95328;95331;95329;95330;95332;95333;95334;95335;95336;95340;95341;95339;95338;95342;95337;95344;95345;95343;95346;95348;95347;95350;95349;95351;95353;95354;94742;94740;95352;94741;94980;94979;94978;94982;94981;95355;95576;95356;95373;95444;95484;95372;95952;95953;96048;96004;95577;96036;96285;96049;96182;96050;96339;96340;96286;96341;96456;96567;96457;96342;96568;96569;96613;96633;96811;96810;96812;96664;96929;97026;97027;96813;97028;97134;97305;97194;96962;97331;97390;97389;97330;97472;97558;97528;97391;97612;97611;97613;97527;97756;97836;97837;97795;97949;97951;97950;97953;97956;97957;97955;97954;97959;97960;97958;99040;99041;99316;99317;99379;97952;97961;99384;99382;99383;99481;97962;99381;99482;99536;99483;99380;99539;99541;99538;99540;100067;100065;100068;100175;100174;100327;100328;99537;100358;100359;100326;100429;100430;100329;100555;100557;100066;100770;100428;100936;100558;100937;100556;100815;100935;101005;100965;101235;101119;101236;101237;100938;101489;101823;101091;101907;101120;101906;102735;101488;102020;102736;102739;102738;102740;102737;102734;102741;102747;102743;102742;102748;102745;102750;102744;102746;102749;102753;102754;102752;102755;102756;102757;102758;102751;102762;102759;102761;102760;102504;102763;102503;102878;102765;102766;102505;102764;102767;102769;102549;102880;102768;102882;102883;102879;102881;103145;102884;103144;103196;102885;103230;103362;103035;103384;103385;103517;103386;103387;103573;103706;103606;103707;103574;103605;103881;103826;103790;104053;104054;104217;103946;104106;104257;104256;104396;104584;104583;104218;104675;104790;104789;105056;104817;104818;105057;105058;105062;105059;105060;105114;105588;105589;105061;105591;105590;105556;105593;105658;105594;105592;106107;106108;106233;106172;106234;106354;106355;106353;106317;106356;106535;106566;106567;107074;107269;107075;107270;107271;107273;108338;107272;108339;107274;108340;107275;108344;108341;108342;108384;108383;108343;108660;108898;108900;108899;109370;108489;109371;109372;109374;109378;109377;109375;109376;109373;110235;109379;110237;110236;109525;109380;110238;110239;110240;109527;109526;110243;109529;109528;110241;110245;110242;109530;109655;110244;109656;110247;109814;110249;109815;109958;109923;110248;110246;109960;109961;109959;109966;109965;109962;109963;109964;110204;110203;110205;110296;110298;110206;110536;110569;110645;110297;110650;110649;110648;110651;110646;110663;110652;110647;111074;110906;110905;111013;111075;110908;111076;110907;111077;111079;111078;111339;111355;111613;111340;111356;111614;111615;111341;111616;112020;111704;111703;111617;112022;112021;117485;112164;112165;112163;118982;117486;117826;117831;117827;117832;117829;117830;117828;118018;117834;118021;117833;118019;118020;118117;118118;118311;118022;118405;118406;118156;118984;118312;119690;118985;118983;119691;118987;118988;118986;118989;118991;118990;118992;118994;119692;118993;118997;118998;118996;118999;118995;119000;119003;119004;119001;119005;118837;119045;119002;118838;119044;119046;119047;119049;119050;119048;119006;119663;119661;119662;119051;119479;119664;119873;119666;119874;119754;119665;121371;121192;121216;119791;120956;121546;121545;121548;121547;121549;121550;121551;122062;122061;122350;122063;122065;122064;122719;122353;122450;122351;122451;122352;122761;122619;122452;122952;122951;122618;122953;122954;123015;122955;123014;124414;123558;123092;124032;123562;123560;124033;123561;124034;123559;124093;124035;124202;124201;124203;124242;124871;124415;124241;124416;124872;125166;124873;125167;125168;125315;125171;125170;125169;125316;125553;125172;125801;125554;125552;125802;125803;126074;126008;126006;126007;126076;126075;126385;126219;126386;126387;126479;126389;126480;126388;126649;126650;126651;126792;126790;126990;126791;126991;126993;126989;126992;127472;127469;127474;127470;127473;127471;128331;128332;128651;135312;128335;128333;128330;128334;128337;128336;128341;128338;128339;128340;128343;128344;128342;128345;128349;128348;128347;128346;128350;129015;128351;128355;128352;128354;128356;128353;128357;128361;128360;128359;128358;128362;128363;128369;128365;128366;128364;128367;128368;128370;128375;128372;128371;128374;128373;128376;129016;128378;128380;128377;128381;128379;128382;128383;128384;128385;128388;128387;128386;128390;128389;128391;129017;127918;128392;129018;129020;127919;129019;129022;129023;129021;128977;128976;129538;129393;129024;129472;130176;129473;129471;130177;130129;130128;130181;130179;130434;130180;130436;130178;130435;130976;131032;130472;130473;130474;131033;130978;130977;131569;131034;131779;131570;132398;131572;131571;132399;131959;132400;131958;132401;132404;132403;132402;132939;132873;132405;133097;133309;133098;133099;133310;133311;133312;133313;133315;133316;133100;133314;133317;133442;134087;133507;133508;133624;133767;133769;133768;133771;133770;133872;134091;134089;134121;134090;134122;134237;134123;134088;134239;134386;134385;134238;134900;134902;134901;134453;134903;134907;134909;134904;134905;134911;134910;134906;134908;135313;136771;134914;134912;135316;134913;135314;135319;135317;135322;135318;135324;135320;135315;135323;135327;135321;135325;135328;135330;135329;135326;135334;135335;135332;135337;135338;135331;135340;135333;135336;135342;135343;135339;135344;135345;135346;135347;135348;135349;135352;135350;135355;135341;135353;135357;135351;135354;135356;135358;135360;136015;135359;136017;135361;136195;136016;135362;136018;136196;136197;136019;136194;136200;136020;136774;136198;136772;136776;136773;136199;136777;137005;137006;137007;136775;137151;137152;137149;137150;137338;137281;137370;137337;137415;137336;137763;137761;137762;138377;138378;139422;139423;137730;139236;139235;137729;138501;139415;139416;139420;139417;139418;140119;140123;139421;140584;140583;139424;139419;141613;140585;141625;141611;141630;141617;141600;143283;141593;141597;141635;141614;141585;143285;141623;141608;143286;141605;141601;141631;141589;141634;141586;141595;141591;141584;141579;141604;143284;141598;141594;141633;141624;141602;141583;141587;141590;141612;141632;141616;141588;141609;141599;141596;143287;141610;141629;141626;143288;141618;141622;141636;142647;142609;141619;141578;141592;141607;142599;142604;142600;142605;142650;142651;142646;142649;142608;142598;142602;142606;142601;142607;142603;142648;142645;142644;143048;143052;143122;143057;143056;143050;143046;143051;143049;143114;143910;143113;143047;145444;146880;144004;144549;144973;143055;144972;144547;146881;144370;144971;144974;145038;146883;145037;145439;146100;146097;145441;146099;146098;149505;146882;145519;146315;147884;146879;146958;147883;147885;148185;148557;148426;152361;148425;148184;149207;148745;149205;148885;150771;149208;149206;150765;148882;150773;150764;150774;150770;150769;150772;150767;150762;151448;150763;151987;151674;151614;152360;151979;152664;152497;152910;152909;152973;152666;152663;152976;152971;153472;153767;155551;155545;153473;155547;152970;155541;155546;155553;155543;155552;155549;155539;155538;155550;155759;155540;155548;155942;155821;155761;155863;156241;156240;156820;156821;156791;156242;155757;156460;157118;157064;157065;157453;157452;158081;158083;158440;158444;157294;157138;158438;159315;158439;158436;159324;159307;159316;178330;159320;160682;161196;161193;160683;161194;163739;163750;161374;163735;163733;163746;163741;163759;163740;163748;163736;163749;163737;163747;163745;163848;163849;164625;163847;164624;164990;164621;164630;166546;166556;166548;166549;166554;168320;166552;168321;168318;168313;166547;168314;168319;178964;170854;170863;170859;170861;170862;170875;187766;170857;170851;170864;187231;170866;170860;171793;171658;171667;171659;170858;171795;172361;172356;172034;172360;172355;173262;173254;173255;187750;187230;187757;187236;187256;187761;174680;187245;178970;178971;174681;178965;174679;187263;178967;178966;187241;187234;178973;178972;187255;178968;187247;178969;187232;187253;179318;179319;187224;187221;187268;187248;187753;187759;187222;187240;187751;187262;187242;187764;187233;187225;187249;187246;187237;187755;187219;187257;187260;187238;187235;187229;187756;187228;187754;187264;187265;187227;187267;187254;187266;187250;187261;187239;187252;187765;187243;187220;187762;187244;187258;187251;187259;187752;187758;187226;187760;187223;187416;187111;187763;187415;187917;189284;189511;189512;189508;44340;189510;189509;130262;11640;65739;179136;160399;62076;139913;62075;55994;66518;65740;161976;11011;17774;17773;17777;17776;17775;69481;17772;71173;77052;77053;68997;91192;83766;76127;84193;84726;91855;85895;83087;91854;93480;84727;17778;48944;48946;48945;137557;48948;48950;48951;48947;48949;48955;48954;48953;48952;48956;48961;48957;48958;48962;48960;48966;48963;48959;17779;48964;48967;48968;48969;48965;48971;17780;55385;17781;48972;48973;48978;48975;48979;48976;48974;48977;48980;48982;48981;48984;48986;48985;48989;48988;48983;48987;48990;48993;48991;17782;48995;48992;48998;48994;49000;48996;48997;49001;49002;48999;71431;71432;49003;49004;49005;49006;49009;49011;49007;49008;49010;69949;49014;49012;66697;49013;70137;49015;71433;49016;49019;49018;49017;69335;49020;49022;49021;49024;49025;49028;49027;70170;49026;49023;69913;68961;49032;49033;49029;69303;49030;49031;70123;49036;49034;49035;159517;69923;49038;49037;49041;49039;49042;49040;49044;49045;49043;49047;49046;49050;71434;49053;49051;49049;49052;49048;49054;56045;70164;49055;49056;159516;49647;17783;17784;49648;17785;70095;52586;56313;69954;56315;56317;56319;56316;56314;79272;79271;56318;56321;56320;56631;79273;66698;58831;58567;58566;58569;58568;58570;58571;58572;58573;69914;58621;58574;59716;71435;70024;59857;59858;69425;71436;62370;62371;62373;67204;62372;62375;67203;62374;62760;62376;70096;62710;70124;70127;69135;70125;69426;65885;65886;65887;65889;65888;65890;65931;69924;65891;70078;66861;67218;69789;66700;66699;70076;69921;69076;69082;69103;69079;69376;69379;69378;69377;69856;69553;70314;70315;130060;130061;70316;70318;70317;70320;70319;70321;71437;70323;70322;70313;70312;71438;70474;70914;70493;70784;71995;72183;72185;72184;72724;72668;73018;72705;73211;73269;73340;73210;73342;73343;73341;73344;73347;73533;73915;73345;74016;74015;73346;73916;74241;88989;76312;77153;88991;88988;88990;77759;77154;78028;78029;78033;78030;77984;78034;78031;78693;78032;78035;78750;79690;78036;79218;78240;78037;81423;86675;81911;81594;83876;81421;81595;81596;92412;83528;82498;90525;82584;90526;82585;82571;81972;82574;82575;82572;82573;82570;82568;82569;108954;108955;82852;83054;85685;83767;84287;85255;85124;85126;130062;130063;85125;86246;86248;86249;86247;86250;88102;92457;130064;93528;86915;93529;86914;93531;93530;86916;86950;130013;86951;97469;87504;88103;88592;87819;91962;88488;130014;88717;89690;88713;89051;89783;89784;89785;130065;90066;90353;90527;90355;90356;90354;90307;90308;93562;90357;90766;90310;90358;90359;93108;91960;90311;90893;90861;90714;90862;91760;130015;91130;91759;91946;91321;91338;91730;92948;91761;93563;93122;130066;92630;93123;93192;93193;93048;94108;93347;94054;93736;93737;93738;131164;93866;108957;131165;94252;130763;108956;130971;94763;94762;130764;130761;130765;93898;93899;130762;130766;95256;130767;130597;95257;94354;129818;129817;129819;94109;94291;94469;94680;94070;96047;95538;102995;99400;95479;99266;99371;99372;97211;103783;97991;97992;97943;97945;99027;99026;97944;97946;99028;99032;99031;99033;99029;100423;103509;99472;99471;103510;99473;99665;99666;99667;102361;102360;99668;100424;102363;102362;99687;99985;99688;100425;103511;100416;99981;100426;103512;100993;101264;100838;100840;102202;130093;101298;102018;101269;101528;101529;101268;101267;131079;131187;131131;131080;131393;131188;131395;131396;131394;102498;102497;102364;129820;102779;102499;102778;103113;130094;160181;103049;129821;103459;103702;103565;103668;103693;103694;103695;131192;103669;131327;103675;103566;103670;103676;103567;103672;103671;103819;103817;104177;104127;104480;103856;104460;104461;104533;104718;104662;105257;104663;130067;105112;106401;130095;106400;104661;107091;106630;106484;107095;133861;129781;108406;132698;107150;132697;132680;108404;109087;132052;131166;131400;109088;131399;131130;131326;124196;131325;108880;131321;108882;131397;108881;131398;125031;108720;134712;131951;131729;108721;132078;131322;108723;132039;108722;131323;132033;132077;131126;108724;135922;131324;109404;132043;132042;133044;109400;109402;109393;109401;110399;133265;134981;109728;110565;131703;110564;110686;130016;110566;124172;130017;110567;110535;138346;138347;138435;130068;138436;130096;110687;138348;138437;135198;110688;138438;138439;138350;138349;138351;138352;111211;138353;134226;112217;133226;112218;123521;130097;112288;130098;112219;123415;112289;122249;123515;117943;117944;117945;132041;140653;117946;117948;117947;117950;117949;132074;117951;132104;132048;132049;117952;132044;117954;133472;123788;117953;133473;117955;117956;127893;144504;133089;117917;145537;130018;134946;133267;128877;118461;134947;130069;118821;118462;118822;152699;119844;121248;131728;131727;126103;129948;124773;123789;129822;124774;126343;126104;126118;124060;129947;130023;139801;122483;133958;126102;139802;136978;131699;125775;126509;132318;122751;126599;126073;132244;132342;132053;132414;132245;131700;132246;132055;125390;126477;127111;131778;127110;138354;132100;134948;124589;138355;125391;123791;123790;124277;127099;127098;134951;127916;134713;123792;127913;126507;127912;127917;129499;130092;128421;123793;129812;128526;132723;123794;123795;127049;127050;134894;128113;128051;124061;128615;128114;126119;124325;126822;124326;126101;126100;124334;126105;124331;138440;124332;124333;137072;137073;139324;137234;137235;134213;136768;126341;136972;136829;136973;138380;126823;128064;125256;139806;128063;137074;136970;136971;126632;137075;129823;126916;125341;126310;126311;125032;129980;129981;131697;136481;129945;132720;133726;132241;128684;128769;132678;130917;130768;130916;130972;130974;139666;128058;128281;128418;129946;130975;130973;131698;128079;132719;128419;132679;125679;126342;136482;136483;126446;125778;125776;132242;126344;134173;134227;140220;126005;127044;147878;126639;126340;147766;126643;126701;126645;128685;126640;126644;127121;128053;126642;128054;128034;126629;126646;127118;133043;143157;128532;128081;127123;137052;127900;147761;128112;128546;142497;128120;128533;129291;137243;131946;130174;131427;128119;128325;132855;132772;128550;128683;128547;136712;128757;128760;135674;129536;129558;134889;128761;129778;129592;129779;129713;129591;130021;130022;134562;129586;129537;129531;129816;129733;129530;129827;129584;129588;129780;129694;129732;129695;129826;129532;139850;129943;129533;134108;129777;133850;133851;133841;133842;138024;130090;129813;129815;138025;130367;130272;130397;130213;129810;135897;130457;130594;129944;129811;134383;129809;129942;129850;129824;134448;135291;131183;133046;135295;135294;134449;130398;134450;140191;130399;140190;130210;130207;130211;130368;129814;132751;129982;130593;132750;130464;130624;130258;131020;130259;131231;131075;151459;130208;131076;131428;132718;136719;131230;131024;131228;131288;131229;131739;135289;139068;131232;134115;131403;147653;141500;133001;133000;133864;140632;133261;133403;132721;133408;134447;133409;147650;135407;147732;147651;133405;133406;133720;133603;133722;133604;133721;133960;140656;142018;140631;134107;140721;134565;133961;134233;134230;134566;134231;134234;134413;134567;134232;134414;134415;134224;134417;134219;134229;134236;134326;134443;134568;140203;134235;147764;148021;83871;78827;147654;151483;86104;82429;166905;166904;143219;138881;143231;139800;143234;148951;162482;146084;161442;150073;148097;148091;148217;148221;148220;148096;148216;134164;177079;153895;186474;186473;178417;137085;173975;150026;150027;165762;146581;149448;148646;152176;144945;148450;161699;142589;144950;150807;139411;148655;139543;148451;149812;150811;161213;187986;154928;182202;161813;160400;161212;180453;165533;151441;182200;148222;148223;136588;136589;138375;136831;161869;136830;149526;149525;161882;161883;161868;155370;155369;152024;138892;138893;137558;137559;152025;149302;149301;149314;149303;149304;149313;154726;154725;186713;148306;149877;186714;136917;136916;160479;150996;164087;173731;161500;173732;155445;161501;155444;149311;161262;161263;152673;149312;152674;149851;164350;149852;164349;137659;137660;160763;160762;160889;137661;160890;137662;137135;161182;137136;161183;152670;152671;136914;136915;138895;182523;138894;181183;139064;160403;160404;154828;149355;149354;154829;178025;155024;178026;155025;168874;149470;149471;168873;141831;150997;141830;156946;155677;155676;145513;139425;139517;139577;137840;140202;173249;152974;166052;157877;171879;152961;151019;152936;182351;168023;160289;160085;165349;143155;158563;142493;138016;138017;151487;179741;183037;179740;172427;172428;147765;139927;156884;145692;139035;185165;182153;181471;141499;142908;142909;139228;149469;182614;182616;182613;160336;153258;182581;149467;139792;182615;162882;182579;180175;162881;180176;182580;148694;145263;154930;154931;154929;180549;180547;148968;148970;148969;189532;148643;180548;189533;139605;135859;170514;160239;146214;162980;149468;162981;139229;138373;163102;162979;173300;163101;166017;144503;189531;140098;139539;139804;139805;151216;139516;139468;139540;145793;139542;140099;139004;140100;139470;139426;145509;139576;146056;139803;137850;140102;176115;143424;140101;176108;139469;176105;176106;166791;173971;147763;152540;139007;186227;163476;171791;134054;134053;140402;134444;166918;166391;147146;140273;171792;135012;169767;167051;178019;169768;178020;166911;140212;170894;145553;141352;153943;145555;149844;145554;149843;149842;149847;162384;162385;142366;148101;165530;153563;153560;137629;148092;159715;153561;144197;153398;152813;165760;165761;158651;161604;180164;177368;177367;162854;148099;167270;141361;152527;152390;138446;154851;168869;142213;149352;168870;167397;155447;161247;149846;160491;149845;136621;148381;142211;145250;154723;161187;168326;141358;161007;149325;136827;136612;168327;138040;181008;181009;136614;147762;136700;136615;160719;142143;149371;161179;136587;161043;152749;161178;137564;138376;155451;155315;149298;137406;168646;154853;168647;146203;167271;142363;136622;152410;136918;152750;136669;152485;161661;160639;150059;170015;184170;149465;149209;140221;184455;142364;149370;161002;173792;136891;155450;155449;160535;142214;161192;161191;168050;168051;162014;140218;162015;164500;152121;152122;142425;142424;148836;142423;141832;149718;146058;183215;161363;146057;161364;186211;183214;150058;186210;149979;186212;149454;137836;137835;154343;142496;155734;155733;146213;160376;139230;141116;141117;159758;174016;141230;141231;146264;139037;137147;137280;139926;139614;138147;148296;141113;137901;137903;137902;142959;141114;152658;148106;165532;148104;148107;148102;166016;141172;143154;183777;165678;165677;141193;148100;141397;149789;142053;138094;153554;137148;138092;166458;142891;141373;141372;141266;165704;173250;159712;142958;151375;168368;141371;140222;148427;148327;140223;151374;138211;148103;141398;183167;137182;141368;173737;141369;140793;140799;165215;153207;148250;140111;153209;153204;134451;147816;183213;172406;153203;161524;142592;153208;152131;171233;148095;153153;153154;173805;143490;160084;137143;153564;160083;147649;133401;146480;153206;146481;169426;166914;172375;141351;166915;176871;158584;176113;176114;180098;184454;146618;184453;173952;184196;153950;185898;176110;176483;184195;185899;170964;166681;139604;166907;181422;181423;153947;149455;166916;176103;151662;181007;166917;176102;135902;142593;133651;135971;166382;171601;141354;140505;154878;170958;150862;140271;144279;143220;150861;140270;140219;165759;165758;141437;153224;149299;160086;149300;138152;141461;140097;149957;158207;151020;149368;158208;148098;160029;156947;171894;137203;171895;158887;164453;164840;140185;171838;137184;149310;168367;157903;189726;180171;158559;152877;146805;164530;180229;146804;180173;139922;140186;140131;140189;149719;152529;139665;180169;180170;173977;173976;180167;180168;155019;134711;188003;188002;170967;134707;152987;137332;142472;142473;137361;154197;169453;182681;170017;170018;174928;166374;166375;138587;148124;166376;152213;139029;153257;140272;139067;139664;141467;138019;139747;173978;137852;146267;138327;152212;189633;140216;163883;163884;171072;148652;140452;163404;146266;170159;173969;173970;148712;173431;146268;154932;161088;188066;151661;153556;153562;164375;150141;153555;153549;159718;149363;149327;154348;139232;165534;165529;149330;150052;151915;142033;141370;147963;145706;149364;150992;165531;147962;148105;150990;145707;147964;146307;183315;151132;153551;151467;149365;165528;159722;151133;150050;149879;145501;159717;159720;151916;159721;149362;150339;150051;174456;187060;141438;176111;147733;145708;136671;140403;163475;134445;147758;147147;136748;167050;166913;161120;157361;171790;155300;137144;148320;137145;152812;157157;146212;161865;161866;146211;146202;184456;184457;184169;141170;141171;165676;137141;137142;165675;136623;141357;145265;178100;158586;178101;141356;187166;137654;137630;137656;137631;137655;133530;137407;137408;142824;152130;187971;154438;138359;137856;153944;149849;154234;163083;154233;139545;142495;163082;133404;163081;160302;163057;160316;160375;163056;146450;162883;139413;140213;143150;137134;135766;147759;142659;141115;143217;142995;148978;147622;186612;151154;148959;173248;149880;151187;145422;145547;148962;148447;148957;146216;149329;145552;182135;142494;142490;164823;148954;178185;147756;147760;149328;142660;142365;147877;147757;147652;143216;143232;142597;143165;147876;142373;160501;145557;160306;160305;142661;146594;137241;139325;137185;141192;133407;164904;138015;137649;138018;145556;139799;150847;139600;150848;150849;140456;145551;143475;140269;139599;140268;139575;142880;142879;136120;139582;139597;141353;144929;142590;142503;139544;138148;141083;137183;166015;138524;183298;160089;139036;165591;139327;165695;135858;183035;166678;181789;165700;144196;134446;140404;167049;166912;143153;149809;164290;141119;149450;148093;138876;148094;148090;138361;148448;165241;137851;153219;142890;141460;153694;147893;17787;17786;71925;71924;73755;71926;72725;72458;71153;78557;70457;72485;72487;72559;72140;82586;72141;82587;72338;72510;70894;73827;73456;73455;72460;73457;72509;76882;70399;76588;78064;78690;76970;78691;73027;76865;77681;79146;77411;77682;73458;74036;76972;77051;74443;79744;82588;82589;76790;83733;82473;77729;82590;79359;82666;77222;78918;78919;83734;81912;91426;81913;87820;87847;78824;87821;89083;77284;78858;78825;93113;73436;73829;73828;79249;79250;83904;76971;76969;76968;76881;78894;79577;78737;83183;79625;79803;80460;79667;83782;17790;17788;17789;69985;69134;68991;17791;17792;99233;17795;74010;10045;10682;99234;10561;91427;76126;149982;33942;69853;33943;33944;69912;65941;11014;140294;71464;66023;61518;78676;81671;76491;82270;81978;87894;85541;86302;85267;85266;93382;95951;88100;97226;100790;110563;54954;59819;59821;59820;54953;88595;88596;91731;104479;149502;63644;76128;151442;182519;69138;107004;91963;59227;131952;81574;64555;61514;133304;91964;61515;11012;155349;10545;17793;69950;69952;32130;32131;69953;69951;70089;58512;70091;70090;70136;70092;77987;76121;80283;79668;81546;99706;93939;77968;90312;142662;83466;79124;101357;110518;112019;85449;143384;10046;23938;180055;179223;187061;128052;133723;69075;69074;152532;138362;103193;101265;69922;10970;10971;68960;94470;10387;10700;11689;12023;78387;96802;89033;61574;61577;66202;61576;76346;66762;74147;61575;73736;17794;74146;133305;47864;184452;61492;166624;71430;67217;69801;69802;169452;69102;11791;70073;97471;84500;84501;80302;76129;72727;72728;87954;60107;183312;86913;73754;10754;69788;69059;66696;76130;69058;16201;16202;91342;86152;91343;86153;86193;152530;87506;86192;101531;91344;93400;100323;104462;100843;107259;82701;70167;70166;82740;90591;90590;67245;118088;122347;130503;83877;118145;87849;66860;69133;186298;112122;112121;69925;69926;88594;143233;148264;88593;156567;69078;69077;155301;122115;148445;10972;109118;156566;69825;77760;81407;79584;128176;79581;81952;81973;83768;126586;83769;126587;70079;76131;69048;72180;69047;69049;69050;69046;83771;78624;83770;97021;83731;90539;90540;90541;83773;86123;72181;76125;69019;76132;85649;88527;128177;78596;81408;85650;85651;78625;86544;92045;97326;81974;81953;72182;103112;72245;70197;70198;82702;80282;70196;78770;78767;91961;69919;70088;141084;70169;129969;129971;129970;129972;11013;25906;93478;42960;93479;25550;64437;55568;25549;69855;71841;69854;71838;164905;101817;69131;101816;96907;96772;96908;119287;69081;130173;70122;69080;69469;69495;19559;33946;69468;69447;62777;55653;55474;55927;55473;142019;166439;179137;142020;42961;25682;24742;58563;48275;58562;40614;154777;62308;40615;40616;59018;69129;69136;69128;56392;96630;51663;59017;62309;51664;62310;52546;52547;52545;137003;171073;176631;154423;92039;171593;177345;148403;150791;152046;189179;134975;38663;67193;140758;130592;149481;171597;63339;59310;76571;70741;63325;56282;148647;159481;159483;159480;159484;159482;20220;55553;55542;57362;74190;58388;63689;63690;65928;66526;64246;70915;78480;79859;82780;85745;86948;99669;93245;91102;91677;103194;109017;122236;117480;122535;125880;129388;134765;132019;138573;153433;148039;135593;161166;166095;178229;172595;185766;72092;68929;68881;178703;178416;72093;55514;25369;58650;21917;20827;20889;58952;58230;126953;58951;126988;77390;22308;100161;126050;161972;65789;70656;59243;25494;45435;48382;51923;111967;63642;175115;136945;182208;161177;186916;51922;45434;159817;23741;176414;140633;58990;58989;45043;32442;181409;171860;171859;178813;171858;15860;11756;152356;28330;109596;106757;18118;19554;18119;72741;18117;72742;19553;168981;54841;187048;62369;70455;70456;76110;84020;76111;69800;84826;84021;84827;82824;86002;77571;94898;87765;94899;103252;87764;103253;101162;101161;108588;138332;126636;108589;134167;163699;126635;138333;163700;143553;134166;171316;143485;147892;147889;147891;151352;144811;151458;151455;151456;143483;147890;157142;151457;157423;157189;157246;157245;157424;157141;171314;157190;171317;171315;175278;175279;175811;175102;175063;175133;175132;175064;175810;179312;175280;175136;179338;179313;175135;23935;179339;175281;179337;30153;23936;33763;23937;40662;62629;34056;34195;49120;39007;76112;43172;51841;76113;58293;79245;84828;50451;84022;46766;91335;56928;53547;62701;91336;59904;76114;71519;59905;51840;24699;60098;59644;76115;25905;34475;42044;28227;46173;70454;36216;101163;33128;103254;144810;91337;143552;143484;86653;22416;11896;10871;22016;22017;91824;22417;15486;22447;76116;122583;11616;55690;11798;10736;82084;101032;101031;101033;101065;101121;101173;101092;101208;101174;101175;82085;101211;101210;101209;101239;101274;101238;101275;101319;82086;101320;101318;101376;101321;101377;101536;101378;101535;101552;101774;101775;82087;101553;101792;101791;101856;101824;101908;101909;101935;101960;101937;82088;101936;101982;102042;102041;102040;102039;102043;102044;102085;102096;102220;82089;102437;102368;102440;102438;102439;102441;102481;102482;102594;102595;82090;102628;102597;102784;102596;102785;102787;102789;102788;82091;102786;102805;102804;102806;102823;102886;102824;102844;102843;102845;102887;102888;82092;102890;102889;102891;102923;102924;102925;102961;102926;102962;82093;102982;103036;103092;103093;103094;103095;103257;103197;103258;103363;82094;103388;103330;103390;103427;103389;103391;103429;103428;103430;103431;103460;103470;103469;103471;82095;103472;103518;103519;103577;103575;103576;82096;103607;103683;103708;103709;103710;103682;103711;103713;103712;103756;103714;82097;103791;103947;103949;103948;104055;103858;103988;103989;82098;103991;104133;103990;104219;104056;104184;104185;104221;104220;104186;104299;104301;104300;104336;104335;104337;104338;104364;104481;104397;104399;104398;104412;104413;82099;104438;104439;104501;104440;104464;104502;82100;104534;104563;104585;104677;104678;104676;104680;104679;104681;104683;104682;104708;82101;104720;104709;104721;104745;104746;104744;104748;82102;104747;104749;104750;104751;104791;104937;104936;104939;104938;105009;82103;105116;105118;105115;105117;105168;105194;105193;105169;105326;105325;105327;105328;82104;105360;105378;105395;105394;105423;105424;105396;105425;105426;82105;105428;105427;105429;105465;105496;105494;105495;105518;105488;105557;82106;105621;105659;105622;105660;105701;105662;105661;105702;105753;105703;105734;105797;82107;105798;106054;106055;106075;106175;106173;106174;106205;82108;106208;106206;106207;106209;106210;106211;106408;106318;106407;82109;106409;106410;106411;106464;106508;106536;106463;106589;106591;106590;106592;106633;82110;106697;106696;106659;106724;106722;106723;106779;106781;82111;106808;106725;106780;106809;106851;106819;106872;106904;106873;106953;106954;106981;82112;106983;106984;106982;107076;106985;107104;107105;107118;82113;107134;107133;107152;107151;107242;107277;107278;107276;108416;108415;108522;82114;108567;108385;108568;108569;108604;108605;108606;108608;82115;108662;108609;108661;108692;108693;108694;108726;108695;108728;108729;108727;82116;108764;108765;108766;108767;108768;108769;108770;108788;108814;108901;82117;108902;108815;108903;108904;109044;109062;109063;109064;109043;109045;109089;82118;109090;109091;109148;109149;109187;109217;109188;109283;109284;82119;109328;109327;109347;109346;109348;109381;109407;109408;109409;109531;82120;109586;109584;109585;109657;109734;109735;109738;109737;109736;109872;109924;110055;110159;82121;110158;110161;110160;110163;110162;110164;110250;82122;110312;110313;110697;110696;110664;110314;110724;110725;82123;110726;110727;110786;110785;110814;110728;110816;110815;110817;110818;82124;110819;110909;110926;110840;110927;110946;110947;110945;110948;111046;82125;111082;111080;111081;111165;111166;111084;111085;111086;111083;111111;82126;111170;111167;111169;111168;111171;111172;111223;111311;111222;111221;82127;111312;111313;111315;111358;111314;111357;111388;111359;111390;111389;82128;111392;111391;111393;111394;111467;111519;111554;111533;111520;111555;82129;111556;111618;111651;112047;111762;111705;111763;111982;111764;82130;111983;111765;111984;112048;112065;112050;112125;112049;112127;112126;112166;82131;112167;112168;112184;112195;112196;112225;112226;112227;112197;112228;82132;112230;112229;112231;117349;117295;117350;117366;117351;117367;117296;82133;117432;117433;117434;117487;117464;117501;117593;117502;117609;117610;82134;117619;117618;117640;117620;117641;117642;117643;117673;117712;117711;117713;82135;117714;117715;117811;117810;117836;117835;117889;82136;117837;117908;117907;82137;118070;118096;118119;118157;118120;118215;118214;82138;118240;118239;118313;118468;118364;118407;118470;118469;118503;82139;118471;118504;118577;118578;118733;118597;118734;118596;118753;118735;82140;118807;118806;118888;118839;118808;118891;118890;118889;118892;82141;119052;118938;119039;119054;119053;119101;119100;119103;119102;119104;82142;119152;119151;119119;119120;119105;119122;119121;119123;119153;119266;119267;119310;82143;119289;119312;119311;82144;119425;119560;119694;119693;119667;82145;119695;119729;119730;119847;119816;119848;119875;119849;119876;119877;119878;119889;119890;119941;82146;119942;119957;120958;120959;120957;120962;120961;120960;82147;120988;121055;121133;121071;121233;121313;121193;121316;121315;121314;121372;82148;121397;121399;121398;121423;121436;121424;121480;121481;121437;121483;82149;121482;121517;121622;121552;121553;121518;121554;121556;121555;121623;82150;121624;121625;121626;121627;122037;122066;122036;122038;122067;122097;82151;122098;122100;122099;122196;122101;122195;122263;122262;122264;82152;122266;122265;122267;122318;122319;122404;122320;122430;122405;122431;122454;82153;122490;122491;122453;122511;122512;122547;122515;122514;122513;82155;122548;82154;122549;122550;122603;122720;122604;122620;122762;122721;122824;122825;82156;122827;122826;122828;122829;122928;122929;122879;122931;82157;122930;122956;123016;123019;123017;123018;122932;123093;82158;123096;123095;123094;123135;123420;123470;123471;123421;123524;123523;123526;123525;123522;82159;123527;123529;123528;123563;123564;123566;123565;123567;123689;123690;123798;123833;123832;82160;123834;123959;124036;124094;124065;124204;124217;124218;124282;82161;124283;124243;124306;124340;124339;124307;124341;124342;124343;82162;124417;124463;124596;124595;124597;124656;124598;124657;82163;124658;124720;124777;124778;124659;124874;125173;124875;125174;125093;125175;82164;125266;125267;125268;125269;125270;125297;125298;125296;125317;125478;82166;82165;125374;125408;125407;125410;125411;125409;125413;125412;125479;82298;125555;125606;125607;125682;125644;125740;125741;125837;125836;125927;125926;82299;125957;125956;126009;125958;125928;126011;126054;126010;126077;82300;126078;126079;126220;126126;126221;126222;126223;126347;126248;126247;126348;126349;82301;126350;126390;126481;126482;126511;126512;126513;126605;126606;126607;126528;82479;126652;126653;126793;126832;126833;126834;126835;126836;82593;126926;126927;126964;126965;127076;127101;127475;127477;127476;82594;127478;127480;127481;127482;127479;127483;127485;127484;127920;127821;127820;82645;127862;127864;127863;127865;127921;127866;127922;127923;127924;82646;127926;127925;127927;128038;128082;128121;128122;128123;128124;128305;128179;82668;82167;128394;128395;128306;128393;128424;128425;128427;128426;128509;82669;128428;128556;128557;128555;128558;128618;128777;128743;128778;128619;128779;82715;128780;128880;128781;128882;128881;128883;129304;129106;129105;82716;129025;129305;129408;129363;129362;129361;129409;129410;129411;129474;129475;129505;129476;82717;129477;129571;129539;129572;129594;129697;129595;129734;82718;129735;129766;129765;129828;129799;129801;129800;129853;130029;129855;130130;129854;82743;130131;130071;130030;130031;130072;130132;130133;130182;82784;130283;130286;130284;130287;130348;130405;130285;130406;130407;130408;83002;130521;130522;130523;130611;130769;130771;130770;130772;130773;130918;82785;130980;130979;131084;131035;131085;131134;131135;131137;82168;131136;82805;131138;131245;131248;131246;131247;131430;131429;131291;131293;131292;82837;131328;131329;131330;131331;131431;131432;131433;131435;131437;82860;131436;131434;131740;131705;131782;131781;131780;131783;131837;131960;131961;131963;131962;131964;131965;82861;132058;132059;132060;132081;132080;132106;132105;132107;82862;132267;132268;132325;132344;132406;132345;132346;132420;132422;82863;132513;132421;132514;132590;132592;132591;132593;132681;132682;133218;82904;132940;132941;132758;132776;132777;132759;132874;133101;133102;83060;133103;133104;133105;133228;133219;133150;133229;133276;133277;133318;83119;133362;133319;133321;133324;133322;133323;133320;133364;133363;133365;83142;133411;133366;133414;133412;133413;133509;133532;133654;133561;82169;133562;83164;133655;133656;133697;133728;133730;133698;133729;133772;133773;133813;133814;133873;83143;133874;133875;133876;133877;134241;134240;133967;83144;134092;134125;134124;134126;134093;134176;134175;134177;134179;134178;134180;134181;83165;134182;134243;134245;134244;134242;134352;134429;134431;134430;83166;134454;134576;134432;134630;134631;134683;134632;134633;134716;134766;134768;134769;134767;134770;83167;134771;134879;134915;134881;134880;134916;83168;134955;134983;135098;134982;135099;135100;135101;135102;135205;135190;135363;135364;135496;135495;135497;135498;136630;135596;135721;83190;135722;135723;135939;135724;135976;135975;135977;135979;135978;135981;135980;83476;136067;136201;136202;136068;136206;136205;136204;136288;136203;136289;82170;136366;136367;136290;83498;136368;136412;136427;136429;136951;83499;136428;136484;136631;136672;136702;136832;136673;136833;136674;136720;136834;136835;83545;136836;136893;136952;136979;136980;136981;136984;136983;136982;136985;83500;136987;136986;137154;137008;137153;137205;137248;137206;137247;137282;137207;83531;137283;137284;137371;137339;137372;137418;137416;137417;137419;137670;137671;137572;83747;137672;137841;137858;137859;137862;137861;83819;137860;137863;137886;137887;137907;137906;137909;137908;137910;138062;137911;138063;83905;138064;138364;138224;138389;138390;138392;138391;138393;83886;138578;138529;138781;138782;138783;138858;138910;138859;138912;138911;139008;139009;138913;139244;83864;139094;139095;139098;139097;139096;83865;139208;139207;139209;139245;82171;139246;139248;139247;139251;139250;139249;83866;139252;139297;139253;139340;139341;139388;139387;139427;139430;139429;83887;139428;139519;139518;139520;139551;139552;139625;139585;139626;139627;139624;83888;139630;139628;139629;139735;139675;139703;139758;139757;139756;139759;139760;139774;139775;139773;139776;83906;140046;139928;139876;140048;83907;140047;140051;140049;140050;140052;140057;140054;140053;140056;140058;140055;83918;140103;140224;140134;140295;140225;140297;140298;140296;83995;140468;140538;140469;140539;140665;140541;140540;140606;140931;140932;140804;140805;140807;84023;140808;140809;140810;140806;140933;140934;140935;141062;141131;84061;141132;141135;141134;141133;141136;141137;141246;141286;141291;84062;141247;82172;141272;141379;141271;141287;141378;141389;141463;141466;141508;84093;141794;141792;142174;141791;141901;141910;141872;142107;142011;142052;142105;84130;142159;142153;142176;142169;142202;142206;142158;142155;142199;84094;142504;142546;142571;143107;142521;142551;142632;142616;142633;142623;142634;84165;142619;142667;142670;142861;142827;142825;142832;142849;142845;84166;142931;142918;142926;142924;142936;143109;143104;143099;143138;84252;143133;143169;143170;143193;143185;143226;143336;143323;143308;143224;143186;143305;143386;143401;143392;143410;84253;143440;143388;143435;143459;143461;143527;143512;143518;84294;144097;143519;143594;143597;144022;144029;144023;144152;144099;84295;144092;144262;144264;144494;144444;144350;144439;144343;144441;84296;82173;144497;144490;144478;144541;144574;144587;144681;144595;144627;84297;144636;144657;144666;144638;144738;144723;144725;144735;144758;84349;144762;144825;144814;144836;144925;145167;144924;144956;145217;145208;145237;145259;84407;145165;145475;145427;145384;145531;84408;145437;145725;145772;145724;146163;146129;146133;146053;146191;146278;146291;146324;146119;146155;146283;146321;84433;146360;146361;146372;146466;146521;146512;146473;84434;146504;146555;146527;146610;146609;146612;146700;146736;146602;146604;146608;146666;84435;146699;146665;146725;146677;146667;146887;146919;146893;146981;146945;146974;146968;84447;147182;147179;147176;147532;147548;147685;147744;147187;84448;147772;147797;147800;147775;147903;147813;147898;147902;147901;82174;147926;84471;148072;147960;147928;148080;148053;148173;148146;84472;148166;148254;148206;148272;148301;148302;148270;148275;148312;148311;148322;148323;84473;148363;148440;148416;148442;148508;148610;148701;148749;148623;148762;84494;148926;148927;149008;149016;148965;149004;149003;149015;149019;84495;149009;149034;149036;149014;149040;149037;149262;149246;149103;149261;149344;149342;149339;149345;84507;149372;149426;149427;149460;149423;149485;149492;149488;84508;149518;149517;149515;149568;149889;149854;150005;150111;150099;150107;150097;150173;150262;150255;150303;150272;150301;150309;150336;84551;150333;150467;150454;150703;150806;150453;150805;150796;150904;150985;150984;151044;151006;151111;151028;84597;151192;151264;151131;151361;151265;84676;82175;151368;151219;151369;151370;151373;151480;151486;151677;151516;84677;151676;152075;151812;151829;151891;151834;152012;152078;153148;152006;152059;152171;84812;152170;152228;152215;152194;152193;84831;152214;152217;152349;152547;152223;152384;152519;152383;152486;84832;152517;152737;152662;152607;152535;154200;153132;152739;152723;152773;152899;152898;84833;152983;152966;152982;153026;153217;153216;153431;153226;153480;84834;153482;153548;153481;153601;153571;153741;153600;153772;84835;153811;153809;153843;153808;153846;153810;153845;153841;153844;153842;153966;153965;154114;84885;153994;153996;154021;154195;154237;154331;154020;154257;84932;154410;154330;154427;154514;154735;154627;154733;154731;154736;154752;82176;84989;154739;154749;154747;154751;154754;154881;154882;154936;84990;154753;154923;154920;154950;155013;155016;155014;155060;155312;155123;155440;84991;155346;155439;155622;155604;155675;155639;155658;155712;155711;155683;85050;155710;155707;155713;155721;155739;155740;155738;155822;155861;155922;155924;155848;85051;155921;156018;156159;156163;156173;156039;156234;156160;156315;85052;156396;156329;156318;156314;156320;156335;156322;156328;156332;156321;156333;156336;156334;85128;156385;156386;156384;156391;156394;156392;156417;156449;85233;156393;156418;156419;156457;156575;156576;156691;85278;156690;156789;156770;156964;156765;156766;156965;156773;156794;85279;156818;156954;156920;156963;157055;156955;157047;157058;157048;157262;157255;85280;82177;157254;157252;157250;157248;158247;157261;157324;157321;85418;157379;157397;157365;157407;157846;157409;157401;158026;157901;158032;158035;85465;158045;158084;158067;158170;158196;158049;158450;85419;158647;158510;158649;158511;158676;159090;158675;158681;158698;85546;158685;158819;158821;158747;158783;158820;158850;158978;158933;158996;85547;159003;159001;159002;159072;159076;159069;159079;159077;85584;159141;159116;159318;159329;159317;159321;159474;159140;159397;85585;159586;159473;159511;159472;159615;159632;159762;159626;159636;159625;159662;85586;159624;159742;159716;159663;159770;160304;160303;160409;160398;85654;160453;160408;160475;160528;160979;161327;160680;160714;160631;82178;160971;160978;85655;161188;161244;161199;161201;161200;161205;161202;161203;161207;85656;161218;161242;161432;161398;161335;161243;161461;161428;161433;161435;85663;161463;161472;161514;161515;161624;161614;161612;161618;161628;85695;161656;161655;161685;161700;161684;161688;161794;85769;161725;161806;161802;161836;161837;161906;161838;161907;161913;162167;161962;161940;161990;162125;85807;162402;162406;162296;162408;162427;162488;162504;162596;162612;85897;162597;162611;162697;162623;162610;162682;163851;162674;85808;163959;164081;164083;164082;164260;164285;164279;164317;164284;164282;85888;164323;164472;164477;164653;164646;164417;164482;164484;164685;85931;164523;164532;164531;164647;164672;164961;164675;164674;164676;164677;82179;86049;164827;164678;164684;164946;164935;164947;164963;164945;164991;164992;165224;165206;165186;86021;165216;165217;165219;165295;165256;86022;165431;165327;165477;165449;165510;165550;165513;165476;165593;165604;165592;165685;86195;165647;165605;165641;165623;165626;165642;165654;165708;86127;165715;165709;165789;165784;166002;165983;166020;165995;166092;166069;166004;166040;166094;86154;166068;166091;166182;166426;166227;166234;166429;166502;166330;166441;86155;166572;166562;166566;166589;166698;166671;166676;166707;166708;166735;86196;166732;166734;166709;166822;167202;166779;166750;167042;86197;167092;167053;167043;167256;167055;167207;167276;167277;167296;167432;167353;167532;167748;86211;167781;167785;167780;167914;167913;167926;167910;167912;82180;167917;86212;168015;168171;168049;168147;168183;168204;168205;168207;168390;168206;168260;86213;168229;168315;168380;168233;168264;168386;168379;168389;168385;86225;168403;168388;168399;168404;168405;168408;168447;168418;168449;168463;168485;86226;168626;168488;168487;168916;168625;168624;168639;168705;168740;86227;168855;168859;168857;168860;169284;169293;169294;169286;86357;169296;169428;169300;169424;169445;169440;169447;169451;169446;169438;169450;169439;86406;169695;169736;169694;169693;169802;169913;170076;169915;170053;170079;86428;170055;170056;170164;170205;170206;170182;170183;170240;86429;170459;170609;170409;170563;170889;170758;170697;170887;170680;170760;86446;170757;170878;170763;170759;170884;170877;170880;170888;170895;170881;170885;170893;86551;82181;170882;170886;170883;170879;170915;170939;171085;170983;171060;171041;86552;171143;171215;171186;171377;171357;171394;171378;171363;171624;86553;171690;171571;171691;171633;171643;171626;171642;171786;171670;86578;171669;171761;171903;171815;171753;171785;171837;171749;171870;171861;86579;171885;171871;171904;171901;171917;171918;171925;171932;171958;172030;172449;172087;172079;172680;172141;172109;172110;86640;172481;86641;172482;172487;172486;172508;172554;172599;173399;173047;172658;173400;173457;173416;86676;173714;173779;173791;173721;173742;173763;173789;173778;86677;173788;173776;173849;174042;173923;174045;174043;173979;174170;174041;86712;174028;174179;174177;174436;174589;174418;174683;174704;174722;82182;174700;174685;86793;174677;174962;174709;174964;175926;174963;174967;174969;174970;86794;175925;175046;175048;174966;175045;175154;175578;175576;175551;174968;175656;86920;175665;175676;175675;175804;175929;175805;175966;176190;176221;176199;176214;86907;176213;176433;176437;176347;176434;176457;176485;176464;176635;176521;176658;176638;86952;176657;176664;176884;176730;176985;176729;86953;176980;177106;177110;177400;177218;177254;177421;177427;177451;177513;177457;87056;177456;177462;177458;177512;177492;177553;177650;87068;177654;177612;177636;177792;177791;177640;177811;177890;177875;87069;178396;178004;177886;178397;178638;178052;178040;178637;178041;178053;178114;87070;178115;178172;178173;178218;178149;178290;178174;178322;178300;87071;178452;82183;178479;178480;178762;178781;178842;178840;178841;178958;178951;178788;178956;87072;179050;179074;179135;179214;179360;179386;179309;179387;179419;179425;87073;179426;179631;179509;179629;179933;179739;179934;179808;179737;179876;87074;179900;179908;179935;179924;179972;180017;179973;180019;87075;180038;180039;180100;180182;180267;180207;180205;180221;180220;87076;180270;180269;180516;180514;180524;180521;180517;180518;180546;181125;181181;87111;181187;181210;181278;181444;181320;181255;181447;181445;181511;181510;87112;181562;181516;181626;181648;181647;181697;181792;181696;181818;181775;181835;87186;181845;181858;181836;182167;181846;181857;182157;182370;182377;182369;182403;182381;182409;182404;182417;182414;182408;182405;182416;182430;82184;182472;182584;87265;182752;182585;182753;182754;182650;182648;182760;182755;87266;182763;182762;182761;182942;182933;183089;182961;182953;87267;183490;183091;183199;183195;183688;183523;183678;183491;183680;183748;87268;183749;183912;183747;183837;184004;184006;183996;184005;183975;184003;184084;87286;184023;184024;184061;184075;184094;184444;184274;184788;185366;87287;185343;185523;185477;185377;185522;185962;185740;186007;185980;186019;186018;186040;87315;186205;186282;186245;186244;186281;186223;186288;186305;186290;186304;87316;186380;186379;186332;186413;186540;186485;186486;186487;186513;186525;186512;87330;186526;186524;186663;186843;186584;186966;186967;186866;87382;187045;187050;82185;187286;187271;87427;189090;189095;87508;189267;189358;189094;189282;189489;189491;189518;189389;189484;189721;87605;92678;87606;87607;87682;189372;189722;87683;87738;87729;189604;189756;87850;87884;87826;87897;87931;87933;87932;87956;82186;87957;87958;87975;87978;87976;87977;87994;87993;88023;88106;88105;82187;88108;88387;88107;88422;88388;88491;88493;88492;82188;88511;88494;88599;88580;88600;88740;88627;88724;88764;88765;88766;88810;82189;88863;88845;88864;88886;88914;88913;88887;88938;88940;88972;88939;82190;88971;88997;88973;88974;88998;88996;88995;89040;88999;82191;89042;89041;89045;89043;89044;89000;90803;82192;90804;90806;90805;90869;90870;90871;90807;90873;90874;90872;90895;90926;90943;90944;82193;90945;91021;91049;91050;91022;91051;91108;91107;91109;82194;91132;91133;91134;91135;91136;91137;91196;91198;91173;91197;82195;91242;91243;91264;91299;91265;91287;91286;91323;91324;82196;91326;91325;91358;91360;91359;91362;91361;91363;91395;91396;82197;91397;91472;91444;91445;91446;91521;91505;91489;91523;91522;91548;82198;91574;91576;91575;91577;91578;91687;91688;91613;91770;91689;82199;91733;91691;91690;91789;91831;91771;91832;91834;91835;91836;91833;91859;82200;91860;91900;91902;91903;91901;91904;91905;91919;91920;91921;91948;91922;91977;91978;92665;91979;92003;92325;92324;82201;92326;92380;92474;92500;92501;92524;92545;92547;92546;82202;92568;92544;92569;92587;92570;92631;92632;92762;92613;82203;92633;92634;92635;92636;92637;92004;92638;92639;92640;92641;92763;82204;92704;92705;92683;92728;92727;92729;92827;92794;92873;92828;92793;92829;92953;92874;93017;92969;92970;93054;93053;82205;93130;93199;93083;93132;93131;93133;93236;93320;93321;82206;93322;93323;93353;93413;93385;93386;93415;93416;93414;93485;82207;93545;93543;93417;93544;93567;93568;93564;93566;93565;93569;93612;82208;93620;93688;93667;93570;93689;93690;93746;93692;93691;82209;93832;93833;93831;93847;93834;93868;93869;93900;82210;93913;93968;93970;93969;94076;94100;94075;94078;94077;94102;82211;94101;94112;94111;94110;94114;94113;94142;94141;94143;82212;94144;94184;94233;94204;94145;94293;94255;94256;94257;94258;82213;94295;94294;94297;94298;94296;94300;94343;94299;94410;82214;94447;94411;94448;94473;94474;94476;94475;94477;94518;94520;82215;94519;94584;94583;94585;94586;94587;94612;94917;94764;82216;94916;94940;94983;94941;95029;95030;95031;95261;95262;82217;95296;95263;95357;95358;95359;95360;95413;95412;95399;95455;95454;95457;95456;82218;95601;95634;95486;95635;95485;95653;95654;95664;82219;95665;95774;95775;95899;96006;96005;96007;96008;96009;96011;96010;82220;96012;96014;96013;95954;96051;95955;96093;96094;96085;96095;82221;96097;96096;96098;96155;96183;96099;96100;96184;96185;82222;96190;96187;96188;96189;96186;96191;96192;96272;96343;82223;96396;96458;96490;96459;96492;96493;96535;96491;96537;96536;82224;96570;96635;96634;96636;96665;96666;96779;96732;96704;96815;82225;96816;96814;96818;96817;96882;96839;96840;96883;96841;96884;82226;96909;96910;96911;96930;97029;96963;96931;96983;97087;97052;97105;97088;97106;97195;82227;97216;97150;97231;97234;97232;97233;97235;97236;97356;97332;82228;97392;97393;97395;97396;97394;97418;97438;82229;97439;97440;97437;97473;97441;97614;97559;97588;97640;82230;97642;97669;97641;97668;97697;97698;97780;97782;97781;97796;97798;97797;82231;97799;97899;97898;97920;97921;97964;97965;82232;97963;97966;99001;99000;99002;99042;99003;99043;99045;99044;99107;82233;99139;99187;99188;99202;99189;99251;99252;99250;99253;99268;99269;82234;99270;99271;99291;99401;99442;99402;82235;99403;99422;99421;99420;99443;99543;99542;99544;99600;82236;99603;99602;99601;99636;99637;99604;99639;99672;99692;99638;99674;99673;99693;82237;99733;99715;99694;99734;99735;99737;99738;99736;99740;82238;99739;99919;99997;99999;99998;100069;100109;100108;100107;100110;100133;82239;100176;100162;100225;100177;100227;100226;100302;100303;100304;82240;100330;100390;100360;100474;100473;100475;100431;100476;100477;100479;100478;100513;82241;100480;100481;100575;100482;100515;100514;100516;100517;100518;82242;100519;100559;100576;100577;100578;100602;100622;100623;100624;100672;100724;100772;100645;82243;100673;100771;100817;100848;100816;100796;100849;100850;100875;100851;100876;100940;82244;100966;101006;100939;100941;101007;14848;14849;14850;14852;14853;14851;14855;14854;14857;14856;14861;14858;14860;14859;14862;14865;14863;14864;14868;14867;14866;14870;14869;14872;14874;14876;14875;14871;14873;14877;14879;14878;14880;14881;14882;14883;38953;14885;14886;14887;14888;14889;14890;14891;14892;14893;14894;14895;14896;14900;14898;14901;14899;14903;14902;14897;14904;14905;14907;14906;14908;14909;14911;14913;14912;14914;14915;14910;14917;14918;14919;14920;14916;14921;14923;14924;14922;14925;14929;14927;14931;14930;14926;14928;14932;14933;14935;14936;14937;14934;22542;22545;22546;22548;22547;22544;22543;22550;14938;22549;22551;22552;22554;22553;22555;22556;22558;22557;14939;22561;22560;22559;22562;22563;22565;22564;22569;22570;22571;22567;22566;22572;14940;22568;22573;22575;22577;22579;22574;22578;22576;22580;14941;22581;22582;22584;22583;22585;22587;22589;22586;22588;14942;22591;22590;22595;22596;22597;22598;22592;22593;22594;22599;14943;22601;22602;22603;22600;22604;22607;22605;22606;22611;22608;22610;22609;14944;22617;22612;22613;22616;22615;22614;22619;22621;22620;14945;22622;22625;22623;22624;22626;22618;22628;22630;22627;22631;22632;22629;14946;22634;22633;22635;22637;22636;22638;22640;22639;22641;22642;14947;22643;22644;22645;22647;22651;22649;22650;22646;14948;22648;22652;22654;22656;22653;22655;22658;22659;14949;22657;22660;22661;22662;22664;22663;22666;22668;22669;22665;22667;22671;22672;14950;22674;22670;22676;22675;22677;22680;22673;14951;22679;22681;22678;22682;22684;22685;22683;22686;22687;22690;22688;22691;14952;22689;22694;22692;22693;22695;22696;22697;22699;22700;22698;14953;22702;22705;22704;22703;22707;22701;22709;22708;22706;14954;22712;22710;22711;22713;22714;22716;22715;22717;22719;14955;22721;22718;22720;22723;22722;22726;22724;22725;22730;22729;22727;22728;22731;22732;22904;22881;22905;22735;22906;22907;22733;22734;14957;22931;22927;22935;22936;22934;22908;22937;23655;23656;23660;23659;23658;23657;23661;23662;23700;14958;23702;23703;23704;14959;23743;23757;23701;23742;23737;23767;23765;23768;23844;23790;23770;23766;23846;23791;23845;14960;23792;23911;23848;23847;23912;23913;23849;23947;23945;23946;14961;23948;23949;25339;25225;24025;24247;24006;14962;24026;24248;24293;24291;24296;24292;24295;24294;24297;24346;24765;14963;24359;24347;24776;24834;24819;24865;24793;24794;24835;24880;14964;24881;24921;25009;24879;25010;25008;25012;25097;25096;25011;25099;14965;25098;25151;25152;25153;25176;25100;25177;25227;25226;14966;25229;25299;25258;25228;25300;25259;25301;25503;14967;25463;25356;25464;25455;25529;25465;25530;25506;25504;25505;25531;25555;14968;25557;25556;25558;25532;25584;25581;25585;25583;25582;25616;14969;25586;25615;25628;25639;25675;25638;25640;25629;25678;14970;25677;25676;25742;25695;25744;25743;25780;25779;25781;25801;25782;25851;14971;25852;25826;25854;25853;25825;25856;25855;14972;25858;25860;25857;25859;25887;25909;25936;25861;25938;25959;14973;25937;25963;25962;25961;25960;25964;25965;25966;26030;25974;26029;26032;26031;14974;26033;26078;26034;26079;26035;26209;26210;26080;14975;26208;26975;26211;27043;26931;27066;26930;27515;26976;14976;27544;27545;27546;27547;27548;27549;27577;27587;27628;27629;14977;27621;27804;27842;28150;28151;27819;27630;27843;28253;28297;28298;28299;28301;14978;28300;28337;28339;28336;28338;29192;29226;29227;29191;29257;29228;29258;14979;29259;29260;29261;29263;29262;29338;14980;29339;29705;29337;29706;29755;29756;29803;29707;14981;29805;29806;29807;29837;29836;29808;29838;29839;29857;29840;14982;29858;29856;29859;29860;29861;29872;29873;29902;29903;29935;29936;14983;29904;29938;29937;29984;30000;29968;30023;29939;30060;30059;30061;30062;30063;30064;30066;14984;30065;30111;30112;30067;30125;14985;30188;30189;38954;30126;30224;30223;30155;30226;30225;30227;30229;30228;14986;30230;30232;30231;31055;31056;31028;14987;31123;31143;31145;31144;31102;31147;31148;31149;31150;31146;31169;31151;14988;31358;31359;31303;31360;31170;31425;31426;31589;31590;31588;14989;31587;31591;31628;31629;31592;31630;31661;31632;38955;14990;31687;31663;31709;31631;31662;31806;31721;31711;31807;31710;31809;31808;14991;31811;31948;31810;31950;31951;31952;31949;31969;32003;32005;32004;14992;32007;32006;32035;32057;32058;32034;32008;32059;32060;14993;32085;32086;32125;32084;32140;32141;32142;32126;32143;32127;32144;32305;14994;32306;32307;32378;32377;32380;32308;32309;32379;14995;32403;32406;32404;32407;32435;32405;32402;32447;32457;33077;32482;33174;33175;32448;14996;33173;33176;33178;33367;33401;33177;33230;33403;33402;14997;33450;33467;33491;33492;33527;14998;33507;33508;33566;33567;33551;33552;33568;33737;33738;33739;33764;14999;33773;33772;33774;33741;33740;33775;33826;33933;15000;34053;34032;34087;33934;34033;34163;34088;34171;34212;34223;34246;34254;15001;34253;34255;34352;34353;34354;34340;34370;34355;34386;34371;15002;34388;34415;34387;34392;34449;34444;34478;15003;34492;34500;34700;34669;34450;34757;34720;34810;34745;34937;34823;34938;34949;34950;34975;34974;34973;15004;34995;35010;35031;35011;35033;35036;15005;35083;35032;35061;35077;35174;35225;35091;35106;15006;35253;35275;35254;35276;35252;35294;35293;35314;15007;35333;35334;35313;35329;35378;35366;35365;35383;35364;35425;35384;35431;35382;35461;15008;35463;35547;35549;35550;35612;35548;35567;35637;15009;35622;35638;35691;35663;35662;35664;35738;35752;35692;15010;35739;35754;35755;35763;35762;35901;35908;35907;35764;35902;35790;15011;35992;35925;35932;35991;35924;35958;35968;35979;35967;35980;15012;35987;35993;36046;35988;36040;36134;36047;36066;35989;36067;36052;36053;15013;36084;36118;36076;36090;36119;36120;36142;36123;36146;36135;36164;36172;15014;36174;36173;36208;36189;36207;15015;38202;38641;38158;36843;38640;38642;38656;38667;38666;38691;38690;15016;38668;38692;38703;38702;38696;38723;38722;38704;38747;15017;38725;38724;38795;38833;38859;38861;38869;38880;38980;39332;38878;38991;38992;38990;15018;39391;39334;39374;39333;39439;39441;39440;15019;39452;39483;39495;39568;39451;39569;44690;44691;44692;44694;44693;15020;44696;44697;44695;44698;44700;44701;15021;44702;44699;44703;44704;44706;44705;44709;44710;44707;44708;44711;44714;15022;44713;44712;44715;44716;44718;44721;44722;44717;44724;15023;44725;44719;44720;44726;44728;44723;44729;44727;44732;44730;44731;44735;15024;44736;44733;44734;44737;44738;44739;44740;44741;44743;15025;44742;44746;44745;44748;44744;44749;44747;44750;44751;44752;44754;44755;15026;44753;44756;44757;44758;44762;44759;44764;44761;44763;15027;44766;44765;44760;44768;44770;44767;44769;44772;15028;44774;44775;44773;44778;44776;44779;44780;44777;44784;44782;44783;15029;44781;44788;44790;44787;44789;44785;44786;44791;44792;44793;44795;44797;15030;44794;44796;44798;44799;44800;44803;44802;44801;15031;44804;44805;44807;44806;44809;44808;44810;44813;44812;44811;15032;44816;44817;44815;44820;44819;44814;44821;44818;44822;44824;44823;44825;15033;44827;44826;44828;44830;44832;44831;44834;44833;15034;44835;44837;44829;44836;44838;44840;44841;44839;44842;44845;44844;44846;44843;15035;44849;44847;44851;44848;44852;44853;44850;44855;44856;44854;44857;15036;44861;44859;44858;44863;44862;44860;15037;44864;44866;44865;44970;44950;44867;44988;44951;45008;45025;45026;45027;45054;15038;45069;45057;45056;45094;45055;45113;45062;15039;45123;45369;45337;45397;45407;45396;45134;45412;45428;15040;45480;45427;45445;45479;45546;45559;45557;45560;45558;45556;46314;46243;46226;15041;45612;46213;46315;46707;46316;46352;46708;15042;46346;46709;46710;46724;46725;46830;46831;46829;46832;46875;46862;46861;47103;15043;47105;47154;47104;47584;47705;47153;47735;15044;47589;47736;47704;47767;47792;47791;47890;48220;47889;48222;48221;48224;15045;48225;48223;48240;48241;48247;48248;48384;15046;48256;48249;48270;48385;48344;48896;48895;48387;48925;48386;48924;15047;49103;49058;49121;49057;49114;48928;49150;49151;49184;49275;49277;49231;15048;49276;49292;49291;49676;49717;49767;49766;49815;15049;50452;49965;49966;50024;50309;50453;50696;50825;50864;50826;50865;51127;15050;51181;51180;51397;51128;51399;51398;51400;15051;51401;51427;51440;51428;51531;51530;51557;51556;51559;51677;51588;51817;15052;51819;51828;51665;51818;51862;51558;15053;51945;51946;51979;51978;51829;52028;52029;52030;52027;51977;51959;52037;52055;52031;52461;52056;52032;52484;15054;52512;52513;52463;52511;52537;15055;52549;52462;52600;52550;52548;52620;52621;52618;52660;52637;52619;52691;52718;15056;52720;52719;52551;52946;15057;52674;52948;52758;52947;52997;52949;52741;53212;53211;53198;52998;53260;53224;53304;53340;53341;53324;53343;53344;53393;53259;15058;15059;53495;53342;53506;53505;53558;53496;53477;53507;53604;53602;53832;53559;15060;53605;53861;53833;53603;53880;53862;15061;53860;55027;54588;55030;55032;53900;55033;55034;55035;55028;55036;15062;55029;55039;55038;55031;55042;55041;55040;55045;55065;55037;55044;55136;55145;55066;55164;55043;55280;55486;55146;55488;55489;15063;55490;55487;55516;15064;55537;55491;55524;55554;55170;55610;15065;55624;55538;55555;55672;55673;55674;55641;55694;55625;55721;55708;55770;55776;55722;55820;55769;55852;15066;55841;55998;55889;55888;56026;55942;56025;15067;56143;56074;56144;56167;56145;56116;56130;56231;56285;56179;56339;15068;56381;56307;56340;56394;56393;56414;56395;15069;56415;56409;56443;56571;56623;56586;56444;56669;56622;56663;56662;15070;56671;56624;56714;56670;56672;56715;56730;56727;56716;56729;56728;15071;56759;56761;56760;56786;56785;56856;56850;56881;56884;56923;15072;56882;56883;56929;56986;56982;15073;56999;57499;57501;56987;57500;57502;57503;57505;57504;57507;15074;57509;57510;57508;57512;57511;57514;57506;57513;57517;57515;57518;57519;57516;57520;57521;57523;15075;57522;57526;57524;57527;57525;57583;15076;57543;57542;57621;57693;57643;57702;57735;57753;57738;57736;57812;57813;57737;15077;57811;57814;57827;57851;15078;57879;57925;57880;57963;58011;57964;58077;58012;58043;58110;15079;58136;58078;58148;58097;58173;58172;58135;58251;58198;58199;58250;58295;58200;58277;58303;58324;58304;58357;58391;58393;15080;58436;58392;58459;15081;58417;58437;58485;58530;58541;58460;58728;58667;58598;58486;15082;58608;58753;58766;58754;58817;58804;58853;58729;58855;58854;58883;58908;58969;15083;58884;58978;59059;59060;58880;59070;15084;59062;59094;59061;59166;59182;59167;59093;59183;59215;59250;59759;59760;59216;15085;59761;59762;59251;59758;59764;59766;59768;59769;15086;59765;59767;59763;59771;59772;59776;59770;59774;59775;59773;15087;59780;59779;59778;59782;59777;59824;59781;59825;60088;15088;59839;60003;59961;60002;59890;60004;60068;60005;61374;60156;61382;60142;61401;15089;61440;61415;61439;61438;61520;61441;61495;61537;61578;61538;61627;15090;61652;61723;61555;61662;61792;61734;62011;62000;61735;15091;62015;62012;62013;62014;62067;62016;62113;62049;62086;15092;62225;62285;62317;62318;62440;62452;62188;62448;15093;62453;62599;62644;62643;62664;62665;62722;62667;62666;62723;62721;15094;62748;62872;62804;62929;62805;62778;63028;62949;63125;63068;63114;63126;15095;63151;63193;63188;63194;63269;63271;15096;63273;63272;63335;63270;63342;63341;63357;63358;63356;63382;63383;63359;63384;15097;63386;63385;63511;63456;63433;63457;63512;63557;63582;63640;15098;63556;64082;63648;64397;64395;64364;64493;64396;64439;15099;64553;64591;64648;64624;64649;64662;64635;64623;64671;64663;64880;64867;64881;15100;64732;64898;64897;64972;64973;64995;64996;15101;65178;65556;65033;65558;65228;65584;65557;65179;65582;65581;65585;65635;65586;15102;65695;65696;65727;65793;65921;65744;65812;66159;15103;66028;66296;66004;66180;66383;66281;66384;66546;66486;66431;15104;66548;66547;66557;66559;66558;66561;66560;66563;66564;66562;15105;66565;66566;66568;66569;66570;66571;66567;15106;66575;66574;66572;66602;66573;66676;66576;66603;66677;66766;66678;66916;66768;66767;66792;15107;66851;66905;66847;66846;66910;15108;66852;66906;66937;66917;66976;66974;66936;67102;67236;67101;67201;67131;67202;15109;67100;68889;68971;69083;68970;69084;68942;69094;15110;69107;69227;69109;69108;69277;69228;69197;69313;69398;69470;69354;69459;15111;69435;69473;69484;69483;69506;69505;69522;69523;69780;15112;69542;69813;69781;69841;69885;69884;69848;69959;69895;69938;15113;70105;70002;70080;70128;69960;70148;70200;70201;70353;70303;70354;15114;70355;70373;70375;70374;70372;70402;70403;70417;15115;70401;70502;70533;70534;70503;70636;70664;70652;70548;15116;70748;70722;70737;70733;70749;70981;70807;70982;70983;70986;70984;15117;71025;71080;71055;70985;71118;71097;71098;71141;71180;71146;15118;71221;71220;71254;71275;71276;71277;71402;71442;15119;71474;71278;71526;71497;71502;71527;71541;71528;71585;71618;71586;15120;71764;71769;71778;71779;71782;71781;71780;71802;71848;71849;71867;71850;71902;15121;71911;71934;71933;71980;72046;72239;72010;72011;72240;15122;72109;72248;72355;72375;72353;72412;72401;72354;15123;72440;72439;72537;72538;72438;72610;72611;72655;72562;72782;72647;72758;72886;15124;72911;72989;72912;72990;72952;72994;72991;72993;72992;15125;73106;73065;73164;73139;73214;73216;73215;73239;73238;73256;73255;15126;73254;73293;73278;73388;73351;73421;73350;15127;73440;73441;73465;73485;73713;73534;73501;73486;73599;73625;73581;15128;73657;73691;73626;73715;73744;73743;73745;73855;15129;73714;73856;73866;73867;73844;73868;73869;73924;73997;74027;15130;74044;73971;74043;74096;74097;74045;74095;74164;74129;74197;74256;74277;15131;77306;74279;74280;74294;74313;74278;15132;74315;74336;74314;74337;74381;74338;74374;74375;74476;74477;74498;15133;74499;76057;76082;76090;76091;76081;76172;76219;76194;76171;15134;76349;76299;76286;76285;76387;76418;76433;76465;76417;76583;76599;76499;76477;15135;76605;76689;76690;76841;76842;76717;76843;76857;76844;15136;76606;76858;76976;76884;76977;76949;76950;77007;77035;77100;15137;77101;77122;77111;77102;77202;77240;77123;77343;77307;15138;77344;77287;77358;77422;77419;77468;77469;77418;15139;77510;77547;77511;77585;77610;77671;77611;77637;77715;77716;77752;77751;77763;77762;77824;15140;77825;77919;77882;77880;77921;77920;77973;77881;15141;78026;134330;78044;78027;78046;78047;78045;78091;15142;78449;78092;78519;78518;78563;78589;78520;78659;78725;15143;78695;78681;78694;78785;78834;78784;78833;78861;78896;78898;78897;79065;79064;15144;79066;79221;79255;79339;79362;79564;79190;79627;79586;79600;79629;79628;79636;79637;15145;79669;79729;79697;79696;79728;79730;15146;79731;79808;79805;79807;79882;79883;79806;79886;79885;79887;79888;79884;79889;79890;80057;15147;80208;80126;80058;80207;80127;15148;80229;80285;80284;80307;80230;80255;80286;80393;80361;80401;80420;80308;15149;80444;80446;80445;80462;80528;80421;80558;15150;80573;80574;80871;80834;80872;80970;80833;80971;80972;15151;80973;81006;81028;81029;81090;81056;81110;81109;81027;81111;81129;81130;81131;15152;81149;81150;81189;81211;81250;134331;81251;81301;81302;81279;15153;81413;81444;81445;81409;81447;81446;81426;81448;81450;15154;81526;81528;81449;81527;81555;81598;81747;81607;81556;15155;81793;81748;81654;81795;81794;81831;81760;81832;15156;81830;81833;81835;81834;81836;81899;81900;81927;81982;81955;81983;81926;81999;81984;15157;82001;82000;82303;82048;82304;82305;82302;82511;15158;82538;82432;82623;82595;82624;82622;82670;82512;15159;82721;82719;82720;82744;82722;82746;82745;82839;82864;82806;82838;82929;15160;82865;83003;82930;83061;83062;83145;83063;83120;15161;83064;83065;83147;83146;83192;83191;83193;83231;83234;83233;83232;15162;83235;83236;83273;83307;83253;83306;83335;83308;83422;83381;83336;15163;83423;83501;83546;83775;83547;83748;83532;83786;83784;83785;15164;83787;83789;83788;83820;83908;83919;83889;83960;83980;84024;15165;84063;84025;84026;84167;84168;84171;84200;84277;84170;84298;15166;84299;84169;84373;84300;84436;84449;84350;84474;84509;15167;84511;84626;84599;84598;84552;84510;84650;84837;84836;84838;15168;84649;84839;84993;84965;84992;85032;85031;84933;85053;15169;85129;85130;85162;85163;85161;85184;85164;85281;15170;85352;85353;85165;85356;85355;85354;85357;85388;85517;85587;85466;15171;85588;85590;85569;85657;85589;85696;85753;85726;85664;15172;85756;85754;85755;85770;85809;85810;85898;85851;85915;85912;85913;85914;15173;85944;86023;86025;86050;86024;86107;86108;86156;86303;86157;15174;86329;86304;86375;86448;86430;86486;86447;86580;86581;86618;15175;86642;86665;86678;86582;86679;86680;86682;86666;86700;15176;86727;86713;86681;86728;86772;86795;86888;15177;86921;86832;86833;86954;86998;87057;87077;87058;87078;87080;87162;87163;87079;87187;87175;15178;87331;87288;87164;87289;87212;87383;87360;87359;15179;87384;87430;87429;87431;87479;92679;87428;87510;87511;87541;87739;87608;87740;87509;87684;87827;87742;87741;15180;87828;87851;15181;87829;87853;87898;87899;87900;87852;87979;87901;87996;87934;15182;88024;88424;88423;87995;88109;88110;88426;88389;88427;15183;88495;88425;88499;88498;88496;88497;88568;88462;88581;88601;88628;88602;15184;88629;88725;88702;88630;88726;88631;88727;88865;88728;15185;88741;88767;88768;88866;88867;88868;88869;88846;15186;88916;88915;88941;88942;88976;89046;89002;89003;89001;88943;88975;15187;89061;89004;89062;89005;89122;89694;89121;89695;89696;89697;89698;89791;15188;89792;89793;89851;89794;89877;89876;89972;90030;89926;15189;89878;90031;90033;90032;90101;90070;90071;90160;90125;90126;15190;90205;90206;90127;90278;90277;90207;90252;90280;90281;90323;90279;90369;90370;15191;90371;90322;90409;90453;90454;15192;90549;90550;90515;90551;90410;90686;90638;90687;90552;90688;90767;15193;90725;90808;90768;90724;90838;90839;90840;90896;90841;90897;15194;90929;90928;91023;90927;91025;91138;91052;91139;91024;91110;91174;91175;15195;91140;91266;91288;91199;91244;91200;91300;91366;91364;91365;91431;91430;91429;91473;91490;91474;15196;91506;91447;91549;91614;15197;91615;91524;91550;91616;91837;91693;91886;91891;91692;91906;15198;91907;91924;91923;91925;91926;91892;92327;92328;92224;91965;15199;91927;92381;92475;92502;92526;92382;92527;92525;92571;92572;15200;92548;92573;92614;92642;92644;92588;92666;92730;92643;92731;92706;15201;92955;92764;92795;92875;92956;92957;93019;15202;92954;93114;93018;93115;93116;93134;93238;92958;93237;93324;93325;93418;93117;93354;93254;15203;93486;93387;93546;93420;93419;93613;93547;93548;15204;93693;93669;93723;93695;93621;93668;15205;93549;93694;93748;93837;93747;93836;93835;93848;93838;93870;93914;15206;93941;93871;94079;94023;93849;94146;94205;94115;94116;94234;94056;94260;94259;15207;94456;94478;94588;94521;15208;94613;94644;94589;94738;94645;94743;94901;94943;94942;94744;94922;94902;95033;15209;95264;95034;95032;95297;95362;95361;95445;95298;95414;95610;95666;95828;95667;95777;15210;95827;95776;96017;96018;15211;96016;96015;95936;95958;95957;95956;96101;96103;96104;96105;96102;96287;96195;96193;96194;15212;96344;96345;96318;15213;96410;96346;96460;96461;96494;96462;96495;96498;96496;96637;96668;96667;15214;96669;96497;96638;96780;96819;96842;96844;96843;96885;96912;96932;15215;97068;96984;97067;96933;97089;97090;96913;97135;97137;97357;15216;97136;97196;97217;97397;97358;97400;97442;97398;97475;97498;15217;97399;97529;97474;97589;97615;97530;97757;97644;97643;97670;15218;97699;97783;97800;97802;97900;97922;97801;15219;99005;99004;97923;99006;97967;99007;99046;99190;99254;99047;99008;99140;99292;15220;99318;99640;99675;99484;99485;99695;99716;99545;15221;99954;99741;99742;99717;99970;99971;99973;99972;100071;100070;100163;100029;15222;100111;100178;100166;100164;100167;100165;100277;100278;100305;100391;100306;100279;100392;100433;100432;15223;100484;100520;100522;100521;100483;100560;15224;100579;100580;100561;100625;100725;100727;100728;100739;100726;100773;100797;15225;100774;100818;100819;100853;100852;100878;100877;100880;100967;100879;15226;101010;101008;101011;101009;101012;101034;101013;101066;101035;101067;15227;101322;101241;101176;101379;101380;101323;101240;101490;15228;101554;101555;101556;101557;101794;101911;101793;101984;101857;101910;101983;15229;101985;102135;102097;102209;102046;102045;102369;102211;102370;102210;15230;102372;102371;103792;102373;102443;102442;102374;102444;15231;102447;102445;102449;102448;102529;102483;102446;102550;102599;102600;102598;15232;102630;102715;102629;102791;102790;102685;102807;102684;102792;102825;102928;102826;102929;102931;15233;102927;102963;103096;103116;15234;102930;103146;102964;103148;103147;103231;103311;103198;103259;103260;103261;103312;103392;15235;103331;103365;103364;103432;103578;103579;103539;103473;103608;103654;15236;103580;103717;103655;103715;103716;103757;15237;103794;103758;103882;103859;103793;103992;103993;104057;103994;104223;104134;104222;104058;104258;104259;104302;104339;104224;15238;104340;104401;104400;15239;104402;104403;104414;104441;104365;104442;104465;104482;104467;104466;104483;104485;15240;104486;104503;104484;104504;104586;104588;104587;104643;104645;104535;104644;104684;104685;15241;104722;104723;104686;104754;104752;104753;104724;15242;104792;104940;104819;104862;105088;105087;104975;104861;105119;15243;105120;105121;105089;105122;105170;105330;105123;105332;105329;105397;105331;105195;15244;105430;105431;105432;105433;105499;105489;105623;105497;105595;105498;15245;105704;105754;105800;105799;105663;105664;106056;105801;15246;106109;105802;106076;106176;106212;106319;106235;106213;106321;106320;106413;15247;106412;106415;106414;106537;106593;106509;106661;106660;106662;106726;106729;15248;106727;106820;106852;106853;106728;106874;106854;106876;106875;15249;106955;106877;107024;106957;107025;106986;106956;107026;107120;107122;107119;107121;107124;107123;15250;107199;107279;108304;108345;108387;108386;108417;15251;108346;108419;108421;108418;108490;108523;108422;108420;108570;15252;108571;108663;108610;108611;108730;108698;108664;108696;108731;108771;108697;15253;108789;108772;108853;108773;108774;108816;108817;108905;15254;108854;109046;108906;109003;109093;109218;109092;109047;109065;109219;15255;109410;109349;109329;109220;109411;109415;109413;109518;109412;15256;109414;109558;109557;109587;109517;109556;109589;109588;109658;109659;109624;109660;109816;109802;109739;15257;109967;109902;109925;109901;109968;109969;110102;110207;110165;15258;110101;110315;110208;110317;110316;110386;110418;15259;110318;110420;110421;110419;110422;110464;110503;110424;110423;110570;110537;110571;110624;110665;15260;110572;110787;110729;110666;110928;110910;110929;15261;110911;110820;111014;110968;111088;111112;15262;111089;111141;111140;111087;111175;111234;111317;111316;111174;111173;111395;111360;111468;15263;111534;111396;111535;111537;111538;111521;111557;111594;111653;111536;15264;111668;111706;111652;111796;111707;111797;111985;111986;111988;15265;111987;111798;112232;112066;112185;112233;112280;117298;117297;117369;15266;117368;117370;117435;117505;117504;117436;117506;117437;117503;117611;15267;117674;117621;117645;117675;117676;117677;117644;117862;117812;117678;117838;117890;117909;15268;117957;117958;118097;118023;118071;118098;118121;118122;118099;15269;118158;118180;118216;118179;118408;118365;118473;118472;118474;118495;15270;118720;118722;118719;118723;118840;118721;118894;118893;118939;15271;118895;119040;119124;134332;119018;119268;119125;119314;119269;119290;119480;119508;119509;119313;15272;119561;119817;119792;119634;119891;119850;15273;119892;119893;119943;121057;121135;121136;120963;121134;121167;15274;121168;121056;121400;121425;121426;121317;121234;121484;121486;121485;121438;15275;121557;121558;121559;121560;121561;121576;121628;121603;122102;122069;122068;15276;122268;122269;122163;122271;122270;122516;122272;122517;122321;122551;122518;122519;122621;15277;122722;122793;122724;122794;122723;122933;15278;123020;122957;123021;123025;123022;123024;123026;123023;123531;123530;123097;123532;123691;123692;15279;123533;123799;123835;123800;123836;124037;123758;15280;124038;124039;124205;124344;124095;124096;124345;124721;124683;124368;124722;15281;124779;125094;125095;124780;125097;125176;125344;125343;125414;15282;125415;125608;125096;125709;125609;125742;125416;125857;125858;125784;125859;15283;125783;125905;125929;126013;126012;125930;126128;126127;125959;15284;126351;126129;126352;126224;126392;126391;126529;126608;126514;126654;126655;126657;15285;126755;126966;126837;126656;126967;127102;126968;15286;127486;127487;127077;127488;127490;127489;127492;127867;127491;127823;15287;127930;127822;127929;127928;128066;128083;128125;127868;128180;128182;128181;15288;128307;128429;128479;128430;128510;128559;128511;128560;128534;15289;128621;128782;128884;129072;129026;128620;128622;129073;128783;129107;129074;15290;129365;129306;129412;129364;129108;129413;129414;129415;15291;129416;129507;129596;129856;129985;129506;129597;130073;130136;130135;130134;15292;130289;130288;130290;130350;130349;130351;130438;130524;130437;130369;130525;130612;15293;130631;130981;130984;130983;130774;130985;130982;15294;131036;131087;131140;131086;131139;131142;131141;131294;131439;131438;131784;131249;15295;131838;131966;132061;132108;132063;132110;132109;132269;132062;132082;132326;15296;132347;132426;132424;132423;132425;132427;132635;132699;132760;15297;132761;132736;132875;133107;133106;133151;133230;133109;133110;133108;15298;133326;133415;133417;133416;133325;133533;133419;133475;133418;133534;133657;15299;133700;133658;133699;133733;133731;133734;133815;133732;133816;15300;133880;133879;134095;133878;134094;133968;134353;134433;134183;134434;134634;15301;134577;134773;134774;134772;134917;134839;134984;135191;15302;135416;135103;135206;135207;135208;135366;135499;135365;135417;135725;135878;15303;135879;135794;135983;136069;135984;135982;136124;136125;136123;136126;15304;136127;136370;136291;136292;136369;136373;136372;136374;136371;136375;15305;136413;136430;136376;136431;136591;136676;136590;136675;136721;15306;136703;136932;136754;136778;136933;136837;137340;137155;15307;137208;137341;137209;137376;137374;137573;137373;137375;137675;137764;137674;137731;137673;137864;138065;15308;137888;138066;138104;137912;138105;138225;138106;138107;15309;138226;138227;138394;138645;138365;138644;138647;138646;138649;138648;138651;138860;138914;138650;15310;139010;139210;139254;139298;15311;139099;139211;139255;139521;139389;139342;139631;139553;139522;139777;139812;15312;139929;140059;139877;139878;139930;140060;140104;140062;140061;140300;140299;15313;140301;140302;140667;140796;140303;140607;140811;140666;141138;141243;141385;15314;140936;141464;141511;141651;141552;141843;141886;141841;15315;141725;142189;141897;142626;142050;142513;142618;142858;142635;142885;142951;142664;143002;142920;15316;143130;143187;143191;143332;143194;143260;15317;143439;143315;143313;143500;143509;143505;143551;143544;143593;144041;144043;144189;15318;144311;144322;144353;144437;144483;144477;144609;144594;144426;15319;144679;144672;144624;144691;144737;144626;144824;144839;144866;144818;15320;145021;145132;145123;145194;145386;145397;145480;145471;145527;145319;145309;145728;146318;15321;145523;146122;146242;15322;146371;146357;146389;146562;146353;146052;146617;146561;146757;146599;146514;146613;146603;146786;146791;146787;146892;146926;146895;15323;146942;146922;147784;146986;147855;15324;147789;147793;148170;148172;148169;147904;148235;148236;148225;148234;15325;148277;148300;148212;148326;148305;148364;148441;148433;148314;148444;15326;148536;148615;148841;148756;148870;148932;148964;148963;148967;149010;149007;149011;149017;149020;15327;149005;149038;149232;149082;149219;15328;149229;149218;149250;149373;149275;149482;149490;149609;149635;149855;149715;149897;150115;15329;150095;150165;150310;150109;150302;150706;150228;15330;150803;150704;150903;150705;150905;151423;151037;151422;151485;15331;151622;151667;151807;152019;151890;151833;152068;152163;152138;152169;152165;152224;15332;152395;152270;152271;152419;152418;152516;152564;152518;15333;152568;152565;152783;152638;152967;152775;152892;152753;152943;153123;15334;153024;153201;153202;153182;153215;153509;153485;153570;153572;153668;153512;15335;153865;153941;153970;153862;154148;154159;153993;154178;154177;154194;154354;154263;154428;15336;154707;154432;154732;154229;15337;154750;154818;154734;154772;154815;154948;155293;154949;155311;176381;155015;155314;155294;155317;155373;15338;155634;155708;155975;155709;155870;155769;15339;156114;156124;156015;156013;156186;156233;156189;156259;156191;156260;15340;156188;156266;156331;156466;156451;156442;156547;156564;156267;156563;156651;15341;156616;156697;156636;156695;156751;156768;156762;156763;156767;15342;156948;156949;157263;157253;156950;157256;15343;157259;157260;157251;157322;157320;157249;157258;157380;157378;157257;157886;15344;157891;157447;158031;158090;158052;157908;158044;158158;158089;158043;158109;158200;158201;15345;158202;158204;158335;158270;158509;15346;158203;158677;158699;158684;158585;158746;158761;158682;158836;158762;158678;158781;158898;15347;158897;158899;158857;158979;159109;159205;159202;15348;159229;159112;160000;159466;159269;159510;159585;15349;159602;159709;159898;159906;159905;160199;160402;159904;15350;160294;160525;160469;160887;160846;160629;160628;161150;161254;160540;161154;161153;161328;161329;161401;161436;161434;161437;15351;161494;161512;161404;161513;15352;161636;161493;161689;161703;161687;161747;161961;161686;161807;15353;162013;161960;161751;162159;162403;162143;162405;162126;162505;162549;15354;162506;162562;162561;162415;162152;162620;162762;162820;162701;15355;162719;162724;162703;163250;163248;163265;163225;163024;163264;162983;163414;163413;163433;15356;163481;163416;163656;163651;163650;163500;163480;163753;163681;163473;15357;163912;163926;163913;163927;163980;164094;163909;164092;164169;164150;15358;164160;164168;164283;164387;164241;164384;164438;164273;164321;164471;164470;15359;164416;164813;164517;164648;164815;164812;15360;165081;164492;164825;165207;165291;164943;165331;165328;165255;165330;165512;165514;15361;165546;165549;165547;165430;165625;165329;165548;165714;165594;165707;165746;15362;165710;166093;165747;166175;165757;166158;166110;166233;166277;166289;15363;166232;166427;166705;166674;166704;166733;166706;166804;15364;166902;166591;166803;167041;167052;167200;167201;167434;167295;167046;167275;15365;167433;167746;167631;167776;167911;167916;167747;168145;167915;168215;15366;168194;168002;168228;168402;168338;168457;168401;168623;168424;168400;168643;168232;15367;168615;168880;168783;168882;169342;169280;168946;169436;15368;169435;169419;169437;169930;169946;169917;169698;170048;169929;169916;15369;170151;170157;170047;170105;170196;170046;170656;170485;170724;170726;170655;170657;15370;170761;170753;170771;170770;170941;170947;15371;170942;171106;170952;171007;171108;171107;171218;171497;171376;171500;171237;171267;15372;171622;171614;171623;171572;171498;171628;171878;15373;171882;171631;171897;171922;171811;171900;171920;172051;171919;171921;172052;172329;172090;172448;172505;172130;172616;15374;172027;173387;172615;172657;173391;15375;173947;173649;173948;173950;173650;173415;174046;174250;174273;174275;174214;174397;174701;15376;174607;174384;174965;174696;15377;175152;175078;175047;175570;175077;175125;176076;175664;176150;176052;175661;176198;175672;176200;176333;15378;176436;176435;176431;176432;176497;176662;176334;176445;176976;15379;176888;177097;177293;176539;176933;177305;177351;177372;15380;177294;177104;177422;177403;177478;177490;177489;177404;177382;177627;15381;177488;177573;177713;177832;177736;177482;177888;177885;177887;177911;178003;15382;178014;178043;178042;178098;178310;178687;178743;178331;178328;178916;15383;178917;178793;179046;178329;179044;179345;179346;179395;179393;179365;179043;179394;15384;179381;179424;179628;179630;179923;179735;179819;179738;180015;179974;15385;180186;180016;179736;180520;180206;180515;180523;180198;15386;180522;180551;181211;181212;181250;180519;181130;181448;181509;181209;181567;181446;15387;181566;181731;181564;182169;181565;181817;181879;182382;182198;182418;182380;182426;15388;182379;182474;182647;182559;182649;15389;182750;182651;182889;182473;182866;182943;182888;182941;182908;183019;15390;183306;183207;183679;183876;183892;183877;183018;183985;183687;183893;184063;184062;183984;184060;15391;183997;184064;184099;184319;184434;15653;184442;184100;184383;185420;185415;184443;185521;185486;185520;185957;185953;186008;185812;186206;185979;186027;186207;186283;186303;186265;186224;15654;186306;15655;186514;186518;186517;186704;186326;186737;186539;186738;186928;186830;187051;187033;187110;15656;187197;187194;187213;187136;187289;15657;187196;189093;189096;189091;15658;187288;187195;189144;189092;189464;189490;15659;189725;15660;189387;189388;189723;15661;15663;15666;15667;15664;189755;15662;15665;15668;15672;189465;15671;15673;15670;15669;15674;15676;15677;15675;15678;15681;15680;15679;15682;15684;15683;15685;15688;15687;15689;15686;15727;15729;15830;15728;15824;15831;15825;15844;15893;15835;15845;15953;15690;15932;15899;15907;15994;15961;16007;15925;16013;16020;16008;16025;16072;16048;16047;16049;16073;16096;16074;16102;16104;16087;16105;16103;16112;16127;16106;16128;16129;16132;16130;16155;16156;16150;16131;16165;16176;16196;16186;16182;16181;16214;16213;16212;16234;16215;16235;16233;16236;16238;16248;16249;16239;16246;16237;16252;16266;16283;16300;16311;16340;16262;16284;16343;16342;16341;16345;16344;16348;16347;16346;16365;16382;16381;16383;16380;16457;16464;16470;16391;17130;17136;17143;16465;17196;17197;17232;17324;17577;17299;17286;17600;17578;17657;17639;17641;17640;17673;17664;17674;18030;18010;18009;18042;18056;18053;18086;18087;18080;18152;18143;18115;18153;18151;18157;18242;18195;18158;18226;18513;18303;18514;18227;18304;18517;18516;18519;18518;18515;18595;18623;18630;18632;18629;18603;18596;18646;18631;18645;18652;18655;18662;18651;19195;18663;18664;18667;18665;18674;19196;18673;19188;19219;19189;19220;19221;19224;19223;19257;19270;19225;19315;19316;19258;19318;19373;19319;19317;19336;57528;19431;19432;19430;19433;19475;19476;19478;19477;19479;19526;19531;19528;19527;19529;19530;19532;19560;19561;19562;19565;19564;19563;19567;19566;19568;19569;19609;19571;19570;19613;19610;19683;19611;19682;19612;19685;19684;19690;19708;19711;19709;19710;19788;19786;19789;19787;19791;19785;19790;19792;19793;19796;19795;19794;19799;19797;19800;19801;19802;19798;19803;19805;19806;19804;19807;19809;19808;19846;19845;19848;19954;19847;19953;19955;19956;19959;19960;19957;19958;19961;19963;19962;19965;19964;19966;19967;19969;19970;20019;20020;20018;19968;20070;22736;20063;20071;20072;22738;22737;22739;22741;22744;22740;22746;22742;22745;22743;22749;22748;22747;22750;22753;22754;22752;22751;22756;22755;22757;22758;22759;22760;22761;22762;22767;22764;22763;22765;22766;22769;22768;22771;22770;22773;22775;22772;22774;22776;22777;22778;22780;22782;22779;22781;22786;22783;22785;22787;22788;22784;22789;22792;22790;22791;22793;22794;22796;22799;22795;22798;22800;22801;22797;22802;22803;22804;22805;22808;22807;22806;22809;22810;22812;22811;22813;22814;22815;22816;22817;22819;22818;22820;22822;22821;22824;22826;22823;22828;22825;22827;22829;22830;22834;22832;22831;22833;22836;22835;22837;22840;22838;22841;22843;22844;22839;22845;22842;22846;22849;22847;22848;22850;22851;22853;22855;22856;22854;22852;22857;22860;22861;22858;22859;22862;22863;22864;22865;149524;167253;172172;165181;153223;173294;178291;180188;178292;180189;187382;189506;186666;186667;138149;137364;166389;138150;138151;153806;126603;166390;180503;52045;144790;148360;58483;161952;163271;168926;166752;144791;179310;164640;173055;164641;173056;52536;31130;121509;51095;51094;139785;36185;24670;58591;33480;20746;55883;180577;155350;181476;181466;181475;181474;159272;117359;117358;105411;29801;72704;11631;10451;26915;35717;136927;136928;14198;11625;11997;31731;22312;26185;24355;136767;149062;136766;31850;22253;105752;55995;77632;77633;77634;77635;79720;77631;85545;85544;77864;164651;111528;55732;108713;153805;150504;172033;164632;168494;174982;177843;168650;182154;83032;78823;69982;70727;104178;87309;62946;91813;62945;76149;73921;99170;90427;99172;155470;24814;26014;22129;25080;22196;22127;25296;11619;38651;18537;24733;22160;58290;85448;141173;147171;165629;77026;108800;152458;108801;108802;108799;14682;150945;80119;183976;176577;188001;176636;177559;177585;175130;183044;179213;175791;177566;177567;184220;175433;175822;177563;177565;177564;177562;177568;177569;183047;176071;179211;179209;182951;177572;179207;177561;184212;183049;177560;177571;183046;179212;179208;177715;177538;183041;179707;178751;183050;180010;182422;183052;181929;182423;181930;182919;182916;184221;184217;184199;186321;188029;189112;88390;122552;133510;91525;189113;137913;139813;118614;97499;110056;141516;105434;126393;166241;184213;164481;184219;134956;97758;163509;118615;96052;132549;126394;94344;122553;91838;95374;129308;118616;150477;88703;105435;118617;184216;97864;184218;97443;104187;147628;94765;118618;166244;118598;105398;142318;91053;147626;124206;118619;140615;132550;95959;136129;136128;160562;135013;136130;100134;160565;184214;184211;184215;105466;154697;104303;129075;162475;179676;151462;184222;144346;97476;118620;138228;88428;184225;184236;132551;118621;96053;95960;152819;118622;97091;159629;129076;144096;118623;157382;87786;184231;152816;94345;184235;174569;104366;137377;91327;132552;93200;183040;139814;134918;96054;89973;160567;132553;138229;162824;119732;147637;137914;105399;126395;151461;118599;184229;174336;124418;118624;151495;177581;118625;163412;156827;105467;184233;156848;93255;160575;154685;151498;161405;159509;118626;93030;184230;184226;159514;151460;146409;104188;147905;127495;122432;92845;105436;129598;118627;136131;78119;78120;78121;166243;91141;88917;78123;78122;154678;97306;165732;78124;88429;184227;118628;163773;132554;95961;105400;165308;154698;139815;126396;118629;132555;78126;78125;118630;154701;166496;168230;88870;156833;166235;123027;142038;123028;136132;122958;167056;118600;92846;118631;184223;97419;139816;97151;78127;91201;78128;78129;97901;78130;97359;97477;163785;78131;88430;146410;78132;78133;178337;184234;167738;78134;87743;78136;125417;104189;78137;78135;86003;78139;88431;78138;78141;78144;78142;78140;78145;78143;160557;78147;163087;95962;78148;78146;105333;162474;78149;78150;78151;88432;78152;78153;78154;95937;123029;78155;78157;146413;78156;184228;84450;96106;78158;78160;78159;123030;160679;88531;93971;78162;78163;78164;83477;86004;78161;78165;86005;78166;78167;78169;78168;118632;78170;78171;78172;144341;78173;93696;138819;78174;78176;78175;78179;78178;78182;78177;78180;154679;78181;78184;78183;78185;184224;78187;79670;78188;143112;78190;100135;78189;78191;118633;78192;78193;83004;105735;78195;78194;78196;83502;78197;78198;78199;78200;78491;86006;80256;78660;80257;78696;78697;127496;91617;84451;78835;78877;137676;133625;79340;80447;85945;79602;79601;79732;79644;79603;79604;86007;79587;79605;79809;79606;79733;85946;79891;79892;80038;80059;80108;80231;81608;92383;81557;92384;80309;97671;86008;80529;80891;88582;92528;81558;83148;86009;88433;156835;85947;81303;184232;81390;141185;81391;86256;162431;160560;82671;118634;81609;82513;82576;86271;88434;86272;85948;82539;97420;88435;119731;82577;82672;85949;86257;85963;125683;82673;83005;82905;82932;82931;83006;85950;86026;83038;85951;83749;99203;93135;84010;95938;85771;93256;91202;85952;93850;154702;111708;85916;91367;86010;163776;85953;85917;88064;85918;84966;88436;91368;86011;86012;85054;99238;88437;84627;85954;86013;91507;86014;88065;88847;91579;85131;85518;88811;93915;94655;91328;105510;88812;91301;88813;85607;85852;88814;101938;93084;91398;85853;85697;85854;85708;86015;85889;85856;85855;85890;85857;91329;85932;85891;91432;138230;97307;119894;97308;91302;86109;95963;97531;86187;87902;86358;91433;86407;118635;86330;86619;86449;97560;87903;91330;156824;88815;88438;91313;88439;91448;91314;91315;86773;86796;86729;86774;136133;107135;99048;147636;161332;184327;123977;95939;149078;184335;118636;144363;88848;104190;160392;126397;154686;184331;93100;155624;139704;119793;99920;118637;184321;93257;118601;118638;175432;92667;135014;183042;138652;126398;110057;126399;118639;139817;184334;97152;177579;183048;123136;105401;144103;91434;101491;132556;118640;159886;100179;184324;167058;118641;154700;184332;94646;92876;142359;161372;90455;118642;136208;104687;99641;136209;146388;97401;104304;134957;101492;92707;126400;132557;104191;118643;104107;166238;87787;97838;151466;118644;152776;100180;149081;94984;119818;160395;87660;91861;160397;100000;160564;163779;94449;118645;122763;132558;160537;121439;97444;129309;90324;95717;95940;160391;119733;184242;156826;132559;118602;184322;124419;136134;177577;184325;127078;100181;97153;95941;118603;154690;163767;91142;122554;139818;151463;122764;184333;144344;144364;132560;118646;160568;87904;142043;156831;123031;177570;95942;132561;139819;118647;105437;129310;91580;183039;118648;166297;118649;129307;154703;119895;124420;118650;97445;156828;132562;129311;163783;184329;157297;91143;184243;184239;126401;122765;156843;119696;139820;104192;146403;100136;144358;95035;132563;118651;165658;87432;184326;163402;97421;147633;156834;87905;105438;138395;91694;129312;105402;137915;125480;88849;159139;118652;119697;154682;122433;94147;166236;104108;92847;147631;176382;104305;146390;136135;154672;154699;105403;132548;152825;161503;142523;137916;154680;121440;146405;159281;95900;160487;118653;118654;118655;151499;88851;107136;184240;105439;118604;132564;156829;147632;105404;118656;177583;163787;184241;94647;184330;184238;95964;97478;123032;184328;95718;168419;91054;97154;129313;97360;184323;146611;93839;127497;136136;95400;94985;152827;134958;162943;160566;124464;93247;118605;118657;154674;139821;97422;97361;148278;91055;138233;132565;144098;118658;177582;160485;94117;150462;164910;124421;104306;132566;118606;93749;88871;96463;127498;126402;132567;157367;97479;147500;184261;184262;139822;162942;154689;183051;152823;184265;184250;160484;100001;149070;91695;118659;160571;119635;152820;153762;95965;177557;184251;150194;127493;123978;118607;184266;139823;144093;101093;167059;152777;144359;100137;118660;166237;97155;142248;92959;139824;136137;163088;118608;87771;147629;96985;100002;78201;118661;184258;78202;137917;136138;103262;177576;166747;184269;156823;142041;184244;118662;78203;138231;97218;154692;152814;105440;142049;122766;91056;126403;118663;154676;144352;159379;147630;184248;143110;118665;118664;184270;101858;139825;118666;118609;118667;86016;184263;129314;174338;118668;105468;93136;97924;124422;147524;122767;118669;97402;166245;135940;88769;136139;91435;78204;160551;183043;124423;166567;95943;144435;118670;155605;91551;104260;118671;78205;125481;132568;88025;160570;184271;133511;93916;97423;129315;163778;118672;156841;88872;144345;97446;90411;184255;184273;100003;149069;95944;92708;90102;118673;160546;144349;184245;150465;118674;87433;105469;94766;144357;118676;118675;137918;118678;118677;99009;103313;93201;160559;160630;170492;184264;152826;154675;166240;147634;97362;163781;93239;118679;105441;132569;100704;160482;101912;154695;163334;93202;88852;184257;123837;156837;111709;136207;123838;118680;127499;184267;136140;160573;118610;95966;94479;122434;97532;125482;132570;118681;160561;104307;118611;118682;184253;161504;119819;156840;97447;99204;162483;121441;143102;104261;118683;118612;147635;145255;100138;78206;87434;155753;100004;184246;163775;94206;139826;132571;147625;184249;177580;177578;160558;147623;101493;156825;93750;90809;78207;139827;151496;107137;163784;162729;160556;142036;144355;177574;163786;94412;136141;105442;91303;99444;132572;160547;144361;88026;184252;126404;88463;156842;94522;154693;118685;134959;118684;88742;119820;100331;132573;92986;91144;184268;118686;104193;88873;125483;154684;88066;122622;132547;132574;142037;154880;146404;118688;118687;88770;154691;88440;165258;136142;94118;160569;118689;133774;97156;97424;95967;118690;143103;93840;118691;177226;78208;126405;136143;118692;184260;100112;78209;136144;104415;118693;78211;78210;78212;163772;184247;147627;155754;161197;88441;78213;157329;154671;126406;154696;184259;184256;94480;95036;176552;160553;146391;99921;156838;138067;177274;184272;101094;93550;147624;118694;160555;184254;134960;78214;166239;152824;94301;160574;168433;154677;96781;94923;88888;95968;126407;104341;118695;154687;184300;138234;139828;95969;119668;136145;144356;105470;126408;135015;112023;126448;104194;184301;125484;100280;154683;103995;87788;100182;142247;93841;91369;88874;110058;118696;150460;110059;146402;132575;127500;142046;91436;174340;104308;118697;118698;184302;154968;154673;78215;101913;129316;78216;93203;163782;126409;184294;118699;152815;150469;97333;163777;78217;86017;118613;78218;132576;78219;104109;95970;91331;160572;160552;118700;140616;184296;104135;137919;95971;184293;90456;142264;92005;132577;78220;100006;156830;124424;151465;105443;161373;184299;177584;118701;154681;158316;78221;163734;154694;160554;105444;78222;184297;78223;105445;138232;96464;162484;179952;100007;94687;87435;146408;124425;78224;136146;94648;78225;146398;127501;87436;149072;154888;100168;163774;97480;129317;122435;156839;92765;78226;92709;140617;140470;184298;99546;160396;118702;163235;132578;132579;90161;160545;127494;132580;176362;152821;163780;156836;101859;94986;166242;104262;160548;118703;87906;152817;167739;139829;136147;124426;104342;132581;152822;125485;132582;101242;88442;97902;100139;119669;89945;126410;177575;78227;88569;154688;105405;122768;163403;184295;78229;78228;96288;101324;137378;183045;129318;138068;105471;78230;118724;160563;78231;81597;78232;91552;151790;102732;175792;174339;175131;151021;174337;102733;30152;60154;13661;13662;43164;13663;13665;13666;13668;13669;13667;13673;13671;13672;13670;13675;13676;13677;13674;13679;13678;13680;13682;13683;13684;62243;13686;13685;13688;13687;13691;13692;13689;13693;13690;13695;13694;13696;13697;13698;13700;13699;13702;13704;13703;13701;13705;13709;13707;13708;13706;13711;13710;13713;13712;13714;13715;13716;13718;13720;13719;13717;13723;13721;13722;13725;13724;13727;13726;13728;13730;13729;13731;13734;13732;13735;13733;13736;13737;13738;13746;13749;13747;13739;13748;13750;14207;13850;14208;13851;14210;14209;15474;14252;14320;14321;14203;14348;14628;14839;14627;14349;14592;14593;14373;14643;14374;14642;14741;14742;14744;14743;14688;14690;14689;14701;14692;14691;14693;14789;14703;14704;14702;14716;14717;14764;14807;14765;15430;14808;15422;15454;15475;15544;15578;15471;15584;62245;62246;15585;15732;15731;15730;62247;15734;15733;15747;15735;15748;15791;15790;15848;15842;15847;15841;15896;15976;15895;15977;15930;15979;15978;15980;16027;16026;16028;16029;16030;16031;16052;16051;16055;16050;16032;16097;16033;16107;16098;16099;16113;16134;16133;62248;16268;16167;16166;16267;16287;16285;16286;20073;20056;20074;20076;20075;20077;20078;20164;20099;20098;20100;20101;20114;20138;16288;20139;16289;20166;20186;20165;20188;20187;20189;20190;20191;20194;20193;20192;20229;20230;20231;20242;20243;20232;16301;20256;20287;20257;20258;20288;20259;20260;20277;20278;20290;20291;20289;20304;20279;20305;20306;20308;20307;20311;20323;20309;16349;20310;20324;20326;16350;20325;20351;20350;16352;16351;16353;62253;16354;62254;16355;16356;16357;16358;16374;16467;16466;19614;17137;16373;19615;19617;19616;19619;19618;19620;19621;19622;19626;19625;19623;19624;19627;18314;18316;19628;18315;18317;19629;18318;19630;18319;19631;19632;19634;18320;19635;18321;19636;19633;18322;19637;19638;18325;18324;19639;18323;18326;19640;62255;18327;19641;18329;19642;18330;19643;19644;18328;18331;18332;19647;18333;19645;19646;19648;18334;19649;19650;19651;19653;19652;19654;19656;62256;19655;19657;62258;18335;62257;19658;18336;18337;18378;18438;18574;18377;18439;18575;18508;18578;19464;18579;18509;18577;18543;18580;18581;18542;18593;18582;18604;62259;18624;18684;18685;18625;19259;19190;19197;19198;19230;16118;16119;19290;19260;19261;19264;19262;19272;19271;19273;19274;19275;19276;19278;19279;19280;19291;19293;19294;19292;19375;19320;19374;19321;19322;19465;19379;19435;19468;19466;19467;19378;19434;19420;19659;19421;19436;19469;19438;19437;19470;19660;19481;19471;19480;19661;19482;19483;19663;19662;19664;19666;19667;19665;19668;19720;19721;19722;19724;19723;19726;19725;19727;19728;19730;19731;19729;19732;19733;19738;19734;19735;19736;19737;19739;19869;19868;19870;19872;19871;19874;19873;19740;19877;19876;19875;19879;19878;19881;19882;19880;19971;19972;19883;19884;20024;20022;20023;20021;19973;20026;20167;20027;20025;20029;24027;62261;62260;20028;62262;20403;62263;20404;20406;20407;20408;20409;20405;20730;20756;20757;20802;20847;20410;20871;24028;24029;24030;24031;20848;24032;20881;20872;20882;20883;24035;24034;24036;24033;20884;24037;24038;24039;20937;24041;24040;24042;24044;24043;24045;24046;24048;24049;24050;24047;24051;24053;24052;24055;24054;24056;24057;24058;24059;24060;20998;20997;24061;24062;24064;24066;24063;24065;24067;24068;24069;24071;24070;24072;24073;24074;24075;24078;24076;21076;24077;24081;24079;24080;24082;21123;21122;21169;21191;21101;21190;24083;21192;21249;21251;21250;21273;21253;21252;21274;21295;21294;24084;21296;24085;24086;24087;24090;24089;24088;24091;24092;24093;24097;24096;24099;24098;24095;24100;24094;24103;24102;24101;24105;24106;24108;24104;24107;24109;24110;24111;24113;24116;24115;24117;24114;24112;24120;24118;24123;24122;24119;24121;24124;24127;24126;24128;24129;24125;24130;24134;24132;24133;24131;24135;24136;24137;24138;24140;24139;24141;24143;24142;24145;24148;24146;24144;24147;24149;24150;24152;24151;24155;24154;24153;24157;24156;24159;24158;24163;24162;24161;24160;24165;24164;24168;24167;24166;24170;24171;24169;24173;24174;24172;24176;24180;24177;24178;24179;24175;24181;24183;27648;24182;62264;62265;62268;62267;62266;62269;27649;27650;24184;62270;27652;27651;24185;27654;27655;27653;24186;24187;24188;27656;27657;24189;24190;27658;24191;24192;27659;27661;27660;27663;27662;24193;27664;24194;27665;24195;27666;27668;27669;27667;24196;24229;27670;27672;27671;24197;27673;27674;24198;27675;27676;27678;27679;27677;27680;24200;27682;27683;24199;27681;24225;27684;24224;27685;27686;24230;27688;24226;27687;27689;24231;24298;27693;27692;27691;27694;27695;27690;27696;27697;27698;27701;27699;27700;27702;27703;27705;27704;24820;27707;27708;27706;27709;27710;27711;27712;27714;27713;27715;27716;27717;27718;24299;24324;24325;27719;27720;27724;27722;27721;27725;24300;27727;27726;27728;27723;27729;27730;27732;27731;27733;27736;27735;27734;27739;27738;27737;27740;24301;24302;27741;27742;27743;27744;27745;27747;27746;27748;27749;27750;27752;24303;27751;27754;27753;27755;24305;24304;27757;24306;27758;27756;27761;27759;27760;27762;24348;27764;27763;24349;27765;27767;27766;27769;27768;27770;27771;27772;24360;27773;24361;27775;27774;27776;24728;27777;27778;27779;24692;27780;24693;27781;27782;24694;27783;27784;27786;27785;27787;27788;27789;27790;27791;27793;27792;27795;27794;27796;27797;27798;27801;27800;27799;24766;24714;24715;28153;27805;28152;27807;27806;27810;24716;27808;24717;28302;27809;27811;24718;27812;24729;27820;28254;27821;24767;28154;27822;28186;28155;28156;28157;28303;28158;28255;28159;28160;24768;24769;28161;28162;28304;28305;28163;28164;24821;28187;28213;24822;24795;24796;28188;28190;28189;28191;28192;28306;28214;24823;28215;28216;24824;28307;28230;28229;28256;28231;24882;24883;28257;24836;24884;28258;24837;28309;24885;28308;28312;28311;28310;28340;28313;28341;28342;29264;24922;28343;30024;24923;29193;28344;25001;24924;24925;28345;24926;28347;28346;29194;29265;29195;24928;25002;24927;29266;29267;29269;30068;25003;29268;29270;25046;25045;29271;29708;29272;29273;29709;30069;29275;29274;29276;25013;25014;25028;29277;25027;29278;25029;29841;29280;29279;29281;29282;25030;25047;25048;29283;29284;29710;29842;30026;29713;29712;30025;29711;29714;29715;25101;29757;29759;29809;29758;29760;29761;29763;29810;29765;29764;29762;29767;29766;29795;29794;29768;25178;25127;25128;25180;25179;25181;25182;25183;25231;25230;25232;25234;25302;25448;25233;25303;25466;25357;25358;25304;25468;25467;25375;25469;25376;25377;25378;25559;25380;25379;25449;25450;25470;25471;25507;25508;25509;25511;25510;25618;25617;25587;25588;25589;25590;25657;25658;25619;25716;25659;25620;25630;25621;25631;25717;25745;25746;25747;25783;25910;25838;25839;25863;25864;25862;25911;25939;25865;25913;25912;25941;25940;25975;25976;25977;25979;25978;25980;26081;26036;26083;26082;26932;26114;26933;26116;26115;26934;27059;26935;26936;27058;27060;27061;27633;27631;27635;27634;27632;27636;27637;27638;28232;28233;28234;27639;29196;28314;29197;29198;29285;29286;28315;29287;29844;30070;29845;29843;29846;30071;29847;29863;29862;29848;29864;29940;29865;29942;29941;29944;29943;29945;29947;30027;29946;29948;30028;29985;29949;29986;29987;29988;31361;29989;31427;30072;30156;30073;30074;30076;30075;30077;30078;30080;30079;30081;30083;30113;30082;30085;30084;30233;62271;62272;62274;62273;36704;62275;31362;62276;34966;37222;36311;30086;37932;34965;30114;35012;30115;36774;37675;35013;36853;35014;37165;35015;35044;35226;36755;35227;35385;35045;37734;30087;37823;35046;35047;36373;38122;37147;35078;35079;35062;35048;35049;36742;35064;37924;35065;37255;35063;35094;35093;35095;37348;30234;35092;35098;35097;35096;37057;37657;37313;35228;30235;35099;37488;36460;36324;37149;37100;38098;35229;35230;38006;35231;36894;36447;35232;35233;35235;35234;35237;37257;35236;35238;37568;35239;35264;35255;35256;35265;36570;35266;37268;36263;36266;35267;37604;35665;37013;35386;35387;35592;30157;30158;30159;30160;30161;30236;30237;30238;30163;31057;30239;31058;30162;31029;31060;31030;31059;31061;30240;31062;31064;31066;31067;31065;31068;31063;31069;31071;31070;31072;31073;31074;31075;31076;31078;31079;31080;31104;31103;31106;31077;31105;31108;31107;31171;31172;31363;31124;31152;31173;31176;31153;31174;31175;31177;31179;31178;31180;31311;31364;31182;31312;31181;31313;31316;31314;31812;31317;31315;31365;31318;31813;31814;31325;31366;31326;31428;31367;31369;31368;31372;31371;31370;31374;31373;31375;31430;31429;31431;31432;31433;31435;31436;31664;31970;31434;31665;31667;31669;31668;31670;31666;31688;31690;31971;31689;31691;32087;31712;31692;31742;31745;31744;31743;31713;31749;31748;31815;31746;31751;31747;31750;31817;31819;31816;31821;31820;31818;31822;31823;31826;31825;31824;31827;31828;31829;31972;31973;31976;31977;31974;31975;31979;32382;31980;31981;31978;32037;31982;32036;32040;32042;32039;32038;32043;32091;32088;32041;32089;32044;32090;32095;32092;32093;32094;32099;32097;32098;32100;32096;32101;32102;32106;32103;32107;32105;32108;32109;32104;32197;32198;33143;32200;32203;32202;32196;32201;32199;33144;32206;32207;32205;32204;32328;33231;32327;32458;32329;32333;32330;32331;32332;32334;32336;32335;32339;33232;32338;32340;32337;32341;32343;32344;32342;32345;32459;32348;32346;32460;32349;32347;32384;32383;32385;32387;32410;32408;32411;32409;32412;32386;32413;32414;32436;32438;32462;32461;32464;32463;32437;32465;32468;32467;32483;32466;32484;32485;33079;32469;32486;33080;33081;33078;33082;33083;33114;33115;33112;33113;33116;33146;33145;33117;33148;33149;33147;33150;33180;33179;33181;33183;33184;33185;33182;33221;33368;33222;33235;33234;33369;33233;33236;33370;33237;33261;33260;33238;33259;33263;33262;33264;33372;33373;33405;33371;33404;33406;33409;33408;33407;33411;33410;33412;33413;33416;34124;33415;33414;33418;33454;34421;33417;33453;33455;33456;33458;33457;33469;33459;33468;33470;33535;33536;33515;33514;33516;33839;33517;33840;33537;33518;33519;33520;33521;33540;33539;33538;33542;33541;33543;33555;33554;33553;33841;33569;33776;33842;33765;33766;33767;33768;33769;33777;33770;33778;34172;33843;33844;33845;33846;33847;33883;34102;34101;34125;34126;34103;34100;34128;34127;34131;34129;34130;34132;34134;34133;34135;34136;34137;34138;34141;34422;34279;34139;34140;34142;34144;34146;34143;34148;34147;34145;34149;34174;34150;34177;34173;34176;34175;34178;34179;34180;34182;34185;34181;34183;34184;34186;34204;34203;34224;34187;34225;34226;34227;34280;34281;34423;34282;34283;34284;34305;34286;34285;34287;34306;34313;34307;34314;34308;34479;34341;34309;34342;34376;34344;34356;34377;34378;34380;34379;34343;34357;34381;34425;34424;34427;34480;34451;34426;34453;34454;34452;34455;34711;34481;34710;34456;34493;34482;34494;34483;34670;34672;34495;34673;34674;34671;34701;34677;34675;34713;34712;34676;34681;34682;34683;34702;34684;34703;34704;34705;34758;34706;34707;34746;34759;34715;34716;34717;34747;34824;34721;34714;34722;35016;34748;35017;34749;34760;34750;34825;34761;34774;34775;34776;34777;34778;34827;34828;34826;34829;34830;34831;34832;34835;34833;34834;37735;34837;36933;37315;34836;37326;35388;35389;35390;37525;37801;36641;37912;35391;35392;35393;35394;35397;35396;36344;35395;35438;37219;35398;37826;37803;36411;35399;37860;36929;35455;35400;36222;35593;37875;35456;37157;36767;35440;35439;35404;37773;35464;35441;35457;37947;37071;38028;35666;37560;38129;36322;35465;42375;42374;41974;42072;41975;41973;42122;42073;42121;42267;42123;42268;42074;42124;42152;42376;42125;42126;42269;42153;42127;42377;42270;42128;42154;42155;42156;42158;42444;42445;35466;42157;42447;42446;42448;42271;42192;35693;42193;42195;42272;42449;42194;42378;42274;36971;42273;42786;42881;42379;42275;42882;42278;42277;42276;42281;42280;42279;42787;42827;42297;42935;42381;35560;42382;42380;42384;42383;42386;42400;42402;42385;42401;42965;42403;42883;42450;42884;42452;42451;42936;42453;42902;42901;42903;36779;42802;42804;42805;42806;42803;42807;42904;42984;42905;42906;42907;42985;42845;42846;42848;42847;42849;42987;42986;42988;37553;44877;42885;43008;42908;35561;37289;36882;42909;43113;42910;42911;43327;42939;43328;42938;37279;42937;42940;42941;42966;43370;43371;42942;43114;47167;35594;43115;44878;43602;43611;43009;43329;43012;43010;43011;43090;43013;43372;47168;43014;43591;43032;35595;43033;43034;43116;43035;43117;43612;43118;43036;37680;43330;35596;37960;43103;43373;43092;43119;43091;43120;43122;43124;43123;43126;43121;43125;43332;43166;44879;43165;47169;43331;43603;47170;43604;43334;43335;43333;43337;43336;43341;43340;43338;43339;44880;43375;35734;43374;44882;44881;43606;43607;43593;44883;35597;43594;43595;37881;43592;37378;35667;35668;36955;35669;37920;35604;36489;35670;36702;35671;35735;37466;36304;35694;36913;37388;36301;35781;36735;35933;35808;35720;37687;35744;36796;37727;35745;36603;37133;35746;37641;35756;35753;36945;36780;35782;37543;36748;35769;35959;35783;36996;38079;35960;35802;36291;35801;36866;36875;36287;35909;35926;35927;38159;37482;36068;37423;35961;35934;37264;35962;37872;37197;39392;36108;36233;36320;36660;35981;36827;35982;35983;37905;37136;35984;35995;35994;35996;36811;36384;38080;36022;35997;37306;36023;37444;37323;36024;36025;37242;36503;36026;36041;37824;37633;36054;37813;37911;36156;36905;37298;36077;36091;36109;37599;36110;36124;37517;36125;37753;37541;37865;37866;36126;38669;38796;38671;38670;38672;39592;39593;36165;36703;37055;36312;36166;36190;36175;36706;36209;38184;38185;38956;37075;36210;36211;36261;37309;37870;38726;38673;38957;38160;38727;38674;38186;38187;38189;38675;38188;38835;38809;38676;38810;39453;38916;38749;38748;38811;38750;38958;38959;38960;38993;38994;38797;38798;38836;38837;38812;38961;38862;38863;38962;38905;38904;38906;38907;38931;39393;39474;39476;39475;38908;38917;38918;38919;38933;38932;38934;38935;38937;38936;38938;38995;38939;38941;38940;38996;38997;38943;38999;39394;38942;39000;38998;39395;39397;39503;39396;39539;39504;39399;39771;39400;39398;39401;39540;39505;39402;39541;39405;39404;39403;39542;39407;39406;39455;39454;39458;39457;39456;39459;39543;39477;39544;39545;39507;39506;39546;39508;39509;39512;39510;39511;39547;39513;39844;39548;40828;39602;40474;39603;39604;39605;39607;39606;39609;39610;39608;39611;39612;39854;39772;39613;39773;40948;40580;39774;39855;39846;39845;39847;40409;39856;40410;39858;39859;39857;39860;39862;39861;39864;39865;39863;40346;40356;40347;40357;40424;39866;40358;43015;40411;40395;40412;40414;40413;40425;40452;40426;40428;40451;40427;40454;40453;40481;40455;40475;40476;40482;40670;40456;40483;40484;40754;40504;40829;40628;40505;40627;40506;40514;40507;40515;40830;40755;40774;40756;40516;40757;40517;40534;40536;40579;40566;40535;40949;40568;40950;40569;40570;40567;40581;40600;40671;40582;40601;40599;41628;40602;40603;40672;40604;40832;40831;41629;40606;40605;40629;40863;40864;40673;40675;40674;40676;40677;40678;40679;40681;40680;40682;40833;40683;40684;40686;40685;40687;40688;40690;40758;40759;40689;40865;40866;42454;40809;40780;40810;40854;40855;40856;40857;40951;40952;41630;41631;40908;40867;40909;41632;40895;41609;40990;40896;41633;40991;40898;40897;40953;40954;40955;40992;40956;41016;41015;40993;40994;40996;40995;41610;41017;41018;41611;41612;41613;41019;42387;41020;41614;42045;41636;42282;41634;41635;42283;47172;47171;44884;47174;47173;47175;47176;47177;44885;44886;44887;44888;47178;47179;47180;44889;47181;50669;47182;47183;47184;47185;47186;47187;47189;47188;47192;47191;47194;47193;47190;47195;47197;47196;47198;47202;47201;47200;47199;47203;47206;47204;47205;47207;47208;47209;47210;47212;47211;47213;47835;47214;47215;47217;47684;47218;47219;47216;47220;47221;49152;47222;47719;47596;47585;47223;47226;47224;47225;47768;47227;47586;47229;47597;47228;47720;47598;47607;47608;47564;47673;47674;47565;47587;47230;47610;47609;47611;47612;47599;47685;47686;47675;47769;47613;47770;47836;47231;47721;47837;47771;47772;47614;47687;47722;47838;47723;47724;47839;48226;47840;48356;48355;50428;48206;47232;47841;48227;48357;48324;47807;47809;48410;47808;47810;47812;47811;48358;47813;48376;47842;47233;48304;47843;48228;48229;47844;48305;47845;47846;47847;47234;48411;47848;47849;48230;47851;47850;47235;48412;47236;48207;48208;47237;47240;48325;48326;47238;47241;47239;47242;48929;49677;48306;48359;49090;48377;48388;49649;48930;48307;48746;48378;49091;48308;49650;48389;49073;48277;49660;53394;48365;47243;48413;48309;48425;48327;48310;48328;48426;48330;48331;48329;47245;47244;49104;48390;48391;48747;48366;47246;50389;48368;48367;48913;48414;48369;48914;49105;48415;48379;48931;48932;49106;48897;48392;49153;49074;48393;47247;48416;48394;48395;49107;48418;48417;49059;48420;48419;49060;49092;49093;49095;49094;49075;47248;48748;48915;48916;49294;49293;49122;49154;49155;49096;49061;49194;47249;49156;49157;47250;47251;49158;47252;47253;49160;49159;49097;49076;49185;49077;47254;49195;49196;49239;49718;49678;49679;49680;49240;49242;49241;49243;49161;49244;49245;49162;47255;49197;49164;49163;49246;49198;49295;49165;49187;49661;49200;49186;49201;49199;49188;47256;49937;49247;49979;49938;49682;49248;49681;49720;49719;49662;49249;49664;49663;49635;47257;51344;49297;49721;49296;51345;47258;49722;49651;49723;49683;49725;49684;49816;49724;50697;49685;49782;47259;49727;49817;49726;47260;49783;47261;49768;50454;47262;49939;49769;49980;49818;49981;50455;50354;49819;49820;49821;49982;49940;50025;47263;49968;49983;50026;49985;49986;49984;50294;51464;50293;50437;49988;50390;50005;50004;49987;50391;50392;50028;49969;50006;50393;50027;50029;50032;50030;50033;50031;50034;50395;50477;50394;50396;50532;50355;50438;50295;50035;50036;50439;50310;50007;50397;50496;50311;50593;50478;50497;50398;50356;50312;50440;50419;50456;50457;50420;50399;50441;50479;50421;50585;50584;50480;50481;50483;50484;50586;50482;50587;50589;50400;50588;50468;50485;50458;50414;50401;50402;50422;50506;50507;50564;50403;50498;50499;50443;50444;50442;50515;50565;50518;50517;50566;50519;50516;50520;50552;50550;50551;50554;50553;50459;50486;47264;50555;50626;50556;50557;50508;47265;47266;50567;47267;50568;50594;50590;50591;47268;50596;50595;47269;50592;50682;50615;50683;50616;50684;50617;50662;50618;50685;50663;50698;50671;50670;50619;50673;50812;50672;50674;50813;50675;50655;50664;47270;50657;50656;50833;50834;50972;50814;50847;47272;47271;50835;50836;47273;50837;51065;51064;47274;51081;50866;51082;47275;51084;51099;50867;47276;51083;51066;50979;51067;51147;51346;47277;51068;51148;51150;51193;51149;47279;47280;47278;51347;51137;51151;51130;51131;51129;47281;51348;51362;51405;51390;51361;51406;51412;51375;51373;51407;51376;51374;51413;51414;47282;51377;51429;51415;51382;51381;51391;51402;51383;51403;51392;51378;51409;47283;47284;53395;51408;51430;51431;51419;51441;47285;51442;51443;47287;47286;47290;47289;47288;47291;47292;47294;47295;47293;47297;47296;47298;47299;47300;47301;47302;47303;47304;47306;47305;47308;47307;47310;47311;47309;47313;47314;47312;47315;47316;47317;47318;47321;47319;47320;47322;47323;47326;47324;47325;47327;47329;47328;47331;47332;47330;47334;47335;47333;47336;47337;47338;47341;47339;47342;47340;47343;47344;47345;47347;47348;47349;47350;47351;47346;47352;47353;47355;47354;47356;47357;47358;47359;47360;47361;47362;47365;47364;47363;47368;47367;47366;47374;47371;47369;47372;47373;47370;47376;47378;47375;47377;47380;47382;47381;47383;47379;47384;47385;47387;47388;47386;47389;47390;47393;47392;47394;47391;47396;47395;47397;47398;47399;47400;47401;47402;47405;47404;47403;47406;47408;47407;47409;47410;47411;47414;47415;47412;47413;47416;47417;47418;47419;47420;47421;47422;47423;47424;47425;47427;47426;47428;47429;47431;47430;47433;47615;47432;47435;47434;47436;47438;47437;47439;47440;47444;47442;47443;47445;47441;47447;47446;47451;47449;47450;47448;47452;47453;47456;47455;47454;47457;47459;47458;47460;47462;47461;47463;47464;47468;47465;47467;47466;47470;47469;47473;47472;47471;47475;47477;47474;47476;47479;47480;47478;47482;47481;47486;47484;47485;47487;47483;47489;47490;47491;47492;47488;47493;47496;47495;47494;47497;47499;47498;47501;47500;47502;47503;47504;47505;47508;47506;47507;47509;47510;47511;47512;47514;47513;47515;47516;47517;47521;47520;47519;47518;47523;47522;47524;47525;47526;47527;47528;47530;47531;47532;47533;47529;47535;47534;47536;47537;47539;47538;47540;47600;47542;47541;47543;47545;47544;47547;47546;47548;47549;47550;47551;47676;47566;47552;47553;47554;47555;51448;51449;51576;51512;51577;51947;51565;52552;54631;54632;51948;51444;51513;51514;51515;51516;51517;51518;51519;51578;51445;51646;51579;51465;51647;51651;51648;51650;51652;51649;51653;51655;51654;51787;51853;51854;51788;51580;51656;51566;51678;51679;51820;51680;51581;51681;51822;51821;51830;51823;55002;53901;51831;51855;51856;51864;51896;51863;52004;53478;51927;55944;51842;51897;55943;55984;55867;55866;55868;55865;55945;55909;55946;55947;55869;55870;55910;55890;55891;55948;55985;56096;56075;56095;56076;55986;55949;55950;55960;55911;55952;55951;55961;55962;51980;55987;55963;55988;56010;51989;55989;55892;56011;56146;55955;51990;55953;56012;56014;55954;55893;56180;55990;56013;56286;56147;56287;56148;56149;56131;56132;51949;56097;56181;56218;56150;56219;56098;56015;56099;56100;56151;56182;56102;56183;56101;56103;56396;56105;56133;56104;56134;56135;56136;56138;56349;56137;56200;56107;56106;56201;56350;56202;56302;56184;56288;52017;56351;56220;52019;52018;56152;56153;56185;56156;56155;56186;56154;56203;56221;56289;51960;56352;56232;56157;56222;56158;52033;56353;56354;56223;56224;56225;56233;56355;56322;56356;56226;56228;52705;56357;56290;56227;52034;56358;51961;56291;56359;56292;56293;52570;56294;56217;52569;56360;51981;56295;52514;56416;52515;56303;56361;56308;56362;56363;56309;56234;56364;56365;56367;56366;56418;56368;56417;56341;56369;56386;56419;56382;56370;56537;56420;56572;56397;56573;56421;56422;56342;56423;56371;56539;56540;56515;56538;56516;52464;56517;56473;56474;56457;56475;56424;56518;56487;56398;56486;56519;56488;56489;56541;56696;56542;56520;56717;56543;56544;56656;56655;56547;56546;52465;56545;56787;56788;56930;56931;56851;56574;56575;56932;56885;56852;56886;57141;56933;56789;56673;56887;57308;56888;56934;57069;56718;56790;56791;56889;56936;56890;56792;56935;56793;56731;56794;56732;57070;56795;56719;56720;57071;56733;56863;57072;52516;56796;56864;56721;56697;56813;56815;56814;56938;56891;56939;56937;56722;56893;56892;56797;56798;56800;56950;56799;57142;56801;56802;56894;56895;56924;56896;56940;56963;56925;56918;56865;56965;56926;56964;56897;56966;57000;56951;56952;57007;57006;56898;57001;56899;52517;57325;57754;56941;57324;57143;52005;56967;52057;57073;52006;57002;57004;57008;57009;57074;57003;57075;57076;52159;57077;57078;57326;52518;57327;57366;57368;57369;57367;57417;57418;57416;57309;57382;57328;57384;57419;57383;57385;57420;57386;57387;57388;57421;57437;57476;57438;57422;57439;57424;57440;57401;57423;57425;57622;57389;57441;57442;57443;57477;57478;57444;57450;57451;57452;52466;57714;52539;52485;52467;52538;52519;52520;52742;52553;52554;52743;52744;52556;52571;52555;52558;52557;52560;52559;52522;52521;52622;52623;52759;52561;52601;52572;52603;52624;52540;52604;52602;52638;52562;52573;52661;52639;54834;52574;52625;52662;52675;52663;52640;52981;52590;52641;52982;52692;52642;52645;52643;52693;52644;52647;53435;52646;52676;52591;52677;52679;52694;52695;52678;52664;52680;52721;52681;52665;52722;52723;52697;52696;52724;52725;52706;52727;53240;52950;52726;52951;52952;52953;53241;52964;52746;52965;52983;53516;52745;56296;53305;52999;53306;53000;53213;53215;53363;53216;53214;53199;52985;53345;52984;53364;52954;53365;53366;53242;52955;53243;53200;53201;53452;53261;53262;53202;53225;53264;53263;53436;53367;53265;53325;53203;53437;53299;53300;53406;53326;53438;53479;53550;53453;55050;53551;53368;53396;53541;53454;53457;53456;53552;53455;53461;53458;53460;53459;53462;53480;53481;53553;53463;53518;53517;53508;53497;53519;53464;53520;53498;53465;53466;53554;53499;53467;53555;53521;53560;53557;53522;53561;53562;53537;53556;53849;53606;53563;53564;53565;53609;53607;53608;53566;53816;53611;53567;53635;53578;53610;53818;53627;53612;53634;53817;53613;53834;53614;53835;54286;53863;53864;53644;53865;53866;55386;53645;53615;53902;53850;53903;53836;54944;53904;53851;54292;54293;54609;54294;54608;54295;54573;54633;54634;54574;54572;54957;54635;54575;54297;54296;54576;54907;54824;54636;54908;55051;54909;54975;54976;54910;55052;54637;54912;54835;54913;54837;54836;54911;54914;55387;54958;54945;54947;54946;54977;55003;54915;54917;54959;54978;54948;54916;54960;55054;55053;54949;54961;55055;54950;55056;54963;55004;55006;54962;55007;55057;55147;55005;55059;55148;55149;55058;55492;55493;54979;54980;55008;55150;55495;55151;55494;55153;55061;55060;55152;55388;54981;55154;55062;55389;55155;55391;55156;55390;55675;55393;55578;55676;55392;55394;55412;55475;55476;55425;55461;55496;55463;55464;55579;55462;55465;55556;55580;55842;55466;55426;55497;55427;55871;55428;55545;55498;55499;55526;55525;55654;55655;55599;55527;55602;55557;55600;55601;55546;55581;55559;55528;55500;55560;55501;55558;55529;55582;55656;55595;55657;55596;55561;55583;55603;55562;55604;55611;55660;55658;55659;56108;55677;55662;55738;55661;55612;55679;55678;55750;55739;55680;55751;55872;55740;55663;56016;55873;55752;55874;55741;55760;55807;55875;55876;55808;55742;55753;55843;55743;55744;55766;55767;55844;55777;56297;55771;55772;55778;55781;55779;55754;55782;55783;55780;57584;57453;57544;57563;57479;57545;57566;57565;57546;57590;57715;57564;57716;57591;57592;57547;57623;57670;57624;57548;57644;57703;57645;57549;57625;57609;57717;57695;57694;57718;57626;57610;57672;57627;57671;58461;57611;58462;57755;57756;57782;57784;57781;57673;57783;57674;57719;57897;57898;57828;57815;57881;57816;57899;57865;59972;57829;60006;60007;59973;59940;59826;59975;59974;57757;59941;60070;59976;62724;62725;60069;60128;60071;57866;60072;60073;57986;60074;60158;60157;57867;60122;61416;61465;57987;60123;60075;60113;61417;60131;60129;60130;61383;60143;60132;60144;60145;60147;60146;61384;61419;61418;60148;60149;61466;60133;61385;57868;61386;61420;61421;61468;61387;61442;61422;61467;61423;61470;61469;61471;61473;61472;61474;61496;61424;61497;61476;61475;57817;61477;61499;61500;61425;61498;61579;61580;61664;61663;57882;61521;61613;61582;61581;61556;61628;61583;61666;61684;61665;61614;61615;61685;61616;61667;61629;61633;61630;61631;61632;61634;61635;61637;57900;61636;62128;61584;58013;61686;61668;62130;62131;62129;61669;62132;61601;61698;61697;61699;57901;61602;61687;61688;61755;58014;61671;61670;61700;57902;62133;61672;61673;61674;62134;62017;62136;61702;61701;62135;61776;61756;61777;62018;61778;61703;62137;61757;62138;61758;61736;61638;58120;61737;61738;57952;61779;62050;57953;58121;57869;61739;62139;58122;61724;62140;62019;62020;61759;62141;62021;58123;57954;62417;62143;62142;61760;62189;61761;62034;62144;62035;62146;62145;62147;62051;62052;57903;62053;62190;62191;62148;62149;62150;62151;57904;62152;62153;62156;62154;62155;62159;62157;62158;62161;62162;62160;62319;62163;62192;62320;62164;62165;62321;62322;58015;62323;62166;62324;57965;62378;62294;62377;58044;62167;62227;62226;62295;57966;62325;62418;62327;62326;62397;62328;62329;58045;62330;62332;62331;62228;62789;62333;62334;62336;62230;62441;62231;62229;62335;62233;62442;62232;62337;62338;62443;62339;62193;64083;62398;62297;62399;62296;62234;62654;62550;64440;62790;62420;62419;62421;62525;62526;57905;57906;62400;62449;62567;58016;62527;62454;62502;58017;62455;58018;62668;62655;62528;62456;62531;62530;62600;58046;62529;62470;62486;62568;62551;62569;62601;62645;58047;62532;62533;62726;63195;62534;62535;62602;62605;62603;62604;62606;62727;62487;58048;62696;62570;62697;62536;62646;58049;58050;62656;62538;62537;62503;62749;62647;62657;62552;62658;58079;62648;62839;62607;62669;62670;62672;62779;62610;62609;62671;62608;62873;62750;62673;62728;62729;62698;58252;62863;62765;57988;62822;62823;62699;58187;57989;62751;62752;57990;63029;62767;62824;62766;62730;62840;62825;62768;62827;62826;62841;57967;62864;62865;62842;62753;62889;62829;62828;62754;62769;58188;62843;62844;58019;62874;62912;62845;58080;62875;62847;62846;62850;62849;62950;62848;62830;62851;62852;62951;62876;62878;62831;62877;62894;62854;62853;62879;62952;63101;62895;62880;62896;62855;62881;63008;63102;63007;62882;62883;65531;62970;62913;62914;63208;62971;58149;62915;62954;62953;63030;58189;62955;63031;62978;63034;63035;63033;63009;63032;63036;63037;63038;63010;63051;63040;63127;63041;63039;63081;63282;63042;63043;63044;63103;63045;63128;58098;63082;58253;63046;63084;63083;63085;63052;63086;63129;63087;63088;63130;58020;63047;63172;63053;63054;63131;63011;63196;63307;63089;63013;63173;63012;63014;63055;63090;63138;63048;63056;63139;58150;63140;63209;63142;63141;63233;63057;63234;58151;63235;63132;63174;63176;63175;58051;63247;63178;63246;63177;63179;63248;58152;63482;63143;58153;63180;63133;63189;63210;63197;63198;63249;63250;63212;63211;63236;63213;63483;63237;63238;64882;63214;63484;63239;63251;63387;63252;63253;63327;63274;63254;63215;63360;63181;63255;63275;63328;63276;63486;63487;63485;63277;58154;63513;63488;58155;63361;65180;63308;63490;63489;63216;63240;63491;63458;63309;63524;63492;63310;63278;63283;63329;58156;63493;63494;63363;63362;63375;63311;63336;65823;63495;63388;63496;63343;63391;63390;63330;63389;63497;63392;63499;63498;63393;63377;63500;63376;63378;63394;63400;63501;63459;58157;58278;63460;58124;58158;58125;58126;58686;58159;58190;58160;58305;58191;58254;58255;58306;58256;58279;58622;58307;58280;58623;58257;58308;58281;58282;58161;58258;58259;58297;58296;58418;58309;58260;58364;58463;58310;58464;58311;58366;58367;58370;58368;58369;58365;58371;58346;58372;58312;58687;58542;58336;58487;58543;58373;58337;58405;58375;58406;58544;58376;58374;58488;58465;58419;58689;58688;58377;58546;58545;58466;58467;58420;58489;58548;58468;58690;58547;58691;58625;58626;58549;58627;58692;58551;58550;58624;58730;58421;58694;58695;58469;58693;58668;58552;58470;58553;58696;58697;58698;58731;58669;58699;58554;58701;58702;58703;58700;58704;58706;58708;58779;58705;58709;58707;58628;58629;58632;58630;58631;58555;58634;58633;58635;58636;58638;58780;58924;58781;58637;58782;58732;58783;58710;58711;58733;58784;58805;58712;58818;58819;58820;58785;58821;58856;58639;58786;58858;58713;58822;58857;58715;58714;58955;58925;58926;58788;58789;58996;58787;58823;58824;58755;58825;58827;58835;58834;58859;58826;58956;58861;58979;58997;58860;58912;58910;58885;58909;58911;58957;58886;58887;58914;58958;58913;58915;59256;58960;58959;58888;58980;58928;58927;58836;58930;58862;58929;59071;58931;59098;58916;58932;58935;58961;58933;58881;58934;58863;59080;58998;58970;58917;59079;59257;58936;61585;58981;58918;59259;59450;59258;59001;59000;59002;58999;59004;59099;59003;59100;59005;59007;59006;59008;58919;59101;59260;58983;58982;59022;58971;58962;59261;59081;59023;58984;59331;58985;61478;59262;59198;59263;59024;59264;59265;59025;59082;59199;59072;59266;61479;59102;59217;59268;59267;59269;59270;59202;59204;59203;59201;59200;59271;59218;59219;59531;59295;59272;59273;59296;59332;59333;59297;59274;59962;59298;59429;59205;59277;59483;59278;59300;59301;59335;59299;59276;59334;59337;59338;59279;59389;59339;59336;59341;59280;59340;59342;59345;59344;59343;59415;59346;59379;59348;59349;59347;59351;59350;59416;59352;59419;59421;59417;59418;59430;59420;59431;59571;59572;59434;59432;59433;59435;59532;59353;59512;59573;59533;59511;59513;59486;59436;59437;59485;59484;59514;59534;59515;59390;59535;59487;59574;59539;59536;59661;59538;59391;59537;59540;59575;59542;59541;59576;59544;59545;59488;59688;59840;59689;59543;59438;59690;59691;59578;59422;59581;59577;59580;59579;59546;59582;59799;59720;59800;59662;59664;59663;59692;59950;59695;59694;59693;59665;59696;59547;59697;59698;59801;59548;59699;59739;59951;59666;59841;59842;59942;59550;59740;59549;59804;59802;59805;59742;59741;59806;59807;59744;59808;59743;59827;59745;59943;59977;59944;63502;59978;63628;63627;63629;63504;63503;63630;63461;63583;63505;63514;63527;63525;63649;63515;63526;65229;63529;63631;63528;63530;63632;65230;63507;63506;63531;63516;64084;63517;63508;63650;63509;63518;63462;63651;63532;69819;63633;63634;64365;64367;64366;63510;63635;63533;63636;64085;63652;63655;63653;64368;63624;63654;63657;63658;64398;63656;63660;64251;64086;64252;63659;64253;64087;63584;63661;64399;63587;63586;63585;64400;64254;64266;64460;64267;64265;63625;64268;64370;64255;64256;64369;64441;64269;64371;67261;67262;67264;64372;67263;67266;67265;67267;67269;67270;67271;67268;67275;67274;67273;67272;67276;67277;67278;64088;64270;64271;67280;67279;67282;67281;67283;67285;68985;67284;67286;69288;64272;64373;67288;67287;64273;64274;67289;67290;67291;67292;67293;67295;67296;67294;64275;67297;67298;67300;67301;67299;67302;67303;64277;67304;67307;67308;64276;67309;67305;67306;67311;67312;67313;67314;67315;67310;68998;67316;64278;67317;67319;64442;67318;67320;67323;64401;67321;67324;68999;67326;67325;67322;67328;64402;67330;67327;64404;67329;64403;67331;67333;64405;67334;67332;67339;67337;67336;68860;67335;68986;67340;67338;64443;69061;67341;69000;64406;64444;68882;68883;67342;68884;69001;68890;68886;68885;64494;68892;68891;68887;68894;64495;68895;68893;64445;67343;68896;69023;68972;64407;69002;69003;68897;64408;69004;65169;68861;69005;65168;69006;64409;69007;68987;68988;68989;68973;64410;69024;68974;68975;69026;70202;69027;69025;69062;69198;69146;69145;69199;64672;69064;69148;69063;69147;69095;69149;69150;69151;69217;69152;64446;69216;69200;69202;69203;69201;69204;69205;69153;69085;69028;69206;69207;64592;69208;69209;69186;69355;69086;69188;69187;64412;69210;64411;64447;64413;69248;69211;69249;69403;69356;69289;69380;70203;69290;69298;64414;69299;69381;69382;69357;69300;69358;64415;64416;69359;69360;64417;64418;69291;69361;69363;69362;64257;69364;69384;69383;69292;64419;69385;69386;69387;69389;69404;69405;69388;69302;69365;64420;69390;69391;69406;69408;69407;64461;69409;69410;69393;69392;69411;69394;64593;69461;69460;64462;69485;64448;69450;64463;70909;69486;70204;69782;69524;69783;64464;64449;69525;69462;64450;69772;69526;69436;69527;69784;69815;69463;69529;69528;69451;69530;69533;69532;69498;69452;69531;69487;69773;69534;69544;69774;69488;69543;69775;69535;69537;69792;69785;69886;69536;69793;69821;69887;69545;69805;69820;69961;69962;69814;69858;70049;69963;69896;70048;69857;70041;70042;69897;64513;70029;70028;70050;70052;69965;64514;70051;69964;70043;70053;70054;70030;64496;70031;70055;69910;70032;69966;69849;70033;70149;69859;69967;64497;70056;69911;64477;70034;64594;70035;70057;70044;70045;70058;64595;64596;64538;69917;70081;70059;70082;70106;70083;70151;70150;70107;70108;64539;70152;70153;70154;70060;70155;70061;70036;69968;70296;70156;70205;64540;70037;70157;70504;70062;70046;70003;64597;70593;70356;64598;70064;70038;70063;64599;71542;70047;70235;64600;70357;70065;70345;70206;70236;70238;70237;64541;70158;70207;70278;64542;70208;70159;70180;64543;70239;70358;70279;70280;71543;70297;70181;64601;70298;70305;70304;70359;64544;71545;70808;70240;71544;70505;71081;70209;70418;70281;70506;65231;64545;70282;70360;70361;70376;64546;70377;70404;70419;70405;70420;70406;64602;70422;70421;70425;70423;70424;64673;70362;70426;70427;70428;70429;70407;70408;70430;70528;70378;70431;70507;70508;70409;70509;70861;70510;70814;70432;70410;70927;70638;70637;70511;70928;70929;70433;70639;70434;70529;70512;70815;70436;70435;70816;70665;64478;70666;70549;70550;70817;70654;70653;70513;70734;70514;64625;70655;70809;70640;70818;70819;70641;70642;70667;70668;70643;70644;70669;70670;70820;70810;70822;70821;64515;70736;70735;70823;70700;70594;70645;70824;70774;64868;70775;64733;70987;70671;64650;70825;71056;70750;70826;70776;71058;71057;70786;70811;70787;70788;70789;70827;64603;70828;70812;70930;70829;70813;70723;70751;70830;70831;70939;70832;70862;70833;70839;70840;70931;70841;70790;71082;64674;70910;70955;70863;70864;70989;64869;70988;70834;70957;70956;70990;70911;70912;70991;70992;71083;70993;70994;71059;64651;64554;71060;64664;71062;71061;71064;71063;66337;71065;71084;71066;71085;70958;66338;64675;71086;64665;64676;71181;71147;71067;71142;71149;71150;71148;71151;71403;71956;64547;64677;71068;71404;64548;71069;71182;71183;64899;71405;71406;71407;64549;64883;64550;64604;72402;71087;71143;71326;64678;71328;71247;71327;71248;71408;71409;71411;71255;71410;71184;71279;71280;71282;71281;71358;71222;71413;71412;71775;71329;71359;71360;71414;71330;71415;71416;71417;71249;71418;71361;71381;71185;71363;71283;71364;71419;71362;71587;71331;71420;71422;71421;71443;71256;71423;71382;71475;71250;71383;71476;71384;71851;71284;72110;71444;71504;71477;72096;71503;72111;71478;71480;71479;71445;71481;71852;72097;71853;71482;71446;71484;71483;71548;71546;71547;66339;71619;71447;71777;71365;71776;66340;71332;71385;71549;71620;71551;71386;71588;71550;71552;71754;71590;71589;71448;71785;71591;71592;71449;71621;71622;71623;71625;71626;71593;71624;71633;71594;71634;71755;71638;71505;64734;64735;71854;71595;71770;71596;71765;71756;71757;71597;71766;71758;71759;72867;71767;71768;71598;71760;71761;71599;71639;71903;71627;71640;71600;64736;71601;71602;71771;71788;64737;71790;71803;64738;71789;73871;71804;73870;71868;71869;71805;64900;71870;71871;71872;71873;64856;64854;64855;64974;64884;64870;64871;64679;64872;64739;64975;64940;64740;64977;64976;64978;65600;64857;64858;65081;64979;64980;64741;65232;64982;64981;65034;65588;65587;65233;65035;64983;65036;64997;64998;64941;64999;65000;65001;65234;65065;64984;65037;65002;65038;65039;64901;65040;65532;65589;65657;64985;65181;65645;64986;65646;65182;65619;65590;65235;65236;65620;65621;65647;65591;65533;65658;65534;65536;65535;65659;65537;65066;65538;65713;65592;65593;65183;65772;65539;65648;65637;65636;65559;65649;65671;65594;65773;65663;65650;65662;69189;65622;65824;65825;65774;65745;65746;65747;65748;66724;65752;65749;65751;65753;65754;65750;65755;65664;65757;65756;65759;69229;65775;65758;65813;65776;65777;65933;65858;65814;65953;66005;65831;65832;65826;65830;65859;65833;65954;65834;65835;65760;66006;65836;65837;65778;65860;65839;66591;66241;65861;65838;65955;66242;65961;65962;65815;65956;66160;66161;65963;65964;66162;65965;65827;65971;65966;65972;66163;66007;65974;65828;65973;66008;66164;67344;65934;66399;66376;66400;66398;66377;66378;66165;66181;66218;66182;66191;66009;66183;66166;66207;66208;66219;69212;66220;66258;66038;66039;66167;66011;67345;66040;66010;66184;66243;66209;71553;66244;66259;66260;66168;66221;66261;66223;66245;66246;66222;66283;66262;66263;66224;66282;66247;66362;66297;66248;66249;66363;66298;66309;66320;66299;66324;66322;66321;66284;66364;66323;66365;66366;66310;66679;66432;66592;66433;66703;66379;66367;66386;66385;66704;66639;66640;66501;66368;66369;66401;66453;66434;66452;66435;66387;66502;66388;66593;66503;66436;66594;66380;66530;66596;66595;66529;66454;66531;66597;66533;66532;66598;66599;66577;66579;66534;66725;66578;66580;66487;66641;66680;66642;67346;66600;66643;66681;66604;66601;66605;66607;66606;66644;66619;66648;66645;66647;66646;66649;66650;66682;66653;66651;66652;66654;66684;66656;66655;66683;66657;66685;66686;66687;66688;67347;67348;66726;67349;66727;66728;66729;66620;66621;66622;66623;66793;66625;66608;66626;66624;66627;66658;66611;66609;66628;66610;66612;66613;66743;66744;67350;66745;66731;66730;66746;66732;66747;67351;66733;66748;66749;66750;66751;67352;67353;66794;66629;67355;67354;66752;66795;67356;66753;67357;66796;66754;67358;67359;66797;67360;67361;67362;67363;67365;67364;67368;67366;67367;67369;67370;67371;67372;69218;67373;67375;67374;67376;67378;67377;67379;67380;67381;67383;67382;67384;67387;67386;67385;67389;67388;67390;67391;67392;67394;67395;67393;71912;71913;71914;72047;72048;71915;71800;71916;71917;71920;71921;71923;72027;71922;71918;72028;71904;71919;71905;72189;72013;72012;72120;72121;72307;72308;72442;72441;71958;71957;71959;72221;73535;73536;72014;72112;72113;72015;72249;71981;72122;72250;71982;72124;72222;72123;72125;72126;77586;77782;77612;72127;77783;77922;77784;77785;77786;77787;77608;77675;79341;77866;72049;77613;79342;79343;72029;77764;77788;77789;77790;72030;77791;77867;77765;77868;77766;77793;77792;77794;77869;72031;78093;77676;77677;77870;77795;77796;78398;77923;78399;77924;78400;77871;77925;77797;72137;77926;72190;77927;77872;77974;72269;77767;77873;77798;77930;77929;77928;77931;77932;77975;72050;72191;77933;77934;77935;78241;77997;77874;77936;78242;78048;78243;78049;78094;78050;77875;78051;77937;77938;78095;78052;77940;77939;77876;77941;77942;78703;77998;78053;77943;78368;78054;78369;77944;78096;78370;77999;78371;77945;78564;78000;78001;78055;78244;78245;78097;78246;78098;78247;78056;78248;78099;78100;78249;78373;78372;78374;78101;78565;78375;78102;78376;72192;78566;78377;78057;78103;78378;78250;78379;78058;78380;78251;78252;78786;78402;78704;78567;78401;78381;78787;78568;78752;78382;78705;78788;78492;78629;78403;78493;78789;78706;78630;78791;78790;78494;78569;78792;78631;79389;78632;78682;78793;78683;78794;78797;78795;78796;79067;78799;78798;78803;78801;78800;78802;79068;79191;79084;78570;78571;78581;79085;78661;78662;78572;78582;78709;78574;78862;78708;78707;78573;79390;78633;78710;78712;78575;78711;78576;78610;72223;78726;72224;78804;78713;78805;78807;78714;78899;78806;78808;79086;78727;79069;78728;78863;78715;78809;78810;78864;79070;79071;79088;79087;78900;79256;78901;78902;72225;79192;78903;78716;78729;78904;78905;79257;78811;78907;78906;79193;79072;72226;79073;79090;79089;79195;78812;79194;79391;79258;79091;78813;79092;79093;79094;79196;78814;79074;79095;79096;79236;79075;79097;79076;80362;79237;78865;78866;79238;79077;79392;79098;79099;79100;79314;79239;79078;79315;79259;79317;79316;79260;72309;79261;79262;72356;79344;79345;79240;79671;79763;72357;79747;79264;79263;79764;79393;79265;79394;79765;79318;79395;79766;79893;79396;79748;79565;79894;79895;79767;79749;79768;79698;79319;79363;72310;79699;79645;79646;79397;79770;79769;81655;79771;79672;81343;79896;79897;79673;79648;79647;79398;81344;79898;79772;79773;79607;79649;79400;79399;79650;81345;79651;79674;79676;72251;79652;79675;79677;79678;79679;79566;79653;79608;79654;79700;79774;80363;79899;79775;79776;79777;72270;79422;72252;79778;79701;79900;72154;79779;79780;79703;79702;79655;79781;79782;79750;79704;79784;79783;79785;79786;79751;79752;79787;79788;79901;79902;79789;79903;79904;79905;79906;79705;79907;79908;79909;79910;79911;79912;79913;79914;80060;79915;79790;79916;80089;79917;79918;79919;72311;79920;80128;79921;80129;79922;79924;79791;80130;79923;80364;79792;79925;79926;79927;79706;79928;80131;79930;80132;80365;79929;79931;79934;79933;79932;79935;80366;80090;79937;80336;79936;79939;80061;79938;79942;79941;79940;79943;79944;79946;79945;79947;80133;80062;80367;80232;80258;79948;80063;72443;80134;81346;72444;80368;80135;79949;80136;80369;80402;80138;79950;80137;80287;80370;80064;79951;80091;80139;79952;80140;79953;80233;80142;80141;80143;80144;81347;80337;80403;79954;80234;80338;83066;80288;80092;80065;80835;80836;80066;80404;80405;80067;80235;80339;80406;80068;80371;80236;80372;80340;80341;80259;80373;81581;80374;80342;81837;80261;80260;80375;80289;80291;80290;80343;80376;80344;80292;80293;80294;80295;80296;80345;80463;80297;80346;80145;80146;80348;80347;72715;80298;80349;80147;80422;80310;80237;80423;72716;72376;80377;80378;72403;80311;80312;80313;72377;80314;80315;81956;81957;80317;80318;80316;80319;80320;80321;80323;80324;80322;80325;80326;80380;80327;80379;72446;72445;80381;72462;72378;72379;72447;72404;72463;72405;72406;72408;72516;72517;72518;72253;72407;72648;72448;72593;72449;72358;72450;72464;72465;72451;72519;72359;72360;72466;72380;72752;72520;72623;72539;72381;72624;72544;72545;72784;73030;72625;72783;73422;72540;72521;72785;72786;72626;72627;72649;72629;72628;72630;72631;72522;72524;72523;72525;73310;73032;73031;72541;72650;72526;72653;72652;72651;72695;72654;72546;72674;72759;72760;72547;72675;72548;72761;72762;72632;72763;72656;72764;72766;72787;72753;72765;72657;72788;73537;72767;72789;72913;72806;72807;72914;72754;73140;72888;72915;72887;72889;73107;72916;72890;72917;72868;73033;73034;72869;72968;72969;72970;72972;72971;72870;73035;72973;72891;73108;73036;72918;73037;72871;73038;73109;73039;72892;73040;73041;73042;73217;72974;73087;73086;73044;73043;73110;73045;73141;73165;73143;73046;73142;73145;73144;73166;73146;73423;73168;73257;73240;73169;73167;73193;73311;73047;73194;73048;73170;73313;73195;73312;73259;73258;73261;73352;73260;73424;73314;73171;73354;73241;73353;73355;73242;73746;73218;73356;73262;73357;73263;73358;73359;73360;73361;73362;73264;73363;73365;73364;73426;73425;73366;73265;73503;73315;73502;73538;73504;73506;73925;73926;73367;73505;73539;73507;73540;73542;73541;73543;73427;73429;73428;73600;73544;73601;73430;73658;73545;73509;73602;73546;73772;73547;73508;73660;73659;73603;73548;73773;73627;73692;73774;73693;73697;73694;73695;73972;73696;73699;73698;73729;73700;73628;73629;73630;73701;73702;73716;73717;74017;73631;73775;73776;73747;73730;73748;73703;73749;73731;73750;73778;73777;73807;73809;73810;73808;73811;77061;73704;73815;73813;73814;73812;73816;73872;73846;73873;73845;73874;73927;73817;73875;73876;74382;73847;73928;73929;73877;73878;73930;73879;73897;73848;73898;73818;73819;79793;73973;73998;79346;73952;73953;73954;74130;73955;73899;74109;74110;73880;74000;73999;73956;74001;74383;74002;74018;74166;74165;74046;73957;74003;74111;74167;74282;74281;74112;74047;74199;74113;74131;74198;74048;76092;74169;74132;74168;74170;74049;74174;74050;74133;74179;74178;74177;74180;74200;74229;74228;74201;74230;77092;77093;74236;74237;74384;74231;74238;74175;77103;74385;77104;74232;74257;74386;74389;74387;74388;74390;74392;74391;74393;74394;74395;74396;74397;74398;74399;74401;74402;74400;74316;74404;74403;76093;74317;76094;74406;74405;74407;74408;74409;76096;76095;74410;74411;74413;74414;74412;74339;74503;74500;74502;74501;76151;74340;74341;76097;76173;74478;76098;76100;76099;76101;76152;76263;76153;76264;76058;74504;76083;76059;76419;76209;76420;76175;76174;76102;76210;76221;76220;76176;76222;76133;76265;76266;79794;76691;77768;77769;76478;76374;76334;77946;76326;76325;77947;76624;76223;76421;76625;76351;76350;76267;76352;76607;76268;76692;76371;76370;76327;76363;76539;76375;76392;76300;76391;76335;76393;76376;76328;76394;76395;76859;76860;76329;78383;76353;76479;76467;76377;76466;76422;76484;76483;76540;77346;76485;76396;76486;77345;76542;76541;77063;76845;76468;77062;76514;76693;76608;76626;76627;76609;77204;76628;76610;77203;77205;76629;76847;76611;76848;77064;76846;76850;76849;76612;77065;76875;76851;77206;76876;76877;76878;76613;76861;76978;76979;76862;77066;76918;76919;76920;76917;76718;76852;76921;76853;76980;77770;77094;76982;77105;76981;76863;77068;77067;77308;76983;77069;77309;77310;76984;77207;77070;77208;77311;77209;77440;77071;77223;77224;77268;77072;77210;77073;77095;77225;77106;77226;77312;77347;77313;77231;77314;77948;77232;77107;77392;77394;77108;77211;77393;77227;77349;77348;77350;77228;77441;77351;77442;77353;77359;77354;77352;77269;77360;77233;77423;77361;77424;77395;77396;77425;77397;77398;77362;77400;77399;77443;77426;77427;77678;77444;77445;77771;77428;77772;77446;77449;77447;77587;77448;77482;77483;77949;77481;77588;78038;77450;77363;77484;77591;77589;77590;77592;77429;77430;77800;78583;77799;77593;77614;77615;77594;77595;77559;77616;77617;77451;89123;77801;80448;80530;80531;89124;89127;89126;89125;89128;80532;83920;80892;80533;89129;80576;80575;89130;89131;80449;80837;80450;80893;80894;80451;80873;80464;80465;80452;80974;82306;80534;89132;80875;80535;82625;80874;89133;80895;82626;80536;80896;80876;80838;80975;81057;81059;81058;80839;80897;81610;81611;89134;81007;81060;81091;81008;80976;89135;81348;80977;89136;89138;80978;81092;89139;89140;89137;89142;89141;89143;89144;89146;89145;81529;84301;84375;84374;84452;84454;84376;84456;84455;84453;85282;84512;84513;81530;85283;84475;84457;84458;84840;84514;84459;92046;84515;84476;84460;81093;84678;84461;80979;84477;84516;84517;84478;84479;81190;85084;84679;85083;81212;85085;81151;84437;80980;84480;81132;84481;84518;84901;84841;84680;84519;84842;84521;84520;84773;84681;84682;84774;86312;84683;84750;84749;84684;84775;84843;89147;84776;81191;84685;84777;84688;84687;84686;84752;84751;84753;85086;84844;84779;84845;89148;81133;84778;84902;84846;85055;85056;84847;84903;80981;84848;84850;84849;81152;84904;81112;84967;85057;84689;84968;84690;84851;85058;84969;85087;85059;84691;84692;80982;84905;84852;81153;84853;85060;81213;84854;85061;89149;81349;84855;85062;82596;85088;85132;84906;85064;84907;85063;85089;81170;85090;85091;85065;85092;85093;85094;81061;84908;81171;84909;85095;85420;85284;81172;85133;85421;85285;85467;85286;85307;85287;85166;85167;85468;85168;85390;85389;81173;85288;85289;85290;92047;85134;85169;85548;85549;85171;85358;85170;85308;85244;85309;81094;85310;85311;85312;85313;81214;85314;85315;85359;81095;85316;85360;85361;85391;85362;87959;85392;89150;85469;85364;85570;85363;85317;85393;85472;85473;85471;85550;85470;85365;85665;89151;85475;85474;85291;85476;85551;85292;85552;85422;85318;85424;85394;85553;85423;85477;85478;85709;85554;85591;85479;85555;85592;85556;85425;85727;85480;85571;85811;85666;85572;85482;85481;85667;85557;85668;85669;85659;85670;85558;86683;85559;85638;81215;89153;85812;85672;89152;85673;85671;85813;86684;85815;85814;85674;85816;85698;86313;85817;85772;85818;85675;85676;85819;85677;81216;81113;87059;87060;87061;86331;86027;85919;85773;85920;85820;85678;85822;85728;81217;85821;85823;85824;81114;85825;86028;81115;81218;85964;85826;86029;85900;85899;85827;86258;85829;85828;85774;81350;86128;85989;85990;85830;86159;85831;86160;86158;85933;86129;85934;86030;86031;86032;85955;85956;85892;86259;86161;85832;86033;81351;86319;85921;85937;86034;85935;85936;86035;85938;85939;85940;86037;86038;86036;89154;86039;86040;86797;86798;86799;85922;86041;86042;81174;86228;85923;86229;86231;86230;86232;86051;86643;86052;86233;86644;86273;86260;86053;86261;86274;86110;86130;86077;86054;86234;86235;86043;86078;86275;86055;86131;86163;86165;86162;86164;86166;86168;86171;86167;86169;86170;86172;86236;86237;86174;86173;86685;86376;86111;81352;86262;86332;86112;86333;86263;86113;86264;86175;83039;86114;81192;81219;81353;89155;81354;81355;89156;81838;81358;81356;81357;81359;81220;81360;81361;81362;81364;83194;89157;81363;83195;81221;81392;81410;81411;81393;89158;87113;81365;81451;81452;81454;81453;89159;89161;89160;89162;89163;89164;89166;89165;89167;89168;89169;81366;89170;89171;81367;81394;82747;81455;81414;89172;89173;82273;82274;81456;89174;81457;81427;81428;81583;81531;81429;81582;81415;81458;81431;81430;81839;81584;81459;81585;81612;81586;81796;89175;89176;89177;81705;89178;89179;81613;81614;81532;81533;81678;81657;81840;82723;81656;82724;82933;81679;81841;81706;81658;89180;81707;81709;81708;81710;89182;89181;81842;89183;82540;82541;81797;81711;81616;82542;81712;81615;81680;81713;81843;81681;89184;81714;89185;81617;81682;89187;81844;81715;89186;81716;81845;89188;89189;89191;89192;89190;89194;89193;89195;81846;81717;81848;81847;81849;82307;82275;89196;81850;81851;89198;89197;81853;81852;89199;82276;81854;82674;82675;82277;81855;81856;89201;89200;81718;81858;81859;81860;92048;81857;82543;81958;81928;81861;89202;89203;81929;89204;81930;81959;89205;82049;81985;82544;81986;81862;82050;81863;89206;81864;81865;89208;82748;89209;89207;82051;81931;82433;81866;89210;81960;81961;82052;82053;89211;81987;82278;82054;89213;89212;82279;81988;82280;89214;89215;89216;89217;89219;89218;81989;89220;82281;81990;81991;82055;82056;81992;82725;81993;82676;82308;89221;82309;81994;82310;82677;82282;82934;82545;82057;82434;82435;82436;82283;82285;82284;82546;82547;82437;82058;82059;82935;82438;89222;89223;82060;82439;82440;82548;89224;82441;82061;82442;82443;89225;89226;82311;82598;82597;82866;89227;82749;82599;82600;89228;82549;82726;82601;83821;82936;82602;82840;82937;82867;82550;82603;82604;82727;82938;82868;82939;82605;89229;82940;82606;82627;82607;82551;82941;82608;82552;82942;89230;85185;82553;89231;82869;89232;82943;82750;82728;82610;82609;82312;82611;82841;82944;82945;82612;82946;82554;82444;89233;82555;82556;82947;82613;89234;82647;82648;82614;82649;86408;82870;82445;82628;82629;82678;89235;89237;89236;89238;82948;89239;82630;89240;82679;82871;82949;82950;82872;83196;82951;89241;82729;85560;82615;82954;82557;82953;82952;82955;85561;82616;83309;89242;82874;82873;82730;82875;82956;82957;82958;82751;82961;82959;82960;82963;82962;82876;82877;82752;82878;82879;89243;82880;82731;82964;86265;82881;82965;89244;89245;82842;82680;82882;82966;83007;82883;82967;83008;82968;83067;82885;83009;82884;83089;83121;83310;82886;83090;82887;83010;83149;82969;82970;83311;89246;83011;82971;83012;82972;84910;83151;83150;83013;82973;89248;82975;82974;82888;89247;89249;89251;89250;89252;89253;89254;83152;82976;82889;83014;89256;89255;83123;83122;83040;82977;82978;83041;83015;83042;83822;83017;83016;83043;83018;83091;83019;83068;83197;83070;83069;83020;83021;83124;83071;83125;83072;83312;83092;83023;83022;83198;83093;82979;83199;83044;83313;83200;83126;89257;83203;83202;83201;83073;83074;83075;89258;83204;83205;83127;83076;83314;83077;89259;83206;89261;83207;89260;83078;83208;83128;83209;83315;92049;83750;83210;83316;83751;83079;83211;83237;83238;83212;83213;83318;83317;83239;83094;83319;83153;83129;83214;89262;83240;83320;89264;89263;83241;83216;83215;83321;83382;89266;89265;83322;89268;89269;89267;89272;89270;89271;89274;89275;89273;89277;89276;89278;89280;83217;83154;89279;83218;83219;83220;83221;83222;83323;83548;89281;83223;83324;83549;83224;89284;89282;89283;83225;83325;83242;83790;87512;83550;83326;83384;83383;84303;84302;83226;83385;83227;84304;83386;89285;83228;83890;83503;83327;83337;83478;83505;83551;83504;83891;83823;83824;83825;83387;89287;89286;89288;83338;83339;89289;89290;83340;83921;84305;83552;83479;83341;83480;83342;83388;89291;89292;89293;89295;89294;89297;89296;89298;89299;89301;89302;89300;89303;89304;83826;84856;83481;83827;83553;83892;83828;83829;84857;83830;84095;83831;83791;83506;83832;83893;83507;83508;83833;83834;83835;83509;83836;89305;83922;83894;83895;83896;83897;83924;83923;83838;84027;83837;83899;84028;83898;89306;83839;83925;89309;83927;89307;89308;84096;83926;83961;84029;84030;84031;83928;83931;83930;83929;84032;83932;84033;83933;83996;83997;83934;84034;83999;84064;83998;84035;84172;83935;84000;84173;84036;84001;84002;89310;83900;83840;84097;84065;89311;84098;89314;89313;84038;84037;89315;89312;89316;89317;89319;89318;89321;89320;92050;84039;89323;89322;84040;84041;89324;86410;83936;84099;83962;86409;84066;83937;89325;83963;84174;83938;89326;89327;84042;84101;84103;84100;84102;84177;84176;89328;84175;84178;84858;84859;84306;84307;89329;84180;84179;84131;84278;84067;84181;84280;84279;84377;84281;84308;89331;84309;89332;84310;89330;84311;89334;89333;84312;89335;84462;84313;84378;84379;89337;89339;89336;89341;89338;89342;89344;89340;89343;89345;89346;89348;89350;89347;89349;89351;89355;89352;89353;89354;89356;89358;89357;89361;89362;89363;89360;89359;89364;89365;89366;89368;89369;89367;89370;89372;89373;89375;89371;89374;89376;89377;89378;89379;89381;89383;89380;89385;89382;89386;89384;89387;89389;89390;89393;89392;89388;89394;89395;89391;89396;89400;89399;89398;89397;89401;89402;89404;89405;89407;89403;89408;89406;89410;89413;89412;89415;89409;89411;89414;89417;89418;89419;89416;89420;89424;89425;89421;89422;89426;89423;89428;89427;89431;89429;89430;89432;89434;89433;89435;89437;89436;89439;89441;89440;89438;89442;89445;92051;89444;89443;89447;89450;89449;89446;89448;89452;89451;89454;89455;89458;89456;89453;89457;89461;89464;89462;89463;89459;89465;89467;89460;89466;89468;89471;89472;89469;89470;92796;90639;94745;93258;92645;92225;94987;92052;92766;96347;89879;90128;95299;94207;96019;94768;94767;94769;90208;90946;92053;96196;92054;90640;95972;90898;93972;89473;94988;89795;90372;92668;96197;93441;95668;94208;90810;92055;94989;92848;92056;95542;92226;93724;94770;90947;93622;94057;93259;89880;92797;94990;92227;90641;89474;94771;95669;93487;90209;94772;95543;92228;95611;89475;94773;90325;92057;90642;92058;90948;94656;93137;93872;94774;89881;94481;96348;96614;94776;89476;90011;94775;93101;90373;92059;94777;89477;92229;90012;92230;95726;95578;90034;96198;89478;94746;96289;94778;96349;89796;89479;91057;92231;90643;89480;93571;94924;93873;90949;92385;89481;95300;90412;94991;90326;94523;95401;95402;89482;92589;90327;90726;92060;89484;89483;89485;92061;90035;92063;89486;92062;94413;96350;90210;95945;94779;93973;92064;89487;89488;89489;94119;93623;90950;92232;93874;95487;94780;91058;90457;95403;89490;93138;89882;90951;93204;92233;91059;89491;89493;89492;94688;92234;92065;92066;89494;90374;93572;96199;89495;92732;92067;92068;94590;95670;95671;95363;92767;90458;93624;93875;95404;90727;93102;90930;89699;89496;95655;90328;92684;92069;94992;89498;93488;89497;89499;93876;92072;92070;94235;92071;90728;94781;90644;92798;95488;93917;90211;89500;94657;94993;94782;89501;92236;92235;96107;93260;93625;94783;89502;93355;96200;94784;92877;89503;94785;92073;96055;90413;93878;96167;93877;94994;92074;92710;92075;89504;94024;94786;93326;93573;89505;89506;93489;95458;93327;90729;89507;94995;95672;92237;92329;93085;95673;92799;89508;93918;94614;92076;90129;90072;96156;92238;91060;90689;92077;93031;92615;94787;92590;94120;96157;89509;94788;92239;93055;94789;89510;92240;90931;89511;94996;89512;95037;90459;90811;89513;92078;90329;96108;95446;92241;90130;90952;92080;92079;94790;93974;90646;90645;92081;94791;93574;90036;89514;90013;94997;92082;94792;94793;92242;94998;89515;93490;95579;90131;94236;92646;89516;94482;92083;96020;96273;94483;96109;89517;89518;96201;90730;92084;89519;94999;89520;94794;94615;92085;89521;92086;90375;89522;94795;89523;92878;92243;94658;92244;90256;89524;93020;94747;90132;89797;93086;92245;89525;92441;95447;92087;94796;94797;92529;92733;89526;90953;92669;92879;92987;89527;94798;92246;89528;92089;92088;92247;94025;89798;88464;89529;95000;92090;94799;93139;92988;92530;92531;90162;93261;92091;94801;94800;92386;95901;95375;90516;92330;90954;94802;95301;89531;93262;89530;94484;92849;90899;92092;89532;89534;89533;92093;89535;92971;90212;95674;94058;90955;89537;89536;93879;95302;89538;89539;94803;94804;92094;94805;92616;95303;92248;95675;94806;93421;89540;89946;92095;89541;89542;92249;89543;89544;96202;95001;93140;94121;94807;92647;93087;92096;96203;89545;89546;95304;93626;89547;96204;92097;92098;96290;95002;95580;95448;90103;95003;92989;94524;92250;93975;91061;94808;95489;93627;94809;89548;92617;93628;93880;90037;94457;93881;93751;90731;93670;89549;89550;89551;93882;89552;93575;93919;90956;93103;95405;95778;92880;89947;91062;92099;92251;95779;95459;96205;89799;94925;96351;94026;92100;95727;90647;90038;89554;89553;92101;89555;93088;90104;90957;92252;90460;93056;95676;90812;93021;94810;90690;95780;92102;92800;96168;92253;92103;95376;93725;92532;95004;94185;93726;96206;92442;93671;95581;89556;90014;94811;90732;90039;90040;95490;89557;90648;89558;92533;89800;92104;89801;94813;93057;94814;94812;95728;93920;93022;90958;89559;90517;92801;90649;94059;90213;91063;90214;96319;89560;95491;90813;92105;92734;90376;89561;89562;90461;95544;92106;92443;95677;89883;92254;90959;94689;92107;89563;92802;90650;90282;96465;92670;90900;93058;96274;92108;89564;92109;92830;93629;91064;89565;94815;94485;89566;92803;90462;94816;92110;95612;93089;94817;95678;94818;92387;92255;94616;92256;94819;92388;90651;92476;90691;89567;95415;89884;90652;93672;92534;90814;92804;92257;92111;95005;92112;90215;94820;90653;94821;92972;96207;92113;96733;93921;93141;92444;92114;93205;89802;92259;90414;94414;94209;92258;93551;92115;90960;93422;95416;92591;93976;94822;94823;92116;89568;95006;89569;93576;93491;92117;92118;95781;92260;96110;92768;92119;92445;89570;94148;90463;90105;93423;90961;90692;96021;89571;94824;95613;90694;90693;93922;96022;94825;90695;92120;93883;92121;92261;95007;93059;94826;94827;94828;90330;90331;93424;90962;93923;92881;92990;92805;89572;92535;89700;92122;90963;92262;96208;92123;90464;96023;96169;90733;93977;94829;94591;95782;96209;93328;94027;89701;95008;89573;92124;90654;93329;97157;92264;92263;93924;89574;94830;93901;95009;89575;89576;96210;92265;96211;92125;90769;95010;94831;92266;95729;90734;90041;89577;92126;94832;96320;95679;96111;90655;90216;92671;89578;95011;95305;94486;93330;90656;89579;94833;92648;90964;90735;95012;89580;92389;92960;92127;92331;92390;90217;89581;92735;92973;94834;92128;90465;93630;92267;94835;93206;94836;96158;90965;97533;94926;94837;95013;88111;89582;94659;89803;90966;94487;89583;96212;95492;95406;92269;89584;92268;90657;92129;90133;90770;94617;89585;89586;93263;93090;93978;92685;90042;90967;90968;93425;95829;92270;93142;96466;92271;94838;92130;95493;92446;92272;94839;89587;90218;96615;94840;96159;94841;92131;94842;92132;95680;92618;95681;95830;89588;90219;90658;90043;92850;92273;90044;89702;90283;92536;90466;92882;94843;92274;92391;95306;90659;95730;95682;92133;92672;94844;96352;96112;92134;94028;93925;92806;94618;94845;92135;95731;95902;93631;96353;94210;90220;92275;93632;94122;93752;90969;95614;89589;93727;93979;92136;92276;96213;89590;95460;92138;92137;93032;93926;92277;95582;93728;95494;92139;95903;92278;90284;90875;93633;90660;94846;95904;89591;90815;93634;89592;92140;90221;93884;94847;92279;93143;96214;90816;92280;92332;92736;89593;90222;90736;90377;93927;92141;89594;93577;89804;94848;93980;90518;92619;92961;90970;93356;90842;90971;92142;95732;90015;89595;92143;90415;92282;92281;89596;92144;93357;93578;95583;93885;89597;94849;92145;94488;92283;92146;89598;92285;92284;95683;93579;92147;95783;89599;96170;93207;94186;89885;95784;89600;95684;89601;89602;94850;94852;94851;96354;92286;94853;92649;96215;90972;90416;92686;94854;92148;92287;90257;90467;92149;90163;89603;93673;94211;96056;89886;94123;92883;96057;89887;90223;90224;92477;95685;93635;96216;93886;90225;94124;92150;89604;94855;94856;96113;95905;92711;89605;90519;89888;94261;89606;89607;96024;93636;95686;90973;93426;90468;93637;92807;89703;94187;93208;89608;90417;95615;94748;91065;93091;94857;94660;93928;92151;92153;92152;89609;93929;90661;92154;92155;89610;94212;92156;92288;90737;95584;95946;92157;92158;92592;94859;94858;92620;96670;92159;94661;96355;90134;92289;93981;96171;89611;94860;89612;95495;90738;94861;90901;93887;89613;90469;92808;94525;92160;95687;95947;94526;89889;92161;93930;94862;95973;89614;89615;90696;94237;89616;96025;95014;90974;93753;94029;93888;92162;94863;92163;90817;92650;90332;89617;90975;95449;90258;93358;92165;92164;92166;92549;92167;89618;92169;94489;92168;94030;92392;89619;92290;96114;94864;92170;92171;94490;92291;92333;94865;95496;93331;92172;96275;90285;95688;95038;95461;96217;92173;92174;95015;95497;92175;90226;90697;92809;94080;92176;94867;94866;92177;92292;90698;94868;93264;92178;92179;92293;92180;89620;93638;92393;92181;89621;94690;96218;93359;94213;95307;90662;93754;95462;93265;94869;94870;90333;89890;93427;95689;90227;95690;92810;96115;94871;90228;93729;93060;92182;90739;92593;89622;92394;93639;95407;90378;92294;89891;92183;89623;94662;95906;92184;92185;92186;93492;89624;92737;89625;93982;92187;89805;92811;92334;89626;90976;89627;92188;92621;89628;92295;94749;92189;95016;96026;89629;92191;92190;94872;92296;90470;94873;89631;96027;89630;95785;92297;90229;94874;89893;89892;90663;89632;92812;93493;90230;95017;96219;92298;92192;95616;89633;95691;92962;94592;89634;92193;92738;92299;92194;94875;93889;92622;92335;90073;89635;89636;92300;92769;89894;90471;92623;90379;90977;94876;96160;95308;89806;92301;92195;94877;92336;89637;93890;92302;90231;92447;90664;92196;95907;89704;94031;92197;94878;92198;93332;90843;92337;89638;92303;92199;92200;92201;96161;92202;92203;89639;92204;96220;92206;92205;94879;89640;90045;93266;94880;94125;94881;90978;92207;95908;94882;93209;92304;89641;89642;92208;94883;89948;90472;92209;94884;94886;94885;90016;93210;94750;89643;96356;92210;89705;90473;92211;94887;92212;92712;92305;90520;94262;92306;94888;92213;90046;93333;89644;94593;92673;95733;89645;90047;89646;92307;95948;95692;96162;90740;90779;89647;92214;96291;92215;89648;95498;90048;90232;93931;95545;92216;92217;89649;89650;92218;93580;92991;93932;89706;95417;101494;89807;92624;105803;105196;97839;97237;104343;105379;101495;104468;104755;99141;105804;99486;100485;102182;96671;101558;96616;101559;97672;99174;99404;105805;101560;103609;105806;97645;101561;101325;101095;102326;99405;104147;99922;101562;103581;101914;99255;102098;99049;101961;99256;97158;101563;97500;101564;96845;101068;97746;102021;105807;101036;102375;102932;104820;101496;99487;101565;97053;96886;101962;101566;101860;101567;104589;100261;96672;101986;104821;105808;105809;105810;101568;101569;100740;104443;99987;105705;99605;96499;100603;105811;102376;102377;101570;96964;96673;101571;105124;97448;102450;105812;105814;105813;100183;101572;102022;101177;96674;100434;102793;105197;97159;101573;100729;97784;101574;105380;99050;100307;97160;101575;97449;99142;103097;97334;102378;104404;103098;105815;105817;101825;105816;103883;99743;103433;101497;101576;102327;96782;105818;96887;105819;97335;103884;104725;104688;104344;96675;101577;105198;105820;103996;105821;99676;105823;103149;105822;99051;97616;105511;96846;105824;101326;96467;97238;103540;102379;99923;104590;99293;104591;97161;101578;97239;96705;102506;101579;102380;105825;105826;101580;103885;105827;97481;96357;101987;97803;99642;104726;104710;105828;105125;101795;105829;96734;101581;102716;101582;101988;105472;101014;101583;105831;100854;100741;105830;104756;100486;102631;104822;101584;101585;105126;97240;105832;101586;101587;103886;105833;103099;102086;97450;101588;105834;100072;102381;97241;100968;96571;97759;101589;102892;100604;103887;101590;104941;105835;102023;102024;103888;105836;99677;97673;104823;100184;99052;103889;104976;97451;101591;105381;99423;102382;97242;100435;96706;102933;104148;100855;105837;101593;101592;105838;103332;101498;101122;99606;97030;100185;105706;101594;97452;101915;104149;100856;97162;102383;97163;101596;97243;101595;105199;100857;99696;101499;97674;105840;105839;104150;104592;100308;99988;101500;101597;102934;105361;99406;105841;96500;101989;105842;97244;101598;97675;105843;105845;97700;101599;105844;104405;102183;102893;105846;101600;96986;101601;105847;97164;101602;101604;102246;101603;101178;104646;102384;99607;104536;97804;103520;101605;100969;104593;102099;105848;96965;102087;105849;105850;97336;102601;97968;105851;97054;101606;101990;105852;105853;102385;99608;105855;105854;101607;104594;101608;97031;104793;105856;101609;100820;101610;104151;100186;101501;97337;97676;101991;101611;101212;104595;100187;102935;105857;104596;97677;101612;104444;97701;97309;101613;105473;97032;105859;101614;105127;101992;105858;103333;103582;99407;105128;101502;103100;103890;100073;97702;103541;97925;101861;101615;100821;104059;104597;97840;101916;96735;101862;102451;96572;97760;101616;100562;99643;101617;105860;97363;99408;101618;96501;100188;97364;100361;105861;97617;100436;105862;97165;101619;99143;96783;103101;102717;100074;100008;101776;101620;102386;100309;104598;103891;102452;99488;105864;101621;105863;105707;105200;103542;100332;97033;100437;105865;101503;104942;102184;102387;96358;96888;97903;105866;105512;104824;101537;100742;101622;102894;96987;102602;101863;104977;101623;101624;105867;104263;101625;100970;102185;105868;102895;97425;101626;102088;105869;99924;105870;97166;101627;105871;101179;100487;101628;103334;105872;104825;105010;105873;100743;103892;101629;101630;103543;102453;105874;97678;105875;101631;99409;102025;104416;101632;101633;101634;99955;100488;105877;105876;96889;103583;104445;99239;104110;99718;105878;105879;97534;101993;97805;104152;97167;105880;100605;104826;101994;104794;101180;99609;103610;103544;100489;102484;102454;102896;99547;102936;100009;104978;101635;100310;104757;103893;102388;105881;101504;104758;104195;105882;97168;97169;101637;101636;96538;103434;102983;96934;97535;101864;105883;100189;102389;104309;97703;105884;104310;96736;100971;101638;103894;101639;101865;104599;101917;105885;96737;105886;101640;96784;100190;105887;100858;99144;99053;102455;101213;103895;101641;102390;101995;105888;101642;100730;100438;103896;101643;104727;104153;101644;105889;101866;105890;97338;100822;102551;105891;101054;104689;97245;97865;101645;105201;96935;101123;101181;103335;101646;100490;103435;101647;105892;100798;97806;105893;104060;105894;102552;96936;99054;103263;103897;97170;103232;103898;105895;101648;105896;99319;103117;99257;102391;102794;96988;101649;105898;105897;102247;101650;99489;102392;100228;101069;100626;97171;104728;101651;96539;105899;102897;102456;101505;105900;99678;100744;101652;104111;105011;100191;101996;97679;96891;101653;104406;96890;105446;99697;103899;100563;101243;104600;104311;97704;101963;103611;97453;105901;99272;101506;99145;101654;102393;101655;99175;102827;101997;99445;101656;99410;105902;103612;101182;102047;101998;104827;99719;103264;102718;101657;101507;101214;101999;105903;101327;103336;103393;102603;96617;101659;101658;103150;97454;105904;97866;105447;105905;97867;97310;96937;105906;102898;105202;102000;105907;101660;101661;99146;101508;101015;105908;103664;99989;105909;100192;101662;105910;101664;103545;101663;105912;105911;99176;105129;96359;104312;96468;105474;99411;103546;102328;101918;102394;105913;96573;96321;102100;99610;96892;105130;102937;105914;105915;100030;100606;97785;103199;100745;100193;99205;100823;101665;101796;97172;104729;101666;103547;105131;96893;102212;100311;105519;104345;104711;104601;97069;99644;103265;101668;101667;105475;101669;105917;105916;101670;102001;96894;105203;101671;101672;104417;100010;102604;105918;96502;96738;97646;101673;101674;100746;102984;100972;97926;97482;105919;97501;104154;97246;99412;105920;105500;100491;104795;102275;103233;101675;102605;105921;103102;102457;100824;105922;104196;96503;101676;101070;101677;100731;101678;99679;104225;97705;96895;103613;103901;105923;105924;101679;103900;103902;105925;105927;105926;100564;101680;100229;97590;102458;102795;96966;104469;101681;104602;104264;104603;100492;101682;105928;102770;99611;99424;101683;100607;102395;99413;102002;96540;102026;103997;102485;100493;103314;97365;105012;99680;105929;103436;104979;103103;99010;102396;102828;102027;97969;104446;102459;100194;101867;104447;100859;105930;97173;102606;102397;97786;99177;105204;102003;96847;104418;102004;100011;100333;104419;102486;101684;97536;101685;104796;96504;105931;100312;99320;105932;99191;102829;99414;99055;103437;101686;102899;101919;105933;101920;100494;97618;99744;102900;105205;105934;100195;103548;99490;97706;99321;104690;97591;104691;97502;105132;103998;97426;103549;105935;99745;101687;101868;105936;99612;101688;104313;105937;97868;103614;104604;102398;96989;100075;103903;101777;101778;105938;99056;105940;105939;101689;105013;97970;104112;104448;100076;102028;103234;105941;97070;102607;101244;104155;101690;105942;103200;102608;101691;105133;105943;101215;101692;99491;100732;103151;100825;101921;105944;101693;104314;101509;101694;103521;97619;97247;103438;105945;103950;101695;102487;102985;99681;101124;100077;101696;96896;101697;101779;101698;101699;101700;99548;97339;100230;105947;105946;105382;97537;102005;103550;105948;102609;105949;97174;97680;101701;99273;103235;96967;104828;102213;105950;97427;100747;105951;100196;100733;104197;105952;105953;100334;100078;100973;97503;99415;102488;97841;102719;97034;100197;100079;104156;96676;97681;102089;105134;101869;105954;103337;102460;97483;104346;105955;101071;97428;101702;102461;100608;105956;105957;103551;104980;105958;97248;99258;97175;101183;105959;104605;101703;105960;105962;99645;101704;105961;97761;105135;101705;101538;101707;99057;101706;103338;104157;102399;102938;101708;101709;99549;97176;105963;101510;101797;102796;96677;103904;102400;100080;103439;97561;102276;101710;101096;105383;101711;96707;97429;101712;99416;105964;101245;96897;97647;103118;102029;103339;105965;101713;97648;104449;97538;102048;105334;101714;97071;97927;101870;104606;102830;99492;97455;103037;105476;97311;101328;102808;105966;102489;97539;102901;97682;99613;103665;104158;97249;105967;101715;96739;97177;97869;97340;99746;100734;99147;105968;102006;102720;105969;104159;96678;105708;101028;100012;105970;101072;97620;100495;96574;96990;105972;105971;102610;104607;104450;101716;96360;105206;103104;99493;103340;97649;101717;96848;101718;104730;100627;104315;103615;100031;102214;105973;100013;103366;97621;103201;97178;100198;103905;105974;102721;105207;103266;102401;97683;103951;105975;104160;96785;105977;105976;100032;101719;96849;101922;96679;105978;97622;100335;103906;101720;101721;97971;104451;102186;97179;100199;101780;105136;96505;105979;96968;97762;102402;99322;102007;101964;105980;105981;103616;105384;101511;104608;100231;104829;101246;105982;105983;97540;100033;106077;97541;96361;101184;102403;102404;99148;97763;105984;103952;101512;97684;96898;103367;101722;105985;101329;100826;96680;101871;101723;104347;99494;96740;101724;97430;99720;105986;97250;101725;101727;101726;97504;101728;105477;101729;105137;102507;101731;103236;101037;101730;101732;101733;97505;96991;100439;102490;100281;99721;99614;97870;105987;101734;99550;96469;104830;97341;97764;102632;100336;100860;101923;104609;96969;100440;101735;97072;104831;101736;103394;103105;97842;96681;105385;103341;99446;105988;104610;100748;99323;101513;99108;103267;101737;104981;103552;105989;102136;101185;101738;103268;102831;105990;102215;96708;101965;105386;100735;97707;96506;101872;105991;105014;101739;100337;103269;96362;105992;101740;97787;97180;96507;101741;99925;101216;101742;101038;101781;97542;101743;105501;105994;105993;100749;103617;100338;104407;105995;104692;100362;103440;100750;102277;104316;99324;104832;99447;100014;103342;100034;102049;101744;101745;99495;102329;99747;104505;105171;105996;103907;101873;102832;101039;97055;105997;105998;102986;105999;96470;104452;106000;101746;103618;102405;104833;102248;103908;102462;103553;105208;106001;103106;102463;102722;101782;106002;97685;97623;102686;100363;106003;100200;102464;96508;104161;106005;104506;106004;102902;106006;97456;104834;106007;102406;101874;100736;99425;105138;102611;101247;106009;106008;102612;101747;103107;97181;105736;106010;96899;103619;102050;100609;96682;101748;101783;106011;102613;101749;100751;102008;101750;97543;105139;102614;97624;106012;101751;104943;103554;101514;97484;102903;104611;100201;106013;100705;106014;97182;101752;97056;101875;106015;100364;106016;101753;106017;96509;97686;102137;101754;102723;103108;102009;106018;99748;101755;103202;106020;106019;102407;99149;101757;101756;108305;96741;109350;120201;120200;120199;108306;120202;110573;107153;120203;117891;108790;108612;120204;108907;106611;120205;106987;108423;120207;120206;106021;120208;111235;111766;120209;109559;106022;120210;107154;120211;120212;120213;108491;120214;111469;120215;120216;108492;120218;120217;120219;106905;108665;120221;110299;120220;120222;109817;120223;110625;110425;117813;120224;106906;108855;120225;106698;106634;110667;108732;120226;109702;108666;120227;120228;107155;120229;120230;106416;117488;120231;106274;120232;120233;120234;109818;120235;120236;107156;120237;120238;110597;120239;118072;120240;120241;118100;108908;120242;117716;120244;120243;109703;110574;120245;108909;120246;120247;118409;108977;107107;120249;120248;110613;120954;120250;120251;106110;109704;108493;108613;120252;120255;120254;120256;106078;120253;120257;120258;117925;108268;119154;119106;120259;108494;111236;106417;120260;120261;120262;117531;120263;120264;108910;109004;108667;120265;120266;120268;120267;120269;109705;107157;111767;120271;109221;120272;107158;120270;120274;120273;120275;117959;120276;108614;109094;120277;108699;120278;120280;117960;120279;110387;120281;108668;118159;107280;120282;107159;120284;105709;120285;120286;120287;120283;118045;109416;106023;120288;107160;120290;106177;120289;106024;120291;109706;106988;117371;109819;106510;120293;120292;120295;120294;117646;120296;120297;110166;120299;107007;120298;120300;106275;120302;110300;120301;120303;120304;106025;120305;120306;118334;111799;110689;120308;118896;120307;119107;117372;106821;120309;120310;112067;108495;108347;120311;106322;110821;109740;120312;120314;120313;108307;106822;120315;120316;120318;110949;120319;118857;111558;120317;107161;120320;120321;110912;120322;118160;107027;120323;110690;120325;111619;120326;120327;108911;120328;120324;120329;110626;107162;120330;120331;120333;106418;120332;106511;120335;106730;120334;120336;120337;118897;109434;120339;110698;120338;108836;120340;106907;109285;120341;118579;118841;120342;117717;111237;120344;120345;120343;109820;109590;120346;120347;121072;120348;120349;108856;120351;120352;120350;108615;120353;120354;110627;120355;108496;106908;112169;107281;119126;120356;111238;120359;120357;120358;120360;117961;117438;120362;120363;107028;117926;120365;120367;120361;120366;120364;120368;111397;117927;105710;120369;106823;120370;109048;120373;120372;120374;120371;120376;117507;120375;108775;118940;120377;107125;107029;111239;106026;120378;120380;109095;107008;108818;120379;120381;107030;120383;120382;117718;108616;106594;110388;120385;120384;117489;108617;110426;120386;119155;120387;109873;106079;108669;120388;109821;106824;106419;109741;120389;110930;120390;106512;106027;120391;120392;120394;120393;120395;117647;111539;120397;109005;117532;120399;120400;119156;120396;120402;120403;109096;120398;120401;120404;119243;120408;120405;120409;120407;111710;120406;106028;120410;109286;107163;119291;120412;120411;117299;107164;120414;120413;120415;108497;106635;120416;120418;119244;107138;120417;111470;120420;120419;111047;108837;119127;120421;110913;120423;120422;119055;120425;120426;120424;120427;120428;109874;111240;120430;106029;120431;118101;120432;120429;120433;120434;120435;120436;107165;106909;108498;108424;120437;120438;120441;119245;120440;110400;120439;118941;120442;109150;106057;109222;120444;120443;109351;106782;120446;107166;120447;109707;120445;119007;120448;108499;120449;107167;106058;107009;106825;120452;120453;120451;120450;120454;107168;110167;120456;120457;120458;120455;120459;120461;109708;120460;120955;120462;110168;120463;109519;107169;106910;109560;117892;117439;108670;120464;120465;120467;120466;120468;111241;111398;120470;120469;120471;120473;120472;120475;110209;106276;120476;120474;120477;118102;109417;111242;120479;120478;106513;120482;106514;120480;120481;108308;120483;108500;120484;120486;110575;120488;106030;120485;120491;120487;120489;120492;106515;120490;106178;117962;120494;120495;120493;110931;120497;120496;117839;109970;106080;120499;120500;120498;119108;120502;120501;120504;120503;110251;120505;120507;110538;106277;120506;106081;120508;120509;106420;120510;108618;109520;110301;120511;120512;120513;117840;120514;120515;107031;120516;108912;111399;111711;110252;120518;120519;109561;120517;120520;108425;120522;109352;120521;120523;106636;120524;120526;112098;120525;120527;120528;106516;109926;120530;120529;111522;120531;120532;106637;120533;106278;120534;120535;120536;117300;120538;120537;108776;110520;120539;120541;120540;106279;120542;109287;117814;120543;120544;120545;106323;108309;120546;110427;120547;120548;106638;110822;117648;112099;120550;120549;120551;106538;120552;106989;120554;106731;111400;120553;120555;118475;108777;106539;120556;120557;110169;120558;108501;120559;120560;120562;120561;118103;106990;106540;120563;120564;111015;106031;120565;106878;120566;106032;120567;120568;111712;120570;106826;120569;110327;109006;120571;120572;109562;117490;120574;120573;120575;120577;111471;120576;120578;120579;107032;120581;120580;111243;110598;106517;120583;120582;118809;110668;120584;111620;111472;111559;111768;106518;120586;120585;109742;120587;108502;120588;109822;120589;109743;120590;120591;120592;118046;112100;108269;117508;120593;120594;109353;109563;120595;108503;120596;106519;120597;120598;120599;120600;120601;120602;110401;106911;120603;106280;120604;120605;106281;120606;112051;105596;120607;120609;120608;107170;120610;110428;120611;106912;120612;111244;120613;120614;106082;106282;120617;112068;120615;107033;120616;118960;108388;120619;109288;120618;112234;110950;120620;109823;105737;121073;120621;120622;120623;109971;120626;111048;120624;120625;109824;120627;110170;108504;120628;118047;120629;106179;108913;120630;110932;108505;106639;118842;120631;108619;120632;120634;120635;120633;120636;120638;106640;109018;109382;106283;120637;120639;120640;107077;109875;110253;120641;111016;120644;120643;120642;120645;108914;120646;117963;120648;117841;120649;120647;120650;109223;120651;119157;111473;120652;105624;120653;110060;110914;107171;118123;108506;109354;110210;120654;120656;110061;120655;110576;106033;120657;111475;111474;110951;120659;120658;120660;108915;108426;120661;108572;120663;120662;106827;106641;107010;109709;118314;117612;117440;120664;120665;106642;120666;118410;108838;120667;109435;108778;108348;120668;110669;111713;108733;110389;117373;120669;108734;120670;120671;120672;120673;120674;120675;120676;120678;120677;120679;108857;106828;120680;120681;120682;120683;120684;120685;120687;106520;120686;120688;120690;120689;106421;107172;117374;120692;120691;109418;109803;120693;111989;106913;108916;120694;110823;108671;107173;120695;120697;120696;111245;120699;120698;111361;106914;109591;109564;106083;120700;120701;108791;120702;120703;120704;120705;110402;120708;108389;120706;120709;120710;120707;120712;118104;120711;109151;120713;120714;108672;120715;106915;107034;120716;120717;106084;120718;109224;106284;118580;120720;120719;107011;120721;106937;120722;109225;107174;120723;120724;110577;106285;120725;106643;120726;110788;108735;110670;120728;120727;118241;119158;109419;120729;109903;120730;107175;120731;109420;120732;120733;120734;105738;120735;118181;120736;110790;109710;120737;110789;120738;108673;108700;110302;117622;111714;120739;120740;120741;117509;120743;120742;118242;120745;120744;120746;106111;120747;108390;118243;109711;106644;120748;109972;120750;120749;120751;120752;120754;120756;120755;120753;108427;106541;120757;120759;120758;120760;117842;110171;111476;108779;108736;120761;107035;117375;120762;117719;120763;120764;110933;120765;120766;120768;120767;117843;111401;120771;112101;120769;108839;110671;120770;106112;105711;120772;106085;107176;107036;106542;108349;120774;120773;107012;120776;120775;120777;120778;108917;119019;120779;120781;120783;120780;120784;120785;120782;110952;110172;120787;120786;111990;120789;120788;107037;120790;120791;106465;107013;108310;120793;120792;120794;120795;120796;118843;109876;120798;120797;106645;111246;108674;120799;109152;120800;110672;120803;120801;120802;120804;120805;109226;109744;108428;108675;120807;120806;120808;112186;106086;119020;120809;106595;120810;120811;106646;111247;120812;120813;112235;110328;106113;120815;109592;120814;117964;108311;120816;106180;120817;120818;108780;120819;120820;120821;120822;120823;120824;106829;120825;109049;106466;108701;111477;118244;118245;120827;118725;120826;111769;120828;108918;120829;110173;108312;120832;120831;120830;109421;108620;117720;120833;106596;108978;120834;109189;120835;120836;111770;108313;106568;109973;120837;106286;120838;110824;120839;106958;120840;110599;119159;120842;120841;108573;109804;106521;117533;111715;119128;120843;120845;120844;108737;120846;120847;120849;120848;120850;110103;106783;110673;120851;118335;120852;108676;120853;108792;120855;120856;108919;120854;120857;120858;106991;106114;111716;111621;107038;107177;120859;111654;109712;106422;108677;109825;120860;120863;120861;120862;109927;121074;118048;120864;109805;120865;120866;108920;120867;110303;120868;108702;120869;106034;109745;120872;120870;120871;109422;107282;109423;120874;120873;110329;111717;111017;120875;120877;119008;120876;120878;120879;109746;111719;120880;111718;120881;111595;120882;108921;120883;111248;117510;110273;106830;120884;120885;108819;106992;108350;111560;117965;120886;120887;120889;107039;120888;106647;120890;120891;120892;120893;120894;120895;106035;117534;120897;120896;120898;108621;118898;120899;120900;109747;120901;108678;109436;120902;118581;111249;120903;118899;120904;120906;120905;120907;120909;120910;120908;120911;108622;120912;117491;120914;120913;107040;108922;120915;120918;120919;120917;120916;109227;120921;120920;120922;120923;120924;120925;120926;106648;120927;106423;120928;120929;120930;107108;108507;120931;109748;110915;117301;106784;112102;108679;111250;120932;105739;106522;119009;109928;111251;110674;110211;120933;120934;119129;120935;117302;120936;120937;107041;120939;120938;120940;120941;120942;120943;129319;129508;122650;121332;127502;131785;131194;124369;131195;121137;130291;128431;131332;125931;123472;123098;121235;127103;122555;125228;122978;130032;129829;124465;121373;120964;132636;124346;125418;130775;131706;131440;130033;127869;125486;124466;124467;124468;122273;125177;123137;131196;122103;129599;121487;123033;128561;120965;126353;125419;131786;125838;122274;128084;122070;122830;129600;122556;129601;132778;131707;123034;125645;121442;129602;128562;124469;130475;122623;122039;125420;124470;130613;125646;130776;129603;126130;129077;124599;124471;131088;128126;132637;123035;130777;121075;123693;130778;132638;123801;125375;129604;131787;129394;123036;124472;124473;126706;123759;125906;127503;131441;124475;124474;129830;126794;129320;131573;128432;129540;122979;125421;129170;122520;130919;122275;131839;126411;125422;122436;130986;124723;127870;125647;131089;131442;130779;130476;121138;126591;131443;125648;124684;122276;121169;131708;132111;122769;131333;124685;128396;123534;126225;126131;129417;129698;124308;122795;127931;130780;129078;127932;126014;124724;132639;124476;124477;124478;123568;130477;132112;124284;129605;128563;131250;128480;125610;129606;131251;122071;122354;125229;130409;126795;125271;121258;125860;129607;131252;131444;126796;130292;132779;124600;131840;122557;130781;128039;129608;130478;129609;128397;124244;130293;125932;123099;124479;130294;129949;121076;128535;124040;129610;125423;124480;132640;124781;129611;129612;125743;124207;131253;123802;133111;124699;124347;125649;129027;127504;128127;123037;131090;126354;125178;128564;122558;126055;124481;129028;122725;125611;132641;121318;128398;127505;124482;125785;126355;124483;126797;131037;123569;132642;122559;124485;124484;128128;124177;125744;125179;121139;129613;123535;124660;131254;122437;129418;124348;122651;126015;132407;125745;128885;122104;129419;122105;123760;125907;127506;121170;123473;121194;131334;122277;130782;123570;122455;128129;132348;124041;125960;128433;121443;131143;128434;127507;122406;124725;125908;129950;123038;131709;132083;128399;123803;132643;129509;122322;130295;124486;125650;123138;121444;125230;128744;123474;122456;127104;129079;131445;132027;122278;127508;130296;131446;122880;122652;122796;124349;122197;127509;123694;125424;124487;131447;124488;122407;121519;131788;129951;131789;129767;122040;130479;121236;124489;125425;129614;124490;131038;130297;126356;121333;122106;129395;132644;124285;127871;128565;128400;124491;122279;132028;131710;130410;128566;131091;122681;132645;123761;129615;130783;125318;125180;125684;127824;131574;128130;132646;128652;130411;129736;130298;126798;128295;129080;129616;131168;126969;130299;129541;128481;121319;125231;122408;122409;121077;124350;129699;129618;129617;130300;122653;121217;122410;124492;121237;122134;129831;125319;124601;122072;125651;131197;130034;126530;129700;124493;122438;128401;132327;127510;126132;121259;122654;128040;124569;124494;130480;128784;122624;126799;128567;130301;122560;128785;123100;130784;127511;123139;125861;121260;127512;127933;130987;132737;130614;128131;130481;121374;128568;128435;125652;131198;128296;122980;124726;131199;129420;128132;122355;130785;129321;128786;126970;128623;125181;127872;129029;128569;129619;126800;131711;125426;125427;132647;132648;127934;129171;127513;122561;127514;124495;127935;129109;123039;129620;124496;125653;124497;124570;128787;127079;125654;125909;129510;128436;125182;124782;129621;128570;125272;131092;127936;131790;124245;131039;123040;131448;131791;131335;130074;123839;124498;128571;129511;124499;130075;131093;132328;126357;124500;129542;128788;129622;130786;130302;122198;130920;129623;125786;126449;129624;132408;127825;122682;122323;130237;128133;124370;131169;132113;124501;132649;123475;123476;126515;131200;126016;127515;132329;122797;122280;129625;122073;131094;129626;131336;130370;124502;125299;131255;123140;124783;126838;126516;121577;131449;128624;131040;129627;132114;126358;124503;130303;122981;122281;128402;121488;125428;123477;131792;130412;132780;127937;124504;124505;122135;130787;131450;131041;131144;130788;131201;131741;122521;122881;129366;130789;124371;130352;131793;130304;121140;130790;122136;124506;122282;125862;131337;122074;124507;123041;126658;124208;128572;127516;131095;124727;124178;125655;131145;130305;132650;130988;132651;124427;123804;123571;131096;132652;128482;130989;122439;122625;130306;127517;124508;122982;124509;126517;130482;122440;122798;131146;131097;123572;122522;121578;124510;124511;125273;131256;126659;122075;121579;122076;124686;125746;132781;131451;129628;128573;131452;129832;121334;126518;130791;129367;128574;125656;127518;131712;123805;125429;128085;124571;131042;122283;122284;127519;122655;124512;125863;124513;126660;122371;130307;131043;125430;120966;130308;124372;124514;123042;125274;121401;131098;132029;132115;129081;123762;127826;131841;124572;124515;124516;123478;122726;131453;129629;125864;123101;132653;129630;124066;125275;129543;126839;130483;129632;129631;128297;121078;126412;129030;132116;129421;125787;131202;129633;122285;123043;121238;124042;131713;122286;121079;131203;128483;122077;131454;129802;126359;121080;131967;130035;121195;128134;131338;124573;121489;126017;130615;122983;126531;121320;131455;128041;121375;128789;131170;125183;121081;131456;124517;124043;129322;131171;131714;129323;124373;128790;124518;122356;128484;129952;124246;122078;121580;128575;128485;121261;124519;122562;121445;126994;130484;127938;130485;124520;127939;132654;123141;130486;125300;121141;129368;129634;127520;131044;129635;128886;122626;130309;130616;131204;127105;132084;122107;129953;132117;124428;127080;125910;123479;126080;127521;124010;128978;128625;129636;121262;124522;124521;127081;124523;123763;125376;127940;130487;123840;126264;129637;125685;121321;121490;122079;129638;123142;125612;124700;129544;124524;124574;125911;122287;126995;126661;121322;124525;132782;130488;132783;130310;124351;132118;130311;128576;124011;123764;129512;132655;129324;121263;122523;124602;129325;123806;131257;131339;124247;124661;124526;127873;129639;121082;126265;127522;126313;130312;124603;130489;122108;121239;132784;126801;124527;127523;123044;121264;123045;121562;124528;128437;121520;130792;130490;129422;124529;129082;132656;132270;121083;129640;130313;129110;128577;130314;123536;122627;121265;126360;124530;124531;122288;122411;126314;122628;130793;122457;124532;121171;127524;130036;129833;131715;129641;129701;121266;131099;130491;128486;121267;126532;129642;124067;125377;129834;122563;121376;129643;131716;124604;129326;123537;124533;124179;126662;129083;125933;127525;121268;131100;126056;125431;124180;131457;125657;123143;131742;130315;131842;130316;124701;125686;121402;129644;121563;130317;131101;131458;124784;128578;124248;126663;124575;130990;124534;123046;129645;129031;128791;129702;131045;129835;131968;125747;123841;122984;125320;127526;122934;128067;131258;123047;131794;130794;125865;129646;131102;128487;124535;131103;125658;128579;127527;125961;123765;125866;130795;126133;125748;124068;124536;124249;125232;121084;127528;132657;121085;129478;122564;130037;121491;123766;122565;121323;122799;124576;132030;131717;127529;128488;132409;121377;124537;122289;129647;132119;122800;130318;123048;127530;124538;127082;131459;124539;122566;124785;130319;124540;125487;122357;127874;128745;131460;124786;131718;124044;131205;131104;129032;123480;124541;122041;128792;124250;123807;130320;128793;123979;130321;128626;124702;130796;129648;129327;121086;130797;129649;130322;129650;129836;122683;130798;124687;125867;120989;127083;130492;124542;123049;122935;130799;125962;125432;127875;121269;130076;129513;125613;131105;128653;124251;124605;124543;126018;129651;125233;126483;122164;127531;121581;125788;130800;122080;129768;130493;121492;131575;129652;128794;124544;128489;126664;128580;124577;130323;124045;125378;122458;126361;127084;132658;123573;129653;131106;124069;131461;132659;121582;129803;131046;125868;131462;124545;131843;127941;129769;122199;132120;129654;122290;125184;122567;128581;132660;129655;128582;122629;122324;132661;129837;126802;125912;124546;124787;122200;128583;129033;125710;127532;125433;123695;123050;122568;129034;124547;124548;127085;131969;125659;124012;126803;130801;130802;131172;124549;124550;129737;124551;126707;129857;122684;122081;127533;125185;130324;121196;121270;124606;126134;121271;131463;124552;123051;131107;131464;130803;132662;127534;123538;129703;121142;131465;122985;129858;130804;126533;122082;124553;129656;131206;130325;125186;129035;124554;124688;129423;125434;129657;127535;122524;131047;129111;124555;121446;124578;127942;122137;122862;131108;127536;125789;127537;125660;122569;132785;130991;122727;130326;122083;122882;125276;130327;125661;126996;129424;126665;125277;123052;132663;130137;128490;125790;122138;124252;131147;128438;129172;122358;131259;132664;122986;129658;124703;121493;132786;124556;127538;121197;130038;126840;125435;126804;124607;129112;125436;124352;125869;127943;121218;131207;125234;124181;120967;131048;127944;126362;123808;121198;124689;121494;129113;125870;124557;125321;122728;124558;130328;126226;122139;123767;129770;126805;130353;125345;124559;129659;124728;129660;124876;126135;137920;122656;133008;140542;143353;137786;142228;133420;139554;141489;133701;139100;139879;134184;137102;137103;140543;141879;137921;136677;137922;141756;138820;136148;137210;140759;137787;135367;138069;143307;141873;133563;142291;135368;133881;143255;134455;134127;140544;140545;137923;140760;144618;133231;136149;134919;134578;142045;143177;140226;136414;137211;144963;137156;144488;134456;133817;136293;134985;134128;138396;138821;141870;133775;134986;134882;133818;137420;143176;134435;135985;137104;137105;144834;137842;137924;142587;137677;140227;142356;135369;141874;143291;140063;139676;143137;135986;140668;142586;141269;142857;136432;140618;134684;135726;144546;135418;139256;138397;134920;140546;140105;138398;144612;134457;139705;142520;134987;138861;137379;133112;142197;138530;136150;142527;143330;137732;141522;135419;133659;135987;138108;135420;141510;132787;142957;141282;136678;137106;139343;133421;141384;139706;133702;136151;141245;141881;134185;133564;138109;144615;140812;137380;133422;145016;136433;133423;141186;136531;134246;137107;141277;143326;133232;134247;140813;141283;135988;143173;143598;140761;134129;135209;139299;133882;143405;133626;142182;133627;137788;138399;144031;139431;141900;135104;136434;134988;136294;143139;134130;132876;133565;143183;142927;134248;134096;135989;136210;136953;139931;144828;133883;137679;137678;133735;134989;136838;133367;139707;144669;143171;143325;138400;139677;137108;143140;141289;133368;139257;141280;133369;142668;134249;137680;144347;144183;134131;139212;138822;141520;135105;143344;143458;135990;141270;134250;140669;144957;139880;134186;138110;142624;133819;139586;138531;134132;144135;140547;137574;141876;133566;142581;137421;140506;138235;137422;136592;140619;136435;136532;137423;138476;136377;137733;140670;133567;138111;136839;137109;141139;143149;137110;141317;134990;144246;138532;143106;138401;140620;136415;134187;141887;141909;137111;138163;144536;143356;135991;143227;133424;138653;136934;134458;137112;137157;134961;133568;140608;134991;133736;142160;140304;139778;134251;137158;134436;137159;143189;140548;144124;133113;141880;139632;137925;139258;139678;141299;139881;135421;138823;142338;143261;133569;142637;141486;138915;133884;139633;135992;140621;141267;142666;134579;133009;142283;143294;133010;133703;133570;138193;142617;134685;138477;144319;140622;133885;144163;144830;134635;136935;139679;141285;136211;133737;142955;141555;134133;142517;139259;138824;137424;137113;142580;141296;143464;139101;143515;134134;138654;133571;139102;135106;141892;143436;137009;137926;140671;138478;142669;143196;142835;138402;133886;139634;142518;134992;141300;137010;137765;138916;138112;134354;138366;144038;139432;142614;137114;134333;141902;136436;133114;132788;133572;141896;140623;144479;133233;135370;136378;137160;139390;135727;138862;136722;137681;144487;133776;139708;133887;137425;133660;138917;133234;138403;136988;141518;140672;137865;142541;137843;132738;142564;141907;144701;140228;135993;144325;144611;138825;133011;136295;133573;144717;139260;134097;132789;133888;133535;144654;133012;135260;136152;136379;135711;144132;142947;141485;140549;136954;136593;135210;133235;137866;134840;133425;142621;143334;133426;137115;137212;144482;137682;133236;136679;143135;141268;133777;134252;144225;134841;136755;138863;135597;140305;138579;134883;138404;132739;133115;132877;135422;136296;141894;135598;140229;140106;143293;133574;140230;133575;139523;142013;138113;133576;141527;138533;141882;134993;137426;138864;134135;134055;141140;136437;143129;141273;141187;138194;135371;135211;144134;141509;134459;139761;141524;144500;136723;144030;141274;133443;143351;142533;138865;140673;139587;141141;136936;138405;141142;144129;137116;135372;136380;139932;134136;133013;134842;141930;139736;139882;133704;134188;136381;142205;142841;133889;136153;139344;136680;144730;141101;141188;138406;138826;142847;134580;136840;137734;136841;133116;136681;141908;133577;139261;139213;137161;136632;133578;141875;142171;143188;140624;137844;134884;134137;135994;136779;141515;139345;136594;140550;142193;138866;137867;135212;144617;139555;140762;142542;134253;141189;142040;138195;143258;138196;143300;138479;138114;136704;144117;139524;139103;133778;144827;140064;142532;139680;141298;136937;134138;134460;133779;141490;134139;134636;142229;144136;141895;143465;133370;133738;136212;141526;142954;138480;133371;142192;136842;141143;139104;141190;137117;132790;140551;143516;141295;133427;141376;140438;142622;139681;140306;137927;138236;144736;133237;141885;135995;136297;141903;139214;135599;133372;143309;142919;139635;137118;137683;137575;137162;140507;139262;134581;137011;141556;141869;134461;138237;140674;140552;142569;144039;133428;138115;139105;143329;136382;138164;134994;142552;144440;138238;139433;139883;133238;141275;136780;140553;134056;138070;137427;141290;133739;133014;136724;140307;144475;141144;138239;144486;139263;134582;139636;142198;135600;137766;144140;139391;141392;134637;140308;132791;134638;136682;136683;133579;133117;142830;144481;137428;137684;134995;142887;133580;134583;144040;138407;136781;139392;138408;139215;136843;142529;135213;133373;141795;142860;143502;133705;137429;133015;136705;137845;144166;139346;133890;141484;133016;136684;141145;137119;138918;138409;137685;144489;135996;134462;136844;144310;138240;143098;140471;136756;139709;133581;135601;140554;142851;141928;136298;138580;133239;143105;140675;139884;136938;135712;144342;143349;139637;137846;140508;133820;144616;144045;142636;139710;144042;134463;140763;133582;141248;139216;142886;133429;137735;141244;144362;136845;141297;141532;136299;133628;144091;134140;134996;134057;137120;139106;135214;144652;137430;135602;134334;133821;142351;140814;137686;140309;133118;144123;141519;133512;139217;139525;142051;135423;139762;138116;144474;143525;142016;141375;136939;136725;143346;144484;139682;141889;141877;136846;140231;143530;136633;134254;141550;136154;136300;138117;141146;136989;139434;140555;137687;133583;133374;142862;138410;136438;133017;144835;138534;144324;138118;134355;144696;137163;140815;137847;135728;140232;133240;141488;137736;143174;144241;134962;140107;136847;142837;138919;138367;139711;133119;139712;136595;136416;133375;136301;142828;142574;134584;138655;133241;144822;141521;142935;144175;140233;145017;132740;137164;141278;140556;141386;144247;143228;139393;140439;143111;142515;137213;137121;139107;137214;133584;143397;135107;136439;139885;137215;139588;143596;138656;133740;143434;136848;138241;137431;136155;136685;141891;144577;135997;139737;144729;143354;135998;134639;139526;135999;133152;134997;133430;133278;139108;138242;138119;141871;142914;136440;140065;138120;138867;144613;142588;140816;133376;143595;136156;142934;141381;141906;141487;136383;144583;139556;140625;138920;133120;142104;135016;142048;140066;142047;138868;137868;137432;138243;132878;137122;136000;137928;135424;138197;138411;137433;134464;144127;135215;134189;143520;143453;138921;137688;138198;137123;144315;143167;142928;143501;142842;137434;138368;136757;133741;139933;141554;142577;133377;142839;144542;133536;139638;144480;137435;139527;142509;144323;141883;133018;138657;140676;137689;133431;140108;137929;134885;140817;143195;133891;142510;138121;143438;142671;133378;144572;136417;134717;135108;134465;138369;138412;137436;144036;137767;133742;138244;133242;141288;140609;134718;133892;136001;141102;139713;139264;134998;137576;136002;133585;138122;135109;141292;133743;133893;144606;133586;136686;138413;133379;143108;137124;142519;136441;133706;138869;143296;136634;137737;140557;138535;144694;142859;143230;135373;136157;137437;141249;134255;142195;141899;137125;139265;139528;133587;142191;138581;143128;153199;145474;146397;144967;147116;146363;145559;145154;146296;146392;146471;153212;146468;148202;147777;147769;154180;146125;146844;148174;148716;144919;148793;146279;147934;147773;145769;146297;146718;146412;146689;147957;148801;148732;147792;145558;148204;146373;148788;147469;146896;148715;148797;148198;146396;145238;144965;147745;147940;148157;148780;147739;147087;148743;148720;147782;148722;144920;145486;146575;148728;146839;145784;146746;147795;148783;146917;145142;145152;147734;145367;146841;148731;146969;147933;146277;144966;146284;148727;145483;148790;146899;148197;147859;145522;146364;147450;146554;147958;145528;145760;148214;147787;148782;146913;155960;145521;146192;146856;146393;145391;148718;147945;148792;148232;146901;146902;146407;148085;147959;146564;146509;148734;146835;146853;146399;148777;147186;147778;145126;147175;146828;145204;146977;148726;148742;148741;148776;149414;146843;146223;147027;148917;145240;149989;146260;153093;146289;147435;148730;154065;148804;147742;147854;145107;148735;146400;148802;144964;147188;146323;145716;148724;148163;148156;148796;147935;147743;146184;144838;146290;145122;146368;146244;145196;146905;144918;145780;145315;146572;147026;146737;145759;152831;147770;148798;146525;146558;145302;145254;146884;147183;147768;154140;148178;145131;147873;146847;148799;154857;147771;146559;147180;145747;145241;147429;146292;145178;148778;148800;145337;145482;148729;148725;148785;146234;146505;148238;146280;146894;148744;148228;145200;146462;144955;170512;146276;148781;146886;146970;147153;146472;144958;147618;153200;144816;148205;147177;147068;154184;146464;147747;147484;146943;144961;147515;148208;148158;146295;147939;145119;144954;147554;148721;146467;148199;146370;146830;146855;148717;147738;145235;154839;146909;146606;144916;147519;146556;147943;146557;146469;146834;146947;146294;146502;147746;147802;147185;147791;148161;145190;146829;146691;147932;146054;145776;148784;148805;148719;146854;148789;147437;148154;146356;147941;148794;145197;147498;148779;146837;145141;148229;148733;144842;145281;145751;148253;145568;146515;145150;146354;147181;148803;148736;146414;146522;147156;145388;146415;148791;148231;145112;144819;147798;145529;146049;146979;147942;147847;148213;145722;147576;146319;146850;145562;146281;146900;148723;148051;148087;148786;146939;148230;145714;146529;146848;149990;147803;146286;145763;146840;147154;146358;148795;148787;146749;146832;146275;147740;145138;146842;146500;146519;146137;145115;147856;145260;146906;145318;147815;147151;144840;146241;169077;169091;162615;169207;169063;164412;169211;169216;169030;169223;169187;169276;169031;161829;169250;169266;169193;169265;169101;169236;169272;169195;169245;169127;169214;169255;169057;166425;169202;169183;169257;169094;169087;169268;169108;169259;169156;169132;169262;169120;169198;169208;169225;169121;169231;169038;169235;169153;169178;169085;169086;169205;169131;169138;169228;163751;166144;169026;169134;169130;164454;169215;169165;169111;169113;169209;169537;159634;169083;165479;169020;162339;169128;169299;169125;169241;169098;169054;166601;169184;169164;169253;169492;169067;169076;169192;169052;169247;161281;169092;169049;169418;169071;158443;169107;169248;169170;169256;169043;169147;166781;169212;169044;169035;169117;169037;168618;162613;169015;169221;169175;169172;169066;168382;169251;169269;169163;169053;169144;169182;158437;160483;158441;169075;169048;169185;169137;169177;169129;169297;169093;169722;169160;169222;169055;169201;169433;169036;169171;169102;169204;169141;169136;169203;169041;169078;169097;169197;158557;169191;169239;169022;169016;169243;169072;169213;169018;169232;169158;169040;158257;156741;169206;169082;169217;169224;169173;164645;169046;169218;169249;169028;169143;169056;169118;169220;169050;169148;169068;169024;169345;169161;169246;169119;169230;169058;169174;169150;169109;169115;166466;159010;161788;163643;169080;169065;169110;169149;169199;169029;169061;169189;169021;169059;169210;169023;169151;169154;169194;168381;169162;169275;169045;169089;169176;169234;169420;169146;169074;169064;169112;169124;169260;169070;169240;163090;169229;169122;169238;169079;169244;169168;169090;169047;169344;169106;169441;169227;169088;169696;161149;169166;169159;169157;169261;169099;169073;169135;169095;169258;169167;169181;169270;158442;157153;169415;169051;169298;169242;169179;169264;169027;169152;169100;169188;169025;169114;169233;161148;169833;160101;169432;169017;169287;169139;169084;169032;169096;169237;169069;169116;169252;169200;169062;169169;169431;169081;157888;169190;169126;169145;169267;169263;169271;169186;169155;169254;169060;169123;169142;169039;169180;169140;169196;169042;169219;169133;169019;181866;178323;175405;175585;177086;182997;185400;185399;172671;171773;186546;179730;183760;173752;176644;185201;170938;182544;185242;176902;181492;185186;176096;174812;179026;180203;174937;173930;170737;179960;172113;170447;172627;187633;173668;175357;185282;186142;182999;187188;176429;186598;170738;182986;184398;174353;179909;170997;170005;187291;185372;182801;174645;178698;175381;175303;182768;185166;174657;176348;185273;174198;172666;185328;182412;175384;182666;185969;179379;186794;177332;180266;173615;174281;173404;181490;180440;180591;185308;187065;185614;170933;179911;170769;185310;176403;179957;181203;185335;169937;185278;174424;186280;174527;172557;172551;173293;185510;184310;170559;184053;175931;181195;173753;170739;183685;175351;185974;186456;185351;174599;187398;181207;183066;180491;182478;182880;178739;173745;177797;186530;174422;185984;174196;182575;171616;174277;185319;183759;178728;179688;179978;179114;186451;173804;185443;181781;185309;170235;175455;179958;174363;185202;185464;186547;177359;185322;181563;185327;181727;174603;177641;173292;187295;186458;174595;176525;185172;185193;174392;183070;170260;186388;172011;185182;185257;185396;176430;177800;172480;182078;185968;174656;187190;178056;171775;180025;185352;184001;180183;186895;182747;184054;187670;182983;180459;174658;169926;186896;185181;186932;185317;187384;187034;185188;172620;174278;170991;174352;172711;184055;185209;176642;185346;187047;177270;179717;179998;186595;173197;185293;171240;185915;180184;172470;170937;175584;174642;170934;186709;172040;179710;187160;177093;182803;180105;183097;185300;172088;183276;178005;178006;185191;174150;173417;178176;170992;179912;185268;180437;185983;183063;182398;175377;185240;183763;179910;171778;176465;180024;174813;177358;175262;175359;186144;186017;182549;181013;174601;187310;173622;175378;170006;171385;172670;171613;173670;177544;186273;185253;173418;185261;187298;185178;170691;179715;172249;179999;176904;177480;185244;175453;176907;185290;176262;181459;170929;176443;185336;170995;186005;182883;176543;174195;170990;175127;181485;174505;170973;181461;183656;186678;185332;174354;173747;178937;185221;185985;177912;174361;178740;178936;173478;176025;174667;175668;176791;176499;185316;187067;177084;177360;186322;185283;187112;185321;174279;186386;171580;177987;185279;171672;180596;181517;170002;173760;177795;174597;181213;171467;184791;172107;185207;187035;178177;185967;172503;185912;180595;185239;174509;171907;177543;185374;170873;185243;182887;187038;170054;170986;176905;177593;181204;173655;181816;172623;169922;186202;182399;185320;177091;173479;174398;187300;172250;182767;185267;186454;174665;186795;186931;174661;170998;171469;172733;185314;177145;175153;175306;171876;181191;186325;185200;171674;186222;178792;185395;185214;179890;178055;178619;185971;186145;185340;182548;170692;179913;170765;186952;182764;181486;180204;185254;174197;174604;185213;175382;170659;182079;178736;185339;172628;185913;174148;183999;185234;185210;171383;174634;183909;185179;170262;183098;174936;177333;186897;183930;179377;184400;171807;186515;186450;186459;171381;185255;185237;172659;174670;185914;171627;182802;172732;186628;174351;185218;185611;178036;177087;171243;176408;184312;176350;172467;177798;186954;170935;185238;187402;172454;186703;171241;185312;187487;175763;180202;180185;186495;185311;171877;183453;172472;177799;187297;181458;187847;171615;183870;179380;174034;177402;176663;186460;175263;170238;182084;171582;171372;173616;173748;170872;182082;170265;186452;175304;174652;183092;173927;174356;174147;184304;180104;185167;171519;187309;173276;182083;172502;174639;174810;173802;186276;176196;186892;169934;182996;185274;178021;174636;186680;181730;178935;177419;182662;185173;180592;172483;177434;179982;179032;184308;182748;183451;185302;178735;176439;174635;183682;175379;178702;174955;178731;175454;177272;187187;174393;185613;178701;183274;186606;174513;172455;187386;174669;180329;179650;182998;185222;176425;181202;180436;177416;185227;185266;172596;178038;184052;171611;171806;175358;185313;174487;177365;186385;173787;183093;172399;171782;180593;176426;185292;174364;180225;183345;170693;171774;176197;176533;180490;180589;185288;185982;186741;186700;180438;186604;186249;184399;182668;177595;178022;178462;185184;171257;174359;185223;174953;183684;176094;185180;172457;179981;171256;178737;178787;185208;174934;170971;174767;180439;176548;185442;170985;179884;179647;186630;174357;177363;182667;177850;177092;173886;173412;177914;185609;185280;170987;185232;187311;177088;181784;180000;174395;182171;183275;185235;182882;172463;175586;185307;185291;185190;173929;170239;174139;174653;172456;172458;171375;180201;179713;171520;177417;185196;182946;177144;171673;174602;186740;173672;178729;187290;174648;174151;183932;169933;185170;185211;178178;187285;182545;178952;182395;185216;172396;185171;180594;184000;174660;173783;174655;186455;172146;185303;187301;180435;185263;187373;172656;174659;173659;183904;171912;186271;173403;174032;172555;177801;187277;175927;185230;182987;182766;186739;173665;184309;175669;186274;173671;180460;178461;177418;185241;176095;187371;175380;173762;172149;172453;185271;187403;176532;185192;185256;182804;185333;173928;172660;176428;185966;171379;182547;172450;178742;185260;187669;178918;182665;180590;185231;185353;173676;185347;173656;175307;185269;174358;187302;183933;182885;186898;186387;178738;174525;173751;185281;176098;181192;182396;185348;187299;179729;185258;175137;174644;170264;183867;183934;187307;179344;174651;179583;172148;174940;183868;173405;185228;183652;182541;170258;182984;174598;174908;172464;185397;180434;177597;185306;181782;187031;185205;176909;173801;171258;182884;185298;186453;175759;174912;173666;174666;170259;182746;181650;185187;174978;185225;181190;187671;170994;177541;181780;172668;171776;176404;183653;187066;187306;174355;171612;185275;182947;171933;186204;172451;176461;183872;183757;185440;179651;186000;170868;170916;176661;181864;176438;175667;185299;173881;170236;186602;170969;182664;173885;174282;186324;179716;182542;181863;187186;182427;171905;186679;179689;176527;170968;174954;179712;172484;187488;176263;185219;185206;186531;174643;181652;182428;185229;170936;183683;186933;185236;174365;178289;171371;178697;177366;186705;187191;176643;174668;176261;179888;177589;180023;187039;178054;180265;180200;185973;185334;179708;172459;173750;185441;178790;187672;185203;180462;177851;172398;174633;182086;179977;174504;184186;186701;176097;171008;180458;177361;179343;185249;172506;183910;172556;174958;183905;185169;179341;173669;174423;171772;174911;185999;174362;185338;185365;174426;185323;179423;174033;172460;181831;186532;183344;174594;172624;186893;180513;183998;187189;181491;184397;181505;173799;185212;178220;185224;172622;181487;173419;178786;185174;174140;174394;177620;187385;173295;185259;173394;181194;172147;179727;181399;177913;179690;177884;176901;185315;179582;186927;185511;172667;181783;186384;182765;171373;177852;172461;181463;176440;173658;173663;180496;175354;172621;177647;180587;173395;172465;176398;174938;175191;171808;181488;170263;181205;185265;176092;180495;185329;187374;176460;181832;183981;185270;180330;174508;174935;173674;179979;181729;186004;181328;179184;186891;185246;174638;177364;185251;185262;186003;176526;179718;186002;185304;186493;174663;182881;182749;171671;186001;185215;173614;181012;173761;186545;177889;179731;176908;183065;177855;187397;185294;173784;185183;179726;177986;176026;178221;185286;186601;179887;174662;186279;185324;173661;186627;182424;174647;179375;172106;177915;172625;181833;176093;185277;180013;181489;177362;186275;182663;172662;181518;172468;177269;174490;184790;174284;187370;185197;182985;183871;174600;181728;183866;175192;172150;185250;172251;174596;182085;174909;170560;185285;183762;171777;183452;173931;173667;183869;172672;173757;178463;181193;172114;185296;181462;187296;180433;186603;172397;179687;171639;174367;184441;171581;177649;187278;181460;173803;173800;186497;182410;185168;183099;185248;170176;186389;178791;186143;174631;174035;185301;185220;176910;170984;171802;179649;172552;176544;173393;174489;174632;187040;171362;172661;178399;185612;187383;171779;179709;175193;179996;183095;174368;176444;183660;178398;172553;172466;176349;178699;177794;186272;186516;185610;172058;185276;183069;170237;186596;181206;180492;185615;187046;174649;174285;180494;187372;172629;173723;179896;175928;179885;171875;179686;185204;179711;177598;185305;178730;174914;186277;176903;176659;172089;171521;174194;171382;179378;173664;170004;184401;176645;172731;183761;174031;178460;187308;185970;185195;185252;185247;173746;174646;176138;174654;171629;182413;170996;182479;173758;185326;178037;174956;185189;178324;176530;186953;180461;171923;182170;179728;173675;170768;185330;186203;180463;173413;170736;174425;172112;185478;172452;179994;185295;173744;185318;179959;172111;187137;177420;183865;185233;177370;179995;174637;171630;185371;185177;179648;174910;185217;170764;183758;187041;177415;185272;184307;181865;174507;181398;184306;178219;170993;170867;175583;186461;170999;183907;179889;176531;185337;186605;171523;186141;185972;174506;173754;182397;171908;186006;170767;170756;173660;186629;171522;183654;173673;185245;180331;185911;186390;180588;174811;186955;178741;184311;177483;186496;183655;175758;179886;175155;183068;177594;170766;182425;174152;173785;187396;172108;185438;171242;179376;180432;180493;172669;174939;174640;182886;185331;183906;185284;183681;185175;173749;179714;173724;180022;185287;174913;178700;177094;177542;184305;185289;187922;176427;185185;187287;183094;173275;173662;185465;177592;172471;177095;180328;173798;179732;177599;170162;172630;186278;182945;174399;182661;171780;183067;173743;186597;174360;185444;173290;170043;182546;170755;185341;171380;176542;185505;173756;181011;185509;185508;173475;176660;185264;185398;173759;176260;185199;183096;177401;172485;182543;174280;174149;177273;185226;174605;181519;183908;181651;170920;172626;170871;183686;170740;173414;174650;185981;173786;179388;185325;170558;181010;175086;185506;186702;185439;179997;187375;170261;185297;185194;173477;171374;185965;186457;171924;186494;174763;174765;171781;177796;175383;186323;174366;179342;170660;173755;180264;170970;173291;175138;185198;170114;172462;174283;184002;172469;178734;185176;183980;178938;185507;183931;187927;179883;189311;189217;187923;189215;189162;189216;189248;189381;187963;189268;189486;187648;188037;189151;189157;188042;189270;189481;189601;189246;189099;189314;189753;187924;187929;187704;189670;188038;189729;189597;189598;187848;189160;187921;189220;189269;189150;189727;189485;189265;189219;189671;189675;189152;189313;187926;189310;189483;189155;189153;189159;187962;187673;189315;189247;189599;189728;188040;187666;189674;189100;189730;189316;189156;189161;189482;189752;189382;189272;189309;187928;189385;189158;189673;187965;189312;189724;187925;189264;189602;189384;187964;189221;188039;188036;188041;189600;189218;189386;189751;189603;189154;189672;189149;62277;189383;62278;62279;62280;62281;62282;22414;34969;24016;25039;69476;69494;21565;69475;23831;45112;73640;21567;52544;80103;12246;80104;32315;25492;32316;66519;65741;144648;23925;22056;59318;52673;80998;81127;83365;106606;21079;23869;29741;25694;31799;34741;35742;40434;43068;46859;48300;49307;50493;44596;51926;53472;54972;54299;55140;55803;56259;58207;56874;58001;58994;59426;58538;62480;61622;61550;63242;62836;63450;64506;64916;64584;66445;65219;65910;69866;66872;67225;70858;71351;72284;72937;71951;72606;73740;73433;73994;77172;74431;76413;77577;78441;79835;80484;79442;79140;80946;81819;84365;82781;84642;84048;84730;85326;86423;86369;86851;86060;87244;87657;91163;88639;89834;90425;91670;92012;94628;93461;93960;94334;95762;96388;99283;100052;97142;97727;101362;100756;103922;102262;104544;103124;105175;105691;110397;109601;108958;108281;110979;111683;117410;118909;119094;119462;122117;123938;125056;125815;133607;128633;141494;137253;20158;11323;11952;28211;59176;59196;60111;59175;11710;60110;41945;89693;62392;62393;25371;27599;58272;24712;58273;25442;50525;56049;76535;122858;123009;131285;125405;137084;155788;162140;165176;159601;177128;174260;174261;174257;76534;31347;93098;171845;144448;132633;148136;139233;65614;125924;157230;152220;154005;160717;164456;172255;169273;182080;176520;189275;164807;172190;170120;163576;167075;174705;178466;181232;189274;181229;185517;186179;125925;141216;139315;144566;65613;169304;172612;149359;177391;147921;152861;155706;49808;158564;162411;164495;119258;86697;119835;119836;102682;90566;119260;119259;119262;119263;119261;127059;101523;124412;102858;130625;104742;119837;119309;121246;104436;182772;119308;119838;111376;131077;109398;118092;121045;124413;140503;135848;126750;131191;133525;141568;144647;139316;141217;144567;147920;49807;149358;152161;154004;157229;164808;160718;163575;170121;172191;167076;174706;178465;181228;186178;45404;48276;32396;55422;49780;55671;62063;52458;57050;62064;182773;72723;62384;90567;86698;101524;102859;104433;112059;109399;182771;111377;125153;121046;118093;126751;131078;128422;129494;133526;135849;43029;64094;32395;133853;35807;131941;131942;139412;39481;131316;139924;132586;92700;58645;33549;14588;14266;12527;12530;110559;15761;15500;12555;110560;12556;12566;12575;12581;14440;12589;14345;140310;37723;122372;134356;117910;107078;170207;37111;88875;109437;21646;53905;92338;34939;64488;170115;86334;100974;91332;133629;40910;135880;117844;110465;21378;156075;18814;37996;78878;44952;18815;86645;151497;102687;18816;86176;170989;132665;18817;66968;177996;55429;43176;143517;90876;18818;33186;83939;57402;158265;31081;84409;174972;37293;21379;18819;95585;74295;91475;18820;103555;164051;74176;30029;35998;18822;18821;78495;144125;72953;153072;18824;96363;18823;92674;91203;84600;72954;57907;164316;36136;86583;142952;67249;42874;70515;65540;18825;87980;165595;106879;137381;57415;69087;46244;99058;53579;32487;100140;92675;153984;109877;161445;99206;47793;100313;128491;18826;168474;88665;80923;133969;127876;18827;99178;55912;58609;70066;122959;126592;37713;87981;31633;18828;42808;18829;177673;78577;88570;92676;180378;124788;23950;117863;146411;51404;109713;18830;111540;34445;36012;159694;18831;133243;86385;97807;61586;33935;31830;84651;117594;129545;88729;81062;23951;97197;91696;36645;150273;86386;34685;144147;142665;162586;21380;182960;18832;111402;35405;111403;25591;92831;37252;108923;139639;166787;93494;139109;135729;72527;105335;149974;101826;21381;21382;139738;133327;145024;86584;134963;32488;112128;134999;90553;91908;148750;63015;21730;148503;167549;56077;76134;104226;158143;180347;45583;58828;69278;21731;18833;21383;139640;144165;62488;73549;85366;165509;174304;138123;156224;92884;66734;145027;171387;57785;44599;167321;92885;149234;92339;25129;35277;165923;22294;119056;92886;83328;157887;74479;55281;55913;21384;21585;22486;92887;96364;94491;174896;73661;101186;144184;100113;92888;94126;60114;174396;18834;21385;136533;66769;84886;21386;92889;58756;100881;85426;37724;71506;96365;80069;168328;18835;92890;91697;57445;36588;92891;86805;91909;106424;134719;126019;187645;18836;59083;92892;84482;40460;127539;104835;58358;51100;37913;92893;84693;90979;18837;84321;173330;92894;78815;185916;159654;34164;91145;50327;156036;92895;18838;50328;87290;134720;18839;178110;38114;35283;34688;91698;146798;86177;25305;151004;153126;25827;92896;56803;119510;158451;138414;86585;85519;61443;84322;34256;24719;128308;185430;18840;81460;61587;135881;101966;187162;18841;157244;168708;58937;94492;36042;159313;18842;106732;35562;58313;146499;63368;103474;84694;106467;18843;21387;57857;18844;129573;21700;150010;94663;88583;103556;137342;104061;84104;84068;87685;79810;128584;139471;87609;125437;93983;72247;139529;121403;142311;124374;122630;184465;87176;41021;18845;54619;25437;181523;51101;21388;87114;111404;149374;137382;161169;127945;66735;166701;95393;103759;26084;166062;176832;152657;31714;25472;18846;37848;24705;37320;89707;25748;21389;34389;18847;65840;121604;63369;63364;24201;76879;87686;122936;66507;35289;145560;125871;145257;148511;118315;187407;35613;169417;147937;18848;104113;62105;65935;59103;47025;128492;118900;153205;99615;186201;18849;54620;38779;51393;127540;52728;26085;84695;96850;84553;34257;65936;87687;40978;62884;28316;177259;161098;34976;103795;36791;100610;174314;161926;26212;153817;123053;149247;21390;182476;63263;136990;100674;48749;33239;61740;134437;18850;132792;167044;103522;22451;174318;26977;104982;88743;69213;58162;142275;149341;72312;125662;110675;62068;160236;76301;60150;180366;57550;22208;121495;88816;122165;72717;63637;125614;180364;18851;95408;37142;59746;165507;174311;86876;36579;22882;86775;156027;61725;50329;58972;23758;126534;18852;144157;95450;22883;142940;44333;37021;73900;47751;137285;66635;18853;21391;18854;102688;138370;126928;119821;182981;22515;104487;22487;95499;126841;51503;36167;72893;180370;21678;57454;91720;44625;37781;36819;136384;91370;106831;97219;93942;131466;30241;45547;18855;176133;157237;54838;31953;57585;63395;134438;23793;90605;56078;173329;187161;43161;96292;174302;122987;18856;21392;63396;18857;18858;67117;63588;151809;173388;89764;146598;189145;22884;126363;153870;118844;104488;57908;21393;58837;81134;76195;166525;129084;54621;64742;51962;132410;133822;47142;158217;63016;163938;127541;108703;91699;93933;18859;51102;88666;65623;102465;80148;18860;152901;184466;143591;152227;33904;106236;51132;19337;21394;171185;138536;83080;59380;54982;180381;18861;111018;84132;21395;138658;86198;133432;38799;156078;33374;106810;59361;133707;183319;132064;38135;25802;104489;89006;25803;18862;187852;169295;144927;148207;56804;21396;36865;37369;112236;18863;105063;21788;35050;56323;140234;109050;87480;22428;18864;148748;90286;107126;161830;70516;37032;65989;61501;58646;62856;26086;27844;111176;150702;138245;36191;129114;36605;18865;18867;72872;18866;83130;35284;87269;131970;84380;59281;22209;87291;21397;64873;135941;78816;87688;149973;171697;164054;89765;184469;106880;96510;107042;35240;140311;34270;189254;21789;91790;133708;131844;21907;121521;119270;21398;18868;183755;82062;102846;180275;84410;112069;18869;140725;117966;21701;85699;118182;118496;18870;142946;18871;79656;87292;21399;108623;126593;55395;18872;35335;158033;96163;40583;84254;126315;99749;175040;94238;106287;18873;140677;40899;159723;81175;34728;84381;72955;174297;86586;34301;22885;21400;21401;136534;90606;180376;166212;38140;42238;47677;153894;21402;174287;78634;90980;84201;162511;35701;47616;135713;106938;110628;82313;36365;58640;137930;18874;119562;18875;166856;48250;36869;18876;160295;21403;94415;97808;104162;129838;37618;144658;28193;38697;48396;138124;83510;149424;66918;106811;18877;21404;144182;79955;122883;37542;104537;158169;35051;171634;159583;163281;94918;35290;85593;46259;97972;158782;83841;106993;104731;63159;37058;136955;168387;18878;47818;174306;188031;170474;71874;92851;94416;21405;86335;84860;18879;58359;36864;119698;180341;85594;44345;35052;90334;104693;29769;18880;137789;49108;119879;142535;18881;180363;18882;154139;62791;35241;137343;18883;105448;159771;51504;86620;93984;156698;81461;96397;44600;121272;84483;117303;119511;108351;99551;174313;69052;180368;62770;59747;96116;133328;57909;18884;69395;107109;91026;87689;18885;170924;96992;51450;62956;61741;132879;124286;186707;35426;26087;37495;182190;154925;21768;55812;103343;18886;84522;51567;87385;25664;18887;85775;93614;22871;140626;103760;140472;86877;96411;106425;140678;58938;89007;28165;130238;95734;86079;18888;117649;124219;22452;111362;21406;25833;147688;110403;88817;34504;37185;21407;18889;37467;19338;180373;21408;18890;71529;58422;94417;91476;64374;88149;56117;53439;21577;51928;81096;139739;141103;66798;21409;147558;178635;176757;110390;57968;82578;86834;76951;69008;18891;171695;42331;85595;173392;185811;35469;150260;60055;146477;62022;104863;86835;43104;37433;186499;32061;50627;55821;107110;68898;33240;57852;28348;31154;112281;55723;136535;36362;21410;36476;29689;101330;18892;171366;97342;164459;177846;145364;108314;46876;91928;29770;55157;88027;42355;92340;88500;106733;147814;37229;18893;149073;146846;29771;68917;28349;61480;76922;85965;83792;37593;91508;185431;37125;18894;159238;18895;119563;174295;117650;181611;137344;137286;25632;53468;58438;18896;22488;109190;167057;93442;87361;57529;87885;118073;154774;82890;117441;45613;103584;37695;18897;182378;22453;126484;37115;138125;57675;118476;135882;36275;61762;22198;25015;178293;105064;84628;19339;18898;54951;23738;48370;85337;53906;22499;102689;157386;25260;83554;153826;99192;119315;66549;112070;59302;33547;35935;167319;51950;22500;145349;18899;88667;36492;61451;21411;62814;18900;53907;88465;81395;77638;88853;181369;91027;118704;150314;77596;180216;125438;84696;91399;134843;164435;105214;109330;73150;76584;88067;50699;106597;174300;125098;83793;51505;153222;34977;35936;84697;21412;81009;136706;38838;58864;23985;84652;59439;130494;85172;37616;77733;121199;111405;83794;56805;145274;64089;183982;34151;144193;186287;37929;151899;136849;51560;21413;127106;62832;139934;173331;111363;159582;28259;122570;18901;86431;85858;56657;18902;25512;45529;38963;43342;108524;126136;37712;127542;37799;66581;169892;130239;144158;159710;147098;63401;110578;34496;59945;49062;88730;81331;27550;119426;25451;96366;108680;96058;18903;36212;186498;81193;18904;127946;163858;87982;21414;87610;103475;45570;37480;67237;71485;125439;18905;105336;18906;125440;105090;62054;21415;158995;134721;43093;70865;100496;177386;100282;111561;85991;77315;96172;126485;177385;144028;136158;53523;130240;139266;59516;57329;64791;111019;149425;24730;92448;18907;36998;26088;127543;104227;168322;83555;170593;93443;25425;106699;134686;18908;84698;59063;96322;84699;85859;135795;23986;153073;86044;171512;71960;86836;85639;132349;106036;180338;126519;103523;23759;85427;25834;92770;21416;124608;62792;146288;18909;72528;92739;18910;149483;71603;127086;122412;99552;146792;78015;120968;131467;36863;106037;152860;86889;53852;37227;57646;39578;142539;87293;171384;35053;106734;187647;76600;101539;55956;103953;65841;159471;19340;174290;124429;102833;23952;172105;18911;53881;87690;156021;18912;180342;92006;139714;49273;21417;57830;134921;56490;181837;80149;85640;87691;55430;105665;18913;181208;83901;35623;50330;18914;87789;18915;21418;125687;21647;18916;100565;117845;148697;137165;133970;65067;121427;63373;18917;161483;56576;100141;64516;38881;71223;122657;150316;180345;104163;109051;151119;121564;178325;127947;130241;96117;24202;97687;137869;103656;37846;171744;173647;145478;18918;131468;96086;110254;86276;182954;171635;58471;141465;85367;89047;36231;18919;72612;47904;92341;21419;87692;138126;42094;21420;76614;136850;84861;22239;19341;103557;84411;168666;158199;121629;174307;93674;186716;156715;94081;18920;27578;34762;29950;85641;179385;43376;88603;118246;93144;36947;93061;125346;32062;71450;84780;21421;51963;21422;28350;35054;89048;81798;22489;34786;136442;112071;25981;138922;101540;40868;141844;18921;130921;159035;130242;18922;150312;110539;123980;95500;125749;18923;52486;85173;21574;148506;58641;64792;121522;104265;58201;122884;93985;21423;63469;92027;156440;126413;102615;110953;42129;34390;99059;70964;95418;103476;146166;85483;103152;21424;71451;153396;50331;59313;124220;90335;146578;66799;77883;83909;18924;22909;25840;109052;21425;105337;38800;95419;61557;38801;85924;18925;58642;21633;36300;95501;59206;149361;27508;96323;90336;109383;56491;126137;130243;63370;161984;119481;153435;131260;87294;40485;175761;91791;100283;18926;18927;83511;136159;76543;66455;51964;49166;38802;105215;183822;78002;25841;35582;83795;29796;61780;95502;50469;53440;185394;56168;121335;134585;96511;34723;38751;18928;156026;105140;87693;69250;26037;156029;169343;175823;126364;35427;65967;57786;62793;62866;86621;119699;96820;166910;87611;51363;181337;137126;95503;21426;51568;18929;59859;136003;140312;118074;163649;61742;151009;92897;188030;87213;62885;140627;110429;84970;51103;25261;99553;55517;103477;61588;35937;90287;131469;69412;61639;136758;130244;96618;36910;43377;34940;63069;171839;158197;95504;36730;70261;84700;23794;174957;72382;57403;91371;124046;110653;21427;71530;70672;40486;131470;18930;80424;182515;86188;136956;167318;73266;42428;66889;153220;126486;87790;164949;180372;174724;145316;142855;177894;162510;88512;182574;184318;119822;118477;39315;103741;61781;124560;66630;33419;45584;141793;101276;153982;175004;97788;181761;104759;52966;109749;84701;130245;164049;142856;147680;186821;88466;103478;22240;106598;21428;45561;171638;83081;94691;37117;100441;95505;168619;36192;130439;121324;147900;86178;78016;55845;149343;95814;87997;18931;59517;88668;32063;156052;40571;149079;18932;45614;179944;27067;100497;63256;38803;109625;174299;88068;23987;95506;149857;18933;122631;76060;146907;85700;100646;104647;103153;88669;50700;33241;18934;130246;53407;62194;169936;95507;56277;18935;144673;110540;152069;87612;56685;173722;61763;169702;164687;71070;153821;84554;120969;91929;86878;56492;87177;119246;65184;78017;81332;65170;95786;35089;19342;18936;51991;84069;63049;124353;95508;107243;185417;32449;128979;59466;102278;103840;34497;64288;92740;167909;88584;85757;55158;107043;61522;143178;162134;88818;73389;18938;18937;86806;29849;18939;127948;148526;79795;179942;25049;43626;148869;95509;45114;149249;55877;127544;70795;135603;82786;83512;36807;18940;55009;106994;62611;90844;100081;35055;153815;36654;111583;180365;133709;24825;91267;109228;153827;62489;21429;32110;136302;85257;66250;96619;58137;73321;81462;81116;19343;60151;51379;157239;95510;35336;31983;181686;35583;149888;64743;150171;103524;126842;18941;134256;21430;18943;21431;84412;18942;18944;180107;88977;150091;137166;179869;59084;21432;127545;169701;73676;66845;87744;95511;40691;89708;136596;35695;84702;110579;165569;22516;79364;102939;18945;133476;56772;117864;111655;148200;23663;99554;108738;71808;158787;96938;51582;162698;144172;71983;74342;37439;21433;109661;109662;63115;89895;185364;173613;105065;109053;126081;169700;137790;27813;23871;136160;145236;147874;85033;146833;167245;18946;62340;36550;69888;162700;70299;90288;18947;134922;84813;57628;18948;108979;25050;93388;111406;35401;96939;87745;176442;162513;36673;86277;106832;35770;18949;55822;19344;143543;45135;100284;88467;19345;58889;121565;88684;146601;90049;164053;68918;145567;102530;99496;158994;80350;158403;174897;96324;126365;62886;18950;18951;124209;97544;38882;32145;152226;122109;18952;43037;133244;87830;36893;62705;22051;150196;141517;97809;168310;21434;18953;149883;170093;180166;65541;82650;122960;133710;124221;95546;104836;24307;83796;58670;169935;99555;18954;73632;35242;88468;101217;61502;73633;87694;21435;59009;167131;29990;127949;58360;21436;92771;58472;21437;29229;21439;71285;73111;21440;21438;117721;21441;91372;59282;37696;37518;88876;18955;18956;143306;27640;137870;144868;136940;35243;160420;92342;144569;128585;71152;184460;37225;131148;82286;189708;66311;135942;34978;85428;96059;18957;83842;25426;87695;145149;88028;18958;92503;149512;39375;134335;62114;77560;65185;99698;87831;25130;32299;26089;81432;38964;18959;21442;18960;105449;120970;138127;56476;139683;42967;52626;56493;18961;160536;171122;22501;96367;141284;18962;108429;59085;83229;53441;74114;156210;89008;35624;19346;93581;176942;18963;62806;165244;157236;168189;18964;38086;91437;83940;22454;61617;22210;52058;59095;106115;153083;36251;158989;88944;34732;18965;66582;23760;47143;137249;42404;172248;87295;35337;156030;91839;18966;146130;132428;18967;73792;165619;156688;21586;35938;150015;21443;100581;144191;58790;136851;21444;137167;166298;48397;84814;140135;49123;32064;37471;22040;135730;180377;21445;87983;87696;37800;19347;122084;139830;129085;99060;102690;167320;86922;74181;69396;57292;104797;42414;51069;65199;48380;85608;111771;69214;77124;166428;18968;42213;180375;144177;149977;46245;44346;136957;86686;35338;65842;96221;150317;123574;18969;102330;105502;37716;105450;38804;103237;92898;94418;18970;25914;107111;53442;144190;21446;145095;53469;18971;35563;137791;130617;138923;71257;87746;87697;88604;96512;121273;61764;65843;76196;144573;29288;131295;18972;91373;167206;89009;86266;62731;89709;44407;18973;139472;87854;92899;127546;134722;66814;35999;87225;173401;173715;111720;136687;77976;117722;137792;176943;18974;153061;49728;36564;57293;180585;87960;56762;86837;100775;88469;171118;21447;66736;72098;56587;18975;90233;140628;106735;58314;89927;91581;92900;108574;140937;145023;23664;21563;35584;66631;90592;21448;182191;22052;92813;87481;92901;103841;61743;25633;91734;172084;92902;18976;21449;135425;182168;101218;21450;127547;62490;179359;124182;18977;37841;57818;96851;50332;102466;40957;92903;88670;32065;29230;167323;159765;90554;30127;103657;130413;91553;174390;106855;88470;126138;149231;118901;42342;100393;168420;167324;92904;78521;29951;36518;139267;178109;92651;73857;92537;37025;139435;95364;66312;151121;37131;164814;132065;92905;159581;39594;90050;187206;86387;40429;34484;38021;153819;96639;25473;89852;18978;119851;72696;18979;93360;152745;36773;70449;21451;25634;48332;46246;18980;105338;122042;138582;43094;58829;35625;139763;51520;86857;77836;26038;88471;97545;141314;120971;156028;59026;147697;92906;34327;103842;66169;21452;25016;58556;92907;128135;122885;87362;92741;69337;35963;29874;21590;18981;82480;92908;56477;66837;92504;84523;153818;105406;18982;85066;84703;87482;152746;92909;181830;177399;51506;38705;35279;100582;82906;166181;92910;31031;110691;40518;38002;128136;38112;92911;34045;24797;62341;88472;36333;18983;172261;71071;82514;92912;162839;27044;36837;106856;81587;189105;60101;36576;70306;92913;21453;37398;108352;34228;140235;18984;133661;43596;26090;89766;92914;22517;46214;106649;37137;50838;34188;18985;36995;119700;51666;105066;154658;148703;179945;137690;34838;104944;164093;34816;55970;140236;37183;86587;37109;64987;151972;22139;81097;97403;94493;50333;139436;36618;88473;141293;158402;93495;149071;147897;18986;103344;50505;78611;187103;143437;18987;149514;102010;105216;170003;82002;133971;122359;102030;177516;96742;36280;104760;111991;181368;153871;137691;110969;72995;134844;23872;77717;89896;73550;47144;140237;42912;18988;21587;117651;89853;74239;185373;103479;18989;18990;170398;84704;123481;66737;85484;37096;90845;136536;23988;56521;88474;59220;57551;92915;34446;35672;179210;118902;175760;170785;18991;83797;129661;24720;71238;92916;108430;125278;91637;69088;176528;18992;128042;104507;66632;92917;62957;26091;97107;102491;156732;86432;21454;84705;92918;148518;159495;50334;38657;65844;106736;183088;92919;92772;18993;128309;171743;88475;32066;80537;171246;100827;18994;92920;36237;96471;79707;54622;18995;92921;106881;97546;37076;109663;140558;92922;21455;169806;57338;122988;24227;132411;153823;92923;89010;65968;79401;92924;148599;18997;18996;61765;97810;56079;118336;151120;92925;35280;87984;117376;22341;57910;57739;25381;92926;96412;166055;73793;73487;99109;185775;92927;92832;57647;34165;89089;102101;18998;153985;93986;21456;128586;92928;91966;176219;102797;91374;139268;110430;88945;70262;55502;90846;102331;186500;124222;18999;73267;94082;53346;19000;89011;151778;19001;53443;89727;21457;144187;149346;57629;58647;56017;121404;19002;86450;127548;135192;21634;163704;97108;25679;56806;37822;110274;64666;24365;93389;93033;95451;33187;22886;51832;100442;91509;45446;69065;37951;19003;25533;95787;89012;40858;66907;85729;49686;84706;38965;164839;148211;57432;31155;99646;84707;36752;72790;62958;19004;108624;126666;19005;81683;67103;44601;78039;72002;19348;70701;89013;76719;95039;129425;29289;83024;97625;164622;106237;47814;21458;86879;38966;125934;64988;91146;19006;86377;96368;37206;84133;162970;19007;19008;144144;86838;37503;21459;181521;187961;55878;19009;159311;35639;40461;19349;84043;21460;84708;77125;109593;83941;85368;180374;19010;61539;42310;64885;168723;86433;77316;36636;105625;87907;65845;34979;56548;64874;19011;81117;174292;21461;37292;36421;170050;152490;44049;168188;37047;87661;118754;123809;25017;87698;87226;81618;34018;86858;19012;144174;21462;40659;165686;93496;157319;158983;42196;101541;19013;34686;37039;104062;158246;88671;101187;19014;135714;136726;63290;132683;106939;96037;84524;25804;22502;91930;83798;159496;21463;61481;47567;21464;32146;37617;40660;55914;45595;32067;87747;122085;21465;183309;138537;34980;109594;163268;25784;131340;65969;36168;21466;101967;91910;87613;127950;19015;42170;55846;139589;36472;152288;129839;47033;19350;25805;142156;153816;19016;34152;159743;136385;181338;74444;178713;145187;119316;19017;102138;130922;144185;87614;19018;79365;32147;19019;73881;97688;109565;156079;88150;152747;72849;76985;175156;164342;84887;49652;87699;21467;119271;55439;29772;87188;128587;77036;45447;174303;19020;111177;84862;133588;88476;189503;19021;81867;152205;35640;132793;21468;117911;66938;52666;148530;106812;151410;21469;118124;90289;147172;163895;100975;19022;84709;90847;37686;47794;35339;35928;57390;64421;19023;66210;134336;51889;70484;97312;174289;48427;105362;186421;88819;21470;63674;51915;38015;143526;46005;125379;158985;31954;168186;21471;94083;106214;91931;154315;135943;139831;95365;19024;139347;95265;19026;19025;61675;27845;170965;25359;24838;78003;37029;171625;163329;133894;121405;72768;179943;82481;146574;102553;106215;107044;123981;36000;178013;164050;150172;19027;89928;145781;143466;85293;181322;21472;186807;88672;119057;109066;85966;35285;21473;19028;171693;84105;111178;49729;66012;97220;180489;22211;183450;70379;76615;25560;70646;51521;111596;72494;99240;167322;174572;89014;76986;34951;56857;32489;19029;94450;103796;19030;84710;182560;103441;87227;61782;39425;187114;93730;21474;57552;19031;96369;73151;136688;26937;19032;21475;37777;130440;34206;40935;23665;102279;120972;180581;86278;19033;108476;160296;118858;152073;106426;42875;84971;90741;99974;101876;65846;28194;81659;106959;100828;126756;21476;23989;19351;34839;184467;57720;22887;36976;85596;87296;22872;57045;159065;19034;88501;174310;153285;119272;89974;24366;79956;95974;184464;151900;105067;58283;109929;83910;21478;21477;65847;19035;58963;70965;131261;123422;42886;142035;90234;170163;174291;63365;171694;86279;110319;189397;109626;80351;86451;184468;93497;148522;99616;103345;63371;33905;88744;141535;19036;160533;165288;84934;177883;141391;91268;152818;73431;21479;158633;84314;163766;19037;37028;146560;175277;174312;50470;97592;19038;111656;173657;22910;19039;137438;36682;94692;100285;129369;19040;180367;73488;186808;142573;74318;109054;21480;90568;154773;86080;76720;90290;63470;180339;19041;21481;91554;19042;50335;134923;85860;146516;56494;102408;73779;62298;19043;111721;124223;19044;25806;126139;21482;170784;49730;81588;136941;36517;19045;82063;47130;81463;129954;54623;58210;19046;180106;156025;88112;134466;19352;69372;70595;139110;19047;55633;85573;154045;47752;76302;87700;45571;148516;73551;68943;180348;151500;112052;62207;21483;153892;110521;103761;21484;173719;125791;28166;130077;97789;153949;163920;56522;94458;49189;85861;19048;27551;105712;146673;32068;94451;78496;91510;21485;35626;131471;84496;167099;80983;64989;125935;156470;142151;135193;171434;186607;45382;31437;21486;86955;81962;151346;34498;119482;133662;58315;84994;170077;84525;160393;72676;22212;56723;84972;127549;76854;66770;19049;109532;128746;112072;111541;93361;183885;95693;88877;87542;139348;147148;85369;148520;156469;19050;55681;19051;136537;151008;31183;100976;137287;105141;51104;73152;19052;128795;169893;149039;37145;135883;38061;139394;21487;83513;180343;160061;93428;86320;35340;101542;178909;177517;58838;45572;174301;26938;123982;37223;85574;34271;66456;81222;88502;84323;22923;58347;34817;90848;84781;96993;189761;83902;164514;161206;61503;19053;106882;59027;124609;184440;146985;36766;124224;35939;184384;27622;36193;141147;95512;85992;139641;133329;141512;104983;90235;63397;159766;87701;135944;36920;189762;96060;162730;144815;45585;19353;136852;137216;38967;65975;111179;36391;45573;19054;185895;50701;79567;174315;94693;141148;85893;84324;105626;19055;170257;19056;84070;66815;122605;144826;90337;19057;61640;146763;84325;53397;126667;60056;36857;45586;94263;27610;84526;57455;19059;96709;103585;19060;57294;19058;64744;63463;118024;70966;163105;72206;176134;36922;97689;133121;156370;88513;21488;62959;92343;150168;180380;125936;180584;19061;80840;161843;38058;66170;87386;31082;185378;85520;66583;100339;91932;79402;108858;19062;82681;159744;26939;103480;173328;91911;184132;186241;127550;28317;90474;124183;86388;38805;19063;104945;141549;104063;117465;153074;35341;179873;84527;152859;132942;90236;90902;81223;100977;22911;28195;19064;73049;37486;84413;19065;90607;37933;103860;124047;97109;88151;62649;153062;171931;19066;61676;21489;87908;148537;19067;149489;19068;154044;89015;19069;184463;58520;19070;22518;160464;69860;189146;21490;56080;146857;23771;22007;21491;65848;59314;106288;56495;23744;99750;122989;21492;128588;131262;87387;94751;88673;106813;130183;183878;79403;129426;84815;85758;96472;56527;125099;139111;19071;92344;154199;22924;109055;145563;83556;138784;87483;93429;63070;56081;61677;151971;106737;59168;64922;94214;102987;50351;109019;177384;136021;180454;94903;101331;104490;125839;178744;19072;25785;58316;117492;159312;19073;79957;96370;180346;103909;22938;19074;93987;56399;128310;73552;136635;35442;102467;24798;19075;66919;107045;95409;91582;145193;94419;37051;109191;85258;37437;160970;85521;61504;35056;58473;84438;50336;177648;106857;132350;19076;162509;93988;31831;19077;37516;84382;19078;77109;143175;88820;88152;36848;91933;19079;70866;125663;86588;93267;159767;104984;52038;89767;183090;174320;135731;60134;87297;138128;162550;69437;19080;22519;37792;85245;21493;87702;94527;165223;93934;66185;58423;144126;59748;21494;36402;97904;182076;35057;84711;107046;103762;19081;84712;21648;25942;135945;21495;118247;151005;24686;93498;19082;159894;119109;74004;103861;147872;56400;141318;21496;19083;153824;22008;176062;157234;87178;170569;37934;85522;62706;156324;167244;148519;93211;131263;52707;66966;22018;83281;129546;172010;96513;84484;152207;179872;25592;157323;32148;139590;19354;39426;84995;121447;19084;31832;123539;87832;161387;22888;90742;29340;166967;187185;101381;129547;103481;19085;53266;156031;162512;134723;36617;19086;19087;50500;52956;153814;120973;130632;24007;22925;40661;174308;100706;146607;59169;171121;45009;135194;140938;144148;58839;106700;31438;101332;144133;69507;19088;108431;87703;66999;108477;169938;72850;58920;63434;25718;46791;88113;106427;40958;152570;130992;19355;36281;104612;19089;96994;133433;177312;166497;111478;57926;64886;61766;91304;138071;118705;162124;91375;174319;181522;85993;87704;83095;19090;159651;21497;165089;85862;21498;19091;189707;48401;21499;103461;92574;19092;93582;144188;78071;87748;19093;134257;128403;178111;86859;118942;174294;65849;19094;168187;22889;153813;84555;26092;157238;170399;133972;70263;122571;25786;124129;21500;48360;103620;126487;72313;19095;144122;19096;93989;108681;86179;105451;132066;105026;126414;87662;119794;147848;82579;32069;19097;103797;59207;170554;180430;139642;21501;99556;58521;139715;23850;35564;59086;53347;110699;156565;162898;118497;103999;21502;22503;86554;160684;143510;163054;111407;65068;56169;36768;71961;41007;82891;36259;83282;47699;58021;108508;159584;39579;85994;19098;168620;119701;41047;117723;35058;21503;58671;179065;44429;93755;21504;88532;35342;57051;140629;174641;87513;87749;19099;170397;146845;185429;83964;57144;87705;186708;125913;93552;95513;33471;163892;19100;35354;139395;148930;87750;178620;91477;140313;40508;100737;35696;111657;19101;141322;84044;77884;87751;36731;19102;80538;35343;111090;51929;144841;19103;182980;19104;60102;154316;39427;65850;36239;148505;56763;134337;122572;117652;172104;104491;86214;109229;52468;19105;21505;76987;31109;87298;90877;39784;55915;105259;175962;64667;180583;86589;41948;43127;140473;172393;53470;84528;135604;104732;19106;117511;37254;19107;182842;73553;91840;176739;110954;111408;27814;55396;52698;38806;19108;59381;21506;91491;106181;149267;21591;46260;95694;108859;148534;73442;81684;19109;103718;96061;72114;70517;22342;86839;25051;26039;133589;138371;96118;102280;39428;92345;111091;79197;153822;45338;88503;86267;94127;37377;156403;174316;62023;96371;39867;86180;50404;166400;24886;122685;96119;59853;21507;127551;74240;165719;180379;124789;89808;37595;103346;48278;87299;21508;85995;107283;130495;134467;78114;19110;33906;129771;83514;63366;25102;151624;164048;35458;19111;152203;170959;80238;19112;96120;103954;90051;39802;89768;82892;76177;85034;86519;84182;37811;171006;137439;36240;36941;33188;69066;148147;111722;50074;33938;36521;19113;117893;80352;19114;102940;152126;21509;35940;107127;23666;94346;133434;128887;102724;106858;33857;136853;106701;51507;19115;61589;36459;57411;85338;138199;174766;96995;99325;84224;21510;171899;111180;118961;128654;83441;178441;53217;108315;141149;66508;150311;21511;136070;19116;64652;96121;72194;110304;119273;21512;36968;19117;101827;84973;150230;60115;58757;161988;90780;33242;133435;154659;110504;42298;87270;45574;34724;173327;51670;93781;22140;180344;61678;90237;153812;154198;43879;122043;84653;26940;102508;117304;65003;44922;128043;50320;180382;91526;26093;81619;128439;79734;111479;151002;182077;84782;92929;35941;146605;77885;37124;136443;131795;68990;92505;36428;137127;31376;63435;156199;19118;80453;37213;38031;19119;127951;44390;92575;95586;133436;71935;148931;94494;93990;92652;19120;118075;36637;165517;91841;90238;83082;84713;84601;152150;19121;144446;37430;80924;19122;52986;19123;35641;77679;160274;152071;83942;71072;152206;103666;23667;157235;19124;151010;19356;70264;139112;19125;90239;19126;51965;110700;136386;100829;140314;101828;108781;146285;65542;60135;176831;180383;25787;19127;55991;74019;38151;84326;128493;19128;137793;34391;31377;110916;66738;56773;36683;84714;61679;19129;136689;152125;51930;93943;61505;60089;137168;65851;105503;86590;92395;104348;37015;99557;123644;142625;29811;178622;24770;180371;35714;52575;36194;144167;83943;36912;179870;141191;153983;19130;56187;83752;78663;84383;81685;137889;96222;112187;82482;169274;119636;148517;94904;178012;56496;151003;144823;122658;150002;187646;19131;162969;156323;35037;21513;72155;110970;76269;139218;71166;54624;136444;37427;152857;174322;62979;23851;184185;21790;90052;77241;183320;21514;25052;78104;25807;27588;132943;152748;84783;174793;135000;77753;86305;56497;152204;22455;19132;180582;134258;169416;21515;121087;79320;57489;85996;121406;144179;64646;136303;156474;84715;46792;96821;82753;99558;165603;133630;85997;84327;19133;165687;151377;19134;35344;21516;19135;96473;159580;80559;125937;153820;108625;19136;127952;91934;175126;51194;91700;106995;35295;136387;64887;84282;63589;87165;38113;103862;40496;85863;164135;106599;91527;87543;166355;182913;21517;144962;166157;34416;119274;89854;92346;139886;104228;123144;85894;132351;49109;55682;84529;37677;66875;56498;104198;58022;109289;103482;170988;177844;174298;62168;83283;37923;65560;34019;135110;176906;19137;119058;56816;178002;19139;19138;22912;121407;19140;127953;21518;157935;25967;128589;80577;25427;71239;25943;21519;39408;83389;72128;99497;168896;88153;103442;103483;138129;91028;106996;100340;39376;56499;58023;85730;85234;123645;87544;34189;73153;36298;19141;87388;36377;103827;80454;34770;65852;87228;79301;65937;61566;117442;89063;27601;183983;142883;104733;59104;167325;64923;128137;81534;61402;108704;143172;101784;81010;173716;111224;170256;95309;55847;99193;22118;54825;133245;21520;51824;108353;19142;125441;71452;171898;92833;88821;85319;19143;57612;105363;43847;49770;122140;127827;105339;180053;19144;61388;94347;31378;25306;59382;104266;31032;86591;118706;174309;127552;19357;82893;121219;148525;173371;62422;38728;99647;90338;163891;180542;126806;37850;68899;25915;97811;92963;77189;87791;87935;64859;154926;21521;55397;95587;88504;36878;62887;121274;47131;123054;90608;45348;49731;186645;59283;158521;21522;118707;90291;168042;102988;62612;70485;40396;158073;163330;106859;183489;19145;40760;117724;51420;25749;93145;48333;64875;174317;87615;93023;104000;70241;102691;139113;95514;83442;90555;27552;69293;21523;150218;135732;37706;106238;54952;143467;182475;52563;33375;135111;22105;159073;172083;164153;22241;84530;187853;186894;111480;91935;80898;21524;71088;22520;96620;180340;36265;139114;148865;21525;156022;106216;133380;86999;146616;110934;139716;86840;91066;45040;122413;19147;110431;38678;19146;67250;64693;107112;66777;57355;156764;165775;149013;135733;56204;91936;82894;109750;56528;57704;128440;95909;89897;99259;54826;19148;96164;86841;92742;151007;22490;164623;49687;132429;106738;51446;96514;50075;50337;37040;57740;112073;81154;87000;70265;97690;24799;122686;56082;91937;56500;134190;182415;21526;92834;30030;174305;31156;95515;96743;19149;96372;77754;62457;171247;70932;54625;21527;22350;124790;69219;36790;140738;66264;84011;76364;87229;164511;19150;101829;91938;96122;111658;95588;91939;103828;106600;105260;19358;128138;140630;86434;93640;56523;111020;88585;22491;184461;84328;127553;133537;73974;48334;43177;57463;93944;152491;91940;103843;180369;87752;136304;35910;21528;19151;157332;148840;174293;122086;88731;31304;174391;36433;129427;152571;56478;104985;21529;22006;23852;119021;111409;80455;89898;91949;126668;19152;43038;22343;64422;86389;158990;57553;35771;85925;95589;181924;43095;65853;139349;96223;85776;103484;59551;144582;73050;23853;21530;121336;108739;84255;58202;176524;39320;57911;82631;37275;148140;67251;42060;102941;19153;21679;62208;62571;86592;119110;32070;19154;85429;118248;175762;100498;62807;45448;102725;187920;19155;35428;131173;87001;127954;33493;19156;19157;76630;85833;119637;171245;129548;23761;36450;103844;56988;50980;22141;101188;132352;19158;22504;131296;128404;57741;65624;184462;19159;127554;56588;47155;40979;61744;139935;157240;21531;90556;34089;85485;86268;79079;19160;170919;37043;147857;139557;140679;21532;56900;92713;19161;25103;111142;23953;104761;19162;62539;87514;93024;137169;84716;19163;148928;72156;36232;66341;140680;73975;111318;137692;61375;117443;147152;177271;153893;131149;122291;36224;133973;85486;56674;86860;19164;96062;172115;162699;29952;97251;38763;76103;31184;63050;19165;25982;21533;164196;47601;110466;91912;88745;50815;35911;85523;25018;84717;21534;34840;165307;28351;164520;126082;139643;24826;90521;159692;19359;19166;34771;186521;151407;137693;51966;19167;51508;19168;90781;37101;178621;87616;85370;29953;111410;108626;21535;67194;145488;164673;19169;179405;148704;19170;104367;151001;161840;174288;36385;97691;82483;185354;59700;59583;94084;32071;141790;111659;32350;69096;154356;21537;174334;21536;94459;152668;117305;97457;165735;85957;23954;93073;84329;63144;153825;100365;174664;100861;64860;106612;80039;127555;153181;57742;63160;131109;135500;39496;32388;167285;140739;85562;26978;34508;25207;33420;59184;127556;104508;139717;127557;32128;58138;45615;21538;72808;19171;94905;19172;21539;19173;148514;89710;89049;82064;119512;22456;124287;50338;19174;35990;22041;150308;97692;87515;19175;97812;19176;21540;164942;29866;174323;91583;104564;64653;138583;149360;19177;138200;90292;81559;63379;33907;172086;92964;81901;54983;19178;177103;21541;129549;86181;44661;153872;89711;19180;19179;49167;102051;90699;138372;27641;69546;86593;183386;78730;104509;148527;26213;119880;21756;95394;51857;166005;183404;132880;19181;76780;62553;149464;119317;70777;72157;35286;165455;136942;80925;117444;89728;36897;31327;106960;103109;140238;118478;93991;119795;57705;179202;100314;29690;21542;19182;19183;87002;108316;77837;124210;85246;152070;37892;31833;148702;97035;88154;145469;34310;21543;34382;156053;77235;38706;32470;175824;139740;144625;86842;150408;131297;36697;85731;73154;38764;46767;157413;59749;83799;149493;19184;130496;36760;25788;34247;22213;22492;46338;43128;66876;138130;64668;150105;96123;130441;160481;69499;129840;77401;36392;55518;187044;171583;176529;19185;19186;59828;177596;144146;58024;37141;79958;177083;111181;159507;21544;57883;30088;184385;123540;117445;22521;19187;83390;52987;111092;32072;137738;29732;189357;112074;89729;57743;23854;85320;38133;182477;31693;121220;28196;44602;157867;91913;88505;127558;51387;76487;59750;139832;152072;73322;28167;92347;21545;125750;131264;112198;83944;29691;22304;37817;14340;14280;99994;102917;104970;119307;104971;126754;125632;128078;128415;126647;168499;17984;12613;12614;12617;15419;12014;21247;20804;31682;26193;35088;38718;45528;76786;76788;138853;182587;21644;182586;11711;58205;57793;11998;34488;34348;14442;14441;14443;14444;14446;14445;14447;14449;14448;14450;14451;14452;14453;14455;14454;14456;14458;14457;14461;14459;14460;14462;14463;14466;14464;14465;14469;14468;14467;14470;14471;14472;14473;14475;14474;14478;14476;14477;14479;14481;14480;14482;14483;14484;14485;14486;14487;14488;14489;14490;14491;14492;14494;14495;14493;14496;14497;14498;14500;14501;14499;14502;14503;14504;14507;14505;14506;14508;14509;14510;14511;14513;14512;14515;14514;14516;14518;14519;14517;14520;14521;14522;14525;14523;14524;14526;14527;14528;14529;14530;14531;14533;14534;14532;14537;14535;14536;14540;14539;14538;14541;14543;14542;14544;14545;14546;14548;14547;14549;14550;14551;14552;14553;14555;14554;14557;14556;14558;14559;14560;14561;14562;14563;14564;14565;14566;14568;14567;14569;14570;14571;14572;14574;14573;14575;14576;14577;14580;14578;14579;14581;14583;14582;14650;14648;14649;14651;14652;14653;14661;14662;14666;14677;14675;14669;14694;14705;14710;14725;14745;14747;14746;14766;14767;14774;14779;14780;14781;14790;14797;14791;14798;14799;14809;14811;14821;15406;15407;15418;15429;15424;15444;15431;15445;15447;15448;15446;15473;15472;15511;15476;15513;15512;15526;15527;15538;15545;15539;15558;15559;15560;15568;15579;15567;15582;15581;15580;15590;15587;15606;15607;15610;15608;15612;15619;15645;15644;15634;15646;15647;15648;15691;15649;15692;15693;15694;15695;15723;15696;15724;15736;15725;15754;15768;15776;15777;15792;15818;15826;15837;15833;15827;15843;15840;15903;15846;15906;15913;15921;15922;15933;15954;15955;15989;15969;15971;15997;15993;16001;16002;16003;16004;16006;16005;16021;16010;16034;16011;16066;16067;16075;16392;16393;16068;16395;16394;16396;16397;16398;16399;16401;16400;16403;16402;16404;16406;16405;16407;16408;16410;16409;16411;16414;16413;16412;16417;16415;16416;16418;16419;16420;16421;16424;16423;16425;16426;16422;16428;16429;16431;16430;16432;16427;16433;16434;16436;16435;16437;16438;16440;16442;16441;16443;16439;16445;16444;16446;16447;16449;16450;16451;16452;16453;16448;16458;16460;16471;16472;16459;17127;17138;17145;17153;17144;17164;17128;17234;17206;17233;17235;17236;17248;17250;17251;17249;17261;17262;17263;17274;17275;17276;17283;17284;17287;17317;17288;17318;17319;17330;17344;17345;17353;17579;17576;17580;17581;17582;17588;17615;17619;17620;17616;17642;17632;17643;17665;17666;17667;17676;17675;17977;17992;17993;17978;18001;18013;18031;18043;18045;18044;18061;18060;18081;18089;18102;18088;18090;18116;18121;18126;18125;18127;18146;18144;18145;18159;18169;18228;18170;18168;18229;18234;18230;18233;18232;18231;18252;18272;18338;18269;18271;18270;18379;18380;18383;18382;18406;18381;18384;18425;18448;18464;18427;18426;18445;18465;18467;18520;18481;18466;18468;18531;18529;18545;18544;18530;18538;18548;18547;18590;18564;18605;18549;18606;18634;18607;18633;18656;18647;18669;18666;18668;18686;19199;19200;19212;19211;19281;19231;19210;19222;19324;19323;19325;19282;19327;19326;19329;19330;19328;19361;19360;19364;19366;19388;19389;19440;19439;19441;19472;19484;19485;19533;19442;19534;19535;19536;19538;19537;19573;19572;19575;19574;19576;19578;19577;19669;19670;19686;19671;19687;19741;19742;19811;19813;19812;19810;19814;19815;19816;19817;19818;19819;19820;19821;19849;19975;19974;19822;19976;19977;19979;19978;20031;20030;20032;20033;20034;20035;20036;20079;20080;20115;20102;20103;20081;20116;20117;20118;20140;20153;20142;21275;20154;20155;20195;20157;20156;20196;20197;20233;20234;20198;20235;20236;20244;20262;20261;20263;20264;20266;20265;20267;20280;20281;20312;20313;20314;20315;20327;20328;20329;20330;20352;20353;20354;20355;20356;20358;20357;20411;20412;20413;20371;20414;20415;20417;20418;20416;20731;20798;20419;20814;20822;20815;20823;20829;20828;20864;20894;20874;20873;20896;20895;20921;20938;20935;20934;20953;20962;20980;20999;21000;20979;21001;21021;21022;21044;21045;21048;21047;21046;21084;21094;21095;21096;21085;21097;21124;21126;21125;21127;21147;21129;21128;21160;21148;21166;21194;21198;21196;21199;21195;21197;21231;21256;21254;21277;21276;21255;21278;21279;21297;21299;21298;21316;21315;21318;21319;21317;21348;21347;21349;21351;21352;21350;21353;21354;21578;21614;21579;21615;21663;21355;21665;21671;21664;21667;21666;21680;21703;21681;21702;21705;21704;21706;21708;21707;21711;21709;21712;21710;21732;21734;21743;21742;21759;21758;21773;21750;21774;21775;21791;22010;21908;22009;22011;22012;22080;22083;22106;22107;22108;22119;22120;22142;22143;22144;22147;22148;22145;22146;22165;22166;22167;22168;22169;22171;22199;22200;22216;22215;22217;22214;22242;22218;22283;22284;22285;22286;22287;22289;22290;22288;22323;22325;22324;22326;22327;22351;22352;22356;22353;22354;22429;22355;22457;22459;22458;22460;22464;22469;22505;22470;22471;22506;22522;22890;22893;22891;22892;22894;22920;22928;22913;22914;22915;22930;22929;23668;23626;22939;23670;23669;23672;23673;23671;23674;23675;23705;23707;23706;23708;23709;23710;23727;23725;23729;23728;23726;23730;23746;23745;23747;23795;23762;23796;23857;23855;23856;23858;23859;23862;23861;23860;23863;23865;23864;23867;23866;23874;23955;23873;23956;23958;23957;23990;23991;24203;24008;24204;23992;24205;24207;24208;24206;24209;24249;24210;24250;24251;24253;24254;24252;24255;24256;24257;24309;24258;24308;24311;24310;24312;24313;24350;24351;24352;24353;24362;24367;24368;24369;24722;24721;24731;24732;24749;24751;24750;24772;24777;24771;24773;24801;24800;24829;24802;24828;24839;24830;24840;24866;24841;24868;24867;24887;24869;24888;24889;24929;24930;24931;24933;24932;24936;24934;24935;24937;24938;25055;25054;25019;25053;25020;25056;25059;25058;25057;25060;25104;25105;25108;25109;25106;25107;25110;25154;25155;25111;25132;25133;25131;25188;25187;25160;25186;25184;25185;25209;25208;25236;25262;25235;25288;25340;25263;25361;25382;25341;25383;25360;25438;25384;25474;25453;25452;25561;25593;25534;25641;25660;25594;25562;25680;25661;25665;25791;25789;25790;25793;25719;25792;25810;25808;25867;25868;25809;25866;25869;25870;25871;25872;25917;25888;25918;25916;25919;25873;26040;25920;25921;25944;26043;26096;26041;26095;26097;26094;26042;26100;26098;26099;26101;26103;26102;26104;26214;26215;26941;26942;26117;26945;26944;26946;26216;26943;26979;27047;26980;26947;27046;27045;27048;27068;27050;27051;27517;27516;27518;27554;27553;27555;27049;27557;27556;27579;27580;27592;27593;27611;27558;27559;27613;27815;27612;27824;27823;27816;27827;27846;27826;27825;27848;28197;28198;27847;28217;28199;28218;28219;28260;28261;28220;28263;28265;28264;28266;28262;28319;28318;28321;28320;28267;28322;29290;28323;29231;29291;29232;29292;29293;29294;29295;29296;29716;29297;29717;29734;29733;29813;29812;29816;29815;29814;29819;29818;29817;29821;29820;29822;29905;29906;29908;29910;29909;30031;29907;30032;30033;30117;30089;30118;30116;30119;30120;30128;30242;30135;30137;30136;30138;30139;30243;31034;30244;31084;31083;31033;31085;31157;31110;31294;31158;31295;31329;31330;31328;31379;31380;31381;31382;31383;31385;31384;31387;31386;31439;31440;31442;31441;31443;31444;31446;31445;31447;31611;31594;31593;31613;31612;31635;31614;31634;31672;31636;31671;31752;31753;31834;31835;31837;31836;31955;31956;31838;31957;31959;31958;31961;31960;31962;32009;32012;32010;32011;32013;32014;32015;32017;32016;32046;32045;32075;32149;32074;32150;32073;32111;32152;32153;32208;32210;32209;32151;32301;32303;32300;32304;32302;32351;32352;32417;32415;32353;32416;32491;32450;33084;32418;32490;33085;33202;33118;33189;33243;33244;33203;33246;33421;33422;33265;33245;33473;33460;33461;33494;33474;33472;33509;33557;33556;33558;33779;33782;33831;33781;33780;33832;33834;33833;33835;33854;33836;33853;33855;33858;33861;33891;34093;34090;34092;34104;34091;34105;34115;34114;34248;34250;34258;34251;34272;34273;34259;34297;34299;34678;34383;34298;34365;34733;34735;34787;35018;34734;35019;34689;35022;35021;35020;35023;35024;35059;35084;35100;35085;35086;35101;35102;35188;35244;35189;35108;35107;35257;35269;35271;35268;35270;35346;35345;35349;35347;35348;35356;35355;35350;35379;35367;35380;35406;35443;35444;35432;35614;35674;35673;35731;35675;35732;35792;35791;35793;35795;35796;35794;35797;35798;35799;35800;35809;35810;35811;35812;35813;35816;35815;35814;35817;35904;35818;35903;35905;35819;35912;35929;35916;35917;35942;35943;35954;35969;36001;36002;35985;35964;36003;36027;36048;36013;36055;36078;36085;36086;36094;36092;36095;36093;36137;36096;36139;36138;36140;36157;36158;36176;36197;36198;36195;36196;38161;38677;38884;38886;38885;38883;38887;38909;39565;39561;38944;38920;39570;39571;39595;39580;39596;39614;39775;39776;39779;39778;39777;39780;39781;39797;39782;39848;39868;39869;39870;40462;40463;40520;40519;40630;40631;40632;40633;40634;40635;40879;40911;40880;40913;40912;40914;40915;40916;40917;40918;40959;40919;40960;40961;40962;40963;40964;41022;41023;41637;42415;42197;42239;42214;42834;42914;42913;42915;42916;42968;43378;44891;44890;44893;44892;44894;44895;44896;44897;44898;44971;46768;46769;46771;46770;46772;46773;46774;46775;46776;46777;46779;46778;46793;46794;46806;46804;46805;46808;46807;46809;47016;49115;49098;49124;49126;49127;49636;49125;49637;49732;50605;51349;49771;51416;51532;51533;51534;51536;51535;51537;51657;51658;56426;56425;56445;56446;56458;56459;56460;56501;56502;56503;56504;56524;56591;56589;56549;56590;56592;56593;56595;56594;56625;56626;56658;56635;56659;56660;56686;56724;56807;56902;56808;56901;56903;56904;56908;56905;56907;56906;57446;57456;57648;57631;57630;57433;57654;57651;57650;57652;57649;57653;57655;57723;57656;57722;57744;57721;57745;58025;58081;58099;58100;58101;58139;58102;58174;58175;58211;58212;58215;58214;58213;58216;58218;58217;58222;58220;58221;58219;58378;58379;58380;58382;59610;58381;59611;59612;59614;59613;59615;59616;59618;59617;59620;59619;59621;59622;59623;59624;59626;59625;59627;59628;59629;59630;59631;59632;59633;59634;59645;59646;59648;59647;59649;59651;59650;59667;59668;59670;59669;59671;59673;59672;59675;59676;59674;59677;59678;59679;59701;59702;59680;59703;59705;59704;59706;59707;59708;59893;59709;59894;59897;59895;59896;59898;59899;59901;59900;61540;59902;61541;61542;61545;61543;61783;61544;62235;62236;62286;62237;62287;62288;62299;62289;62301;62302;62300;62342;62343;62344;62359;62360;62345;62362;62363;62361;62364;62380;62379;62383;62632;62631;62633;62634;62867;62651;62650;62652;63402;63436;63437;63440;63439;63438;63441;65862;69454;67252;69453;69438;69464;69500;69538;69547;69508;69539;69861;69850;69898;69900;69889;69899;69901;70084;70085;70109;70110;70111;70129;70130;70160;70131;70112;70161;70182;70184;70183;70307;70308;70309;70310;70311;70324;70380;70381;70382;70486;70647;70487;70648;70650;70649;70651;70673;70674;70675;70676;70752;70677;70753;70778;70835;70779;70867;70836;70869;70959;70995;70868;70996;70997;71073;71090;71119;71089;71121;71120;71124;71122;71123;71167;71169;71168;71170;71240;71258;71259;71286;71453;71486;71454;71487;71507;71628;71488;71809;71801;71762;71812;71811;71810;71907;71906;72016;72017;72033;72032;72051;72053;72052;72054;72071;72072;72074;72073;72077;72076;72075;72078;72079;72080;72129;72130;72138;72158;74283;72139;72159;72207;72254;72256;72208;72314;72255;72383;72361;72384;72409;72413;72385;72411;72418;72414;72453;72410;72633;72452;72549;72613;72634;72635;72637;72638;72636;72640;72639;72718;72894;72755;72756;72851;73127;72996;73220;73219;72997;73390;73391;73393;73392;73406;73407;73849;73394;73858;73860;73861;73859;74028;74051;73958;74053;74056;74054;74057;74052;74055;74058;74098;74061;74059;74063;74062;74060;74064;74066;74065;74067;74171;74234;74259;74258;74260;74099;74371;74320;74319;74372;74445;76061;76062;82003;76063;76064;76065;76066;82004;76084;76154;76178;76180;76225;76226;76224;76179;76227;76270;76273;76287;76288;76272;76271;76303;76304;76330;76305;76331;76544;76397;76434;76996;77110;77112;76864;76545;77190;77212;77452;77234;77454;77213;77453;77457;77455;77459;77458;77456;77461;77462;77470;77467;77460;77512;77548;77471;77774;77775;77773;78059;78060;77776;77886;78880;78879;78384;79080;78881;79266;79415;79417;79404;79418;79609;79416;79811;79813;79814;79844;79812;79959;79960;79961;79965;79963;79962;79964;79966;79967;79969;79968;79970;79972;79973;79971;79974;79975;79976;79977;79978;79979;79980;79981;79982;80109;80209;80239;80210;80040;80240;80242;80243;80241;80244;80245;80262;80263;80264;80266;80265;80268;80267;80269;80270;80271;80272;80273;81224;80328;81226;81227;81225;81229;81228;81230;81232;81368;81231;81369;81370;81396;81536;81535;81686;81687;81688;81689;82005;81690;82007;82006;82009;82008;82010;82314;82011;82632;82732;82733;82735;82734;84071;83443;84072;83912;83911;84315;84332;84331;84330;84556;84531;84602;84604;84603;84605;84654;84606;86081;86082;84607;84718;84719;86084;86085;86083;86086;86087;86088;84935;84974;84863;86089;85430;85431;86132;86133;86134;86135;86136;86137;91735;86435;86687;86688;86689;86690;86691;86692;86701;86693;87484;86908;87485;87516;87546;87545;87706;87707;87708;87709;87712;87711;87710;87713;87985;88391;88393;88392;88587;88586;103586;88822;89713;89712;89809;89810;89899;89811;89900;89901;89902;89903;89906;89904;89905;89907;90053;90339;90340;90380;90744;90743;90849;91176;91377;91376;91378;91379;91478;91481;91480;91479;91638;103587;91704;91702;91703;91701;91842;91843;91846;91845;91847;91844;91862;91863;91982;91864;91983;92042;92348;92349;92350;92478;92479;92351;92480;92483;92481;92482;92485;92486;92484;93697;93698;92653;93902;92852;93903;93993;93946;93992;93994;93945;94085;94460;94422;94461;94420;94421;94594;94890;94891;94889;94595;94892;94893;94936;95019;95021;95018;95020;95266;95268;95270;95267;95271;95269;95420;95516;95421;95518;95517;95519;95521;95520;95522;95523;95524;95525;95526;95528;95547;95527;95548;95602;95604;95636;95605;95637;95603;95638;95640;95641;95639;95642;95695;95696;95697;95698;95735;95699;95736;95737;95740;95738;95739;95742;95741;95743;96125;95817;95816;95815;96124;96126;96127;96224;96225;96226;96227;96128;96228;96229;96230;96231;96232;96233;96235;96234;96236;96238;96237;96239;96241;96240;96242;96243;96244;96245;96373;96276;96398;96399;96413;96414;96415;96416;96417;96418;96419;96420;96421;96422;96423;96424;96474;96475;96426;96425;96516;96515;96543;96542;96541;96575;96576;96544;96640;96641;96642;96643;96644;96683;96684;96686;96685;96689;96688;96687;96690;96691;96710;96744;96746;96745;96747;96748;96749;96786;96787;96852;96855;96853;96854;96857;96858;96856;96859;96860;96861;96916;96914;96915;97092;97110;96996;97183;97111;97112;97252;97253;97184;97255;97254;97256;97257;97259;97258;97260;97261;97262;97265;97264;97263;97266;97268;97267;97269;97271;97270;97272;97273;97343;97344;97813;97814;99011;97815;99012;99013;99274;99014;99275;99276;99699;100015;100016;100017;100018;100082;100083;100084;100085;100262;100263;100443;100445;100446;100444;100523;100628;100629;100630;100648;100647;100650;100649;100651;100653;100652;100654;100656;100655;100657;100942;100943;100675;100945;100944;100946;101016;101017;101018;101019;101020;101021;101073;101075;101074;101333;101334;101248;101335;101336;101337;101338;101340;101339;101341;101342;101343;101344;101345;101924;102532;102531;102616;102618;102619;102617;102620;102799;102798;102942;103270;103271;103273;103274;103272;103276;103277;103275;103279;103280;103278;103281;103282;103443;103445;103446;103444;103447;103448;103449;103462;103463;103450;103485;103486;103464;103720;103721;103719;103723;103722;103724;103726;103725;103727;103845;103846;103847;103848;103850;103849;103851;103911;103910;103913;104064;103912;104065;104066;104067;104069;104070;104068;104229;104230;104231;104233;104492;104232;104512;104511;104510;104513;104514;104515;104516;104517;104519;104520;104518;104694;104697;104696;104695;105261;105262;105263;105628;105264;105627;105630;105629;105631;105634;105633;105666;105632;105635;105755;105756;105757;106039;106087;106038;106116;106428;106117;106429;106739;106883;106884;106886;106885;107178;106887;107200;107201;108433;107284;108432;108317;108434;108435;108526;108525;108627;108628;108820;108821;108822;108924;108925;108926;108927;108928;108931;108929;108930;109056;109007;109097;109099;109098;109230;109232;109231;109234;109233;109235;109290;109533;109534;109627;109806;109535;109930;109974;109975;109976;110174;110175;110212;110176;110255;110256;110522;110525;110524;110523;110614;110616;110615;110676;111143;111225;110677;111412;111411;112076;112078;112077;112075;117967;117894;118505;117968;118506;117969;118508;118507;118510;118845;118509;118846;118848;118847;124213;124211;124212;124214;124215;119130;119131;119132;119134;119133;119160;119162;119161;119163;119164;119165;119276;119275;119318;119320;119319;119321;119323;119483;119322;119702;119704;119703;119944;119852;119945;122729;122730;122731;122732;122734;122733;122735;122736;122833;122834;122835;122832;122831;122937;123423;123424;122990;122836;123425;123428;123426;123427;123429;123575;123576;123580;123579;123577;123578;123582;123842;123984;123983;123581;123696;123985;124070;124130;124071;124072;124131;124132;124225;124228;124227;124288;124226;124289;125751;127560;127559;127562;127561;127955;127563;127958;127957;127959;127956;127961;127960;127964;127965;127963;127962;127967;127966;127970;127968;127971;127969;127972;127973;127974;128441;128442;128443;128444;128590;128593;128594;128592;128591;128595;128596;130329;130634;130633;128597;130636;130635;131267;131268;131266;131265;134468;134469;134471;134470;134472;134473;134474;134475;134588;134586;134587;134589;134590;134591;134594;134592;134593;134595;134596;134597;134601;134600;134598;134599;134602;134603;134606;134605;134607;134604;134608;134609;134640;134610;134642;134641;134643;134724;134726;134728;134727;134725;134729;134730;134731;134775;134925;134732;134924;134776;134929;134926;134927;134930;134964;134928;134965;134966;134967;135017;134968;134969;135018;135021;135020;135112;135019;135113;135195;135115;135116;135114;135216;135426;135946;135947;135948;135949;135427;136213;136214;136216;136215;136538;136539;136540;136542;136541;136636;136637;136638;136639;136640;136641;136642;136643;137440;137288;137442;137441;137383;137443;137444;137445;137447;137448;137446;137449;137450;137451;137452;137453;137454;137455;137457;137456;137458;137459;137460;138924;138926;138925;138927;138928;138929;138930;138933;138934;138931;138932;138935;138936;138937;138938;138939;138940;138941;138943;138942;138944;138945;138946;138947;138948;138949;138951;138950;138952;138954;138953;138955;138956;138957;138958;138961;138960;138959;138963;138962;138964;138966;138967;138965;138968;138969;138970;138971;138972;138973;138974;139116;139115;139118;139117;139119;139121;139122;139120;139123;139269;139270;139271;139272;139273;139274;139437;139438;139439;139441;139440;139718;139833;161692;139834;139889;139888;139887;139890;139891;139936;139892;139937;140067;140068;140069;140070;140071;140072;140316;140315;140474;140559;140560;140561;140562;140563;140564;140565;140566;140567;141064;141063;141065;141067;141066;141068;141505;141531;141701;141669;141735;141732;141837;142250;142010;142325;142239;142272;142241;142854;142848;142843;142844;142834;142826;142850;142833;142846;142923;142930;142933;142932;143491;142939;143524;143531;143494;143503;143528;143493;143495;144590;144597;144603;144592;144598;144591;144602;144593;144600;144588;144601;144589;150006;144610;144607;144614;144821;144817;144820;144832;144864;144865;144833;144922;145256;144867;145380;144923;145341;145282;145378;145296;145327;145303;145369;145432;145333;145321;145425;145426;145428;145429;145424;145473;145433;145430;145436;145477;145489;145524;145566;145526;145561;145564;145711;148273;148268;148271;148267;145758;149221;149222;149216;149220;149228;149215;149226;149223;149217;149233;150001;150016;149277;150011;150007;150000;150025;150022;150013;150020;150009;150021;150023;157035;156966;150004;156996;156979;156978;157007;156990;156991;156999;157011;156993;157029;157000;156994;157036;157032;157038;157026;156977;157010;157020;157003;157043;156987;157009;157012;157042;157028;157018;156968;157005;156995;156984;156970;157037;157041;156971;157030;157017;156974;157021;157015;157014;156997;156967;156975;156998;157006;157031;156988;157002;157033;157024;157008;157004;156969;157019;156973;156992;156976;157001;157022;156972;156985;156986;156980;157027;157034;157016;156983;157023;156982;157025;157039;154716;157040;154715;156989;156981;157013;157140;158198;157266;157241;159007;163841;163698;163844;163843;163840;163842;164149;163984;163978;163985;163982;163987;163977;163983;163986;164046;164047;164052;164045;164145;164114;164118;164111;164119;164108;164116;164112;164109;164115;164113;164110;164117;164319;164318;164594;164434;164320;164536;164534;164805;164535;164802;164806;164803;164804;165445;165443;165439;165442;165438;165444;165441;165440;165446;165447;165542;165544;165537;165541;165536;165539;165627;166168;165538;165543;165540;165630;165535;166162;166159;166163;166160;166165;166166;166724;166164;166161;166716;166722;166723;166719;166718;166729;166728;166730;166727;166909;166725;166720;166731;166726;166721;166714;166712;166711;166717;166710;166713;166715;166768;166737;166745;166746;166740;166742;166743;166788;166739;166741;166744;168045;168059;168043;168040;167257;168048;168060;168909;168041;168046;168044;168911;168910;168907;168908;169409;169408;169841;169837;169836;169835;169831;169834;169838;175056;169842;169832;175035;175033;175043;175037;175038;175041;175039;175044;175034;175036;175042;175051;175054;175057;175052;175053;175062;175060;175061;175059;175058;176191;176194;175055;176192;176195;176193;176467;176469;176470;176466;176473;176472;181188;181506;178586;176471;176481;176468;181507;181508;181515;181512;181513;181514;182194;182193;182196;182371;182195;182197;182438;182411;182400;182401;182402;182516;182751;182756;182517;182758;182759;182757;182793;182794;183385;182879;183903;183901;183902;184012;184011;184013;184010;184073;184065;184078;184131;184175;186238;186239;186296;186295;186297;186240;186294;186270;186284;186267;186269;186266;186268;186285;186286;186302;187052;187119;187118;187203;187205;187217;187202;187216;187284;187218;187279;187283;187282;187305;187314;187417;187369;187368;187654;187655;187653;187656;187652;187665;187668;187729;187727;187730;187728;187862;187861;188000;187999;188045;188043;188046;188047;188050;188078;188077;188051;189291;189119;34312;189405;24017;189404;189403;177205;181614;177836;186904;117459;109405;100356;119240;117596;130273;125631;139748;165303;167521;167520;167507;100357;167398;110270;102494;184470;80306;80305;80201;80202;20178;20179;174435;186691;175129;178844;177342;180412;186865;181472;183031;181473;186690;173430;34197;34742;159741;159638;159494;159304;160217;160906;162706;161979;163273;161477;164155;162422;163724;164656;164508;165068;165502;166045;181768;168181;167101;165590;166468;168701;166631;168699;168273;168372;52657;52589;170519;169759;169758;52975;174478;174332;171321;173059;172221;173836;177227;175839;176675;175001;177635;178447;180163;176496;180250;176494;179224;181291;181235;182072;182442;180508;179837;182850;183246;185349;183806;184083;185605;53569;54647;53879;186362;186835;186834;187619;187620;187132;187134;187767;55460;187768;186600;188158;188161;189460;55765;55959;54989;56023;56125;56230;56391;56241;56650;56779;56920;57288;57468;57876;57666;58328;58206;57974;58342;58536;58434;58644;58954;59117;35689;59255;35558;38699;39449;38154;38791;59735;59958;61381;61462;61774;62519;62313;62518;63063;62861;63110;63468;63232;63645;65097;65029;64813;66813;66930;65691;66556;67232;69139;39356;69423;39492;40778;39852;70494;70273;70916;70923;71227;72167;71968;72800;72616;72939;73710;73419;73082;74008;74122;74434;77581;77184;77861;76581;77409;78080;79336;79141;79578;79836;78475;80485;42413;41000;41958;81207;42798;80951;81020;82534;83136;81647;83366;82825;84049;84342;84731;84667;83745;85567;86209;84921;85743;86061;86380;86598;87417;86852;88681;87245;87206;88956;90194;88088;89685;89786;44317;45610;44587;45086;46171;91128;90542;91716;91350;90794;91455;92791;92628;93817;93476;93315;94136;94580;94676;96828;99136;95480;97724;99995;99633;47859;100991;100679;48383;46732;46850;47139;47595;101980;103421;103648;103933;102993;104434;106350;106840;105356;105152;106682;106485;107220;117636;111383;109395;110228;109899;117333;49089;49237;117429;118887;49285;119097;119558;118153;122617;119684;121514;122246;131738;124460;125371;122853;124279;126753;128328;125952;125729;127129;127120;129848;130463;128741;131190;129054;130275;131022;132717;50049;133053;132097;131954;50476;134215;133954;133848;134701;135094;135704;133465;136122;135917;136348;135401;137701;137635;137081;136743;139001;139459;139695;138449;140700;140406;139794;142209;141573;142641;142719;141194;142971;143471;146204;146060;146544;144781;148243;147754;148487;146948;50977;145071;51161;51511;149412;148558;148848;148996;150430;149900;150854;151672;152189;151831;152609;153515;153630;153255;152928;153829;153931;154238;155352;156033;154706;155867;156462;157293;158051;156862;158500;158936;159235;53392;52501;51872;51921;65723;42895;24710;66272;24709;42894;136193;34196;136192;45049;66271;55734;65925;52980;71897;45048;19767;56980;56713;66925;62315;66926;17656;56712;18355;49977;62412;64471;77665;22003;58402;69477;25769;58401;58513;51815;62284;50692;56385;62283;38972;38971;33141;93028;85182;50695;62416;56407;86609;62415;11363;158252;81703;147193;159628;26015;26016;33902;87413;170631;21745;72175;72177;55551;58399;49645;38792;58398;57862;55550;141208;141251;29725;55577;76462;76463;59055;55748;55749;47780;47779;93097;54628;100869;25655;54627;152164;179693;59718;70806;77054;97888;83815;85767;91571;97552;59717;83489;96270;69399;51812;87211;46676;56651;46675;52614;42879;101296;79798;70147;101297;79800;79799;79801;77730;70145;33771;88563;85627;88562;74252;74253;81824;36141;93812;93811;187380;97889;96271;35930;84090;78513;78514;171189;126826;90545;72963;59684;90546;72964;78079;77020;124002;59683;73093;73094;77022;29747;77023;32055;77024;77151;77021;77152;77150;77025;85802;76389;96721;76390;46239;35804;46238;53624;53623;84195;84194;97860;56166;97859;33095;57536;45593;68962;55832;16889;16890;69799;16887;16885;16886;16888;16843;16790;16480;17115;16696;17114;16697;16695;16694;16564;16591;17369;16563;17370;16836;16835;17371;17372;16621;26217;16946;26219;26218;16903;16560;26220;26221;26222;26223;26224;16964;26225;26226;16913;17373;26227;16550;16549;16548;16505;16547;16504;16502;16503;26228;16873;16881;16872;16865;16864;16862;16863;17374;17375;26229;16846;16845;17377;17376;16842;16841;16830;16809;16829;16810;17379;16806;17378;16804;16802;16803;17380;16799;16798;16786;16787;16789;16777;16780;16779;16774;16775;16776;16769;16772;16773;16759;16758;16768;26231;26230;17126;17124;17123;17125;17122;26232;26233;17079;17113;17078;17076;17077;17075;17064;17055;17065;17054;21616;26234;26235;16983;16984;16729;16718;26236;16715;16714;16703;16676;16673;16646;16671;16645;16644;16639;26237;16638;16632;16602;16606;16601;26238;16960;16961;16959;16958;26239;16957;26241;26240;16930;26242;26243;26118;16896;26244;16897;16892;26245;26246;26247;26249;26248;26250;16567;26251;26119;16553;16535;16483;26252;17381;26253;16857;16869;26254;16856;16821;16820;17382;17383;16785;16784;16783;26255;26256;26257;26259;26258;26260;26261;17384;16756;17385;16750;17386;16735;17085;17084;26262;26263;17083;26264;26265;26266;17023;17022;17024;17020;17019;26267;16988;16990;16989;26268;26269;16972;16982;16981;16712;26270;16710;16707;16700;16685;16686;18394;21130;26272;16681;26271;16668;16667;16666;16650;16619;26274;26273;16620;16615;16614;26275;16613;17387;17388;26276;26277;26278;26279;16501;26280;21131;16497;26281;16481;26282;20830;26283;17086;17074;26284;26285;26286;26291;26287;26289;26290;26288;26292;26295;26293;26294;21909;21546;21102;26296;26297;16962;28268;26298;26299;26300;26301;26303;26302;18395;21103;26304;21547;18396;21548;26305;26307;26306;26308;26309;26310;26311;26312;20359;20199;21910;20200;26313;22259;26314;22260;26315;26316;21911;26317;21549;21649;26318;21650;26319;22328;22261;22329;26320;21651;26321;26322;21912;21913;26323;26324;26120;26325;26327;26326;26328;26329;26121;26331;26330;26332;39304;39305;33828;26335;33829;26122;26123;32451;32452;32453;38679;33863;33862;38680;38681;38729;38730;36056;38731;36057;36058;36059;36060;36061;41638;43129;43130;43131;49113;49111;49112;56825;56826;56827;56831;56830;56829;56828;56832;56833;72896;72895;56834;56835;79569;79568;79570;76067;17051;16904;16692;16691;16690;16945;16948;16949;16944;16943;16941;17389;16942;16940;17390;16902;17392;17391;17393;16901;17394;17395;17396;17398;17397;17399;26337;26336;26341;26338;26339;26340;17102;17101;16755;17073;16752;16765;16751;16738;16737;26343;26342;16721;26344;16699;26345;26346;16996;16997;26347;16995;16974;16973;26348;26350;26349;26351;26352;26353;26354;26355;16653;26356;26357;26358;16617;26359;16618;26360;26361;26363;26362;26125;26124;16900;26365;26364;26366;26367;26368;26369;16517;16516;26370;26371;26372;26373;26374;26375;17111;26376;26378;26377;26379;17053;17052;26380;26381;17030;26382;26126;26127;26383;26384;26385;26387;26386;26388;26389;16731;26390;26391;26392;26395;26393;26394;19539;26396;26397;26399;26400;26398;26401;26403;26402;26404;17400;26405;26406;26408;26407;26410;26409;19540;26411;26412;26413;26415;26414;26417;26418;26416;19541;26419;26420;26421;26422;20037;20038;26423;26424;26426;26427;26425;21760;21761;21762;26428;26429;21652;26430;26431;22057;26432;26433;26434;26435;36062;35066;36063;51466;51467;36064;40607;56704;56705;45617;45413;51468;56706;53267;53268;86116;86117;86115;17401;17402;17403;17406;17404;17405;17116;17117;17110;17407;17109;17107;17106;17099;17050;17026;17028;17027;17025;16709;16708;17408;16598;16597;16595;16596;16880;16905;16884;16924;16871;16559;16533;16557;16532;16558;16531;16530;16526;16529;16527;16528;16519;16518;16507;16509;17121;16510;17120;16850;26436;16788;16840;16844;16839;16778;26437;26438;16760;26439;16757;16992;17409;26442;26441;26440;16970;16698;26443;17410;16657;16663;16689;16628;26445;16584;26446;26444;16566;26447;26449;26448;17411;16938;18397;16934;26451;26450;16933;17412;26452;26453;16853;17413;16852;26454;26455;26456;16521;26458;26457;26459;26460;26461;26462;26464;26463;16525;16554;16524;16523;26465;26466;16522;16515;16858;16868;16834;26467;16833;26468;16771;16764;26469;17105;16754;16736;17100;17104;17103;26471;26470;17048;26472;16975;16991;26474;26473;16711;16682;16683;16684;26475;16654;16616;26476;16579;16594;16578;16577;16576;16954;16952;16953;26477;16951;16947;16932;16925;16931;16914;16915;16895;16883;17414;16882;26478;26479;16565;16551;16556;16555;26480;26481;26482;26483;26484;16508;26485;26486;16847;17108;18398;26487;16827;18399;26488;16742;26489;26490;16713;26492;26491;17032;26493;16978;17001;16977;16976;26494;16963;16693;16956;26495;16675;16672;16674;16655;16670;26496;16634;16630;26497;17415;16629;16627;26498;16604;26499;26500;16605;16603;17416;16574;16575;17417;26501;16580;16573;26502;17419;16569;16570;16929;17418;16927;16926;16928;26503;26504;17420;26505;26506;16911;16909;16910;16908;16907;26507;26508;16906;16898;16899;16891;16877;16875;16876;26509;16874;26510;26511;16867;16854;26512;16855;16732;16725;56836;56838;56837;16726;56839;17421;22895;26513;16724;26514;16704;26517;26518;26515;26516;26519;16656;26520;16607;17422;17424;17423;20331;16971;16590;26523;26128;26521;26525;22109;16912;26524;26526;26527;26522;21653;26528;16544;26529;16543;26530;19362;26531;26532;26533;17425;18608;26535;26534;19363;20799;20801;26536;20803;26537;19486;22866;26539;26540;26538;20201;26541;20202;26542;20203;26543;20800;26544;26545;22430;22172;26547;26548;26546;21551;21552;21550;26549;22431;22173;26550;22432;26551;22174;22175;22176;26552;22433;22434;22263;26129;26553;26130;26131;26555;26554;26132;26133;26135;26134;26136;26556;27062;26557;26558;26559;26137;26560;26138;26561;26562;29199;26563;32390;32389;26564;26565;31615;29798;29797;34315;26139;34316;35642;33864;35643;39001;33936;41024;41026;41025;40364;40365;40366;46813;43132;43133;46697;46698;53269;57330;53270;53271;66504;63319;56840;72956;72957;78717;82683;88155;82682;88156;16568;17426;17088;16534;17089;16828;16832;16831;16826;17427;16825;16801;16800;16717;17062;16716;17063;17059;17060;17061;17056;17058;17057;17042;17043;17045;17041;17040;17039;16998;17000;16999;17428;16968;16979;16861;16797;17429;16490;17430;17431;16489;17432;17433;17031;17435;17434;16728;16727;17436;16723;16625;17437;16600;16923;16939;16922;16920;16921;26566;26567;16538;16819;26568;16795;16793;16794;26569;26570;16749;16792;17438;17439;17094;17095;17096;17440;17092;17093;26571;17441;17442;17046;17443;17444;17010;17009;17008;17007;26572;26573;16987;16986;16985;16719;26574;16705;26576;26575;16664;16665;16662;16661;16660;16659;26577;17445;16647;17446;17447;16593;26578;16592;26579;17448;17450;17449;16537;17451;16506;16536;16500;16499;16484;16498;26580;26581;26582;16950;26584;26583;26586;26585;26589;26587;26588;16546;16894;16545;16893;16879;16870;16860;16859;26590;16838;26591;16837;16824;16823;16822;16796;16767;26592;26593;16766;26594;16488;16487;16485;16486;17452;17453;17454;17112;17456;17455;17457;17458;17459;26595;17461;17460;17087;26596;26598;26597;26599;17029;26600;26601;17016;17015;17014;26602;51469;17013;26603;51470;51472;51473;51471;26604;16743;51474;17462;16741;16739;16740;16730;51475;17463;51477;16722;51476;26605;26606;16688;51478;26607;16687;16669;26608;26609;16643;16658;16642;26610;16626;17464;26611;16624;16623;16622;26612;16599;51479;16969;26613;16967;16965;16966;26615;26614;51480;26616;17465;16955;51481;51482;51483;16937;16936;26617;51484;16935;26618;51486;51485;26619;51487;26620;16919;16918;16917;16916;26621;26622;26624;26623;51488;16582;16581;16572;26625;16571;16562;16561;16552;26626;26628;16542;26627;26629;16539;26630;26631;26632;16520;17466;26633;17467;17468;17469;17470;16491;17471;51491;51489;51490;51493;26634;51492;51494;17472;16866;26635;51495;21654;26636;16851;17473;26637;17474;16849;51497;51496;16848;26638;17475;17476;17477;16817;16818;16816;16815;16812;26639;16811;16808;51498;16807;16805;17479;17478;16791;51499;26640;17480;17481;16782;17482;17483;16781;17484;26642;26641;16770;17485;26643;17486;26644;16762;26645;26647;26646;16761;26649;26648;17487;17488;17489;16746;26650;26651;26653;26652;17118;17490;17491;17492;17090;17091;26654;26655;26656;26657;26659;26660;17038;26658;17035;17037;26661;17033;26662;17034;26663;17017;26664;26665;26666;17006;17005;17494;17493;17495;17004;26667;17496;17003;17002;17497;16994;26668;16993;26670;26669;16720;16702;16706;17498;26671;17499;16701;16679;26672;16680;26673;16678;16677;26674;16649;17500;17501;17503;17502;16648;16640;26675;17504;17506;17505;26676;16631;17507;16611;16612;16610;26678;16609;26677;26680;26679;16608;26681;16589;26682;26683;17508;17509;17510;16588;16587;16586;16585;16583;16514;16513;16511;16512;17512;17511;17513;26684;17514;17515;17516;17518;17517;17519;16495;16496;16494;16493;16492;26685;26687;26686;26688;26689;26691;26690;26692;17119;17098;26693;17520;17521;17522;17523;26694;17524;26695;26696;26698;26697;26699;26700;17082;17081;17071;17080;17525;17526;17527;17528;17529;17530;17531;17533;17534;17532;17070;17069;17068;26701;17535;17066;17067;26702;26703;26705;26704;26140;17036;26706;26707;26708;26710;26709;17021;26711;26712;26713;26714;17537;17536;26715;26717;26718;26716;17538;17539;26719;17540;17543;17541;17544;17542;16763;17546;17545;17548;17547;17549;17550;26720;26722;26723;16753;26721;16748;16747;16734;16744;26724;16745;16733;26725;26727;26729;26726;26728;26730;26731;26732;16652;16651;17551;17552;17553;17555;17556;26733;17557;17554;26734;16641;16637;16635;16636;16633;18339;26736;26735;26737;26739;26738;26740;26741;26742;26743;26744;16980;17558;26745;17559;17560;17562;17563;17561;26746;26747;17564;26748;26749;26750;26751;26752;17565;18341;17566;18340;26753;26755;20084;22435;26754;22436;26756;26757;17567;17568;18342;18343;26758;26759;26760;26761;26762;18344;26763;18345;18346;26764;18347;26765;26766;26767;26768;26769;26770;26771;23711;26772;18348;26773;26774;18350;18349;26775;26776;26779;26777;26778;26780;26782;26781;22177;22178;22179;26783;26785;26784;26786;18351;26787;26788;26789;26790;26791;19399;21657;21656;26792;21658;26793;26794;22437;22438;22439;22440;22441;26795;26796;19823;26797;26798;26799;26800;22462;22461;26802;26801;26803;26804;26805;19980;26806;26807;19824;26808;26809;26811;26810;20085;19981;26812;19487;26813;26814;19825;26815;19826;19982;26817;26816;26818;26819;20954;26820;26821;19983;26822;26823;20086;26824;21659;20955;20868;26825;20397;21104;21105;21106;21107;21553;21660;26826;21108;26827;21110;21109;21111;21112;20956;21113;26829;26828;26830;21735;26831;26832;26833;26141;26835;26834;34736;26836;26837;21713;26838;21714;26839;26840;21161;26844;26843;26842;26841;26845;21914;26846;26847;26142;23627;23628;26143;26848;26144;26849;26852;26851;26850;26853;26854;26855;23712;26145;23713;23630;23629;26856;26146;26147;26857;26859;26860;26858;26862;26863;26861;22916;22917;22919;23714;28269;23715;23718;23717;23716;23719;23720;23721;26865;26864;23722;38968;26866;23723;26868;26867;26869;26870;26873;26872;26871;26874;26875;26876;26149;26878;26877;26148;26879;26880;26881;26882;56068;26883;56069;26884;26885;26888;26886;26887;26150;26152;26151;38969;26153;26154;26155;26889;26890;26892;26891;26156;43134;43135;26894;26893;26895;43136;43137;26896;43138;27063;27065;27064;43139;26898;26897;26948;28271;29200;28270;28272;30045;31035;30046;30047;31036;31839;29969;29971;43141;43140;29970;29972;29973;32157;32155;32154;32156;32158;32159;39378;34737;39377;33190;35176;35175;39379;35177;39380;35697;35698;34952;39381;39382;44347;34738;44348;44349;44350;39383;39384;44351;44352;44353;41976;43361;44354;43360;41978;41977;44404;47754;44405;47753;44603;43142;46261;46347;46348;43143;47145;47146;47148;47147;52039;47149;56841;56842;51659;56844;52040;56843;56845;56846;56596;56597;56847;56848;63291;56849;58611;58610;58612;58613;61591;61590;61592;63442;63443;63444;68919;86215;86118;73719;73718;16541;86119;16540;16878;16814;16813;16482;17097;17072;17049;17047;17044;17018;17569;17570;17012;17571;17572;17573;17011;26914;23731;30202;10763;12055;77334;77335;77336;77337;77339;77338;76796;77340;77342;77341;76797;77391;80087;83162;80086;82430;89057;117394;117395;76795;42436;34491;10111;18570;20960;33268;72929;72928;65576;65575;77811;90512;72025;72026;72504;76766;74104;72505;80885;72507;72506;72508;76428;74287;67230;72220;155843;64379;149349;120953;64378;186687;70097;70098;100380;103378;77029;120945;97577;97578;101521;103674;97579;148709;74121;72586;66987;77812;66307;172123;66306;81779;66172;63323;62786;81780;61565;81781;81782;81783;81784;59293;61564;81785;100719;66473;66472;72368;73102;101168;53490;25738;55594;29997;35906;186937;57849;38977;138093;127914;138078;138076;138079;138081;125878;138080;138075;138077;58292;34948;11425;18174;11572;47828;69180;77750;51938;76166;36087;55549;24700;20805;62940;51956;30134;59368;59369;59370;70739;38951;59371;72721;72722;78892;91819;91232;91818;95719;95720;96446;180509;164911;144454;147894;90892;91763;91764;95319;95721;95722;97890;96447;97891;97892;100847;124775;122248;126638;124776;127051;139224;152959;164912;171167;174015;179673;179674;183296;38949;178031;182199;33484;182680;31050;31724;186476;186475;180051;88578;171959;88577;103870;136670;189236;180052;62621;62623;62622;62625;62624;62626;141061;12015;72035;76592;82994;72034;84962;90627;14684;15771;90190;90189;24782;21051;25737;20320;27590;25762;62186;88097;97140;62185;22131;22132;11696;57560;58579;63059;68888;72395;60036;59849;59848;59847;66784;59846;63303;57559;60037;72394;45087;49086;52534;53488;56872;56469;58319;59497;62077;66498;70026;70588;72104;74040;78597;131132;132416;134222;135032;149023;152751;153850;158930;161376;84504;86001;87371;86602;92410;91347;94914;94915;95824;96830;100025;101954;100300;103506;104359;105651;106397;108795;110384;111105;117880;118718;119767;121473;126476;127047;158981;21782;25998;34157;35913;38985;41060;45390;47037;47762;20219;25996;58500;187975;177586;187130;187976;187131;15862;118238;148499;16226;18480;15926;130596;143590;129406;186688;129104;11635;11974;70176;70175;10925;77685;77687;68906;70477;71310;68909;68907;68908;68910;68911;68912;70478;69194;68913;70479;70481;70476;70480;71997;70475;71999;71996;72001;71998;72000;77756;73492;73493;73494;73495;73496;76503;73687;77000;76502;76504;76505;76506;76507;76508;78420;78421;78423;78425;78424;78426;80955;80954;80953;80956;82794;82795;80957;80958;82796;82797;82798;82912;85226;85224;85225;84768;86605;85228;85227;85229;86475;86608;86476;86477;86606;88091;86607;88093;88092;88094;88096;90761;88095;91762;92519;92518;92520;92521;92512;92513;92514;92515;94332;94331;96316;94333;94579;96658;96659;96660;96661;96662;102699;99524;99525;102700;101266;99526;99527;102702;102701;102703;102704;102705;102706;102707;102708;102074;102073;102072;102075;102077;102076;102080;102078;102079;102081;104033;104032;104035;104034;104036;104037;104038;104039;104041;104040;106385;106389;106387;106388;106386;106390;106391;106393;106394;109211;106392;109210;109212;109214;109213;109215;109216;111204;111205;178670;178668;111206;111207;178674;126508;137004;118231;126925;118232;178673;125773;178666;121642;178671;122242;121389;121129;121066;121390;122241;125546;121354;121126;121215;121644;121643;121111;121070;121069;124003;124091;124236;124193;124031;124195;124765;124327;124092;124238;125774;124030;125309;124760;127056;130514;126785;127122;132038;130517;134893;130516;130469;130264;130460;130505;132959;132046;130053;130468;132075;130519;131944;130466;130504;130518;130459;130515;133303;130520;130502;140454;130467;130279;130270;140737;133965;133863;133860;133088;133725;133050;133051;136701;135683;133145;146092;137056;136119;138210;139069;178675;136828;178669;139071;140467;138909;139070;136285;139033;138596;138889;138605;138604;140586;138908;138608;139032;138839;138906;138905;138907;141802;141827;141806;143381;151625;141868;141845;142145;141849;141846;143383;143382;143263;146194;144982;145691;144986;145261;150137;144985;145571;146106;146090;144984;144983;148664;145502;148665;148670;148671;178663;178664;148668;149810;149473;148673;148682;149970;149788;148657;178667;148661;149369;148651;148677;148672;148648;178676;149859;148683;148676;148654;149453;144978;148659;149366;148678;148650;144933;148667;148666;148679;148675;148660;148663;148658;148669;148662;148680;148653;148681;148645;149351;149967;148649;151630;151635;151631;151629;151639;153253;158934;164079;153128;153256;153252;151637;151638;151633;151628;151632;151634;155626;151636;151626;151627;154110;160200;154112;154111;154119;154113;161264;154126;154127;154122;154123;154109;154118;154121;154125;154120;161261;154116;159271;161775;154117;154124;159234;159280;158896;154108;161525;165723;161953;156689;154115;156671;156683;154107;156681;156680;156676;156685;159063;156686;156679;156672;156684;156673;156674;158041;156682;156687;156693;156670;156678;156694;156675;156692;156782;156677;178642;160076;160183;178641;161217;178672;160125;161287;178643;161299;178665;160087;163614;163770;163629;163604;163769;163435;164019;163788;164897;166767;163768;163761;178646;164339;178644;163461;166081;166604;166078;178640;166075;168964;166086;166072;166073;166084;166682;166085;166076;166324;166083;166383;166070;166079;166080;166077;166686;166332;166082;166319;166074;166318;166379;166071;173835;169283;169950;169956;178645;166459;169947;169942;169941;178639;169940;177295;172047;169944;169925;169939;169943;169949;169955;169948;169952;170391;169951;169953;174737;174255;174625;174254;174249;174741;174626;174252;174739;174740;174227;174248;174242;174738;174240;174241;177112;178201;178202;177837;179871;178190;178187;178960;178191;178192;178186;180190;179835;182923;182924;182936;183962;183725;184167;182931;183504;183505;183960;182939;182929;182930;182926;187316;182928;182920;182921;182925;182935;182937;182938;182934;182922;183961;183875;182927;70120;70121;189374;180550;55941;55939;55940;55937;55938;55935;55936;55934;56769;56770;56771;57637;57636;57638;57639;189740;58874;58875;58876;58877;59987;58878;189763;59988;59989;59990;59991;59992;59993;59994;59996;59995;59997;62711;62712;62713;62714;70102;63519;63520;66336;66509;66510;66511;66514;66512;66513;66515;66516;77686;141393;91890;80191;80192;80193;80195;80197;80196;80194;91778;91779;126510;126917;121067;121068;104175;131701;104100;108520;80198;85270;77688;55933;55932;151371;25021;40446;43814;25710;77437;151424;33094;23996;23997;62800;62799;24758;26969;181675;181216;137747;141210;141213;141214;141212;141211;137748;20284;50978;51388;51389;62311;11983;99929;99928;38664;25085;34243;83265;92660;77277;77275;77278;77280;165066;176549;167251;177450;167252;167250;168912;11705;31352;85908;85909;65986;65985;83737;83736;182962;55574;59180;58726;61432;73332;73334;76510;76594;73336;80078;80080;80079;80832;80081;86900;86901;88983;91974;122588;122586;97496;122857;121544;125223;127114;133474;129535;133471;163762;163764;176672;176673;186912;55573;80831;181267;180009;181266;11522;11891;49646;11941;20096;58482;20728;55701;35627;53514;88905;122752;34266;122754;40468;12002;72264;100383;71860;70743;74224;83115;74225;71861;73969;83116;74090;55818;63281;61487;70744;73970;66637;66722;61486;66941;66944;70071;66942;59685;70072;70260;72619;72880;59109;63266;59036;59035;34472;159929;57939;57940;93685;94253;95917;96731;99134;104378;103598;100270;105080;106296;108786;110324;111137;118178;118574;119841;104848;122753;121393;173679;127054;123128;125150;129467;130057;130967;131957;134954;133531;136930;141100;141099;137071;143115;143478;144453;146427;146086;147658;149041;149042;149043;149333;149984;149986;149985;152036;152038;152129;152039;153429;153432;153709;154775;154717;156230;154711;156221;156222;157403;157181;157242;158163;159106;159105;158976;161395;159571;161402;161410;163394;164291;165108;164292;164288;165106;166457;167249;166599;168697;168669;168670;170445;171390;173442;173444;170453;174037;174022;173439;170432;174036;176078;177475;176087;176084;177477;178228;177474;178754;178752;178753;181231;181230;181014;181760;181763;183882;183881;186626;189369;186724;186730;123129;187104;186731;189303;123130;189302;189301;164519;122365;124005;129975;127901;125219;132034;133670;136560;134703;142468;144106;139578;150342;146420;154152;149381;151587;153362;156666;163957;159658;166042;163031;169879;183100;174137;179485;186775;181275;154436;162407;185561;177267;185572;171458;185551;164985;185565;147414;181596;147417;147416;147412;148455;151582;154425;156662;152631;162181;171518;165080;185563;182910;181597;160843;172601;152697;183101;174125;161778;185574;186769;179504;158319;183102;162228;169887;186771;178188;185566;186767;171511;181595;118975;185559;109865;112060;122816;132021;134763;127898;147620;145014;146447;154429;156058;148456;147660;151827;150450;152629;153401;157449;158729;159665;163029;171460;164987;172539;182915;185556;185768;164088;122366;144055;125220;129976;124006;127902;132035;139579;136561;134704;133671;142465;144108;146423;149378;150340;154154;151585;153365;156667;159659;163030;163956;166044;169878;186914;174134;187905;162496;162497;179483;181273;166790;185554;181465;181477;160466;161715;174074;162603;175331;161413;176742;177930;181353;179145;180235;163663;165260;164347;166211;170101;167638;168658;171457;172512;166208;165261;163496;167632;164343;168652;170100;171455;172514;176740;175329;174077;178144;177933;179141;181351;180230;182132;178145;181878;183783;186031;186187;189368;179142;180233;187078;181355;181876;183786;186029;182131;108753;108584;109866;187080;108585;189363;109867;121641;122193;121476;108754;122949;123133;125362;125999;126069;128529;110806;126623;117291;117918;121511;122232;122192;123011;122947;126000;125360;126621;128059;126070;128060;128527;139786;138082;139062;130171;131766;135199;132710;132712;133849;135273;137050;128524;136356;134406;129100;132708;131772;134404;130169;132713;133692;135200;135275;137048;136403;149254;138084;138444;150121;148774;151573;152415;139790;153091;139073;153876;142612;140733;141569;144277;144769;142912;148013;146782;145447;139039;140731;139788;141572;142911;142610;144772;144283;146779;148015;145466;149282;148766;150120;150801;151572;152413;152636;161711;163495;164346;162605;153106;154816;156604;155916;153879;158652;157445;161412;158691;159528;153088;160468;153880;154820;155918;157444;158693;156605;158655;159529;125404;122116;131284;97143;124020;155789;95258;152211;95259;174259;157114;154014;189106;173917;181612;178770;185425;186213;139456;182770;189107;139328;144621;146590;152210;157115;154013;178769;186214;139663;139329;96829;144620;146589;189235;176073;101956;100027;97497;189237;122587;122585;121543;122856;129534;163765;163763;127113;176674;176671;186911;186910;153047;109016;111682;186478;110978;106189;119614;108282;109944;118934;117409;127894;124194;118309;131945;122247;121542;125953;125165;130968;128706;127124;135589;139601;133650;132938;138503;136559;134408;148539;141470;145269;152489;152424;147704;151610;156254;144981;147922;151293;149472;150707;155448;149433;153397;154142;159887;159707;157878;168738;157434;158219;157385;161121;162392;159181;163071;166329;166102;168913;179875;165173;174167;186806;177388;169861;178183;171594;172602;178298;168392;142717;185555;182841;189075;181321;172593;172605;143218;99128;93813;146823;160472;160471;103531;105111;105110;173740;187658;174165;163660;175372;178775;177090;177927;179226;180325;181348;164352;166434;164540;165299;167639;165571;168329;170670;170917;171553;169034;168655;179231;181350;172592;173623;180323;181882;183808;187075;182368;183832;186189;186035;122401;121478;121599;123506;123508;125358;189366;125949;126217;126703;128969;138095;128774;139184;139869;128971;129389;130364;132773;133690;131955;135412;137086;136358;139317;138588;148772;149256;150158;151612;152453;149529;141776;139867;143059;154061;153112;143425;144855;146784;148109;144285;148396;145467;152504;161714;162670;152634;164354;165246;163581;154058;154876;155920;156609;156196;158656;158068;157906;158928;159547;160526;161411;105792;105786;95929;137839;184165;108884;135296;132047;139727;119241;158830;126590;165177;135189;164811;79310;78550;81087;82699;84488;86270;87314;85408;86654;88047;92496;91228;18062;90096;107071;18352;18353;122508;28212;25554;18683;20911;20113;21175;22476;24811;21763;30255;33281;34211;35111;28252;38744;32477;40502;40946;42434;45372;47023;50548;51423;52754;55416;56480;57797;62214;59066;65577;62215;66808;69877;70301;72687;76317;70561;77748;18369;22418;18521;24241;21554;20135;19295;15573;22335;24762;25704;27625;25346;25122;29699;29983;31736;33131;30203;34118;38989;35436;40928;45387;51061;93721;55763;95411;95919;96798;103360;101931;100355;99167;105515;104355;105689;106305;108805;109392;118571;111109;126381;119498;31992;33286;121388;34773;31604;39338;42477;39768;46837;45044;47887;40553;50653;49143;53410;56482;52612;55638;69879;59068;60127;62216;58322;62802;65579;66000;66810;70563;72689;74139;73304;71498;77201;77747;76316;81051;80055;81915;83291;84491;82711;86252;85446;88597;91221;92358;87370;86790;12514;93593;12515;12516;12518;12517;12519;12520;14676;14242;14768;15420;15898;17587;17195;16251;18189;18437;19463;19773;18099;20990;20249;21341;22125;21073;22479;23740;23926;24354;25297;25566;24234;25081;25830;29723;30254;31605;32478;33790;33282;34210;34374;35110;40501;38743;35684;40591;40945;42433;45373;44095;47024;48424;45542;49289;52753;50549;54935;53412;55415;56141;56481;57798;59067;65578;62213;66809;67130;69878;72688;76318;73648;77749;81088;81977;82700;78551;84489;81730;85409;88048;87321;86829;91229;92497;93317;95918;90097;99135;106297;101957;108787;104379;105081;111136;110323;121391;118573;119840;125151;127055;100427;86722;84565;118575;100271;109361;119842;121392;80227;71948;74013;60019;77814;79857;77713;84802;86404;87919;89832;83472;91098;94073;99375;92036;96454;102429;104671;106847;111791;111009;109897;70349;117874;119673;160082;70350;117597;122250;73434;120949;74432;73995;77578;77173;79142;78442;56962;80486;58539;59427;62481;61625;63451;63243;64585;62837;65220;65911;66446;66873;69867;70859;70215;71352;71952;84160;84159;84161;84162;84643;86062;86384;86853;85327;87658;89869;88640;87246;91164;152273;93524;56960;56961;123976;88720;152698;88722;160081;91387;127895;91389;69347;155137;153459;72172;89782;72174;95889;93514;78680;100793;102325;97215;118084;109040;121127;72170;153092;148710;153436;124021;109031;140605;109033;62222;153438;88721;99370;84404;62220;137879;104630;62221;137653;57044;56199;58684;55421;61563;74014;63455;66411;71949;77714;79858;69847;64787;83473;84803;86405;87920;89833;94074;91099;99376;92037;96455;104672;102430;109898;111010;111792;106848;117875;117598;56214;137068;100960;119674;120950;122251;55420;63340;125406;186820;77371;100956;77368;71041;77372;71039;56196;93407;93404;133180;148656;139914;148449;71465;78677;80861;82271;61519;76492;85269;81979;85542;85268;88101;59823;70259;148358;59822;175105;137650;109597;104666;58180;83991;55435;110643;47682;110644;58291;84670;57773;58070;109279;63542;62993;58074;59090;62739;58353;58893;59404;106758;62575;62584;61710;60038;58894;59403;60039;61711;62585;62740;70709;63543;62994;62576;70944;65128;64718;63544;65801;66988;66475;69264;69988;63545;64719;65129;66476;66989;69265;65802;69989;70945;70710;71343;72327;73095;73765;74436;76758;77899;77493;70711;70946;71344;72328;73766;74437;73096;77900;76759;77494;78469;80519;79661;82034;81517;82035;82499;83436;84575;77495;77901;78470;81518;79662;82036;82037;80520;82500;82582;83437;85272;82997;84576;85686;86068;87473;85383;86761;88751;88458;90788;84577;85273;55418;89872;56376;57358;58072;57774;56755;58354;85687;86069;85384;86417;87474;86762;90789;89873;88752;88459;91544;92752;95471;93659;95883;94957;97636;96773;99627;90790;91545;93660;92753;117940;94231;94958;95472;95436;95884;97637;99123;96774;99124;102356;103677;105211;99628;100807;104635;110807;106300;100808;108374;102357;99629;103678;104636;105615;105039;106301;106560;108375;117669;55419;110808;117919;117292;118394;119605;119748;118396;117667;119603;56377;56756;53915;57359;54973;55417;55141;55804;56875;56258;58002;58208;61551;58540;58995;59428;61623;62482;62838;63452;63244;64507;64586;64917;65221;66447;66874;65912;67226;69868;70860;71353;71953;72285;72607;72938;73435;73741;73996;74433;76415;77174;77579;78443;79143;79837;79443;80487;80947;80999;81128;82782;81820;106607;83367;84366;84050;84732;84644;85328;86063;86370;86424;86854;87247;88641;87659;89870;90426;91165;93462;92013;91671;93961;94335;94629;95763;96389;97728;99284;100053;101363;100757;102263;103125;104545;103923;108959;108283;105176;110396;105692;110977;109602;111681;117408;118908;119424;119093;123937;125055;128632;125814;133606;141492;137252;59178;59197;53914;59177;125890;128279;125891;125892;34322;58619;125893;125894;125895;135900;135899;76789;41971;51079;51078;54974;76787;59818;58792;72036;64919;71230;76452;84218;55851;73670;50828;74263;81183;87924;92943;93519;95286;94338;103373;97939;99103;103374;104851;105485;118981;110097;105781;111758;118884;111977;119099;118465;123517;127135;129496;124299;131128;130454;134628;137076;134974;143117;140771;139202;143222;144851;150960;169512;158147;157421;183917;89964;174757;80219;80220;40480;89924;159740;159493;159305;160905;160216;159637;161980;161478;163274;162705;164154;162421;163725;164657;165067;164509;166046;165503;165589;167100;168182;166469;168700;166630;168274;168373;170518;171322;169761;169760;173060;173837;175838;174479;174333;177228;176676;177634;176495;179225;180162;180251;178446;180507;181236;179838;182073;182441;183807;185350;183247;182849;186363;185606;186792;187621;187133;187769;70891;186599;188159;188160;70892;189461;70893;70917;70924;71228;72168;71969;72617;72801;72940;73420;73083;73711;74009;74123;74435;76582;77185;77582;77862;77410;78081;79144;78476;79337;79579;80488;79838;81208;80950;81021;82535;83137;81648;83368;82826;84733;84051;84343;84668;83746;85568;86210;84922;85744;86064;86381;86599;86855;87418;87207;88682;87248;88957;88089;90195;89686;89787;91129;90543;90795;91717;91351;91456;92792;92629;93477;93818;93316;94137;94581;95481;99137;94677;99634;97725;99996;100992;100680;101981;103422;103649;102994;104435;103934;106351;105357;105153;106486;106841;106683;107221;109396;109900;117635;111382;110229;117332;117428;118886;119096;119557;118152;119683;122616;121513;122245;131737;122852;124278;124459;125370;126752;125951;125728;127128;128327;127119;129847;128740;129053;131189;130274;130462;131021;132716;132096;133052;131953;133847;133953;134214;134700;135093;133464;135703;135916;136121;136347;135400;137634;137700;139000;137080;136742;139694;139458;138448;140405;141574;139793;142208;140699;142642;143470;142718;141195;142970;146061;144782;146543;146205;148242;148488;145072;147755;146949;148559;149413;148849;151673;148995;150431;150855;151832;149901;152190;152927;153254;152608;153516;153631;153932;154705;154239;153828;156034;155353;155866;156861;156461;158050;157292;158501;70890;158935;159236;110519;110502;100129;18214;21781;16151;100128;104814;15786;56871;24812;59499;66500;72106;30201;74093;103508;25999;38987;35915;41059;45389;47764;127915;25997;55693;58501;35686;34290;55458;43002;39435;40873;46673;50072;52587;62594;61997;43003;64472;64699;66929;70459;65998;65027;50073;46674;52588;55459;58605;19702;58606;59464;56748;56749;59463;61998;64700;65028;62595;65999;66928;70458;130366;78891;29702;34291;35685;70610;39766;70611;55576;58725;61433;59181;73333;73335;73337;76511;80830;76595;86902;88984;86903;91975;80829;135851;55575;139733;129055;99311;71571;71570;56584;54832;50052;50053;50054;50059;50057;58093;50065;50066;50061;58094;58095;59045;56178;65216;67208;59914;62909;65217;66868;70341;69839;72933;70340;78436;79829;73414;83353;82767;83415;85347;84740;82768;86382;85349;86817;85878;87250;87251;87874;87329;87873;88880;90004;91610;90430;91044;92014;93463;93532;94010;94913;94015;95810;99310;97739;99313;101364;105177;100758;104664;100295;104546;103744;105729;152482;103126;150988;146347;21724;22025;53374;50058;50060;50067;24328;57286;50055;50064;55135;50062;25173;50056;59046;12257;22539;50063;50531;50068;142902;156551;142903;86383;91857;81883;65673;81882;72281;72280;138883;71898;65926;99265;65924;61621;187860;40563;70609;117617;61620;58812;131568;125548;128178;62801;64476;78599;77757;69932;50681;70590;78600;77758;83088;74124;78601;85410;86066;86604;50680;80170;80171;80172;77971;80173;80174;80175;80176;80177;80179;80178;80180;80181;80182;80183;80185;80186;80184;80187;80188;80189;86632;85881;84764;124027;58092;140215;53844;62947;58091;53843;77407;103836;77405;103251;54845;57775;58071;62995;62741;63546;58075;59406;58355;58895;60040;61712;62577;59405;62586;58896;54846;61713;60041;62578;62742;62587;70712;62996;71042;63547;64720;64721;65189;65190;65803;66477;65804;66478;66990;66991;69266;69990;69267;69991;70713;71345;71043;72329;73767;73097;76760;74438;77496;77902;77497;76761;77903;78471;79663;81519;80521;82501;83463;84578;87109;57360;57776;56757;58073;58356;95473;96268;97662;96904;99967;105043;101771;108518;111980;111043;117938;118592;56758;57361;56557;130055;84240;65700;84583;84584;76963;65699;76965;100839;139203;93522;77330;77331;93520;78672;78674;94339;176374;90784;85404;89101;103981;176418;176397;90785;89102;93517;103982;96764;176371;100670;97573;99436;101897;119417;121105;129300;124161;125364;103983;126922;105008;106141;107092;110268;126920;131949;129060;136921;134113;121307;121308;119418;121309;140776;121106;129298;124163;125366;124162;136925;140774;125368;129058;131947;126918;133211;133214;134109;147644;148947;151642;134111;135856;155570;136923;138086;139572;142677;140756;144635;142422;144643;155574;144639;164837;156389;157892;147648;151640;148949;146104;156387;154825;169999;172120;174235;170173;176367;178198;182525;185772;158991;164830;185777;187622;166607;169991;170168;172138;187624;176369;178200;180102;174239;84503;187631;182527;61413;70093;82713;81758;77863;86245;86570;87737;91262;90148;93526;94935;103359;142031;142032;56567;61412;28185;118800;11742;117707;56568;23753;20866;21118;20226;20837;20322;15852;20245;19783;15487;23754;23783;23756;19193;23924;17974;21139;21117;26060;20016;83957;83959;83958;121433;155865;156790;148037;61799;61798;61801;61800;61802;61803;61805;61804;61806;61807;61809;61808;61810;61811;61812;61813;61814;61815;61818;61816;61817;61819;61820;61821;61823;61822;61824;61825;61826;61827;61828;61829;61830;61831;61832;61833;61834;61835;61836;61837;61838;61841;61839;61842;61840;61843;61844;61845;61846;61847;61848;61849;61850;61851;61855;61852;61853;61854;61856;61858;61859;61857;61861;61862;61860;61863;61864;61865;61866;61867;61868;61869;61870;61871;61872;61874;61873;61875;61877;61876;61879;61878;61880;61881;61882;61883;61885;61884;61886;61887;61889;61888;61890;61891;61892;61893;61895;61894;61898;61897;61896;61899;61901;61900;61902;61904;61903;14776;61906;61905;61909;61907;61908;61911;13860;61910;61912;13862;13861;13864;13865;13863;13867;13866;61913;61914;13868;13869;13870;13871;13872;13874;13873;13875;13877;13878;13876;13879;13880;13881;13882;13883;13884;13885;13887;13886;13888;13890;13889;13891;13893;13892;61915;14777;13894;13895;13896;13897;13898;13900;13899;13901;13903;13902;13904;13905;13906;13907;13908;13909;13911;13910;13912;13913;13914;13915;13917;13916;13918;13919;13920;13923;13922;13921;13925;13924;13926;13928;13927;13929;13931;13930;13932;13934;13933;13935;13936;13937;13938;13939;13940;61916;13942;13941;13943;14778;13945;13944;61917;13946;13947;13948;13949;13950;13952;13951;61918;13954;13953;13955;13957;13956;13958;13961;13960;13959;13962;13963;13965;13967;13964;13966;13969;13968;13971;13970;13972;13973;61919;13974;13975;13978;13976;13977;13980;13979;13981;13983;13984;13982;13986;13985;13989;13987;13988;13990;13992;13991;13993;13994;13995;13996;13998;13997;14000;13999;14001;14002;14004;14003;14005;14007;14006;14008;14010;14009;14011;14013;14014;14012;14015;14016;14019;14017;14018;14020;14021;14022;14025;14024;14023;14026;14028;14027;14029;14031;14030;14032;14035;14033;14037;14036;14034;14038;14039;14040;14041;14042;61920;14043;14046;14047;14044;14045;14048;14049;14052;14050;14053;14051;14054;14055;14056;14058;14057;14059;14060;14061;14064;61921;14062;14063;14065;14066;14069;14067;14068;14070;14071;14074;14073;14075;14076;14072;14077;14081;14078;14082;14079;14080;14083;14084;14088;14087;14086;14085;14089;14090;14093;14092;14094;14091;14095;14097;14096;14100;14098;14099;14101;14103;14102;14104;14106;14105;14107;14108;14109;14110;14112;14111;14114;14113;14115;14116;14117;14118;14119;14120;14124;14123;14122;14121;14125;14126;14127;14129;14130;14128;14132;14131;14133;14135;14134;14136;14137;14138;14140;14139;14141;14142;14143;14144;14145;14148;14147;14146;14150;14149;14151;14152;14154;14153;14156;14155;14157;14159;14160;14158;14162;14161;14165;14164;14166;14163;14168;14167;14820;14172;14170;14171;14174;14173;14328;14176;14175;14329;14330;14331;14332;14333;14334;14335;14673;14387;14678;14679;14680;14750;14749;14723;14753;14751;14752;14755;14794;14754;14796;14840;14795;15413;15435;15434;15523;15522;15521;15546;24551;15547;15550;15549;15548;15597;15551;15598;15599;15601;15600;15602;15603;15635;15636;15637;15638;15697;15698;15650;15737;15699;15738;15739;15740;15769;15794;15793;15836;15839;15838;15915;15916;15917;15918;15920;15919;15956;15957;15981;15998;16014;16015;16035;16037;16036;16038;16065;16076;16077;16079;16078;16080;16082;16081;16114;16083;16115;16116;16117;16135;16158;16157;16184;16218;16219;16220;16240;16241;16242;16243;16253;16254;16255;16256;16258;16257;16259;16269;16290;16293;16291;16292;16302;16294;16360;16359;16375;16376;16378;16377;16379;16461;17131;16473;17139;61922;61923;61924;61925;17215;17140;17277;17216;17278;17279;17280;17331;17281;17332;61926;17333;17334;17347;17601;17346;17668;17669;17658;17670;17678;17677;18004;18002;18003;18032;18052;18091;18103;18104;18105;18106;18171;18107;18173;18172;18235;18236;18273;18237;18275;18274;18276;18277;18305;18307;18308;18306;18411;18412;18404;18435;18440;18434;18496;18498;18497;18550;18561;18499;18562;18583;18584;18597;18649;18599;18598;18675;18676;19192;18678;18677;19191;19201;19265;19226;19267;19885;19886;19887;19890;19888;19889;19891;19892;19893;19894;19895;19896;19899;19898;19897;19900;19904;19901;19905;19903;19902;19906;19907;19909;19908;19910;19911;19912;19914;19913;19915;19916;19917;19918;19920;19921;19919;19922;19923;20427;20429;19984;20428;19985;20039;20041;20042;20430;20040;20043;20431;20057;20433;20119;20432;20120;20121;20434;20435;20122;20123;20124;20125;20126;20437;20436;20127;20438;20128;20440;20439;20442;20441;20443;20444;20449;20445;20447;20446;20448;20450;20452;20453;20454;20455;20456;20459;20457;20458;20461;20460;20462;20465;20463;20464;20467;20466;20468;20469;20471;20472;20470;20473;20474;20475;20477;20479;20478;20476;20793;20794;20809;20795;20796;20797;20810;20817;20819;20818;20831;20849;20832;20850;20852;20851;20853;20875;20854;20877;20897;20878;20876;20939;20940;20941;20964;20942;20981;21002;21003;21037;21004;21028;21114;21098;21115;21133;21132;21149;21177;21178;21200;21179;21201;21203;21202;21206;21281;21207;21282;21283;21320;21284;21285;21356;21357;21358;21359;21360;21598;21575;21599;21600;21602;21603;21617;21635;21661;21669;21668;21715;21670;21716;21717;21720;21751;21719;21718;21753;21752;21754;21769;21770;21755;21776;21777;22013;22020;22014;22019;22053;22042;23875;22058;23877;23876;23878;23879;23881;23883;23880;23882;23884;23885;23889;23886;23888;23887;23891;23890;23895;23892;23893;23894;23896;23897;23899;23898;23900;23901;23902;23907;23906;23903;23904;23905;23908;23909;24552;24553;24555;24554;24556;24559;24558;24557;24560;24561;24562;24564;24565;24563;24566;24567;24568;24569;24571;24570;24572;24573;24574;24577;24575;24576;24578;24579;24580;24581;24582;24583;24584;24586;24585;24587;24588;24589;24590;24592;24591;24594;24593;24595;24596;24598;24597;24600;24599;24601;24603;24602;24605;24606;24604;24607;24608;24609;24611;24610;24612;24613;24616;24617;24615;24614;24618;24619;24623;24620;24622;24624;24621;24625;24628;24626;24627;24630;24629;24631;24632;24635;24633;24634;24636;24637;24639;24638;24641;24642;24640;24643;24645;24646;24644;24647;24648;24649;24650;24653;24652;24651;24654;24655;24689;24675;24687;24688;24695;24706;24778;24754;24753;24779;24805;24804;24807;24808;24806;24809;24831;24810;24842;24832;24843;24891;24893;24892;24894;24939;24895;24940;24941;37804;24942;37324;24943;24946;24945;24944;25034;25033;24947;25064;25063;25062;37164;25114;25113;25157;25115;37741;37907;25190;25189;25191;25237;25212;25265;25266;25310;25311;25428;25429;25431;25430;25439;25440;25432;25441;25475;25514;25513;25516;25517;25515;25518;25537;37988;38078;25564;25563;25565;25598;37483;25599;25600;25601;25666;25602;25603;25669;25685;25670;25698;25721;25697;25794;25795;25750;25796;25835;25836;36699;25875;37370;37033;36567;25891;25893;25892;25894;25895;25923;25896;37080;25945;25946;25947;25969;25968;26007;26006;25983;26008;26009;26045;26046;26047;26048;26105;26049;26106;26899;26107;26188;26901;26900;26902;27069;26950;27561;27070;27071;27562;27519;27614;36338;27615;27623;27624;27642;37643;27643;27817;37237;27850;27851;27849;28200;37167;28223;37122;28273;37295;28274;28275;37602;28324;28276;37783;28352;29201;36221;29234;29233;29202;29298;38147;29299;29300;29342;38104;36831;38054;29718;37598;36522;37481;36423;36966;37838;37559;36574;36340;36944;36747;37399;37196;37534;36254;37768;37715;37007;38065;36622;37731;36456;37539;36496;36483;37239;37747;37925;36934;37891;36582;37138;38009;37402;37432;36903;36413;38084;37010;37053;36858;37506;37798;37672;37198;37204;36983;37601;36928;36891;37272;37095;36442;37802;37592;36353;36651;37688;37317;36273;36721;37429;36268;38052;37665;36250;37530;37864;38007;36650;36334;37550;38085;36679;38090;36784;36975;36572;37790;36868;36475;36965;36511;37107;36352;37090;38043;37004;36877;37999;37066;37528;37682;37970;38150;36326;37296;37655;36562;37171;38072;37180;36737;36696;36937;37791;36709;36826;37648;37628;37671;37812;37031;37895;37487;37551;38111;37069;36375;37179;36590;36619;36480;37957;37108;36556;36813;37852;37514;37736;36835;36739;37155;38142;37319;37246;37952;36787;37286;37455;37669;36299;37347;37442;38030;37508;37034;36548;36648;37523;36793;36621;37589;37118;38068;37519;37614;36873;36798;36278;36523;36776;37890;37782;37221;37311;37938;37144;37048;37457;37290;37383;36973;38141;37756;37590;37990;37718;36802;38038;36470;36698;38047;36672;38064;37840;37073;36850;36427;37877;36688;38106;37758;36446;37424;36467;36578;38108;37256;37581;37166;37330;36542;36707;37922;36355;37446;37250;37410;37143;38096;36825;36290;38012;36816;37373;37191;37353;36649;36930;36378;37835;36554;37596;37202;37478;36804;37044;36482;37003;36235;37460;38136;37815;37205;37732;43039;37169;36351;36715;37091;36293;37707;37752;36620;36775;38076;37699;37556;37510;37869;38107;37172;37126;37258;37305;37904;37942;38162;38163;38203;38190;38682;38752;38753;38766;38765;47909;47910;47908;47911;38813;47912;47914;47913;38839;47915;38840;38842;38841;38970;47916;38843;47917;47920;38852;47918;47919;47923;47921;47924;47925;38921;47922;47926;39352;39351;47927;39321;39357;39358;47928;39360;39359;39366;39367;39368;40457;38754;38698;39385;39442;39409;39410;39386;47929;47930;39460;47932;47931;47933;39549;47935;47934;39550;47936;39572;39484;47938;47939;47940;39615;47941;47937;47942;47944;47943;47945;47946;47947;40537;47948;40539;47949;40538;47950;40692;40595;40781;40775;47951;47952;40869;40811;47953;40936;47954;41048;47955;47956;41063;41064;41615;41616;41617;41618;47959;47958;47957;47961;47960;41941;41979;47963;47962;42061;47964;47965;42405;47966;47967;47968;47969;47970;47971;47972;47973;47974;47976;47975;42788;42789;47977;47978;47979;47980;47982;47981;47983;47984;42835;47985;47986;47987;47988;47989;47990;47991;42887;42889;42888;47992;47993;42917;47994;47995;47996;47998;47997;47999;48000;48002;48001;48003;48004;42969;48005;43016;43017;43073;48006;43040;48007;48008;48009;48010;48011;48012;43105;48013;43106;48016;48015;48014;43162;48017;48018;48019;48021;48020;48022;48023;43392;48026;48024;48027;48025;48029;48028;48032;48031;48030;48033;48035;48034;48038;48039;48037;48036;43816;44916;43818;48041;48042;48040;48043;43848;48045;48044;48046;43849;48048;48047;48050;44040;48051;48049;48052;48056;48053;48054;48057;48055;44100;48059;48060;48058;48062;48063;48061;44325;48065;48064;44355;48066;44590;48067;48068;48069;48070;48071;44627;48072;44626;44662;44629;44628;44631;48073;44630;44632;44663;48074;48075;48077;48076;44917;44918;48078;44923;48080;48079;48081;48082;48083;44953;44972;45028;45058;48085;45063;48086;48084;48087;48088;48089;48091;48092;48094;48093;48096;48095;48090;45518;45519;48097;48098;45562;48099;48100;45587;48101;48102;48103;45601;48105;48106;48104;45618;48107;45602;48108;48109;46174;48110;46184;48111;48113;48112;48114;48115;46262;48116;48117;48118;48121;48122;48119;48120;48124;49941;48123;48125;48127;48126;48128;46854;48130;46853;48131;48129;48133;48132;48134;48135;48137;48138;48136;48140;48139;48141;48143;48279;48335;48142;48371;48398;48421;49250;49251;49116;49252;49253;49278;49298;49638;49653;49665;49733;49299;49735;49736;49734;49822;49794;49942;49943;50339;50357;50358;50352;50359;50405;50471;50501;50569;50502;50570;50578;50579;50580;50665;50666;50817;50702;50816;50868;50818;51085;51105;51350;51195;51385;51789;51384;51790;51791;51843;51951;51792;51967;52059;51968;52648;52576;53568;52649;53837;54287;55613;55773;53444;56159;55823;56372;56298;56401;56402;56461;56427;57010;56774;56550;56725;56909;57339;57426;57340;57490;57554;57831;57758;57832;57884;58176;58192;58193;57927;58614;58439;58758;59284;59105;59303;36583;59252;36347;38083;36545;36369;36426;37526;36842;37962;37485;36432;36524;38128;36404;36463;36558;36277;37567;37215;37710;37092;36399;38115;36549;37818;36963;36449;37331;37571;36420;37016;36980;36297;36383;38087;36924;37405;36358;37880;37403;37189;37194;36360;36700;37312;37027;37371;36516;36386;37451;36638;37621;36634;37545;37991;36717;37575;38056;37527;36350;37588;37613;36248;37681;36436;36879;36441;37420;36964;36629;37139;37899;37368;36552;37218;36584;37726;37969;36539;36729;37739;36276;37868;37563;36438;37269;37772;37544;37379;37882;36348;36342;36852;36687;37236;36569;38138;36625;37050;36958;36938;37637;37537;37626;37584;37440;37421;38042;36486;37475;36563;37945;37435;36830;37211;36526;36689;37401;37612;36770;37587;36531;37407;36245;37515;36557;37284;37529;36561;36242;36794;36632;36753;36624;38060;37509;37106;37212;38014;36653;38063;36743;36594;36759;37883;37661;37454;36948;36999;36598;37703;36890;37814;37030;36926;37949;36260;38032;36736;37114;36349;38013;37294;37300;37431;37658;37900;36425;36823;36969;37751;37308;36566;37569;36840;36288;36750;38035;36844;37477;37535;36859;37851;36960;38018;37065;36640;37285;37572;38066;36883;36292;37099;38027;36234;36821;38069;37414;37127;36321;36462;37839;37874;36473;37473;36693;36909;36977;36723;36993;36505;37093;37915;36990;36513;36388;36762;37645;36308;37585;36846;37701;37103;36534;36414;36294;36306;38137;36599;37418;37078;36346;36763;37493;37994;37600;37496;37415;37244;37673;43074;36677;36606;36407;37927;36671;38149;37766;36601;36403;38051;38048;37419;37261;37354;36812;37235;37704;38117;36675;37049;36751;37409;37634;37855;37087;37259;36429;37610;37346;36255;36535;36591;37334;37282;36781;36918;36318;37253;37785;36295;37998;37871;37134;36943;38191;38204;38164;38165;38192;48144;38683;38658;38707;38708;38693;38853;38767;38815;38814;38845;38844;48145;38864;38865;48146;38982;39761;38981;39316;48147;39322;39324;39323;39443;39429;39444;39485;39486;39478;48148;39581;39552;39562;39573;39566;39582;48149;39803;39849;39804;39871;39872;48150;39873;39874;40359;40397;40398;41949;40415;42991;40399;41950;40430;40465;43075;40438;40464;40497;40498;40509;40522;40540;40584;40596;40597;40523;40585;40521;40693;40636;40637;40694;48151;40695;40638;40696;40700;40699;40698;40697;40701;40763;40762;40761;40764;40812;40920;40813;40900;43851;40965;40967;40966;40968;40980;40997;48152;41030;48153;41027;41049;43852;41050;43608;41619;41051;48154;41639;41959;41960;41640;41961;42047;42046;42063;42062;42076;42075;42091;42095;42090;48155;42092;42096;42097;42133;42132;42130;48156;42131;42181;42199;42198;42215;42240;42284;42311;42993;42429;42356;43144;42992;48157;42811;42810;42809;48158;48159;42918;42994;42995;48160;42943;42997;42996;43018;43000;42999;42998;43019;43020;43022;43021;43024;43041;43023;43042;43043;43044;43045;43076;43077;48161;46175;43167;43362;43363;43393;48162;43605;43394;43609;43610;43613;48163;48164;43867;43853;43880;43881;44041;48165;44042;48166;44043;48167;48168;48169;44061;44103;44101;44102;44123;44303;44321;44334;48171;48170;44356;44385;44396;44402;48172;44408;44604;48173;44650;48174;44664;48175;44673;44869;44868;44672;44870;44919;44954;44989;44955;44963;44995;44997;45031;45030;45029;44996;45041;45124;45137;45136;45115;48176;48177;45449;45370;45520;45521;45530;45548;48178;45563;48179;45564;48180;45565;45588;45567;45566;46176;46177;48181;48182;46227;46330;46331;46663;46664;48183;46678;46679;46690;46680;48184;46711;46699;46743;46726;46734;46744;46849;48185;48186;46877;48187;46878;47041;47042;48188;47116;47115;47127;48189;48191;47133;47132;48190;48192;48193;48194;48196;48195;48197;48198;48199;48251;48200;48209;48271;48272;48336;48319;48318;48345;48311;48346;48403;48399;48347;48348;48402;48422;48428;48933;49063;49064;48898;49078;49100;49117;49205;49099;49190;49202;49206;49208;49207;49209;49254;49263;49300;49654;49737;49688;49666;49738;49739;49740;49743;49741;49742;49784;49967;49972;49971;49970;49795;50008;49973;50076;49989;50296;50313;50321;50406;50423;50315;50314;50424;50425;50429;50445;50472;50533;50503;50534;50558;50536;50535;50571;50581;50582;50606;50583;50607;50608;50628;50609;50820;50667;50819;50827;50839;50848;51070;50849;50981;51182;51071;51106;51336;51196;51793;51380;51337;51353;51794;51795;51796;51797;51800;51799;51798;51801;51802;51803;51804;51805;51806;51807;51809;51810;51865;51808;51899;51898;51916;51932;51982;52035;51931;51992;52041;52036;52060;52160;52454;52061;52469;52523;52541;52577;52564;52592;52593;52699;52708;52747;52729;52957;52730;52748;53001;52958;53227;53226;53244;53272;53273;53289;53290;53274;53301;53302;53309;53348;53349;53350;53327;53351;53369;53398;53524;53538;53509;53542;53616;53629;53617;53628;53882;53908;53909;53910;54289;54290;54288;54577;54298;54589;54610;54578;54638;54611;54626;54839;54639;54918;54919;54939;54940;54964;55111;55112;55171;54991;55614;55615;55406;55665;55664;55634;55683;55695;55666;55709;55849;55848;55853;55894;55916;56085;56083;56084;56109;61927;56160;56118;56325;56324;61928;56374;61929;56373;56403;61930;56429;56428;61931;56525;56462;56447;56526;56530;56531;56529;56532;61932;56551;56598;61933;56599;56627;56687;56708;56707;61934;56726;56764;61935;56765;56810;61936;61937;56809;56858;56910;56953;57046;61939;56968;61938;57052;57146;57079;57145;57320;57331;57319;57332;61941;61940;57407;57413;57412;57427;57428;57429;57480;57530;57567;61942;57568;57593;57819;57724;57833;61943;57912;61944;57955;58026;58103;58082;58163;58177;58178;61945;61946;58424;58440;58771;58475;58476;58474;58490;58491;58505;58506;58522;61947;58531;58558;58575;58557;61948;58585;58716;58599;58717;58734;58759;61949;58806;58830;61950;58865;58890;58921;58939;59010;59011;59012;59087;61951;59096;59185;61952;59221;59304;61954;61953;59305;59315;59319;59681;59362;59440;61955;59518;59519;59635;59652;59561;59653;61956;59710;59843;59860;61957;61558;61958;61960;61959;61961;61962;61964;61963;61966;61967;61969;61968;61965;61970;61971;61974;61975;61973;61972;61976;61977;61978;61980;61979;61981;61982;61983;61984;61985;61988;61987;61986;61989;61990;61991;61992;62444;62445;62401;62402;62386;62403;62423;62425;62424;62404;62447;62446;62504;62540;62491;62659;62972;62794;63134;63104;63017;63161;63199;63284;63257;63344;63331;63312;63374;63464;64279;64504;64551;64563;64505;64745;64647;64626;64902;64861;64942;66041;66042;66043;66044;66046;66045;66048;66047;66050;66049;66052;66051;66053;66054;66056;66057;66055;66058;66059;66060;66061;66062;66063;66064;66066;66067;66065;66068;66071;66069;66070;66072;66073;66074;66075;66076;66077;66078;66081;66079;66080;66082;66083;66086;66085;66087;66084;66089;66088;66092;66090;66091;66093;66094;66095;66096;66097;66098;66099;66100;66101;66103;66104;66102;66105;66108;66107;66106;66111;66109;66110;66113;66112;66114;66115;66118;66116;66117;66120;66119;66121;66122;66123;66124;66125;66128;66127;66126;66129;66130;66131;66132;66134;66133;66135;66137;66136;66139;66138;66141;66143;66140;66142;66146;66145;66149;66148;66147;66144;66151;66150;66153;66152;66154;66156;66157;66155;66251;66186;66265;66252;66266;66285;66313;66286;66330;66402;66614;66689;66342;66535;66615;66881;66890;66911;66975;66899;66977;66978;67010;67013;67011;67012;67014;67104;67133;67132;67134;67135;67136;67137;67254;67253;69053;68862;69067;69089;69097;69190;69154;69155;69220;69231;69230;69314;69338;69232;69339;69465;69439;69466;69467;69489;69491;69490;69540;69548;69549;69794;69891;69890;69822;69842;69918;69892;69939;70004;70132;70005;70133;70162;70185;70242;70300;70384;70383;70325;70385;70518;70519;70521;70520;70573;70523;70678;70522;70679;70680;70689;70681;70968;70967;70837;70998;71026;71028;71030;71027;71029;71031;71074;71075;71032;71076;71091;71092;71100;71508;71101;71509;71510;71099;71511;71554;71512;71604;71605;71606;71608;71607;71609;71936;72018;72020;72019;72023;72022;72024;72021;72056;72055;72081;72099;72082;72131;72101;72100;72132;72134;72133;72136;72135;72467;72468;72529;72495;72530;72551;72550;72531;72552;72532;72553;72563;72564;72594;72596;72595;72614;72597;72641;72919;72920;72642;72921;72998;72999;73002;73000;73001;73004;73003;73053;73052;73005;73051;73066;73067;73128;73068;73445;73443;73444;73446;73447;73467;73449;73448;73466;73489;73582;73604;73932;73931;73933;73934;73977;73976;73978;74029;74069;74030;74070;74068;74072;74071;74075;74076;74073;74074;74077;74078;74079;74080;74081;74082;74415;74416;74418;74417;74447;74419;74448;74446;74449;74450;74451;74454;74452;74480;74481;74453;74513;76068;76436;76435;76437;76438;76439;76423;76440;76469;76470;76480;76481;76471;76886;76885;76482;76923;76887;76924;76953;76925;76952;76954;76955;77037;77038;77039;77040;77041;77042;77074;77075;77096;77097;77098;77640;77639;77641;77643;77642;77645;77644;77646;77647;77648;77649;77650;77652;77651;77653;77654;77655;77656;77657;77838;77802;77658;77839;77841;77840;77887;77842;77843;77888;77889;77950;78019;77977;78018;78061;78062;78612;78613;78614;78615;78616;78664;78617;78666;78665;78684;78687;78685;78686;78718;78688;78731;78732;79321;79322;79347;79366;79367;79405;79407;79406;79408;79409;79411;79410;79571;79573;79588;79589;79611;79613;79610;79572;79630;79631;79612;79633;79983;79984;79632;79985;79987;79988;79990;79989;79986;79991;79993;79992;79994;79996;79995;80041;80382;80042;80383;80384;80385;80386;80425;80426;80427;80428;80429;80430;80431;80433;80432;80434;80435;80436;80437;80456;80466;80467;80468;80560;80561;80562;80563;80578;81194;81195;81196;81197;81198;81234;81235;81236;81233;81237;81280;81283;81282;81281;81284;81333;81334;81335;81336;81932;81337;81934;81933;81935;81937;81938;81936;81939;81940;81941;81942;81943;81944;82315;82316;82317;82318;82319;82320;82321;82322;82323;82324;82325;82326;82327;82330;82329;82328;82331;82333;82332;82334;82335;82336;82337;82338;82339;82340;82341;82342;82343;82344;82345;82347;82349;82346;82348;82351;82350;82354;82352;82353;82355;82357;82356;82360;82359;82361;82358;82362;82363;82367;82364;82365;82366;82368;82369;82370;82373;82372;82371;82374;82375;82377;82379;82376;82378;82380;82381;82382;82384;82383;82385;82386;82387;82388;82389;82390;82391;82392;82393;82394;82396;82395;82397;82398;82399;82400;82401;82402;82403;82404;82405;82407;82408;82406;82409;82410;82411;82412;82415;82413;82414;82416;82417;82420;82421;82419;82422;82418;82446;82447;82451;82450;82448;82449;82484;82452;82454;82455;82457;82453;82456;82458;82486;82459;82485;82559;82558;82560;82561;82563;82618;82617;82562;82684;82736;82686;82685;82633;82737;83099;83096;83097;82738;83098;83100;83104;83102;83156;83155;83103;83101;83158;83157;83170;83244;83169;83243;83246;83245;83250;83248;83247;83249;83274;83254;83284;83329;83276;83275;167905;167870;167918;167869;167896;129359;167854;167888;129355;84796;93845;86874;87725;93828;167890;91765;167873;93609;95540;96486;167871;104437;99670;167907;167897;167860;167850;167906;125735;167904;121191;129062;175568;185538;175562;185533;72713;129360;93829;87726;93719;93739;167875;91766;95632;93610;95541;93788;167880;96487;167894;167855;167901;167856;167840;105076;167883;167868;167842;121422;125732;129353;128879;131289;129356;133679;138099;142219;148830;141203;93740;84797;167902;93810;167898;167862;167858;93718;105077;167849;125730;128973;121394;129501;128974;132051;133682;96488;138101;141205;148833;142220;154939;148829;149002;152112;157853;157911;161053;167872;167848;167859;157461;167156;167182;105078;128876;129358;132054;105079;129352;133678;138103;148834;148828;142216;141198;149030;157921;154973;157467;157855;160720;152111;163502;175554;133681;125731;148835;138102;141204;142217;148827;154937;149238;157910;157857;152115;157464;160721;162409;175553;185542;128878;129052;132050;149031;152117;154940;157856;175563;163896;160722;185539;157909;157462;175559;185543;141202;142221;148831;148826;154635;152114;157858;157919;164028;160723;157468;160725;157459;157920;164120;157460;164027;175555;185534;164026;175564;185541;185540;167877;187906;64932;63148;63147;72709;64933;72710;167861;63149;167863;64934;72711;167889;167899;167851;167838;65731;63150;64935;65732;167887;167908;72373;167839;72374;72712;79826;167895;129354;167857;167892;121190;93846;87210;84798;87728;87727;93616;91767;167886;93611;95633;96489;167878;167879;167903;167876;167891;167884;128975;122258;129051;129357;138100;133680;132079;130626;130627;173511;172761;173594;173553;64502;173605;172891;172840;172795;173028;172793;173015;172945;172756;172995;172928;172802;172849;173588;173600;173573;173564;173579;172791;174564;172957;172765;172947;184015;172939;172936;173008;172860;172993;172998;172831;172809;172940;172887;173583;174548;174542;174543;174544;174558;183439;172967;172735;173528;172900;173006;173385;173386;172736;174759;189279;173026;173548;172932;173545;173608;173596;173547;173557;173565;182149;182147;182146;182150;182159;185476;172787;172915;172895;172971;183061;173018;172841;185991;172833;172924;173541;180415;172818;172770;173540;172842;172898;172964;173578;173542;172792;173501;172901;172823;172935;172960;172927;172890;172866;172813;173533;173458;173595;172843;172893;183060;185992;173031;189280;172830;172776;172922;176697;173473;176607;185455;182137;179701;185994;179699;172850;172961;172954;172944;172925;172778;172784;172773;173030;172760;172811;172820;172779;172980;173502;173551;172934;172743;173598;173497;173519;172847;173552;172824;173539;173521;173599;173535;173584;173514;172989;172955;172948;173562;172759;173544;172739;173021;172798;173536;172754;172747;172923;172987;172819;172905;173499;172827;173522;173495;173498;173570;173601;173537;173520;172966;173523;172797;172737;172876;172982;172903;172758;172942;172863;172951;173013;172748;173590;173487;173563;172910;172899;173010;172892;173602;173489;173490;173586;172859;173597;173526;173582;173505;172952;172800;172916;172839;172941;172977;172836;172962;172804;172877;172805;172814;176608;177757;172786;172868;172978;172740;173470;174559;173460;173465;173024;185988;176623;174541;176615;173461;176625;176624;173471;173466;173474;173462;173469;172902;180359;177759;180350;172807;177753;177819;179698;179696;179697;179700;180355;180353;182164;180354;180356;180414;180409;179694;182160;180352;182139;182140;182161;182138;173492;185993;185998;172769;180413;185437;172852;185987;185997;185995;185996;185989;172881;172854;177817;173571;177816;172829;173527;182151;172789;172803;173027;172853;173559;172767;173500;172812;172844;173566;172979;173002;172904;172926;172821;172974;182375;172950;173023;173029;172848;173005;172906;182142;172919;172801;172930;173558;173003;172938;173025;172973;172990;172908;172907;172764;172981;173022;172920;172883;172825;172874;172749;173016;172782;172775;172783;172780;172757;172771;173009;172997;185978;173491;173504;172985;173580;173567;172774;177814;177815;182373;173574;172889;172984;182372;173486;172858;172806;172911;172790;173513;173506;172937;173507;173604;172969;173591;173589;172991;173493;172862;172846;172996;172781;172983;172751;172888;179361;172914;172762;172913;172741;172857;172878;173543;172872;172752;173531;172845;173000;172817;172750;172815;173494;172946;172834;173607;180358;172975;177755;177754;173515;172864;183087;172885;173014;172949;172822;172933;182158;172869;172988;173609;189277;172921;173577;172870;173538;173556;177758;172794;172886;172912;172965;173019;174545;185499;172753;185501;180199;176627;176622;173508;173576;179695;189283;189281;173529;173569;172788;172968;173459;173467;181425;172894;173554;172897;173517;180357;189278;187782;172796;172738;172742;172777;172766;172917;172953;172745;172763;173568;174539;172994;172882;182148;185990;172785;172744;172943;172832;172958;172826;172963;172970;172880;172734;173020;172867;172856;172746;172931;184014;172861;173007;172799;173516;172972;172986;173012;173017;185500;172772;172828;172855;173496;172959;172838;173555;173524;172929;172992;173585;173512;173560;173610;173546;173509;173503;173485;173004;173561;173530;172871;172918;172768;172956;172999;172808;172884;173011;172879;172837;172835;172865;173001;172896;172851;173606;173581;172873;173593;173534;173532;173572;173603;173587;173549;173525;173488;172755;172816;173575;172909;172976;172810;173518;172875;173463;173468;176629;173464;176626;182141;180351;182143;182152;176628;182144;182156;184017;182145;182163;182162;182374;177818;173550;173510;173592;184016;63268;181424;163587;153617;157126;175065;87922;169456;87923;95924;31733;70398;70396;83954;73183;73187;139744;153891;155446;155017;139745;157872;127116;127117;128416;81247;148958;81246;165182;153460;150864;163020;164179;29900;25091;111532;141105;100784;130271;135972;136667;135181;143116;146620;146619;124366;134762;152042;145262;87955;150860;160054;67119;67120;72729;81422;81106;82620;88624;97352;100572;141833;144970;148261;154721;159332;166139;72730;141779;77477;95470;95469;152041;148846;57713;156023;69915;57728;103529;69916;102355;42290;100130;100131;170672;50986;65942;61719;72349;72204;72216;65580;173646;72186;89940;91310;87500;110272;100125;12107;137648;136668;144450;91500;72587;72588;70412;38654;66634;45627;22256;25683;31640;11577;11570;66633;20987;14826;14827;14825;19310;21728;11910;19600;24909;11890;176889;187121;102083;104667;102082;73149;101114;167799;180005;167399;185950;164277;166488;164278;140132;108712;127910;104668;136339;122582;136338;123752;159592;159465;59453;159816;161198;160319;161717;162168;161989;162503;162624;162776;163415;163893;164253;164293;164638;164658;165210;165721;166145;166749;166629;167274;168239;168406;171333;168877;170007;170725;170690;171332;170783;171268;171927;171334;173711;172572;174286;174524;175396;174883;176816;176838;176230;178285;177820;177519;179408;180040;178727;180416;180197;181128;181314;181483;182419;182556;183979;183055;184320;187660;186447;189188;185901;185436;187184;186985;186681;187966;189126;138214;138175;138177;138174;189605;138215;138216;138176;138336;138337;139061;136968;139059;139060;139034;140792;141363;141815;141009;142456;142740;142901;143156;143588;146207;146271;146586;147192;144809;145448;147812;148298;148565;148693;148939;149090;149476;150138;150281;150721;150868;150999;151810;152004;152232;152685;153368;153369;155601;153450;153666;153995;154738;154327;153839;155653;171335;156077;156545;156011;156916;157369;157881;176212;159239;136969;158097;158583;159037;112153;93231;112152;71176;49675;77910;88955;72417;93226;154998;56633;109916;56448;72879;162560;125154;130091;68880;68879;100551;105109;108813;101027;109915;51351;179636;51352;174413;93232;174405;97085;93227;92361;56998;138603;140517;139231;138602;84669;171549;151623;136664;93233;136665;186477;93228;104497;133306;187058;76404;81261;74250;74251;135177;179635;62033;175408;144813;144792;92220;50346;93229;92219;118095;93234;151591;122256;147724;151593;148481;147723;148462;150362;158784;139483;148472;137728;138523;136617;142713;141452;146417;147726;147725;149384;156113;136618;129057;178164;88700;131186;122546;122927;187378;92413;92414;92370;92374;92415;92362;92376;92375;112279;92416;131023;92371;92363;92417;92364;92365;92418;92419;162416;92420;187318;92421;92377;162570;92366;92422;92372;92425;92424;92426;92427;92423;92367;92428;92430;92429;92431;92368;92373;132101;92432;103569;92369;92434;92433;92436;92435;93235;93230;92438;92439;92437;186353;176072;34471;34470;31719;59108;72334;88931;67243;126648;126506;122363;81777;122243;154963;135921;65915;149642;81778;35953;88934;19718;17604;18244;18065;14668;15432;18813;57768;57919;58005;62743;63548;62997;58897;58348;59408;62579;61714;60042;62588;160465;161415;17218;17603;161716;162602;174075;175332;177929;176743;179144;181352;180234;163662;164348;165259;166210;167637;168657;172513;170102;171456;18064;18243;163497;18689;19719;164344;165262;166209;167633;29744;168651;170099;171454;172515;175330;174076;176741;178147;177932;178146;181357;179140;180231;182133;181877;186032;186186;183784;179143;189367;187077;180232;181875;181349;182134;58898;183785;186030;59407;20842;187079;61715;60043;189364;24701;24875;25349;21627;21225;22095;21322;22369;23633;23930;62580;62589;62998;63549;62744;70714;70947;63550;64722;65130;66479;65805;66992;69992;65131;69268;63551;64723;65806;28329;31652;31864;30209;33393;33505;34268;25735;34766;35218;35251;25820;26068;66480;27521;66993;69269;69993;70948;70715;71346;72330;73098;73768;77904;76762;74439;77498;70716;70949;72331;71347;73099;73769;74440;33522;40478;40351;38200;39372;40930;42305;43173;45392;44658;34267;35219;34767;36045;35778;35581;36215;77905;76763;77499;82038;80522;82039;78472;79664;81520;83438;84579;77906;82502;77500;78473;39853;47123;79665;47781;49145;50382;50084;51120;52530;52766;53593;40479;40931;42306;43174;44659;80523;45393;50383;50085;51121;52767;52531;53594;55287;55901;56037;45133;56119;56750;56334;58006;58349;57769;45403;47124;47782;47829;82040;81521;49146;82041;82503;82583;82998;85274;83439;85688;84580;85385;86070;87475;86763;88460;88753;90791;89874;84581;57316;85275;53595;85689;86071;85386;86418;87476;86764;89875;88754;88461;90792;91546;92754;95474;94959;95885;93661;96775;97638;90793;91547;92755;99630;117941;93662;94232;94960;55288;95886;95475;95437;97639;99125;99126;96776;100126;100809;102358;99631;103679;104637;105212;106302;108586;108755;108376;109868;110809;100127;100810;102359;99632;103680;104638;105040;105213;105616;106561;106303;108377;108587;56038;108756;56120;109869;55902;110810;117670;122194;117293;117920;119606;118395;126001;123134;121477;122950;126071;125363;110811;128530;126624;117294;117668;117921;119604;122233;118397;123012;121512;122948;126002;125877;126072;126622;128061;125361;128062;128528;138083;139787;130172;139063;131767;132714;133677;134407;135201;132711;136357;135274;137051;128525;129101;56335;130170;131773;133693;132715;132709;134405;135202;138085;135276;137049;136404;149255;138445;148775;150122;151574;152414;153090;140734;139074;153877;139791;142611;141570;144278;144770;146424;142913;145446;148012;146781;56751;139040;139789;140732;144282;141571;142910;142613;144771;146425;146780;148014;148767;145465;149281;150119;150802;57351;152412;151571;152635;162604;161712;164345;163494;153105;153878;154817;155915;156603;157446;158692;158657;161414;159527;153881;160467;153089;154819;156606;155917;158694;157443;159530;158654;14197;12642;14181;15712;15408;14728;16085;14192;20862;57770;57920;62745;40362;58007;62999;63552;59410;58350;58899;60044;61716;17605;62581;62590;163661;174166;175371;177089;177928;179227;178774;180326;164539;165570;181356;164353;165300;166433;168330;169033;170669;168656;167640;170918;19694;19269;173624;171552;172591;179232;183809;181354;182367;181881;180324;183833;186036;187076;58900;186188;59409;189365;20735;24748;60045;61717;25350;29743;22370;21628;22096;23635;23929;62582;70717;62591;62746;63000;71044;65192;63553;65191;64724;64725;65807;66482;66481;65808;66994;66995;69270;69994;69271;32134;31193;33563;34294;35287;34819;35977;40664;39493;45110;25837;25754;28226;69995;70718;71348;72332;73770;71045;73100;74441;76764;77907;44111;50384;77501;51122;47125;45394;44961;49147;47783;50086;53596;55886;56039;55289;47784;56121;57771;58008;58351;56752;49148;50385;50087;51123;52768;52532;76765;77908;77502;78474;81522;80524;79666;83464;82504;95476;96269;84582;87110;97663;96905;105044;101772;105507;99968;109946;108519;56040;111044;56122;55887;117939;111981;121600;122402;118593;123507;123509;125359;125950;128775;126704;126218;128972;128970;139185;138096;129390;139870;130365;131956;132774;133691;136359;135413;137087;56336;139318;149257;148773;138589;149528;150157;151613;152452;153111;154060;139868;141775;143426;143058;144284;144854;146783;148110;148395;145468;56753;57352;152503;161713;152633;163582;162671;164355;165245;156195;154059;155919;154875;156610;157907;158653;158069;159546;158929;160527;161416;12016;59980;58435;59643;63643;79638;90510;82828;57033;100464;97833;103876;12204;55532;51836;62758;11314;62028;10939;33395;175373;15465;29314;125313;18027;11159;11808;11835;10673;11067;10862;11214;108593;91827;11870;64784;10674;161691;10145;108409;73756;11217;102683;18049;72179;30219;17816;17815;17818;17817;17819;17820;17821;17822;17824;17823;17825;17826;17827;17828;17799;17800;17829;32137;17691;17697;17801;17830;17831;17802;17803;17804;17832;17805;29251;25759;17833;34159;42899;17834;57604;62927;17806;17808;17807;25242;17809;29345;34160;35766;42900;17835;46328;46702;47158;48759;49711;50527;57605;17810;58802;62637;59448;62638;63617;62639;65733;68937;66177;70461;71972;71971;57606;59967;58661;59449;62640;62641;62642;63618;65734;66178;68938;88379;70462;71973;71974;73318;73572;76529;77669;84924;85536;86546;86657;86658;87419;88380;89054;90829;90682;90830;91993;91994;93000;93001;93375;93376;94165;94196;95876;95877;99514;99510;101819;106097;101977;103965;104048;109166;106098;17836;111153;118233;109167;111154;66179;68939;88381;70463;71975;71976;73573;73574;76530;99511;77670;78477;86659;80886;88382;85537;82799;82800;84767;85538;86660;85539;85223;86547;87420;86661;88383;89055;90831;90683;90832;91995;93002;91996;93003;93377;93378;94166;94197;95878;95879;99515;101820;99512;104049;101978;106099;103966;109168;111155;106100;118234;121227;109169;124158;111156;126782;132956;130025;138571;141796;135699;145252;90833;89056;87421;88384;90684;90834;91997;93004;91998;93005;93380;93379;94167;94198;95880;95881;99516;99513;101821;101979;106101;104050;109170;103967;106102;111157;118235;109171;126783;121228;111158;124159;132957;138570;135700;130026;141797;145247;83347;151969;148936;154259;156907;159976;170145;166309;163333;174554;178472;36020;183396;17812;17811;17813;17814;34161;111159;121229;111160;126784;118236;17837;130027;124160;132958;138560;141798;151968;145251;135701;154258;148937;156908;159977;170144;163332;166310;174555;178471;189234;189233;183394;21632;183395;61393;10343;64503;17838;14319;96724;96723;14831;96725;96726;99517;101811;96727;99518;96728;96729;133181;189352;99519;189353;99520;174521;183438;189355;189354;183437;138561;71116;124175;11299;61696;29346;32138;34162;34727;88698;14343;10626;19416;71862;15449;11192;91823;15477;24905;17313;17690;11842;10481;25198;57558;147021;64263;17698;146199;187858;129468;10719;10761;108716;110231;165454;11219;25799;89028;99440;108689;25612;11830;42409;43815;10150;118730;15572;81403;140657;29928;58769;58770;102710;102709;102711;102712;102713;19696;28377;31135;31343;19695;14272;50547;25767;178718;163282;182591;70943;127141;127140;127142;127143;127144;127145;127147;127146;127148;127149;127150;127151;127152;127153;127154;127155;127157;127156;127158;127159;127160;127163;127161;127162;127164;127166;127165;127167;127168;127169;127171;127170;127175;127173;127172;127174;127176;127177;127181;127179;127180;127178;127182;127183;127186;127184;127185;127187;127188;127192;127189;127191;127193;127190;127194;127197;127196;127195;127198;127199;127200;127202;127201;127203;127204;127205;127206;127209;127207;127210;127208;127211;127212;127216;127215;127213;127214;127217;127218;127221;127219;127222;127220;127223;127224;127226;127225;127227;127228;127229;127230;127231;127233;127232;127234;127235;127236;127237;127238;127239;127240;127242;127241;127246;127243;127244;127245;127248;127247;127249;127251;127252;127250;127253;127254;127255;127257;127258;127256;127260;127259;127261;127264;127262;127263;127265;127266;127267;127270;127268;127269;127272;127271;127273;127274;127276;127275;127277;127278;127279;127281;127280;127282;127283;127284;127285;127287;127286;127288;127290;127289;127291;127292;127293;127294;127296;127295;127297;127298;127299;127302;127303;127301;127300;127304;127305;127309;127307;127306;127308;127310;127311;127313;127312;127314;127315;127316;127317;127318;127319;127320;127321;127322;127323;127325;127326;127324;127327;127328;127329;127331;127333;127330;127332;127334;127335;127336;127338;127337;127339;127341;127340;127343;127342;127344;127345;127346;127347;127349;127350;127348;127351;127352;127353;127355;127354;127358;127356;127359;127357;127360;127361;127362;127363;127364;127365;127366;127367;127370;127368;127369;127371;127373;127372;127374;127376;127375;127377;127378;127379;127382;127380;127381;127383;127384;127385;127386;127388;127387;127389;127390;127391;127393;127392;127394;127396;127395;127397;127399;127400;127398;127402;127401;127403;127405;127406;127404;127407;127408;127409;127411;127410;127412;127413;127414;127416;127415;127417;127420;127418;127419;127422;127421;127423;127426;127425;127424;127427;127428;127429;127432;127431;127430;127433;127434;127435;127436;127437;127438;127440;127441;127439;127443;127442;127444;127447;127446;127445;127448;127449;127450;127451;127452;127453;127455;127454;127456;127457;127458;127459;128704;128703;128702;128695;128701;128696;128694;128693;128691;128700;128699;128692;128688;128687;128689;128690;128697;128698;128705;129900;129898;129901;129899;129904;129905;129920;129921;129933;129932;129912;129913;129906;129907;129883;129886;129884;129887;129888;129889;129934;129935;129892;129893;129926;129927;129914;129915;129895;129894;129891;129890;129928;129929;129910;129911;129936;129937;130201;130202;129903;129902;129925;129924;129922;129923;129918;129908;129909;129919;129930;129931;129940;129939;129938;129941;129917;129916;129896;131768;131771;131770;131769;129897;131776;131418;131774;131777;131417;131404;131405;131409;131425;131414;131413;131410;131406;131426;131407;131416;131411;131415;131421;131422;131420;131412;131419;131423;132505;132457;131408;132458;131424;132506;132507;132461;132443;132444;132508;132462;132472;132473;132476;132477;132503;132504;132497;132498;132470;132471;132494;132493;132502;132441;132442;132479;132501;132480;132487;132448;132459;132488;132447;132460;132455;132491;132456;132486;132485;132511;132492;132475;132512;132509;132474;132510;132453;132446;132454;132445;132451;132452;132496;132484;132495;132483;132466;132467;132433;132434;132450;132449;132435;132436;132469;132468;132463;132464;132465;132437;132438;132587;132439;132588;132440;132489;132481;132490;132499;132482;132500;132478;133087;133086;133073;133072;133070;133071;133081;133080;133084;133085;133074;133082;133075;133083;133077;133076;133079;134320;134321;134325;134324;134316;134317;135760;135759;135761;135762;135763;135764;134310;134309;134411;134322;134412;134323;134319;134318;134314;134315;134312;134313;134410;136902;136903;134409;134311;136908;136906;136909;136907;136905;136904;136910;136911;137058;138767;138773;138766;138774;138772;138779;138778;138777;138771;138768;138780;138769;138776;138775;138770;140282;140281;140697;140293;140698;140292;141399;141400;141401;141402;141406;141405;140276;140288;140290;140289;140291;140283;140284;140277;141403;140275;140274;140278;141404;141408;141407;140286;140279;140287;140280;140285;143960;143894;143961;143895;143916;143915;143918;143917;143939;143938;143906;143907;143953;143952;143908;143909;143896;143897;143986;143927;143987;143928;143930;143931;143925;143926;143998;143999;143944;143943;143923;143924;143982;143983;143984;143985;143888;143889;143911;143912;143892;143893;143957;143942;143956;143941;144086;143929;143965;144085;143964;143967;143966;144000;143962;143963;144001;143945;143969;143900;143968;143980;143901;143981;143959;143958;143921;143988;143922;143989;143920;143919;143934;143978;143935;143979;143955;143954;144003;144002;143913;143914;143948;143949;143997;143996;143933;144009;143932;144010;143950;143951;143972;143936;143973;143993;143937;143992;144049;144048;145702;145703;143899;143971;143898;143970;143947;143946;143994;144008;143995;144007;143974;143975;143890;143903;143891;143902;143904;143905;144005;144087;144006;143976;143977;143991;144088;143990;143940;147405;147313;147406;147340;147339;147312;147298;147408;147299;147407;147293;147292;147390;147273;147391;147274;147321;147322;147287;147400;147288;147337;147338;147370;147371;147373;147372;147310;147311;147387;147386;147378;147398;147379;147399;147362;147280;147325;147279;147326;147361;147300;147301;147291;149336;147359;147360;147290;149335;147278;147277;147350;147316;147349;147303;147302;147395;147394;147237;147238;147369;147368;147347;147348;149338;149337;147374;147375;147353;147354;147253;147269;147254;147343;147270;147344;147710;147711;147381;147259;147380;147258;147385;147367;147384;147251;147366;147252;147404;147403;147410;147409;147327;147328;147257;147388;147389;147346;147345;147282;147247;147248;147281;147239;147240;147356;147355;147264;147331;147332;147309;147308;147383;147363;147266;147364;147382;147265;147272;147335;147396;147271;147397;147336;147352;147709;147351;147334;147708;147333;147323;147246;147324;147297;147305;147296;147245;147377;147304;147376;147294;147295;147393;147392;147283;147284;147402;147263;147401;147318;147262;147317;147244;147319;147243;147320;147285;147286;147276;147275;147315;147314;147307;147306;147358;147357;147242;147241;147249;147250;147267;147289;147268;147261;147260;147341;147342;154553;154552;154605;154607;154590;154585;154500;154609;154478;154531;154536;154636;154625;154615;154515;154480;154479;154533;154571;154522;154517;154521;154527;154617;154623;154573;154524;154507;154594;154530;154465;154622;154624;154575;154546;154501;154545;154488;154520;154613;154564;154563;154572;154534;154582;154481;154539;154595;154580;154475;154489;154540;154547;154583;154600;154510;154474;154499;154535;154463;154599;154593;154597;154452;154577;154559;154639;154626;154508;154574;154592;154502;154619;154557;154506;154567;154556;154621;154519;154561;154482;154560;154548;154596;154551;154550;154470;154633;154587;154511;154505;154518;154631;154493;154492;154544;154555;154464;154586;154628;154566;154441;154604;154581;154450;154562;154532;154579;154516;154487;154528;154483;154467;154490;154523;154543;154608;154578;154494;154457;154462;154598;154526;154542;154466;154476;154565;154616;154509;154447;154445;154603;154554;154570;154610;154504;154486;154541;154503;154591;154485;154461;154614;154602;154576;154584;154568;154496;154525;154454;154601;154495;154538;154498;154529;154549;154588;154497;154558;154491;154448;154469;154471;154451;154468;154460;154446;154442;154459;154455;154439;154443;154472;154484;154444;154453;154456;154440;154537;154477;160776;160810;160733;160830;160841;160831;160798;160828;160848;160835;160764;160758;160833;160735;160823;160809;160752;160806;160826;160753;160745;160850;160759;160780;160738;160782;160779;160832;160821;160849;160739;160834;160792;160736;160860;160791;160800;160740;160801;160803;160867;160825;160788;160866;160743;160845;160804;160862;160757;160812;160778;160820;160802;160760;160767;160855;160789;160794;160730;160766;160785;160775;160851;160773;160771;160786;160728;160799;160854;160777;160869;160837;160871;160815;160836;160864;160805;160838;160872;160829;160822;160824;160737;160783;160755;160865;160756;160787;160840;160847;160734;160750;160768;160749;160746;160747;160861;160863;160795;160827;160774;160873;160870;160742;160772;160808;160813;160727;160807;160868;160784;160852;160816;160814;160744;160811;160796;160818;160732;160770;160741;160793;160844;160790;160748;160857;160839;160781;160754;160819;160731;160729;160817;160769;160797;160761;167451;160765;167454;167465;167505;167477;167485;167282;167482;167476;167472;167475;167463;167491;167462;167455;167495;167466;167456;167453;167457;167481;167494;167503;167480;167498;167502;167487;167490;167470;167504;167452;167488;167496;167483;167497;167478;167473;167479;167464;167467;167469;167499;167471;167474;167486;167493;167489;167468;167484;168928;168930;168931;168929;171712;168927;171709;168932;171706;171711;171708;171705;171704;171713;171710;171702;171703;174099;174093;174079;174073;174086;174064;174053;174060;174066;174084;174085;174092;174082;174070;174088;174054;174095;174101;174062;174052;174057;174071;174091;174056;174069;174067;174051;174096;174097;174090;174072;174102;174094;174087;174098;174065;174063;174068;174058;174078;174080;174083;174059;174081;174061;174100;174055;174089;187321;187323;187325;187322;187319;187320;187343;187341;187324;187340;187342;187339;187337;187338;187336;187335;187333;187345;187334;187332;187330;187326;187329;187331;187344;187360;187361;187355;187359;187358;187357;187353;187351;187327;187328;187354;187356;187352;187367;187350;187366;187347;187349;187346;187365;187363;187348;187362;185414;187364;185388;185383;185403;185382;185386;185411;185389;185410;185387;185391;185384;185385;185427;185407;185428;185408;185409;185404;185426;185435;185390;185392;185393;185402;185405;185413;185406;185401;185412;174760;66763;66026;66025;66765;66764;147731;23932;25756;25293;35288;21609;19700;179440;47827;110839;21608;181867;181646;47899;27534;54922;27574;47039;69557;23970;53536;72348;55471;43060;48364;48407;54988;51367;56682;57890;66335;63337;71523;31136;34049;34085;33227;25524;65675;65674;36103;56691;74261;40852;29898;33481;25952;25125;21340;23699;23769;23978;45569;65722;58447;66913;72814;58968;58445;50679;56684;56668;32481;25294;26071;26922;57556;64938;64937;67122;142481;83521;72483;133058;82528;146428;151287;133059;157125;171153;63417;133307;126049;122510;134761;145035;149045;155842;138358;152124;158892;163887;163399;174019;168370;185433;177834;90119;94576;96002;95370;93912;87412;97386;100259;105777;103458;102783;111107;10654;27525;27524;26012;31348;26013;26198;162619;77562;176522;176523;77563;77605;111384;111385;74514;74516;74515;74518;74517;74521;74522;74519;74523;74525;74520;74524;74529;74527;74528;74530;74526;74531;74534;74532;74533;74536;74535;74537;74542;74538;74541;74539;74543;74540;74545;74546;74544;74547;74548;74551;74550;74553;74552;74554;74549;74556;74555;74558;74557;74559;74560;74563;74561;74564;74562;74565;74566;74567;74569;74571;74578;74572;74568;74570;74573;74574;74576;74575;74577;74585;74579;74580;74582;74583;74581;74584;74589;74586;74587;74588;74590;74591;74592;74593;74594;74595;74597;74596;74598;74599;74600;74601;74604;74605;74603;74602;74606;74608;74607;74609;74610;74611;74612;74613;74615;74614;74617;74616;74618;74619;74620;74621;74623;74622;74624;74626;74627;74625;74628;74629;74639;74630;74632;74631;74633;74634;74637;74636;74635;74638;74640;74643;74642;74649;74641;74644;74645;74647;74648;74646;74651;74650;74656;74652;74653;74654;74655;74657;74659;74658;74660;74661;74663;74662;74664;74665;74668;74667;74666;74669;74670;74671;74673;74672;74675;74674;74676;74677;74681;74680;74678;74679;74682;74683;74686;74685;74684;74687;74688;74689;74690;74691;74692;74693;74694;74695;74697;74696;74698;74699;74700;74701;74702;74703;74704;74705;74706;74707;74710;74708;74709;74711;74712;74713;74714;74715;74716;74722;74717;74718;74720;74721;74719;74723;74731;74724;74727;74726;74725;74729;74728;74732;74733;74734;74730;74736;74735;74737;74738;74743;74739;74741;74740;74742;74746;74744;74745;74747;74748;74750;74749;74752;74751;74753;74754;74756;74755;74757;74758;74759;74760;74761;74763;74762;74764;74765;74767;74770;74768;74766;74769;74771;74772;74775;74774;74773;74776;74777;74778;74779;74786;74780;74781;74782;74783;74784;74788;74785;74789;74787;74790;74791;74792;74793;74795;74794;74797;74796;74798;74799;74800;74801;74802;74803;74807;74804;74805;74806;74810;74809;74808;74812;74811;74814;74813;74816;74815;74818;74817;74819;74820;74821;74822;74823;74824;74826;74825;74827;74833;74831;74828;74829;74830;74841;74832;74834;74837;74836;74835;74839;74838;74840;74843;74842;74847;74844;74845;74846;74851;74848;74849;74852;74850;74853;74855;74854;74856;74858;74857;74859;74860;74885;74861;74863;74862;74866;74864;74865;74867;74868;74869;74870;74871;74872;74874;74873;74875;74877;74876;74879;74880;74881;74878;74882;74883;74884;74886;74891;74887;74889;74888;74892;74890;74894;74893;74895;74896;74898;74897;74903;74899;74901;74900;74911;74902;74904;74905;74906;74907;74909;74910;74908;74918;74913;74912;74915;74914;74916;74917;74919;74920;74922;74921;74924;74923;74925;74926;74930;74927;74928;74929;74932;74931;74938;74933;74934;74937;74935;74936;74939;74942;74940;74941;74944;74943;74945;74946;74947;74950;74948;74949;74951;74956;74952;74955;74954;74953;74957;74958;74959;74960;74961;74964;74962;74963;74965;74967;74966;74968;74969;74970;74971;74972;74973;74974;74975;74976;74983;74977;74978;74979;74980;74981;74984;74987;74982;74986;75036;74985;74989;74988;74990;74997;74991;74992;74993;74995;74996;74998;75003;74999;75000;74994;75001;75011;75004;75005;75002;75006;75007;75008;75015;75009;75010;75012;75013;75014;75017;75020;75016;75019;75018;75021;75022;75023;75024;75026;75025;75027;75028;75029;75030;75031;75033;75034;75032;75035;75093;75037;75039;75038;75040;75042;75041;75044;75045;75046;75047;75048;75043;75049;75051;75052;75050;75054;75053;75055;75057;75056;75059;75058;75062;75061;75069;75060;75063;75064;75065;75066;75070;75071;75068;75067;75073;75072;75074;75077;75078;75076;75075;75079;75080;75083;75085;75082;75081;75084;75086;75089;75088;75091;75090;75092;75087;75094;75096;75095;75097;75141;75098;75102;75100;75099;75101;75106;75108;75107;75105;75104;75109;75110;75103;75113;75112;75111;75114;75115;75118;75116;75119;75120;75117;75123;75122;75121;75125;75128;75126;75127;75124;75131;75133;75132;75129;75130;75137;75136;75138;75134;75139;75135;75140;75142;75145;75147;75144;75143;75146;75148;75149;75150;75151;75152;75155;75153;75154;75156;75160;75157;75161;75162;75159;75158;75167;75164;75163;75168;75166;75169;75165;75171;75170;75172;75174;75175;75173;75176;75181;75179;75178;75180;75187;75177;75183;75182;75184;75186;75185;75188;75189;75190;75191;75192;75193;75194;75196;75195;75197;75198;75201;75199;75202;75203;75200;75204;75206;75208;75207;75205;75211;75210;75214;75209;75212;75213;75216;75217;75218;75215;75221;75219;75220;75222;75224;75223;75227;75225;75228;75226;75232;75229;75231;75230;75233;75235;75236;75234;75239;75237;75238;75240;75241;75242;75244;75247;75284;75245;75246;75243;75248;75254;75250;75249;75251;75252;75255;75253;75260;75259;75258;75257;75262;75265;75261;75266;75256;75267;75263;75264;75268;75269;75271;75270;75273;75272;75274;75275;75276;75278;75277;75279;75280;75281;75282;75283;75327;75285;75286;75287;75288;75290;75289;75293;75291;75294;75292;75295;75298;75296;75297;75299;75300;75305;75303;75306;75302;75304;75301;75307;75310;75317;75308;75309;75311;75315;75312;75314;75313;75316;75318;75320;75319;75323;75321;75324;75322;75326;75325;75377;75328;75329;75330;75331;75332;75333;75334;75335;75336;75338;75337;75339;75341;75340;75342;75343;75344;75348;75347;75346;75345;75350;75349;75352;75351;75353;75356;75354;75355;75357;75358;75359;75360;75366;75361;75363;75364;75362;75365;75370;75369;75368;75367;75371;75372;75373;75375;75374;75392;75376;75380;75378;75382;75379;75381;75386;75383;75384;75388;75387;76069;75385;76085;76135;75389;76104;76136;76181;76182;76137;76183;76211;75390;76229;76230;76228;76336;76338;76339;76337;76340;75391;76343;76342;76365;76366;76341;76488;76546;76721;76724;76723;76722;76725;76726;76957;76956;76958;76960;76988;76959;77128;77126;77127;77129;77130;77131;77132;77135;77133;77177;77134;77136;77214;77288;77289;75396;77290;77291;77292;77293;77295;77294;77297;77317;77296;77364;77318;77366;77431;77365;77565;77432;77618;77619;77659;77620;77660;77621;77718;77693;77719;77778;77734;77720;77777;77803;77844;77804;77890;77965;77845;77846;77967;78020;78021;78115;77966;75393;75394;78116;78117;78118;78450;78453;78452;78451;78497;78498;75395;78591;75400;78636;78635;75397;78590;78637;78719;78720;78734;78733;78817;78819;78818;78836;78820;75398;78837;75399;79267;79101;79102;79105;79103;79104;79107;79106;79222;79198;79223;79226;79225;79224;79241;79268;79269;79324;79323;79348;79350;79368;79349;79413;79412;75401;75406;79574;79423;79575;79590;79592;79614;79591;79616;79617;79615;75402;79753;79754;79755;79796;75403;79816;79815;79817;79818;79820;79819;79998;79821;79999;79997;80043;80044;80046;80045;80048;80047;80050;80051;75404;80049;80053;80093;80052;80095;80094;75405;80152;80150;80151;80153;80211;80212;75411;80246;75407;80274;80276;80275;80278;80300;80299;75408;80277;80301;75409;75410;75415;75414;75412;80353;75413;80539;81240;81238;81239;81241;81243;81252;81242;80540;81254;81285;81253;81286;81304;81305;81287;81338;80541;80542;81371;81373;81372;81397;81416;81417;81418;81433;81560;81434;80543;81562;81563;81589;81561;81622;81621;81620;81623;81691;80354;81719;81692;81720;81693;81761;81762;81763;81764;81799;81765;81869;81868;81870;81945;81963;81946;81964;81995;82013;82012;81965;82014;82247;82423;82424;82246;82425;82245;82426;82460;82461;82515;82462;82487;82463;82635;82652;82634;82653;82651;82654;82655;82516;80355;80564;82754;82807;82756;82755;82844;82843;82907;83083;83025;83084;83085;82845;83105;83106;83159;83107;83160;83171;80579;83230;83391;83392;83393;83394;83396;83395;83397;83398;83533;83557;83558;83534;83399;83559;83802;83800;83801;83804;83803;83805;83806;80841;83867;83807;83914;80842;83913;83915;83981;83965;83982;83983;80843;84013;84012;84014;84106;84134;84136;84183;84137;84135;84184;84185;84283;84187;84284;84186;84333;84335;84334;84336;84384;84386;84385;84414;84387;84416;84415;84497;84439;84532;84533;84557;84630;84655;84629;84656;84657;84658;84720;80926;80984;84754;84755;84756;84816;84864;84865;84866;84867;80985;84868;84869;84888;84870;84996;84997;84998;84999;85000;85001;85002;85003;80986;85135;85136;85186;85174;80987;85187;85235;85259;80988;85260;85371;85432;85433;85434;85436;85435;85437;85524;85609;85525;85610;85701;85703;85834;85702;85836;85835;85837;85838;85839;85840;85926;85927;80989;86045;85998;80990;86046;86056;86047;86092;86090;86091;86093;80356;86094;86120;86139;86138;86182;86238;86280;86239;86183;86281;86282;86283;86284;86285;86287;86321;86336;86286;86338;86337;86390;86392;86391;86394;86437;86393;86436;86594;80991;86595;86555;86596;86667;80992;86622;86623;86646;86647;86668;86956;86694;80993;86731;86730;86733;86732;80438;86734;80994;86735;86738;86737;86736;86739;86740;86776;86777;86800;86801;86957;86958;86807;86863;86960;86959;86961;86962;86864;86890;86880;86891;86963;86909;86923;86924;81030;86964;86965;87003;87004;87005;87017;87006;81063;87081;81064;87082;87084;81098;87083;87086;87085;87087;87088;87115;87089;87116;87117;81136;87166;87389;87189;87439;87437;87438;81137;87390;87391;87440;87714;81138;87441;87392;87442;81139;87486;87393;87443;87394;81140;87446;87444;87445;87447;81141;87487;87517;87518;87488;81142;87619;87617;87618;87620;87621;87663;87624;87623;87625;87626;87622;87628;87629;87630;87632;87631;87627;87633;87634;87635;81155;87715;87716;87717;81156;81199;87718;87772;88533;93062;93063;93064;93065;93066;88394;93074;93092;93104;93105;88534;93146;93213;93212;93214;93215;93248;88535;93240;93216;93249;93250;93334;93335;93336;88536;93337;93363;93362;93390;88537;90569;93391;93393;93392;93430;93432;88538;93431;93434;93433;93436;93444;93435;93445;93499;93554;93595;93500;93553;93583;93585;93584;93597;93596;88539;93598;88540;93700;93699;93599;93675;93701;93702;93704;93703;93706;93705;93731;93708;93707;93757;93756;93732;93758;93782;93783;93823;93824;93825;93851;93852;93855;88541;93854;93853;93856;88542;93995;93997;93998;93999;93996;94000;94033;94032;88543;94001;94034;94002;94062;94061;94060;94063;94086;94087;94089;94088;88544;94090;94091;94092;87833;94215;94128;94216;94218;94129;94217;94240;94220;94239;94219;94242;94241;94243;94244;94245;94302;94303;94304;94306;94305;94307;94308;94309;94310;94312;94311;94423;94424;94426;94425;88545;94528;88546;94529;94597;94596;94530;94531;88547;94598;94599;88548;94602;94600;94601;94619;94664;94620;94649;88549;94752;94753;94754;94755;94695;94694;94919;94756;94894;88551;88114;88550;94906;94944;94946;88552;94945;94948;94947;94949;88553;94951;94950;94953;94952;95022;95273;95040;95023;95274;95272;95275;95310;95377;95311;95378;88605;95529;95463;95531;95530;95533;95532;95549;95550;95552;95551;95553;88115;95555;95554;95556;95557;95558;95559;95560;95590;95591;95592;95594;95593;95595;95643;95596;95597;95700;95645;95644;95647;95648;95646;95649;95702;95701;95705;95704;95703;95706;95707;95744;95745;95708;95746;95748;95747;95749;95750;95751;95753;95752;95754;95756;95755;95757;95788;95790;95792;95789;95791;95910;95793;88606;95912;95911;95913;95818;96028;91492;96030;96029;95975;88116;96063;96064;96129;95976;88607;96130;96131;96133;96132;88608;96174;96173;96175;96176;88609;96246;96247;96248;88612;88610;88611;88613;88614;88615;88616;88632;88633;88634;88685;88635;88686;88687;88688;88706;88704;88705;88732;88734;88733;88736;88735;88771;88772;88773;88774;88775;88824;88823;88825;88826;88827;88829;88828;88830;93394;88855;88854;88878;88879;88918;88919;88921;88920;88924;88922;88923;88925;94093;88927;88926;94246;88946;88117;94427;88979;88980;88978;89016;89018;89050;89019;88118;89017;88119;89090;95395;89091;89651;89092;89653;89652;89714;89715;88120;89716;89717;89718;89719;89812;88121;89813;89856;88122;89814;89857;89855;89908;88123;89911;89909;89910;89912;89913;89915;89949;89914;89916;88124;89950;89975;89976;90017;88125;89977;90018;90054;90057;90056;88126;90055;90058;90060;90059;90061;88127;90062;88128;90106;90135;90164;90136;90166;90165;88129;90167;90169;90170;90168;90171;90172;90240;90253;90173;90259;90260;90341;90381;90293;90418;90294;90382;90419;90477;90476;90475;90478;90480;90482;90479;90481;90483;90484;90524;90485;90523;90522;90528;90529;90557;90559;90560;88130;90561;90558;90562;90565;90563;90564;90593;90594;90700;90610;88157;90609;90611;90612;90665;90701;90771;90702;90772;90782;90783;90878;90879;90932;90904;90903;90907;90906;90905;90908;90910;90909;90911;90912;90933;91067;91068;90934;90935;90981;91069;90985;90983;90982;90984;90986;91070;91204;91178;91177;91147;91111;91071;91206;91208;91205;88131;91207;91209;88132;91269;87719;91271;91270;91272;91274;91273;91275;91276;91278;91277;88133;91279;91305;89093;91289;91290;91400;91306;91401;91404;91402;91403;91405;91408;91406;91407;91409;91410;90107;91438;91413;91411;91412;88134;91439;91482;91483;91484;88135;91485;91512;91528;88136;91529;91511;91530;91533;91532;91531;88137;91534;91555;91585;91584;88138;91588;91587;91586;91619;91618;91589;91620;88139;91630;88158;91705;91639;91706;91631;91640;91722;91710;91708;91721;91709;91707;91723;91773;91772;91848;91774;91736;91792;91793;88159;91865;91795;91794;88160;91866;91849;91867;91869;91868;91870;88161;88163;91871;87730;88162;91887;91888;91889;88164;88395;91943;91942;91941;91944;91945;88396;91951;91950;91952;91953;91980;88397;91967;90109;90108;91984;91985;88398;91986;91987;88399;92007;92043;92308;92352;92309;92310;92354;92353;92450;92449;92487;92507;92506;92488;92538;92550;92551;92594;92625;92595;92598;92597;92596;92655;92654;88165;92743;92715;92714;88166;92744;92745;88400;92746;92773;92776;92774;92775;92777;92930;92778;92853;92975;92974;92931;92977;92976;92978;92979;92932;88401;92933;92992;92980;92981;92982;92993;88402;92994;93067;93068;93069;96277;96249;102965;102967;102966;96577;103154;103156;96545;103157;103155;103158;103160;96546;103203;103159;103161;103162;103283;96547;96579;96578;103284;103287;103286;103285;103288;103289;103290;103291;103292;103368;96580;103395;103396;103397;103399;103398;103400;96581;103451;103452;103487;96293;103589;96582;103590;103588;103591;103621;103624;103622;103623;103659;103658;96583;103661;103660;103728;96621;103763;103764;103798;103799;103800;103802;103801;96622;104071;104073;104072;104074;104075;96623;104076;104077;104078;104079;104080;104081;104082;104083;104084;104085;104114;104086;96645;104087;104115;104165;104164;104234;104235;104166;96294;104236;96646;104238;104237;104239;96647;104240;104241;104242;104244;104243;104245;104349;104420;104246;104422;104421;104423;104425;104424;104426;104522;104521;104470;104523;104524;104525;104526;104527;96648;104528;104613;104614;104616;104615;104648;96649;104762;104763;96295;104765;104764;96711;104766;104767;104770;104769;104768;104771;104772;96712;104798;105218;105217;105219;105220;96713;105221;105222;105223;105226;105224;105225;105227;105228;105229;105231;105230;105232;105233;105234;105236;105235;105239;105237;105238;105240;105242;105241;105243;105244;105246;105265;105245;96714;105266;105340;105343;105341;105342;105344;105364;105365;105366;105452;105453;96296;96750;105454;105457;105478;105456;105455;105504;105505;96788;96822;96297;96823;96862;96863;96864;96866;96865;96900;96918;96917;96941;96919;96940;96942;96325;96943;96944;96997;96999;96998;97001;97000;97002;96250;97003;97004;97006;97005;97073;97074;97075;97076;97078;97077;97094;97113;97093;97116;97115;97114;97275;97138;97274;97276;97278;97277;97279;97280;97283;97281;97282;97284;97313;97285;97288;97286;97287;97289;97314;97290;97291;97292;97315;97368;97366;97367;97369;96374;97370;96251;96375;97458;97459;97562;97564;97563;97565;97566;97567;97568;97569;97651;97650;97709;97708;97710;97712;97711;97713;97714;97715;97716;97748;97747;97790;97791;97816;97818;97817;97843;97819;97905;99015;99016;99017;99019;99020;99018;99021;99022;96252;99150;99152;99151;99110;99111;99112;99153;99154;99155;99156;99157;99158;99179;99207;99194;99208;99209;99211;99210;99212;99241;99213;99260;99294;99295;99277;99296;99297;96376;99328;99326;99327;99385;96377;99426;99428;99427;99417;99429;99448;99449;99430;99450;99498;99499;99559;99560;99561;99617;96253;99648;99618;99700;99649;99702;99701;99703;99704;99722;99751;99753;99752;96378;99926;99957;99927;99956;99958;99990;100019;100035;100037;100036;100020;100038;100039;100040;100041;100042;100043;100044;100086;100114;100170;100169;100202;96379;100204;100203;100286;100232;100366;96254;96380;100367;100394;100447;100448;100395;100500;100501;100503;100499;100502;96381;100566;96383;100504;100524;96382;100567;100611;96384;100612;100676;100659;100658;100708;100709;100707;100710;100711;100712;100714;96385;100713;100738;100715;100752;100753;100799;100830;100831;100832;96400;100862;100882;100863;96427;100883;100884;100885;101125;101126;101128;101127;101129;103163;101130;101131;101133;101132;101134;101136;101135;101137;101189;101190;101191;101219;101220;101277;101278;101279;101280;101281;101282;101283;101285;101284;101288;101346;101286;101287;101347;101348;101515;101349;101516;101543;101517;96548;101758;101785;101759;101760;101830;101761;96549;101968;101969;96550;101971;101970;102011;101972;96551;102053;102052;102054;96552;102055;102056;102058;102057;96553;102216;96554;102332;96555;102249;102217;102333;102334;102335;96278;102337;102336;102468;102338;102469;102470;96556;102471;102472;102509;96557;102510;102554;102555;102556;102557;102558;96558;102559;102560;102561;102562;102563;102565;102564;102566;96559;102567;102622;102621;102568;102771;102809;102810;102811;102834;102812;102848;102847;102943;102945;102849;102944;102946;102947;102968;102948;102949;102969;105558;117518;117516;117519;117517;117520;106430;117523;117522;117521;117525;117524;117526;117536;117613;106431;117655;117657;117656;117659;117658;117685;106432;117686;117687;106523;117688;117689;117690;117691;117692;117693;117789;117791;117790;117792;117793;117794;117796;117795;117797;117798;117819;117852;117855;117854;117853;117856;117857;106543;117928;117897;117929;117931;117898;117975;117974;117930;117977;117976;117978;106544;117979;117980;117982;117981;117983;117984;106545;117985;117987;117986;117988;118066;118112;118110;118109;118111;118113;118114;118115;118116;106547;106546;106548;118169;118170;106549;118191;118192;118193;118194;118195;106550;118196;118219;118197;118220;118221;118317;118250;118249;106551;106552;118337;118339;118338;118340;118341;118342;118345;118343;106569;118344;118379;118378;118381;118380;118383;118382;118384;118385;106570;118445;118386;118444;118446;118447;118450;118449;106601;118448;118451;118452;118479;118481;118453;118480;118482;105713;106613;118484;118483;118486;118485;118487;118561;118562;118489;118488;118563;106614;118867;118868;118817;118869;118818;118870;118873;118872;118871;118874;118876;118875;118877;118880;118879;118878;106663;118881;118951;106665;106664;105714;119023;119027;119025;119024;119022;119026;119028;119030;119079;119078;119029;106666;119077;119081;119083;119082;119080;106667;119084;119136;119114;119135;106668;106669;119137;119138;119139;119140;119141;106702;119295;119297;119296;119298;106703;119491;119490;119492;119493;119495;119494;119537;106704;119538;105715;119539;119540;119569;119541;119543;119570;119542;119544;119545;119547;119546;119548;106705;119549;119550;119641;119643;119642;106741;106740;119670;119671;119706;119707;106742;119712;119711;119708;119710;119709;119713;119717;106743;119715;119714;119716;119737;119738;119759;119739;106744;119804;119805;106785;119856;119854;119855;119857;106814;119860;119858;119859;119861;119862;119863;119864;119867;119865;119866;119868;119946;119947;119948;119949;106833;119950;119951;119953;119952;106860;106861;106862;106863;106864;106889;106888;106892;106890;106891;106893;106895;105716;106916;106917;106919;106894;106918;106920;105740;106921;106922;106923;106940;106924;106961;106963;105597;106962;105741;106964;106999;106998;106997;106965;106966;107000;107001;105742;107047;107049;107048;107050;107180;107179;107128;107113;107182;107181;107183;107202;107184;107185;107244;107245;107246;105758;107286;107285;108271;108270;108272;108355;108354;108391;108356;108357;108392;108440;108436;108437;108438;108439;108441;108446;108443;108444;108445;108442;108447;108478;108527;108576;108575;108577;108629;105636;106059;108631;108632;108633;108630;108634;106060;108635;108636;108637;108638;108639;108641;108640;108682;106061;108740;108741;108743;108742;108783;108782;108784;106062;108860;108785;108861;106063;108932;108933;108934;108935;108936;108980;108937;108981;106064;109020;109021;109022;106065;109023;106066;109068;109067;109069;109100;109101;106067;109102;109103;109236;109237;109291;109239;109238;109292;109294;109293;109384;109296;109295;105637;109424;109385;109425;109522;109521;109536;106068;109537;109539;109538;109540;109541;109595;106069;106070;106071;109664;109714;109715;109716;109717;109718;109720;109751;109719;106072;109752;109753;109879;109880;109878;109904;109932;109931;109933;109935;109934;109936;110062;110063;110064;110065;110066;110067;110068;105638;106217;110069;110106;110105;110107;110104;110177;110213;110178;110180;110179;110181;110214;110182;110309;110275;110257;110335;106218;110334;110336;110337;106219;110408;110392;110407;110409;110433;110434;110471;110470;110435;110436;110437;110472;105639;110438;106220;110439;110440;110441;106222;110442;106221;110529;110543;110530;110586;106223;110587;110588;110589;110590;110591;110592;106224;110593;110609;110633;110634;110610;110678;110658;110679;110681;110680;110801;110802;110829;110830;110831;110833;110832;110834;110835;110955;110956;110937;110957;110958;105640;110959;110960;110961;110962;110963;110964;111037;110965;111093;111094;111095;111096;111097;111098;111099;111100;111194;111192;111195;111193;111196;111197;111345;111199;111198;106289;106290;111414;111416;111417;111415;111418;111419;111423;111420;111421;111422;111425;111424;111428;111426;111429;111427;111430;111431;111542;111502;111432;111501;111543;111544;105641;111545;111564;111563;111565;111566;111568;111569;111567;111570;111571;111572;111585;111586;111584;111573;111587;111588;111624;111597;111589;111598;111625;111626;111628;111627;111590;111629;111631;106324;111630;111632;111633;111634;111779;111637;111636;111638;111635;106325;111661;111670;111669;111738;111671;111739;106326;111810;111809;111780;111808;111811;111812;106357;112031;111998;111997;106358;112002;111999;112001;112003;112000;105642;112005;112004;106359;112007;112006;106360;112008;112137;112009;106361;112138;112139;106362;112140;112141;112142;112143;112144;112182;106363;112262;112181;112263;112264;112265;112266;112267;112268;112269;112270;112285;117330;117352;112286;117329;117353;117379;117381;106433;117380;106434;117382;117384;117383;117475;117476;117477;120981;121088;121459;123148;123149;123150;123151;123152;123153;123154;123155;123156;123157;123159;123158;121536;123160;123161;123162;123164;121537;123163;123165;123166;123167;123440;123439;123438;123492;123493;123494;123541;123495;123542;121538;123543;123544;123632;123652;123651;123545;123653;123654;123657;123656;123655;123658;123660;123659;123662;123661;123663;123664;123666;123665;123667;123668;123669;123670;123769;123770;123771;123772;123773;123774;123775;123776;123777;123779;123778;123814;123815;123813;123816;123818;123817;123820;123821;123819;123918;123919;123991;123920;123921;123922;123992;124016;124017;124051;124050;124052;124054;124053;124141;124081;124101;124102;124103;124104;124105;124106;124107;124108;124143;124144;124142;124145;124147;124146;124186;124188;124187;124189;124216;124263;124264;124265;124266;124267;124291;124292;124310;124309;124311;124312;124313;121588;124355;124357;124356;124358;121589;124359;124399;124360;124400;124401;124402;124579;124581;124580;124582;124583;124584;124585;121590;124640;124639;124642;124641;121591;124643;124707;124706;124709;124708;124710;124711;124713;124712;124714;124754;124756;124755;124848;124850;124849;124851;121608;125017;121609;125018;125019;125021;125020;125022;125211;125210;125212;125213;125241;121633;125242;125302;125304;125243;125305;125303;125306;125324;125325;125326;125327;121634;125328;125330;125329;125331;125332;125349;125350;125450;125451;125452;125453;125455;125454;125456;125532;125533;125534;125617;125618;125619;125668;125667;125670;125669;125671;125717;125693;125694;125718;125695;125696;125697;125698;125699;125719;125757;125701;125700;122088;125758;125843;125795;125794;125793;125796;122089;125807;125797;125809;125808;125810;122090;125918;122091;125919;125844;125941;125942;125982;125983;125943;126033;126059;126034;126038;126036;126037;126035;126040;126039;126041;126042;126043;126060;122144;126061;126146;126147;121146;126148;126227;126228;126230;126229;126231;122145;126232;126233;126236;126235;126234;122177;126304;126324;126327;126325;126328;126326;126330;126329;126332;126331;126333;122178;126335;126334;122179;126368;126456;126369;126370;122180;126371;126372;126373;126437;126490;126438;126491;126522;126523;126883;126887;126885;126886;126884;126888;126889;122220;122221;122222;126890;126892;126891;126893;126895;126894;126896;126898;126897;126901;126900;126899;122223;126902;126903;126907;126904;126905;126906;126908;126909;126910;126911;126975;126912;126976;126978;126977;126979;126980;127035;127036;127037;127088;127731;127732;127733;127734;127735;127736;122224;127738;127737;122225;127740;127739;127741;127742;122226;127743;127834;127833;127835;127836;127837;122227;122293;127883;121147;127995;127994;127996;127998;127997;127999;128001;128000;128002;128003;128005;128004;128006;128008;128007;128009;128010;128011;128013;122294;128014;122295;128012;128016;128015;122296;128045;128046;128044;128047;122297;122298;128110;128070;128139;128140;122300;128141;121148;122299;128142;128143;122301;122302;128409;128453;122303;128454;128455;122304;128456;128457;128458;128459;122305;128460;128461;128462;128464;128463;128465;128519;128503;128538;128537;122394;128539;128540;128541;128602;122338;128603;128605;128604;128606;128607;128608;121149;131991;128669;128668;128670;122395;128671;128863;128864;128672;128865;128866;128867;128869;128868;122396;128964;128986;122339;128987;128965;129279;129094;129095;129281;129336;129280;129335;129338;129341;129337;129342;129340;129343;129344;129339;129376;129346;129380;129379;129377;129378;129397;129345;129398;121150;129400;129455;129399;129458;129457;129456;129460;129459;129461;129463;129462;129482;129483;129481;129464;129485;129484;129523;129487;129522;129486;129525;129579;129524;129580;129662;129663;129666;129664;129665;129668;129669;129667;129670;129704;129671;129705;129706;129672;129709;129707;129710;129743;129711;129708;129744;129745;129805;129842;129806;129807;129843;129877;129998;129999;122416;130000;130049;122418;122417;130080;130081;130082;130083;130085;130084;130086;130159;130143;130160;130335;130334;130333;130336;130337;130339;130356;130355;130338;130357;130358;130359;130360;130387;130448;122443;130420;130501;130500;122444;130578;130577;130576;130579;130580;122445;130885;130581;130582;130936;130886;130887;130888;130891;130890;130937;130889;130892;130893;130938;122492;130894;130895;130939;130940;131008;122470;131009;131010;131058;131057;131059;131060;131063;131062;131061;131064;122493;131065;122494;131115;131066;131117;131116;131155;131158;131157;131156;131180;131181;131179;131219;122495;131220;131277;131275;131276;131278;122496;131279;131281;131280;131282;131381;131301;131382;131384;131532;131383;131534;131535;131533;131536;131538;131537;131539;131541;131540;131543;131720;131542;122497;131682;131544;131683;131685;131684;131686;131687;131688;131691;131689;131690;131693;131692;131721;131992;122498;131922;131993;131995;131994;131996;131997;132032;132068;132069;122529;132087;132086;132385;132386;132516;132517;132515;122578;122579;122607;122580;122642;122644;122643;122660;122661;122662;122741;122714;122742;122743;122744;122745;122746;122772;122847;122849;122848;122888;122941;122942;122943;122963;123168;123170;123171;123169;123173;123174;123172;123175;123176;123441;123177;123179;123178;123180;123181;121151;123184;123183;123182;123185;123186;123187;123188;123189;121152;123191;123190;123193;121154;121153;123192;123194;123195;123196;123198;121155;123197;123199;123200;123203;123204;123201;123202;123205;121156;123206;123207;123208;123209;123210;123211;123212;123213;123214;123215;121157;123216;123217;123218;121281;123221;123220;123219;123223;123222;121282;123224;123225;123226;123227;123228;123229;121283;123230;123233;123232;123231;123236;123234;123235;123239;123237;123238;123241;123240;123242;123244;123243;123245;121284;123246;123247;123248;123249;123250;123251;123252;121285;123255;123253;123254;123257;123258;123256;123259;123261;123262;123442;123263;123264;123265;123267;121286;123266;123260;123269;123268;123443;123272;123271;123270;121287;123273;123275;123274;123276;123277;121288;123278;123279;123281;123282;123280;123283;123284;123285;121289;121290;123286;123287;123288;123290;123289;123291;123292;123293;121291;123295;123294;123296;123297;123299;123298;123300;123301;123302;123303;123305;123304;123306;123307;123309;123308;123312;123310;123311;123313;123315;123314;123316;123317;123318;123320;123319;123321;123322;123324;123323;123325;123327;123326;123329;123328;123330;123332;123331;123333;123335;123334;123336;123337;123338;121089;123340;123341;123339;123342;121339;123344;123345;121340;123343;123346;123347;123348;123349;123351;123350;123352;121411;123353;123354;121412;123355;123356;123357;123359;123358;121413;123360;123361;121414;123362;123363;121415;123364;123365;121428;123367;123366;121090;121429;123368;123369;123370;121430;123371;123373;123374;123372;123375;123376;121431;123377;123378;121460;123379;123380;123382;123381;121461;123383;123384;123386;123387;123385;123388;121462;123389;123390;123391;123392;123393;123394;121463;123395;123396;123398;123399;121464;123400;123401;123397;123402;123404;123406;123403;123405;123407;123408;138668;138669;138670;138671;138672;138673;138675;138674;138785;138786;133251;138787;138789;138828;138788;138790;138829;133252;138980;138977;138978;138979;133253;138981;138984;138985;138983;138982;138987;138986;139013;138988;138989;139012;139014;139015;139016;139017;139018;139019;139020;139021;132904;139168;139221;139280;139281;139302;139022;139303;139304;133288;139305;139306;139356;139355;139357;139443;139445;139401;139444;139447;139446;139448;133340;139449;139450;139477;139451;139478;139558;139559;139560;139561;139563;133341;139562;139564;139565;139591;139644;139645;139646;139648;139647;139650;139649;139651;133342;139652;139653;139654;133343;139655;139765;133344;133345;139767;139768;139780;139769;139766;139897;139898;139896;139901;139900;139903;139902;140020;139899;140021;140024;140073;140023;140022;140074;140075;140076;140079;140078;140077;140080;140081;140172;140171;140173;140170;140174;140175;141904;140240;140366;140367;140365;140369;140371;140368;140370;140372;140373;140376;140375;140374;140377;140442;140443;140445;140509;140444;140681;140510;140511;132905;140570;140569;140571;140572;140573;140574;140610;140683;140682;140684;140685;140686;140687;140688;140689;133346;140741;133347;140691;140726;140692;140690;140727;140742;140743;132906;140764;140744;140797;141069;141151;141071;141070;141072;141073;141152;141153;141154;141074;141075;141078;141076;141155;141156;141077;141079;141081;141158;141080;141157;141159;141160;141161;141163;141162;141164;141165;141166;133488;141167;141168;141169;141276;133489;141279;141281;133490;141294;141390;133491;141382;141388;141387;133492;141411;141409;141462;141529;141513;141507;141506;141534;141523;141525;141530;141514;141533;141528;141504;141559;133519;141560;141839;141719;141662;141840;141893;141905;141925;141888;141884;141890;142042;141927;141898;142039;141929;141924;142095;142044;141926;142135;142114;142078;142097;142115;142108;142183;142188;142165;142185;142196;142162;142194;142190;142163;142186;142181;142150;142207;142178;142149;142572;142324;142540;142522;142555;142560;142583;142549;142575;142506;142537;142550;142524;142526;142631;142630;142620;142615;142628;142629;142627;133592;142838;142638;142836;142852;142829;142831;133593;142853;142840;142921;142915;142925;142956;142945;142950;142944;142938;142949;142948;142942;142937;142917;142929;142953;143141;142941;142922;143001;143100;143145;143101;143134;143144;143146;143143;143182;143192;143180;143179;143184;143190;143181;132763;143168;132907;143225;143298;143343;143289;143338;143352;143333;143295;143345;143320;143290;143301;143348;143303;143340;143299;143314;143316;133644;143335;143327;143310;143337;143302;143355;143321;143318;143341;143304;143317;143322;143331;143324;143311;133645;143312;133666;143297;143347;133667;143319;143342;143292;143357;132908;143328;143339;143508;143504;143496;143507;143499;143452;143462;133668;143521;143463;143457;133669;143398;143455;143460;143456;143492;143497;143514;143506;143522;143523;143511;143529;143513;143498;143545;143547;143546;143550;143549;143540;143539;143538;143536;133714;143542;143548;143537;132909;143592;133757;144020;144033;144317;144309;144120;133758;144316;144308;144312;144321;145351;145279;144313;145335;145358;145338;145382;145307;145353;145334;145313;133759;145297;145277;145329;145374;133760;145360;145331;145280;145368;145372;145362;145322;145332;145294;145323;145293;145301;145389;145326;145348;133827;145345;133828;145359;145347;145350;145324;145285;145400;145317;132910;134073;145375;145385;134152;134153;134154;134155;134157;134156;134193;134194;134195;134196;134197;134198;134279;134280;134281;134282;134284;132764;134283;132911;134347;134362;134349;134348;134397;134398;134617;134619;134620;134618;134696;134559;132912;134755;134822;134823;134851;134932;134934;134933;132913;134935;134936;135161;135003;135006;135005;135004;135007;135162;135008;135010;135022;135009;135163;132914;135220;135221;135263;135222;135264;135265;135385;135386;135383;135384;135446;135450;135449;135447;135448;135451;132915;135452;135453;135578;135454;135577;135670;136004;135749;136005;135750;136007;136006;136008;136009;132916;136023;136010;136011;136012;136072;136306;132917;136307;136073;132919;132918;136309;132920;136308;136310;136312;132848;132949;136314;136313;136311;136315;136316;132951;132950;136317;136450;136449;136451;136454;136453;136452;136455;136456;136457;136459;136458;136460;136461;136488;136489;136490;136491;136492;136691;133031;136873;136872;136874;136875;136876;136877;133130;136878;136879;136880;136881;133131;136882;136883;136884;136885;136886;136887;136888;136889;136959;136960;136961;136962;136993;136963;136992;136994;136995;136996;137131;137132;136997;137227;137230;137229;137228;137231;137251;137349;137392;133132;137351;137350;138676;138677;138678;132849;133133;138679;138680;138681;138684;138685;138683;138682;138686;138687;138688;138689;138690;138691;138692;133170;138694;138693;138695;138696;133171;138700;138699;138698;138697;138701;133172;133173;138702;138703;138704;138706;138705;138709;133174;138707;138708;138711;138710;138713;138714;138715;138712;138717;138716;138719;138718;138720;138721;138990;138722;138723;133198;138725;138724;138726;138727;138728;138729;138730;133199;138731;138732;138991;138734;139307;138733;138735;138736;133200;138738;138737;138739;138740;138741;138743;138745;138742;138744;138746;138747;138750;138749;138748;138751;138752;138753;138754;138755;138756;138757;151525;151528;151526;145370;151527;145336;151615;151702;151824;151806;151619;151822;151816;151823;151814;151818;151841;145395;151840;151853;151938;145278;151936;152008;151937;152017;152058;152009;152057;152063;152065;152064;152219;152261;152257;152262;152391;152394;152392;152471;152474;152477;152463;152470;152462;152469;152456;152460;152466;152457;152473;152467;152472;152561;152515;152563;152647;152692;152693;152696;152694;152730;152731;152719;152722;152736;152738;152770;152755;152756;152758;152841;152769;152840;152839;152852;152837;152835;152844;145377;152838;152875;152876;152896;152895;152958;152956;152900;152942;153000;153005;153029;153025;153114;153116;145284;153113;153108;153107;145356;153218;153195;153251;153392;153394;153395;153393;153415;153457;153414;145330;153453;153455;153454;153452;145295;153537;153530;145344;153529;153533;153667;153578;153669;153778;153782;153783;153847;153875;153796;154006;145354;153874;154007;154008;154010;154012;154009;154079;154191;154192;154196;154206;154215;145361;154216;154214;154228;154211;154209;154282;154207;154213;145383;154284;145306;154513;154748;154770;154612;145314;154759;154764;154761;154762;154769;154767;154763;154766;154768;154765;154755;154757;154758;154760;154822;154756;154865;154867;154864;154860;154863;154866;145311;154978;154946;154975;154952;154951;154976;155355;155345;155362;155356;145339;155358;155583;155621;145394;155660;155657;155652;155662;155726;155714;155823;145273;145399;155859;155860;155872;145305;155871;155887;155879;155886;156130;155873;155875;156144;156146;145376;156135;156151;156150;156131;156142;156138;156152;156179;156185;156192;145435;156217;156215;145431;156216;156218;156270;156273;145434;156274;156316;156317;156279;156276;151685;156436;156340;156319;156341;156395;156426;156434;156437;156433;151688;145423;151704;151747;151712;145530;145485;145525;151710;151726;151709;145729;151752;151736;151722;151684;151739;151706;151721;151729;151746;151719;151724;151717;151728;151707;151699;152119;151753;151683;151749;145775;145710;151735;145735;145720;151708;151693;151718;151714;151744;151692;151713;151731;145762;145736;151730;151705;151756;151725;151737;151711;151686;151741;151751;145767;151716;151734;151732;145768;145746;151697;151742;151694;151715;151696;151755;151698;151750;151740;151703;146513;151695;151700;146162;151720;146144;151687;151743;151701;151733;151754;151691;151738;151748;151727;151723;151745;151817;151820;146274;151819;151839;146287;151851;145381;151838;151860;151866;146293;151847;151941;151935;151940;151939;152011;146282;152013;146298;152010;152007;152118;145355;146320;152166;152147;152154;152179;152218;152256;152263;152196;145365;152250;146325;152258;152260;152249;152259;152255;146317;152393;152459;152554;146355;152553;152552;152644;152562;152569;146503;152624;146518;146524;146510;152646;152645;145310;152679;146506;152732;152733;152695;152734;152721;152728;152720;152725;152727;152726;146508;152735;152724;152729;152768;152771;152757;152799;152798;146507;152767;146528;152850;152848;152849;152894;152897;152962;152960;153008;152941;152963;153007;153009;153004;153003;153006;153002;153001;152999;146501;153115;152998;153030;153117;153118;153188;146715;153187;153250;153186;146662;153245;146745;146676;153413;153244;146688;153451;146649;153479;146750;153543;153541;153579;153599;153594;153596;153595;146858;153780;153597;153771;153598;153792;153790;153914;153912;153913;153911;153901;146852;146851;153968;153909;154011;154091;146836;154103;154105;154064;154069;146831;146918;154104;146908;154186;154187;154193;154208;146897;154243;154283;146888;154289;154285;154286;154287;154281;146898;154290;154288;154280;154606;154611;154512;154664;154660;154661;154589;154665;146911;146914;146916;154743;154892;154890;154889;154896;154898;146938;155010;155012;154945;155008;155009;155191;155299;155177;155379;155357;155380;155382;155383;155381;147159;147158;147157;147161;147149;155656;155663;147160;155664;147150;155665;155696;155777;155701;155697;155744;155771;155773;147174;155775;155778;155772;155774;147184;155770;155779;147173;155776;155826;147189;155825;147178;155857;155824;147606;155888;155877;147563;155878;155882;155883;155876;155874;155885;155881;155884;155880;156145;155934;155932;156143;156141;147783;147799;145304;156154;147779;156136;147774;156137;147794;156149;147776;156153;147780;156140;145308;156180;156139;156181;156177;156219;148839;147845;156252;156277;147844;156271;156268;156269;156275;147846;156272;156339;156278;156435;156448;147860;147858;147850;156447;147853;147929;147852;147931;147925;147930;145325;145290;147927;147924;148066;148159;148141;148148;148045;145357;148152;148153;148179;148176;148203;148209;148210;148315;148308;148313;148309;148310;148321;148385;148324;148325;148411;148384;148409;148412;148417;148435;148438;148431;148436;148432;148439;148513;148535;145390;148614;148588;148696;148606;145298;148759;148699;148763;148746;145379;149627;149605;149555;149634;149564;149553;150114;149548;145320;145340;145283;149640;149613;149628;149545;149616;149533;149554;149637;149589;149603;149536;149534;149573;145275;149580;149570;149562;149598;149557;149577;149629;149590;145371;145299;149558;149636;149611;145286;149569;149594;149549;149596;149614;149571;149579;149541;149612;149537;149550;150103;149584;149530;149567;149572;150090;149539;149566;145396;149641;149600;149639;149560;145312;145387;149542;149602;149884;149886;145287;149887;149892;149890;149891;149896;149882;149895;145292;149881;149894;149885;149893;145373;150089;150003;150113;150098;150094;150087;150088;150104;145392;145342;150183;150206;150269;145398;150261;150259;150275;150248;150256;150251;150276;150319;150304;145393;150315;150452;150466;150474;150471;150457;150461;150455;150754;150755;151080;151079;151073;151076;151071;151074;151083;151082;151078;151072;145366;151075;151081;151062;151067;151077;151060;151058;151024;151066;151023;151068;151061;151069;145328;151054;151022;151053;151070;151056;151065;151055;151059;151064;151063;145288;151057;151199;151198;151283;151280;151278;151358;151282;145346;153967;156450;145289;156761;156637;156779;157096;156781;156467;157082;156956;157348;158130;157416;158131;156593;158150;156643;158240;156649;158508;156647;156648;158507;156722;158575;156723;156721;158642;158650;158689;158629;156747;158617;158639;159078;156780;156778;158883;159075;159049;159456;159453;159458;159454;159393;156850;159616;156845;156851;156852;156844;156849;160016;161246;156940;160972;160973;156904;156939;156943;161508;156938;161430;156937;161654;156942;161509;156957;156959;156958;157104;157081;157113;161762;157110;157088;157084;157092;157093;157107;157147;157148;157198;157225;157326;157232;157399;157400;157325;157398;157890;157889;157938;158058;158236;158234;158235;158223;158220;158222;158224;158231;158218;158239;158232;158237;158241;158392;158449;158340;158577;158576;158578;158635;158626;158636;158627;158624;158641;158628;158637;158625;158632;158623;158638;158631;158643;158640;158630;158742;158777;158774;158779;158776;158773;158778;159044;158775;159047;159054;159048;159050;159053;159040;159046;159042;159043;159039;159051;159045;159036;159038;159056;159074;159125;159126;159124;159180;159211;159224;159219;159223;159221;159225;162322;161749;159277;159276;162481;162400;162490;162476;162618;162518;162617;162606;162551;162616;163014;162949;163078;163758;163682;163094;163516;163447;163757;163911;164134;163827;164107;163910;164144;164474;164446;164255;164254;164473;164476;164475;164494;165222;164951;164952;165221;165237;165251;165225;165238;165240;165432;166126;165586;165922;165500;165611;166100;166107;166198;166206;166112;166205;166203;166362;166294;166202;166361;166308;166754;166766;166756;166757;166758;166760;166762;166761;166763;166896;166899;166900;166753;167204;167328;167344;167348;167338;167510;167511;168006;167519;168004;168003;168158;168005;168156;168157;168203;168155;168202;168336;168394;168393;168241;168539;168493;168622;168610;168621;168897;169347;169285;169444;169443;169442;168898;159327;169346;159460;159325;159326;159461;159457;159392;159394;159478;159459;159477;159455;159621;159503;169485;169481;169478;169927;170057;170038;170095;158634;170122;170098;170266;170267;170494;170772;171001;171422;170741;170493;171476;171414;171421;171533;171632;171480;171764;171686;172066;172016;171935;172422;172507;172176;172560;172569;173383;172568;173449;173828;174156;174145;174256;174494;174915;174713;174927;175128;175027;175812;176223;176545;176441;177098;177405;177676;177701;177821;177813;177804;177993;178227;178113;178175;178226;178403;178812;178921;179373;179289;179374;179390;179389;179391;179422;179421;179420;179831;179894;179956;179980;179895;180002;180001;180012;180580;181333;180287;181400;181493;181649;181861;181859;181862;181834;181860;181921;181922;181920;181923;181919;181918;182483;182481;182676;182482;182394;183383;182677;182995;182994;183362;183064;183657;183676;183658;183659;183954;183955;183993;184347;184007;183956;184008;184436;184438;184435;185461;184437;185536;184439;185712;185537;185711;185535;185880;185713;186505;186350;185986;186506;186504;185934;186582;186507;186523;186583;186749;186683;187042;187043;186748;187292;187138;187113;187391;187399;187392;187401;187400;187404;187634;187650;187405;187649;187855;187942;189104;188004;189103;189203;189250;189251;189492;189493;148707;33589;25004;58727;25552;26064;29218;33129;31968;34510;40826;44597;46814;51773;61731;69185;59191;77408;86904;94199;154167;164180;187659;173707;104351;154166;21784;122033;25551;142882;125261;128773;128776;125260;125643;125226;79746;73668;125257;103701;125259;125263;154346;154347;125262;73667;125356;40827;42291;44960;42892;45121;46204;47583;47113;49174;48317;49964;51343;55506;51774;54587;56042;55470;57751;56585;57039;58583;59089;59555;61732;61414;62821;62984;63301;65927;64363;73764;70217;70532;69541;72372;73942;72371;72884;19312;74362;21221;22875;21786;19766;23977;25036;25290;25755;27506;25900;29742;31129;31734;33168;33396;33949;34459;34368;14235;35761;35185;34680;14244;11922;14638;66520;65742;14245;14246;14247;11578;11900;14248;14336;11404;13844;21746;18503;14261;14249;14346;14250;32479;10855;11076;10848;10849;11081;10850;10851;11452;10852;10840;11226;10854;11918;11225;11223;11227;11224;77421;174744;174745;170495;189737;178712;166338;183413;73825;14641;16209;18204;22075;17654;10808;73826;51873;22074;17586;18205;62819;62820;123686;71643;18181;65048;45544;57290;65050;61746;63521;65052;61681;65995;73570;82820;99588;90625;109202;135592;124198;159975;148960;52002;57959;64790;64454;71966;80908;88045;96628;106190;121231;132992;145218;156887;76532;84824;92516;101843;126821;111163;138522;152020;54997;59462;66932;45379;49996;56566;70472;62593;78481;86542;94138;103963;130011;118228;141800;154344;88755;65743;71462;55958;90828;25951;73612;76683;90604;82830;99521;109207;88041;80890;96627;106139;78086;69305;84808;92492;76883;101839;111214;76590;86474;78478;118572;103932;91825;11563;69304;18034;139874;154655;156885;150416;174466;160088;189238;148977;135204;174518;135172;154253;78773;56056;56052;56060;45626;56064;53897;65997;58798;90762;82903;73576;99480;109205;124155;148894;56051;135585;160079;174470;56055;56059;56063;45625;51573;57589;63623;71970;80906;88146;96611;106188;121253;133047;145266;156822;170191;170192;56053;56057;56061;56065;55632;60048;68934;76531;84822;92522;189165;101836;111219;126830;138528;163408;47718;152026;178468;56050;56054;56062;56058;50652;56066;56653;62662;70460;86576;78540;94201;103971;118230;154332;130058;166370;141829;183503;111680;70765;71644;70766;72981;72982;45624;55786;17614;74467;74466;76576;185085;185087;186692;185086;12067;12047;69552;26192;10660;10658;110053;73577;80915;18175;12126;71537;136998;109209;135676;135237;83469;160034;174615;189232;178706;170197;166377;72776;136091;72778;104051;145244;86577;138590;88044;154418;110054;10613;10594;67398;67397;67396;67401;67400;67402;67399;67403;67405;67404;67406;67407;67408;67410;67409;67412;67411;67413;67414;67415;67416;67417;67418;67419;67420;67422;67421;67423;67425;67424;67426;67428;67429;67427;67430;67431;67432;67434;67435;67433;67436;67437;67438;67439;67442;67441;67443;67440;67444;67445;67449;67446;67448;67447;67450;67454;67453;67451;67452;67455;67456;67457;67458;67460;67459;67462;67461;67463;67465;67464;67466;67467;67470;67469;67468;67472;67473;67471;67474;67475;67477;67478;67479;67476;67481;67480;67484;67483;67482;67485;67486;67489;67488;67490;67487;67491;67492;67493;67496;67495;67494;67497;67498;67499;67501;67500;180614;67503;67502;67506;67505;67507;67504;67509;67510;67512;67511;67508;67513;67514;67515;67516;67517;67518;67519;67520;67522;67523;67521;67524;67525;67526;67528;67530;67529;67527;67531;67532;180626;67533;180606;180622;67534;180616;67536;67535;67538;67537;180605;67540;67539;180618;67543;67541;67542;67545;180623;67544;67546;67548;67547;67550;67549;67552;67551;67554;67553;67555;67557;67556;180613;67558;67559;67562;67560;67561;67563;67564;67565;67566;67567;67568;67569;67571;67570;67574;67573;67572;67577;67576;67575;67580;67579;67578;67581;67582;67583;67584;67585;180607;67587;67586;67588;67589;67590;67591;67594;67593;67592;67595;67596;67597;67599;180601;67598;67601;67602;67600;67603;67605;67604;67607;67606;180597;67608;67609;67610;67611;67613;67614;67615;180615;67612;67617;67616;67618;67621;67619;67620;67623;67622;67626;67625;67624;67627;67629;67628;67631;67632;67630;67634;67633;67635;67637;67636;67638;67639;67640;67641;67643;67642;67645;180621;67644;67648;67647;67646;67649;67650;67651;67653;67654;67652;67655;67657;67656;67659;67658;67660;67661;67663;67662;67666;67664;67665;67667;67668;67669;67672;67670;67671;67673;67674;67675;67676;67678;67677;67679;67680;180602;67681;67683;67682;67684;67685;67686;67687;67689;67688;67691;67690;67692;67693;67694;180627;180600;180598;180609;180599;67696;67695;67697;67698;67699;67700;67702;67701;67704;67706;67703;67705;67708;67707;67709;67712;67711;67710;67714;67713;67717;67715;67716;67718;67719;67720;67721;67724;67722;67723;67726;67725;67727;67729;67728;67730;67731;67733;67735;67734;67732;67737;67736;67738;67739;67740;67741;67742;67743;67744;67746;67745;67747;67748;67749;67750;67753;67751;67752;67755;67754;67756;67757;67758;67759;67761;67760;67764;67765;67762;67763;67766;67767;67769;67768;67770;67772;67771;67773;67774;67775;67776;67777;67778;67779;67780;67781;67782;67783;67784;67785;67787;67786;67789;67788;67790;67791;67793;67792;67794;180610;180612;67796;67795;67797;67798;67799;67800;67802;67803;67801;67804;67805;67806;67807;67808;67809;67810;67811;67812;67813;67815;67814;67816;67818;67817;67819;67820;67821;67823;67822;67824;67825;67827;67826;67828;67830;67829;67831;67832;67833;67834;67835;67836;67838;67837;67839;67840;67841;67844;67842;67843;67845;67846;67847;67848;67849;67850;67851;67852;67854;67853;67855;67856;67857;67858;67859;67860;67861;67862;67863;67864;67866;67867;67865;67868;67869;67870;67871;67872;67873;67874;67875;67876;67878;67877;67879;67880;67881;67882;67883;67885;67884;67886;67887;67888;67889;67891;67890;67892;67894;67893;67895;67896;67897;67899;67900;67898;67901;67903;67902;67905;180617;67904;67906;67907;67908;67910;67909;67911;67912;67913;67914;67916;67915;67917;67918;180611;180603;180625;180608;180604;180624;180628;180619;181105;181082;181076;67919;67921;67920;67924;67923;67922;67925;67926;67927;67928;67930;67929;67931;67932;67933;67934;67935;67936;67937;67938;67939;67940;67941;67943;67942;67945;67944;67947;67949;67948;67946;67951;67950;67952;67953;67955;67956;67957;67958;67954;67959;67960;67961;67963;67962;67964;67965;67966;67968;67967;67969;67970;67971;67972;67974;67975;67973;67976;67977;67979;67980;67978;67981;67982;67986;67985;67984;67983;67987;67989;67991;67990;67988;67992;67993;67994;67996;67995;67997;67999;68000;67998;68003;68002;68001;68005;68004;68006;68008;68009;68007;68010;68011;68012;68013;68014;68015;68016;68017;68019;68018;68020;68021;68022;68024;68023;181079;180620;181087;181029;181070;181057;181061;181113;181112;181100;68026;68028;68027;68025;68029;68032;68034;68033;68031;68030;68035;68036;68038;68037;68039;68041;68040;68043;68042;68044;68046;68045;68047;68048;68050;68051;68049;68053;68054;68052;68056;68055;68058;68057;68059;68060;68062;68061;68063;68064;68065;68068;68067;68066;68069;68071;68074;68073;68072;68070;68075;68076;68077;68078;68079;68080;68081;68084;68083;68082;68086;68085;68087;68089;68088;68090;68093;68092;68091;68095;68094;68097;68098;68096;68099;68100;68101;68102;68104;68105;68103;68106;68107;68108;68109;68111;68110;68112;68113;68114;68115;68116;68117;68118;68119;68120;68122;68121;68124;68123;68125;68128;68126;68127;68130;68129;68131;68134;68132;68133;68135;68136;68137;68139;68138;68142;68141;68140;68143;68145;68144;68148;68146;68147;68149;68151;68150;68153;68152;68154;68155;68156;68157;68160;68158;68159;68162;68161;68163;68164;68165;68166;68167;68168;68169;68172;68170;68171;68174;68173;68175;68176;68178;68179;181032;68177;181073;181017;181052;68181;68180;68182;68184;68185;68183;68186;68187;68188;68189;68191;68190;68193;68194;68192;68195;68197;68196;68200;68198;68199;68201;68202;68203;68205;68204;68207;68209;68208;68206;68210;68211;68212;68213;68216;68214;68215;68218;68217;68219;68220;68221;68222;68223;68224;68226;68225;68227;68229;68228;68230;68231;68232;68233;68235;68234;68238;68236;68237;68239;68240;68241;68242;68243;68244;68245;68246;68249;68250;68248;68247;68251;68253;68254;68255;68256;68252;68257;68259;68258;68260;68263;68261;68264;68262;68266;68267;68265;68268;68269;68270;68271;68274;68272;68273;68275;181099;181049;181056;181051;181054;181063;181090;181101;181074;181062;181064;181026;181039;68276;181059;68277;68279;68278;68280;68281;68282;68284;68285;68283;68286;68287;68288;68290;68289;68291;68292;68293;68294;68296;68295;68297;68298;68299;68300;68303;68304;68302;68305;68301;68306;68307;68308;181078;181019;181121;181107;181038;181031;181045;68309;68310;68313;68312;68314;68315;68311;68316;68320;68317;68318;68319;68321;68322;68326;68325;68327;68323;68324;68328;68329;68330;68332;68333;68331;68334;68335;68336;68337;68339;68340;68338;68341;68342;68343;68344;68345;68346;68347;68349;68348;68350;68352;68351;68353;68354;68355;68356;68357;68358;181021;68359;68360;68361;68362;68365;68363;68364;68366;68367;68368;68369;68371;68370;68372;68373;68374;68377;68376;68375;68378;68379;68381;68380;68382;68383;68384;68385;68386;68387;68388;68389;68390;68391;68392;68395;68396;68394;68393;68397;181065;181034;181093;181108;181122;181094;181091;181089;181119;181024;181018;181047;181053;68400;68399;181103;68398;68402;68403;68404;68401;68406;68405;68408;68409;68410;68407;68412;68411;68413;68414;68416;68415;68417;68418;68419;68420;68425;68422;68423;68424;68421;68429;68426;68427;68428;68430;68431;68434;68433;68435;68436;68437;68432;68438;68439;68441;68440;68443;68442;68444;68445;68446;68447;68449;68450;68451;68448;68453;68452;68454;68455;68456;68458;68457;68459;68460;68461;68462;68463;68464;68465;68466;68467;68468;181060;68470;68471;68469;68474;68472;68473;68476;68475;68477;68480;68479;68478;68481;68482;68484;68486;68487;68485;68483;68488;68489;68491;68492;68490;68494;68495;68493;68496;68498;68497;68500;68499;68501;68502;68504;68505;68503;68506;68507;68508;68509;68510;68511;68512;68513;181058;68514;68516;68515;68518;68517;68520;68519;68522;68521;68525;68523;68526;68528;68527;68524;68530;68529;68531;68532;181109;68533;68534;68535;68536;68537;68538;68540;68541;68539;181028;68542;68543;68547;68545;68546;68544;68548;68549;68551;68552;68550;68553;68555;68554;68557;68559;68558;68561;68560;68556;68562;68564;68563;68566;68565;68567;68568;68569;68570;68572;68571;181092;68574;68573;68575;68578;68576;68579;68580;68581;68577;68582;68583;68584;68585;68586;68587;68590;68588;68589;68591;68592;68593;68594;68596;68595;68598;181081;68597;68599;68600;68601;68603;68602;68605;68606;68607;68604;68609;68608;68610;68611;68612;68616;68613;68617;68615;68614;68619;68618;68621;68620;68622;68625;68623;68624;68626;68627;68628;68629;68630;68631;181075;68632;68633;68636;68634;68635;68638;68637;68639;68641;68640;68643;68644;68642;68645;68646;68647;68648;68649;68652;68653;68650;68654;68651;181043;68656;68655;68658;68657;68659;68660;68661;181116;68662;68663;68664;68665;68667;68666;68668;68669;68671;68670;68672;68673;68675;68674;68678;68676;68677;68679;68680;68682;68681;68683;68684;68688;68686;68687;68685;68689;68691;68690;68692;68694;68693;68695;68696;68697;68700;68698;68699;68701;68702;68703;68704;68706;68705;68707;68708;68710;68709;181050;68711;68713;68712;68715;68714;68716;68717;68718;68719;68720;68721;68723;68722;68728;68727;68726;68725;68724;68729;68731;68732;68733;68735;68734;68730;68736;68737;68738;68742;68740;68741;68739;68743;68744;68746;68747;68749;68748;68745;68750;68752;68751;68753;68754;68757;68756;68758;68759;68755;68760;68761;68762;68765;68766;68763;68764;68767;68768;68769;68772;68770;68771;181120;68773;68774;68777;68775;68776;68778;68779;68780;68782;68781;68783;181088;68784;68785;68786;68788;68787;68790;68791;68789;68792;68794;68793;68797;68795;68796;68800;68798;68799;68803;68802;68801;68805;68804;68806;68807;68808;68809;181115;68810;68811;68813;68812;68814;68815;68816;68818;68817;68819;68820;68821;68822;68823;181068;68825;68824;68826;68827;68828;68830;68829;68832;68831;68833;68835;68836;68834;68838;68837;68839;68841;68840;68842;68844;181095;68843;68863;68864;69009;69010;68920;68976;69157;69156;69158;69221;69251;69159;69253;69252;181055;69455;69456;69340;69492;69941;69501;69776;69940;69806;70008;70007;70113;70006;70009;70186;181096;70187;70346;70284;70347;70283;70285;70286;181097;70287;70288;70326;70363;70450;70386;70524;70535;70465;70574;70575;181015;70551;70552;70596;70597;70598;70690;70691;70692;70693;70702;70754;70770;71125;71103;71126;71102;71104;71105;71127;71128;71129;71106;71107;71130;71108;71109;181104;71110;71112;71111;71131;71186;71114;71113;71251;71187;181086;71252;71387;71241;71287;71333;71288;71289;71366;71368;71367;71334;71388;71513;71555;71556;71610;71611;68845;68847;68846;68849;68848;68850;68852;68853;68851;68854;68855;68977;68856;68978;69509;69942;70526;70525;69510;70599;71134;71132;71133;71515;71489;71875;71908;71514;71876;71985;71984;72057;72160;72058;72195;72227;72228;181118;72271;72315;72272;72362;72316;72419;72469;72471;72470;72496;72565;72566;72734;72677;72697;72735;72791;72792;72922;72809;72852;73006;73007;181048;73008;73069;73009;73070;73088;73172;73089;73112;73173;73197;73196;73279;73294;73280;73323;73324;73395;73450;73583;73605;73584;73662;181023;73721;73677;73720;73794;73795;74100;74143;73935;74202;74203;73936;74297;74298;74296;74299;74343;74345;76727;74344;76729;76728;76731;76730;76732;76733;76735;76734;76736;76737;74505;181114;74482;74455;74456;74457;76155;74483;76231;76738;76739;76232;76443;76442;76441;76740;76548;76741;76631;76742;76547;76695;76694;76743;76744;76745;76855;76746;76747;181071;76856;77008;77009;76748;76888;77010;77011;77044;77043;77045;77137;77076;77077;77192;77191;77242;77270;77463;77385;77550;77549;181085;77513;77515;77516;77566;77514;77517;77597;77694;77736;77622;77737;77735;77738;77848;77739;77805;77740;77847;77849;77978;77951;77952;78004;78005;78022;78072;78522;78523;78524;78618;78404;78525;78526;78527;78499;78454;78500;78501;78638;78528;78530;78529;78531;78639;78592;78593;78619;78640;78753;78721;78754;78755;78882;78838;78883;78908;79199;79200;79227;79201;79369;79370;79372;79371;79373;79424;79594;79593;181041;79708;79681;79680;79709;79756;79757;181040;79845;181022;79847;79846;80000;80001;80002;80003;80071;80070;181067;80110;80111;80112;80113;80155;80114;80154;72472;72533;72535;72534;73221;73222;73606;73959;73607;73960;73243;73961;74376;74378;74101;76184;74377;74484;76185;76186;76603;76602;76601;76781;76926;76927;76928;77139;77138;77140;77355;77891;77624;77892;77623;77625;77893;77953;78579;78580;78578;77894;78757;79242;79325;79243;78839;78756;79374;79376;79375;79758;79735;80004;80156;80005;80157;80006;80158;80329;80387;80407;80503;80877;80504;80899;80900;80901;81011;80927;81044;81065;81031;81066;81099;81067;81306;81157;181025;81307;81288;81289;81465;81466;81464;81467;81538;81537;81801;81721;81800;81802;81722;81723;81803;81804;81725;81724;81805;81806;81660;81807;81808;81749;81902;81766;81947;82015;82016;82065;82288;82287;82488;82289;82465;82464;82517;82489;82688;181080;82689;82687;82690;82787;82757;82808;82789;82788;82980;82982;83026;83400;82981;83131;83401;83404;83444;83402;83403;83445;83446;83447;83535;83984;181084;83985;84003;181035;181042;84074;181066;84073;84138;84107;84202;84351;84256;84354;84417;84352;84353;84418;181083;84463;84485;84464;84534;84608;84659;84784;181016;84757;84817;84785;85097;85098;181117;85096;85100;85099;85101;85102;85103;85106;85105;85104;85107;84889;85108;84890;85109;85112;85110;85113;85111;85114;85115;85035;84975;85036;85067;85116;85117;85294;85137;85339;85247;85395;85487;85488;85490;85489;85491;85492;85526;85611;85612;181102;85613;85614;85642;85679;85710;85711;85732;85778;85777;85779;85780;85781;85782;85864;85958;85865;85959;86095;86096;86199;86240;86359;86360;86487;86520;86521;86522;86556;86557;86612;86624;86714;86715;86742;86741;86743;86843;86892;86925;87018;86927;86926;87021;87020;87022;87019;87023;87024;87025;87026;87090;87028;87027;87091;87029;87092;87093;87030;181077;87031;87032;87033;87034;87095;87094;87035;87037;87036;87038;87040;87039;87041;87042;181027;87097;87118;87119;87096;87230;87271;87231;87272;87300;87301;87302;87363;87364;87365;87395;87448;87449;87396;87450;87451;87547;87636;81101;81100;81102;81564;81966;81871;81873;81872;82518;82490;82491;181036;83045;83046;83047;83448;83776;83449;84108;84109;84110;84388;84389;84419;84786;84818;84819;85118;85178;85175;85177;85176;85261;85262;85439;85438;85440;85263;86395;85967;86438;86778;86779;86780;87098;86881;87332;87753;87793;87792;87794;87795;87796;87797;87798;87799;88029;87936;88030;181037;88031;88069;88070;88071;88167;88168;88443;88444;88445;88403;88478;88674;88777;88776;88477;88778;88779;88780;88782;88781;88856;89064;89769;89065;89094;89815;89095;89770;89859;89858;89816;89951;89978;89952;181020;89953;89979;89980;89981;90074;90111;90075;90110;90112;90137;90113;90176;90174;90175;90295;90296;90177;90383;90486;90384;90488;90487;90489;90613;90614;90666;90667;90745;90747;90746;90850;91029;90880;91030;91031;91032;91148;91149;91150;91152;91151;91211;91210;91072;91112;91212;91113;91415;91414;91417;91416;91418;91493;91494;91641;91737;91535;91797;91796;91798;91799;92008;92028;92396;92397;92576;92577;92489;92599;92687;92689;92688;92690;92716;92747;92835;92934;92936;92935;92937;93034;93268;93147;93035;93093;93338;93446;93641;93447;93759;93501;93760;93790;93804;93842;93791;93857;93947;94149;94221;93949;93948;94222;94428;94247;181110;94264;94429;94696;94495;94496;94697;94698;94699;94700;94703;94704;94702;94701;94705;94706;94708;94707;94709;94710;94711;94713;94714;94712;94715;94716;94717;94718;94719;94720;94723;94722;94721;94724;94725;94726;94622;94727;94621;94895;94908;94907;95041;94927;94928;95276;95277;95379;95561;95464;95410;95831;95598;95977;95979;181072;95978;96065;96066;95980;96067;87835;87834;88032;87836;90178;88033;88857;88981;90342;90297;90987;181111;90936;181033;90938;90937;91213;91292;91291;91293;91590;91294;181030;91738;91591;91592;92656;91850;92657;92779;92780;92677;92983;92781;92984;93448;93148;93449;93676;93677;93904;93678;181069;93905;94064;93906;94094;94223;94225;94532;94224;94533;181046;95042;95044;95043;95759;95758;95617;96068;96069;96070;96326;96279;96298;96299;96328;96327;96329;96476;96584;96401;96585;96586;96692;96587;96751;96588;96752;96753;96789;96945;97036;97007;97008;96970;97139;97198;97346;97293;97345;97347;180776;97371;97372;97404;97405;181098;97485;180782;97547;97508;97506;97507;97593;97626;97627;97765;97820;97749;99062;97821;99061;99064;99065;99063;99066;99068;99067;99069;99070;99071;99073;99074;97907;97906;99075;99072;99754;99298;99329;99330;99299;99332;99386;180854;99333;99331;99334;99500;99452;99562;99451;99755;99563;99565;99564;99566;99567;100046;100045;100087;100088;100089;100171;100341;100343;100342;100344;100368;100369;100397;100396;100506;100505;100507;180812;100526;100525;100613;100527;100528;100776;100800;100886;180758;100887;100947;180785;180820;100888;100889;100978;101022;101076;101097;180809;101138;101139;101250;101249;101251;101798;101382;101383;101877;102031;101878;102511;180805;102281;102282;102283;102284;102339;102285;102340;102287;102286;102288;102289;102290;102293;102292;102291;102294;102296;102295;102298;180851;102297;102299;102301;102300;102341;102303;102344;102342;102343;102302;102345;180871;102346;102347;102473;102409;102533;102512;180872;102514;102513;102515;102534;102569;102516;102571;102633;102570;102772;102850;102851;103204;102904;102970;180830;103164;103165;103347;103166;103238;103488;103489;103490;103491;103525;180878;103558;103559;103625;103626;180814;103803;103684;103829;103729;103914;103955;180756;104088;104002;104001;104089;104199;104247;104200;104248;104368;104618;104698;104617;104799;104773;104837;104838;104946;104864;105015;104948;104947;105016;105027;105028;105068;105142;96477;96478;96589;96479;97057;97117;97118;97406;97407;97408;99160;99159;99161;99387;99389;99388;100235;100234;100233;100450;100449;100451;100583;180864;180860;100584;101098;101193;101192;101194;102061;102059;102572;102060;102623;102624;103401;102773;103348;103560;103402;103765;104169;104167;104369;104168;104370;104371;105144;104565;105143;105247;105145;105598;105601;105599;105667;105668;105600;105671;106118;105670;105669;106119;106240;106239;106365;106327;106366;106368;106364;107014;180777;106572;106571;107015;107080;107079;107203;107204;107205;107206;107247;108319;108318;108273;108358;108320;108393;108321;108359;108394;108642;108479;109104;108862;108938;109105;108863;109106;109109;109107;109110;109108;109111;109112;109153;109438;109154;109024;109155;109025;109439;109113;109192;109193;109297;109298;109331;180829;109332;109333;109665;109440;109542;109666;109629;109807;109809;109808;109810;109811;109827;109826;109979;109978;109977;109980;109982;109981;109985;109983;109984;109986;110070;110108;110276;110109;110277;110278;110505;110582;110702;110703;110704;110701;110705;110706;110707;110629;110750;110749;110751;110752;110917;110918;110995;110996;111024;111025;111252;111253;111254;111319;111481;111320;111482;111483;111484;111485;111800;111723;111801;111724;112025;112129;112103;117466;112130;117623;180788;117624;117679;117765;117767;117768;117766;117815;118025;118026;117970;118027;118076;118161;118125;118184;118368;118183;118709;118763;118762;118766;118765;118764;118768;118767;181044;118770;118769;118771;180807;118772;118773;118774;118775;118776;118777;118778;118779;118782;118781;118780;118783;181106;118784;118811;118810;118511;180762;118512;118859;118813;118812;118849;118850;119111;118860;119166;119278;119247;119248;119293;119328;119329;119755;119756;119757;119796;105520;105759;106040;106241;105760;106225;106242;107051;106328;108939;107052;106468;106670;109386;109008;109523;109543;109156;109524;109631;109630;109632;109828;109829;109881;110527;110071;110404;110583;110584;110585;110997;111144;110998;180867;111562;180816;111622;111725;111993;180810;112283;111726;117378;180819;117513;117446;117514;117493;117769;117848;117770;117847;117849;118053;180831;180863;118055;118105;118107;118054;118106;118441;180821;118814;118852;118851;118861;180858;119279;180778;119535;119534;119567;180865;119638;180765;119639;180842;120975;121172;121408;121279;121200;121378;121496;121497;121500;121523;121499;121498;121524;121525;121583;121526;121584;122325;122327;122326;122328;122461;122460;122462;122574;122575;122633;122632;122801;122838;122863;122864;122991;122992;122938;123122;123055;123430;123431;123484;123483;123485;123646;123960;123986;124097;124133;124014;124134;124135;124229;124230;124253;180799;124254;127567;127568;180825;127569;127571;127570;127572;127573;127575;127574;127576;125106;125107;125108;127577;125109;127578;127579;127580;127581;127582;127583;127584;125188;125187;125110;125189;125111;127585;125191;125190;125112;125442;125443;127587;127586;125444;127588;127589;125589;125688;125914;125689;127590;126024;126023;126022;127591;127592;126083;180757;127594;127593;126141;180761;126249;126316;126142;126300;127595;126317;127596;126318;126451;126450;127597;126671;127598;126672;126609;127599;126807;126708;126936;127030;126937;127600;126938;127601;126971;127031;127602;127603;127604;127605;127608;127606;127607;127609;127610;127976;127977;127612;127611;180811;180763;180783;180866;180775;180804;180770;180835;180768;180764;180836;180787;180767;180840;180800;180505;180780;180796;180855;180786;180808;180853;180845;180755;180834;180841;180822;180793;180784;180826;180868;180876;180795;180789;180838;180833;180844;180861;180792;180760;180772;180797;180832;180790;180801;180848;180856;180837;180852;180803;180759;180771;180827;180847;180873;180849;180791;180850;180869;180798;180859;180875;180843;180773;180857;127978;127981;127980;127979;127982;127983;128405;127984;128512;128598;128445;128298;128494;128514;128655;128513;128599;128656;128846;129036;128847;180815;128845;128747;129086;128980;128961;128848;128748;129087;129328;129088;129262;129139;129138;129263;129329;129264;129514;129574;129330;129987;129988;130039;129989;130040;180774;180862;130138;130139;130184;130415;130247;180779;130497;130442;130414;180846;180874;180781;180877;180806;180817;180870;180828;180753;180818;180802;180794;180766;180754;180824;180813;180739;180823;180698;180632;180769;180635;180672;180661;180727;180839;180650;180659;180674;180655;180662;180675;180663;180746;180642;180725;131269;180678;180742;180673;180654;180726;180701;180751;180668;180664;131270;180697;130737;131271;180691;131110;131272;130993;131111;131273;131113;131373;131112;131274;131518;131520;131519;131521;131828;131829;131915;131971;180734;131972;131973;131974;180656;132221;132303;132304;132667;132668;120977;180641;120976;132380;132381;121201;132412;121202;180644;180717;121630;180666;121566;122044;122045;180750;180712;122141;180638;180741;122802;122804;180708;122805;122803;180740;180683;123145;180722;123631;123962;123961;175049;124048;124231;125113;180724;125114;125116;125115;180647;125237;125235;125238;125236;125380;180703;125755;125665;125792;125804;125938;125965;125964;180738;125963;180687;125966;126144;126143;126488;180737;180633;126673;126610;126557;126674;180646;180728;180652;180714;127613;127614;127615;127616;127617;128600;127985;180680;129140;129515;129141;128981;128601;129955;129575;180704;180634;129841;129551;129956;130994;130995;180695;129990;130996;131174;131175;130997;131743;131209;131744;132305;131918;131916;180692;131917;180657;132067;132881;133019;132944;180643;180696;133020;180631;133153;133021;133123;133122;133154;133182;133155;133184;133220;133183;133185;133186;133330;133279;133331;133187;180690;133332;133444;140038;133590;140032;140033;133591;133513;133514;133515;133631;133780;180640;180677;133745;180732;133781;133823;133782;134020;180682;180689;134058;134021;134022;180685;180729;140035;134059;134141;140036;134143;134142;134191;134338;134340;134339;134357;134341;134388;134556;134644;180710;134687;180715;134689;134688;134690;134821;134750;134751;134752;134691;180736;134846;180713;134753;134931;180636;134886;134887;134970;135001;180649;180720;180686;180679;180660;180693;180681;180637;180665;180671;180733;180653;180670;180700;180645;180699;180752;180744;180723;180718;180658;180705;180709;180743;180651;179931;180748;180667;180719;180716;180676;180694;180735;180745;180629;180749;180669;180730;180706;180707;180747;180721;180711;180630;180684;135428;180731;135374;135217;135218;135663;135375;135429;135430;135376;135377;135573;180639;135378;135665;135379;135664;135431;135380;180702;135715;135748;180923;135747;135884;135950;135885;135951;135952;135954;135953;135955;135958;135956;135957;180947;180931;180882;180907;180995;180688;180940;180887;180976;180937;180978;180981;180911;180892;180894;180957;180939;180963;180961;180968;180998;180953;180883;180884;180973;180905;180989;180906;140034;180888;181003;180880;180936;181001;180927;181000;180901;180915;180991;180987;180982;180920;180648;180909;180946;180910;180972;180958;180967;180997;136597;136644;136598;136161;136445;136446;136447;180897;136418;136419;180959;136600;136599;136543;180985;180988;136601;180918;136645;136647;137345;136646;136602;137171;137218;137219;136958;137037;180930;137220;137221;137129;137222;137223;137224;137250;137289;137385;137384;137346;137695;137386;137694;137529;137531;137530;180956;137387;137532;138201;137769;137696;137768;137771;137770;137819;137871;137740;137820;138203;138202;138204;138246;138482;138484;138483;138481;138485;138486;138487;138660;138661;138659;138663;138662;138665;138664;138666;138667;180924;180898;138975;138976;140037;139396;139162;139163;139219;139276;139275;139278;139277;139397;139350;139351;139352;139473;139474;139475;139530;139613;140436;180955;140042;139909;140205;149376;140613;140395;140455;140483;140437;140498;140524;140482;140486;140497;140525;142897;140783;141221;140614;180895;141252;141228;141234;141215;180984;141257;141239;141241;180925;141218;141238;180994;141235;141236;141229;141258;141237;141253;180979;180922;141242;141232;141223;180900;180941;141254;141256;180913;141209;141219;180893;141220;180962;180964;141233;180992;180904;141250;141227;180999;180983;141255;141225;180986;180969;180990;180949;141226;180977;141259;141224;141222;141053;141240;141310;141120;180975;141312;141414;141313;141309;141130;143210;141413;141308;180903;141261;141311;141637;141777;141813;141856;141857;141855;141912;141935;141933;142005;142744;142786;180891;142785;142752;142743;142755;142780;142791;142811;142770;142763;142789;142751;142776;142997;142796;142797;142814;142764;142804;142812;142769;142750;142760;142768;142800;142774;142748;142754;142794;142782;142749;142805;142773;142813;142801;142778;142775;142759;180934;142783;142756;180971;142777;142802;180950;180926;142792;142771;142753;142899;142803;142781;142798;180889;181002;142762;180917;142765;142772;142787;142767;142747;142766;142758;142761;142795;142815;142482;142484;180899;142486;142487;142962;142485;142895;142900;142799;142488;142790;180890;142793;142779;142898;142745;142746;142788;142757;142961;142964;142784;142963;142965;142996;142896;142877;143118;143197;143201;143372;143368;143377;143378;143534;144216;144212;144209;146197;146200;144206;144208;144213;144329;144330;144331;144333;144332;180960;144338;144335;144336;144563;144508;144562;144371;144372;144375;132762;144373;132945;132946;133381;133382;133663;133632;133711;134023;134024;134061;134060;134342;134343;134358;144340;134359;144374;144339;144561;134645;180896;144447;144565;144457;144564;135381;135432;135433;180938;135574;180948;136388;136022;136448;180921;136485;136727;137172;137173;137225;137226;137290;137291;180886;180916;180944;137388;180943;180932;137697;180966;137821;180996;138247;180912;138418;138417;138488;180974;180954;139164;180914;180942;139165;180945;139166;139167;139398;139541;139476;139771;139531;180929;140082;140084;140500;140499;140208;140496;140588;140789;141207;141364;140930;140926;141367;141365;141396;142222;142024;141395;142483;180881;142676;142868;142869;180919;143207;142905;143067;142867;146198;146201;143451;143427;144014;143535;143486;144207;144853;144844;144711;144210;144940;144748;145036;145086;145006;145012;145075;145462;145461;145080;145539;145508;146565;146046;145540;146083;146077;146195;146438;146101;146546;146078;146441;146639;146580;146640;146637;146638;146583;146636;146585;146568;146768;148551;146865;146866;146868;146933;146867;146934;147169;147141;147166;147168;147170;147167;147165;147195;147213;147646;147641;147656;147655;147712;147863;147888;148183;148127;148035;147861;148181;148547;148359;148134;148219;148421;148343;148446;148382;148423;148371;148398;148571;148556;148644;148713;148997;148861;148862;148884;148883;148998;149000;148999;149021;149001;149056;149059;149213;162817;151113;149316;149909;149914;149958;149928;162816;149931;149915;149947;149943;149922;149937;149969;149941;149932;149966;149954;149964;149959;149955;149965;149935;149940;149962;149936;149929;149939;149942;149924;149963;149923;149933;152764;149917;155318;149956;149916;155325;155323;149948;149912;149968;149913;155348;149961;149938;149960;149918;155324;149911;149910;149934;149946;149927;149994;149993;149790;149785;149995;149996;150063;150133;150060;150142;150145;150153;150238;150242;150282;150345;150344;150349;150348;150500;150496;150693;150425;151217;150426;150449;150447;150428;150429;150725;150494;150495;150497;150493;153180;150498;150499;150748;150747;150779;150723;150724;150794;151359;151148;151150;151218;151279;151284;151450;151152;151449;151353;151430;151505;151432;151918;151917;151926;151682;151681;151984;151982;151928;151925;152095;152093;152184;152177;152365;152264;152366;152496;152493;152538;162815;152498;152509;152494;152495;152513;152548;152549;152512;152511;152510;152615;152625;152622;152616;152626;152614;152687;152623;152686;152617;152795;152911;152907;152979;152980;152978;152981;153110;153240;153109;153237;153236;153241;153531;153239;153419;153574;153534;153565;153566;153575;154106;153997;153765;154066;154341;154085;154096;154128;154097;154835;154176;154270;154353;154164;154271;154269;154277;154268;154236;154808;154433;154782;154780;154850;154848;154859;154844;154837;154833;154902;154886;154905;154934;155978;155568;180980;155986;155967;155987;180902;155969;155414;155390;155984;155403;155412;155406;155407;155405;155398;155387;155437;155392;155434;155428;155413;155429;155391;155410;155408;155395;155396;155389;155415;155388;155427;155425;155424;155417;155394;155397;155419;155422;155421;155430;155402;155435;155436;155426;155418;155420;155401;155438;155400;155393;155399;155409;180952;155423;155416;155404;155623;155431;155433;155411;155432;155611;155617;155608;155609;155606;155569;155610;155563;155572;155564;155567;155298;155566;155565;155692;155636;155695;155694;155693;155847;155846;180885;155844;155845;155957;155993;155991;155958;156120;156045;156119;156156;156123;156147;156244;156243;156206;156398;156399;144904;156397;146196;144802;144905;144903;144907;144906;145505;145700;146047;146045;146377;146376;146300;148549;146299;146096;146269;148550;146305;146534;146352;148546;147804;146304;148548;146549;147767;146989;146587;146588;146988;146993;147204;147205;147203;147202;147642;147621;148544;148545;147811;147862;147839;147840;147865;148383;147869;147864;147965;147966;148088;147967;148036;148133;148258;148259;148642;148459;148458;148380;148453;148452;149049;149214;149245;149296;149420;149357;149822;149421;149356;150061;150689;150299;150722;150062;150688;150778;154915;150784;150783;150843;150782;151112;150941;151114;151281;151506;151690;151689;151529;154917;151948;151943;151954;152018;151944;152049;152094;152195;152267;152265;152268;152266;152744;152382;152601;152465;152389;152464;152597;152598;152578;152912;152618;152754;153172;153210;153390;153442;153443;180928;180951;153558;153557;153550;153567;153559;153665;153837;153838;153992;153964;153991;154916;154165;154146;154163;154145;154971;154970;154746;154885;155245;154845;155011;155615;155616;155673;155638;155679;155680;155674;155742;155869;155926;155889;156205;156204;156116;156265;156458;180993;156663;156652;156664;156459;156700;156706;156705;156708;156797;156910;156876;156800;156875;156936;157060;157061;157122;157121;157123;157159;157161;157223;157275;157274;157277;157333;157335;157317;157316;157368;158103;158101;158098;158099;158726;158113;158108;158104;158110;158114;158118;158269;158305;158268;158267;158307;158332;158350;158467;158732;158797;158796;158794;158882;158881;158884;158904;158903;158959;158984;158956;158968;158970;167841;158962;158998;168197;158999;168074;168198;168276;168278;168407;168238;168277;168641;168283;168425;168645;168426;168644;168640;168633;168634;180970;168632;168881;159294;159293;159212;159295;159209;159540;159608;159641;159607;159655;160050;160052;161947;160051;160191;160212;161946;160186;160379;160245;160246;160383;160272;160463;160312;160310;160311;160504;160413;160510;160632;160633;162812;162798;161275;161302;161274;161294;161316;161284;161297;161277;161289;163027;161301;161319;161310;163040;161314;161306;161298;161280;161286;161313;161283;161324;161300;161293;161321;161296;161276;161278;161290;161304;161292;161309;161322;161312;161315;161279;161318;161295;161291;161323;161320;161307;161308;161305;164330;164791;164801;161317;161288;161285;161303;162797;161282;161382;161311;161055;161381;161378;161377;161066;161379;165612;161380;168484;167054;162809;168151;162810;162787;162789;162811;162781;162801;161507;161385;162793;161489;161657;162808;161658;163256;161681;162799;161765;161767;161680;161722;161771;161792;161764;161766;161791;162803;161896;162814;162800;161805;161929;162788;162806;162166;161973;162332;162306;162792;162401;162717;162307;162790;162526;162489;162588;162676;162589;162587;162802;162807;162805;162791;162794;162795;162804;162796;162680;162783;162627;162626;162696;162684;162677;162685;162681;162675;162686;162708;162683;162678;162687;162716;162679;162784;162880;162968;162786;163025;163397;163261;163442;163448;163396;163441;163471;163470;163505;163474;163513;163674;163738;163705;163810;163702;163743;163730;163707;163809;163894;163742;163744;163929;163828;163808;163859;163857;163854;164004;164033;164084;164142;164035;164032;164137;164432;164436;164383;164423;164437;164394;164404;164419;164424;164427;164415;164491;164429;164420;164797;164799;164518;165168;164826;165166;165167;165172;165169;165095;165017;165012;165170;165203;165171;165272;165318;165218;165309;180879;165314;165279;165273;165298;165518;165519;165516;166568;166563;165515;165661;165699;165689;165697;165698;165713;165742;165734;165736;165733;166050;166051;166104;166090;166067;166176;166229;166571;166565;166365;166368;166369;166387;166364;166388;166363;166367;166278;166349;166347;166274;166570;166512;166438;166366;166506;166489;166435;166472;166516;166513;166519;166553;166515;166517;166609;166610;166611;166573;166575;166594;166557;166518;166520;166801;166927;166938;166928;166934;166953;166936;166937;166935;167545;167574;167560;167558;167561;167539;167559;167584;167524;167579;167547;167586;167537;167581;167646;167594;167555;167589;167592;167556;167562;167550;167527;167531;167565;167575;167536;167522;167528;167546;167573;167551;167538;167529;167577;167548;167533;167564;167526;167563;167585;167557;167580;168133;167553;168114;167783;167784;167552;168066;168070;168109;168056;168064;168101;168075;168068;168110;168080;168058;168088;168069;168097;168105;168106;168111;168119;168067;168065;168095;168120;168108;168083;168118;168063;168127;168107;168077;168086;168073;168116;168090;168076;168104;168061;168087;168102;168094;168082;168085;168062;168071;168113;168100;168093;168079;168084;168098;168125;168078;168117;168096;168115;168170;168235;168162;168174;168132;167782;168164;168129;168037;168130;168036;168179;168035;168177;168237;168225;168236;168226;168257;168427;168703;168491;168538;156476;156574;156570;156571;156572;156573;156707;156740;156859;156858;168856;157137;168839;168851;168836;157164;168834;168841;168852;168858;157291;157359;158102;157387;158112;158107;158100;158171;158471;158474;158492;158359;158463;158475;158739;158740;158738;158734;158767;158800;158795;158792;159015;158793;159066;159011;159016;158997;159057;159067;159173;159123;159071;159183;159117;159186;159070;159187;159381;159184;159359;159382;159383;159633;159553;159519;159609;159587;159588;159605;159610;159604;159642;159644;159728;160271;160190;160189;160385;161195;160495;160681;160856;160858;160898;160859;160985;161418;160983;160917;161426;161417;161399;161444;161419;161420;161488;161487;161485;161486;161484;161622;161623;161648;161939;161649;161895;161927;161928;176376;162219;162213;162210;162214;162216;162186;162218;162220;162217;162178;162397;162333;162331;162334;162391;162423;162527;162525;162813;162660;162661;162732;163008;163010;162837;162886;163011;163013;163038;163036;163037;163039;163114;163097;163286;163277;163278;163279;163731;163668;163807;163675;163813;163677;163856;164041;163890;163965;163968;163966;163967;163969;163970;163971;163928;164141;164136;164258;164158;164257;164259;164286;164299;164297;164296;164300;164301;164298;164537;164589;164629;164790;164892;164895;164893;165087;165088;164894;165209;165208;165243;165315;165317;165297;165296;165711;165663;165712;165639;165638;166003;165985;166111;165984;166348;166346;166437;166436;166702;166738;166774;166797;167040;167199;167203;167198;167629;167630;167543;167587;169576;169463;169527;169746;170637;169713;169719;169982;169977;169996;169993;169995;170042;170044;170041;170117;169985;169994;169988;170091;170092;170045;170154;183775;170148;170464;170158;170487;170509;170700;170460;170510;170469;170715;170507;170467;170498;170520;170481;170516;170537;170483;170489;170620;170484;170477;170666;170486;170488;170482;170476;170517;170588;170461;170596;170499;170515;170636;170676;170521;170667;170699;170890;171075;171071;171069;171068;171067;171114;171115;171220;171112;177224;171221;171665;171677;171675;171678;171676;171666;171797;171787;171754;171784;171747;171783;171800;171840;171801;171799;171997;171995;172026;171991;172000;172037;171998;171994;171992;171993;171966;172129;172244;172128;172260;172247;172242;172245;172257;169715;169714;169717;169911;169716;169912;169910;169914;169924;169998;169923;170255;171230;170462;171219;171104;171222;171397;171398;171393;171396;171395;171391;171953;172038;171798;172035;172240;172679;172663;172633;172674;173266;173058;173617;173257;173057;173974;173830;173833;173972;174039;174038;174721;174416;174419;174905;174904;175006;175108;175287;175919;176255;175398;180935;176254;176424;176421;176423;176420;176634;176893;177129;180908;177213;177257;177258;172585;177651;177899;177898;177897;177895;177931;177935;178261;178580;178585;178262;178685;178263;178905;178906;178908;179068;179069;178907;179071;179067;179070;179841;179846;179844;179858;179862;179847;179851;179854;179853;180456;180455;179842;181226;181551;181179;181251;181180;181252;181253;181323;181553;181392;181557;181554;181555;181556;181552;181815;181811;181813;181812;181844;182192;182443;181814;182795;182741;182576;182611;182698;182790;183034;183057;183062;183083;183270;183249;182978;182977;183432;183840;183838;184356;183986;184527;184789;185570;185497;185571;185889;186180;186671;186668;186670;186181;186625;186669;186694;186693;186752;186962;186926;186960;186924;186964;187193;187192;173036;173048;173035;173038;173049;173259;173258;173194;173876;173840;173456;173264;173261;173973;173898;173859;173895;173879;173832;173880;174005;170177;174158;173848;174020;174143;174385;174234;174159;174383;174231;174417;174431;174432;179867;174433;174501;174503;174753;174762;174502;172239;174550;174551;175008;174573;174678;174583;174789;174761;175140;175010;175023;175151;175123;175009;175719;175687;175686;175678;175701;175717;175716;175718;175685;175683;175721;175720;175692;175705;175698;175695;175682;175684;175677;175691;175681;175703;175694;175704;175715;175699;176419;175697;175700;175710;175712;175690;175696;175680;175727;176422;175679;175713;175729;175688;175709;175726;177905;180933;175728;175702;175693;175724;175708;175725;177896;175706;175707;175986;175995;175987;175689;175991;175711;175714;176305;176303;175990;176300;176306;180965;176315;176294;176273;176297;176304;176276;176319;176275;176298;176301;176302;176295;176314;176309;176308;176292;176313;176274;176272;176277;181326;176312;181324;176285;176281;176282;176318;176286;176293;176317;176288;176280;176311;176316;176283;176287;176462;176360;176284;176358;176344;176343;176307;176299;176359;176335;176279;176135;175992;175985;176107;175994;175993;176337;176236;176982;176339;175978;176253;186672;186673;176389;176637;176399;176734;176746;176747;176887;176733;177638;177280;177113;177130;177131;177331;177357;177373;177344;177336;177412;177339;177413;177411;177338;177337;177410;177414;177343;177341;177335;177498;177508;177493;178756;177506;177481;177496;178267;178265;178575;177521;177774;178686;178264;178266;177773;177845;178034;177936;178708;177835;178033;178035;178577;178579;178578;178581;178584;178343;178327;178341;178342;178338;178339;178340;178576;178582;178715;178683;179843;178684;178839;178911;178716;178975;178810;179027;178583;178624;178811;179066;179245;178714;179205;179235;179204;179239;179240;179234;179238;179244;179330;179237;179241;179243;179236;179242;179372;179371;179370;179850;179852;179856;179845;179866;179865;179849;179860;179839;179859;179861;179848;179863;179868;179855;180196;179840;179857;179864;180215;179891;179878;179877;179892;180228;180349;180263;180504;180284;181550;181124;181549;181123;181391;181127;181325;181366;183884;181367;181331;181332;181330;181478;181365;181441;181442;181420;181421;183059;181568;181569;181571;181572;181570;181643;181645;181644;181642;181654;181754;181684;181653;181755;181787;181683;181685;181773;181774;181895;182087;182738;182088;182518;182652;182737;183086;182610;182735;182736;182609;183235;182739;183058;183029;182846;182959;182847;182869;182796;182912;182867;182868;182911;183354;183084;183085;182979;183289;183389;183290;183250;183233;183234;183323;184317;184314;183353;183352;183978;183974;183321;184092;184057;183388;183322;183518;183387;183431;183433;183743;183744;183742;183741;183839;183740;183841;183739;183774;183819;183756;183820;183821;183911;184058;183973;184059;184089;184093;184163;184091;184090;184187;184316;184450;184313;184315;184381;184382;185368;185845;185813;185823;185850;185878;185851;185860;185822;185821;185820;185817;185827;185818;185838;185835;185868;185877;185871;185865;185870;185875;185879;185848;185836;185866;185844;185829;185849;185837;185824;185815;185854;185852;185872;185858;185853;185841;185826;185876;185830;185840;185825;185831;185843;185819;185814;185833;185842;185846;185816;185867;185828;185862;185863;185834;185859;185874;185864;185856;185861;185869;185857;185832;185855;185839;185847;185890;185873;185892;185893;185424;185891;185894;185423;185422;185496;186107;185518;186112;186125;186108;186123;186092;186116;186113;186122;186134;186120;186091;186127;186097;186121;186099;186104;186110;186093;186140;186106;186102;186135;186089;186128;186096;186103;186130;186129;186136;186114;186124;186105;186090;186095;186111;186138;186117;186109;186118;186139;186131;186100;186098;186094;186115;186132;186119;186137;186126;186101;186198;186199;186200;186133;186393;186197;186356;186242;185955;186196;186182;186355;186292;186184;185956;186422;186354;186185;186377;186378;186376;186357;186423;186522;186735;186736;186509;186753;187094;186965;186963;186839;186957;187270;186840;187089;187029;186838;186959;186958;187030;186925;186841;187032;186961;187090;187026;187092;187049;187095;187093;187091;187183;187618;187629;187615;187617;187483;187484;187628;187640;187638;187485;187616;187486;187979;187863;187931;187930;188033;187907;188024;188026;187952;187980;187953;187951;188034;188035;187932;189141;189142;188027;188025;189200;189164;189166;189167;189252;189253;188074;189089;189202;189307;189480;189376;189359;189378;189380;189379;189591;189590;189589;189517;188028;187968;189516;189754;189180;189628;189515;189760;189201;68857;79445;79446;79448;189606;79447;189666;79449;79450;79451;79453;79452;79455;79456;79454;79457;79458;79459;79460;79461;79463;79464;79462;79465;79467;79466;79468;79470;79469;79471;79472;68878;79475;79474;79473;79477;79478;79476;79481;79480;79479;79482;79484;79483;79487;79486;79485;79489;79490;79488;79491;79492;79493;79495;79494;79496;79497;79498;79499;79500;79502;79501;79503;79504;79505;79507;79506;79508;79510;79509;79511;79514;79512;79513;79515;79516;79517;79518;79520;79519;79522;79521;79524;79525;79526;79523;79527;79528;79530;79531;79532;79529;79533;79534;79536;79535;79538;79537;78234;79539;78236;78235;78238;78237;78239;79540;79542;79541;79544;79543;79545;79546;79548;79547;79549;79550;79552;79551;79553;79554;79555;79556;79557;80007;80008;80247;80394;80279;80280;80248;80395;80439;80928;80929;81103;81012;81119;81118;81726;81694;81695;81696;81767;81903;81874;81768;81948;81904;81968;81967;82066;82691;82692;82983;83108;83482;83484;83966;83485;83483;83967;84004;84139;84140;84141;84203;84257;84390;85038;84891;84440;85037;85138;85139;85141;85142;85140;85144;85145;85143;85146;85147;85148;85188;85236;85237;85493;85340;85527;85529;85528;85733;85784;85783;86216;85968;86613;86669;86670;86802;86782;86882;86781;87167;87232;87273;87303;87333;87366;87489;87800;87801;87802;88034;87803;88169;88171;88170;88446;88737;88689;88783;88858;89020;89817;89066;89818;89860;90019;89982;90076;90139;90138;90385;90988;90298;90989;91153;91154;91295;91739;91155;91280;91740;91316;91741;91743;91742;91744;91745;91746;91748;91750;91751;91749;91747;91752;91756;91753;91754;91755;91775;91419;91776;92600;91777;91800;92602;92601;92659;92658;92691;92782;92854;92783;93036;93038;93037;93679;93395;93396;93397;93680;93709;93761;93792;93793;93907;93908;94065;94226;94095;94227;94229;94430;94228;94498;94534;94497;94909;94535;94650;94929;94931;94930;95045;95046;95278;95366;95279;95280;95599;95380;95618;95619;95620;95621;95794;95760;95795;95796;96071;96072;96073;96074;96300;96517;96518;96520;96519;96521;96522;96590;96591;96790;96947;97058;96946;97079;97119;97409;97410;97316;97120;97412;97411;99076;97486;97908;99077;99078;99079;99162;99080;99081;99082;99163;99164;99113;99390;99391;99392;99568;99569;99977;99975;99976;100090;100115;100116;100205;100236;100237;100398;100238;100399;100530;100529;100585;100948;100586;101040;101195;101140;101196;101199;101197;101198;101252;101200;102062;102065;102064;102063;102835;102573;102625;102774;102905;102906;102908;102907;103403;103404;103830;103592;103593;104136;104137;104138;104201;103627;104202;104203;104204;104249;104453;104454;104619;105146;105147;105248;105249;105250;105251;105643;105521;105644;105717;105718;105761;105762;106120;106121;106243;106226;106291;106469;106706;106524;107248;107129;107130;107249;108360;108823;108940;108941;108864;109114;109157;109158;109334;109426;109544;109545;109667;109668;109987;109830;109988;109989;110072;110306;110526;110305;110110;110580;110581;110792;110884;110791;111021;111022;111023;111049;111773;111772;111992;112024;112170;112282;117512;117377;117764;118050;117846;118051;118052;118708;118962;118963;119010;119277;119292;119484;119823;119566;122087;121605;122573;122837;123482;124013;124637;124638;125664;125105;125615;125104;125754;126020;126021;126669;126140;126670;127566;127565;127975;129370;129137;129550;130884;129986;130923;131150;131208;132666;134611;136071;135572;137128;137170;137217;137739;138415;138416;139442;140168;140169;140018;140019;140361;141374;142884;141383;143148;143132;142943;143454;145565;147899;150475;144837;150464;150180;146248;150906;150463;150986;151049;151464;153221;153582;152045;152398;154015;156595;154016;155945;155946;156597;154858;160508;158127;156598;159526;158121;159525;160505;164039;162772;164040;164818;164020;168501;168502;168722;164817;166048;169515;172364;174014;172363;179930;173270;179926;179927;179928;181126;181504;184449;184349;183198;186732;86316;10170;108803;10171;11024;31467;49806;134709;138072;134708;153136;155598;134710;136762;136825;136817;136818;136810;138222;138034;142873;137242;142874;138036;138035;136819;136812;138042;136824;136811;136823;136816;136813;136821;136815;138041;138038;136822;136814;137880;142876;138220;137899;137900;137904;138221;138331;140526;141350;140530;140502;140529;140522;140527;140576;140516;144930;142872;144932;140528;142875;152523;148574;148560;152505;152507;152506;153213;153141;153140;153135;155591;153146;155592;155594;155596;155593;155595;155597;155307;157862;158760;159713;161056;164071;166087;174512;159362;175386;175374;174515;182189;177330;186913;72817;186890;186909;72818;186905;72821;72820;72819;72822;186837;186889;72824;72823;72826;72827;72825;73138;72883;78586;81167;78587;80281;83816;86906;85535;89688;90775;89687;91673;92942;93125;95478;99438;137279;122822;122259;123512;122348;122757;129302;126819;123557;129502;128414;124009;126787;126786;128413;128508;134305;123079;132040;133266;148123;138037;176475;176474;148845;137355;136826;135904;138335;148974;135898;135755;138334;135903;135756;72829;91969;72828;93126;95925;100419;91971;157876;91674;91970;105295;96531;105296;91675;105297;105298;111065;101164;104811;103222;105299;133858;112161;80888;106143;86186;91676;135690;31462;25764;38914;47697;70683;25768;183241;182808;183242;182807;20283;66334;19944;35976;20743;159591;65549;44048;44047;11693;64853;73689;36162;24246;64852;26063;26025;55928;21697;57318;78689;58410;64670;59969;59317;97947;72282;91784;38866;40986;40663;52042;43862;47802;50706;55436;59195;59194;34205;10180;18591;187379;137327;137326;156380;137632;90797;10183;31410;99727;104031;130024;130127;168365;63348;63349;63350;63351;63352;63354;64669;65854;63353;72659;81300;93050;88808;86422;83818;94610;97435;104574;106842;102527;100260;107226;110288;111966;125264;118936;126309;127905;133966;127906;139746;137078;144060;148419;161801;152683;149850;173964;63355;90423;18202;164433;175601;185732;65855;179922;65856;91826;168364;65857;40947;179921;11456;11916;15417;16309;10483;63347;63346;110976;73379;23976;73380;18616;150958;151440;59114;150850;81496;81497;25344;176567;177371;177082;178016;181880;186483;189183;177756;187209;146582;146386;53916;137857;142056;144327;166980;148406;184141;184160;184147;184148;184139;184145;184151;184159;184155;148407;184135;184138;57365;69318;81669;105154;123418;57364;82297;71156;12018;150162;180273;180578;139240;156198;164121;181215;145534;139241;118333;138898;138897;143479;168861;177307;179667;179666;182514;186698;186697;65811;186699;65810;56044;10931;168008;65930;65929;26061;58847;20395;21556;24761;22336;25123;58848;25347;25703;27626;29698;26916;30204;31735;29982;33130;34119;35437;40929;38988;45388;48323;49260;51062;56667;55764;59113;62890;66636;84505;72706;78678;85662;87848;12226;69422;17637;21561;20136;11506;24268;90544;86148;11999;50434;48907;44119;50612;51814;53409;55908;57025;57863;59173;62065;63289;65630;69472;76458;71772;14278;20184;21140;25573;27591;33744;50022;17254;12044;11496;27522;20183;18558;15789;15395;31418;32195;34461;178961;88862;12635;12631;12632;12303;12633;12302;12305;12304;12306;12307;12309;12308;12310;12312;12311;12313;12314;12315;12316;12317;12318;12319;12320;12321;12323;12322;12324;12325;12327;12326;12329;12328;12330;12332;12333;12331;12334;12335;12336;12338;12337;12339;12341;12340;12342;12345;12344;12343;12347;12346;12348;12350;12351;12349;12353;12352;12354;12355;12357;12356;12359;12358;12360;12361;12363;12362;12364;12365;12366;12367;12369;12368;12370;12371;12372;12376;12373;12375;12374;12377;12378;12380;12379;12381;12383;12382;12384;12388;12387;12385;12386;12390;12389;12396;12395;12394;12391;12392;12393;12397;12399;12400;12402;12398;12401;12404;12408;12405;12406;12407;12403;12413;12409;12412;12410;12414;12411;12418;12420;12417;12415;12419;12416;12425;12423;12424;12422;12421;15652;12429;12428;12427;12426;12431;12430;12434;12432;12433;12435;12437;12436;12438;12440;12439;12442;12443;12441;12444;12446;12445;12449;12448;12447;12450;12452;12453;12451;12454;12455;12456;12459;12461;12457;12458;12460;12462;12465;12466;12467;12464;12463;12468;12473;12471;12469;12472;12474;12470;12476;12477;12478;12479;12480;12475;12481;12482;12486;12485;12483;12484;12487;12488;12489;12490;12491;12492;12494;12497;12498;12496;12495;12493;12503;12502;12500;12499;12504;12501;12505;12506;12507;12509;13658;12508;14311;14310;14625;14624;12636;13854;14211;14215;14595;12510;12511;14212;14696;13652;14698;13653;13846;14213;14214;15427;14240;14326;13853;14239;15412;14802;14380;14697;14623;14309;14738;15411;14596;14737;14739;15410;14735;14740;14736;15426;14734;14801;15535;15440;15409;15537;16016;15428;15958;15943;15959;15441;15944;15630;15629;15534;15700;15633;16017;16018;15536;15632;15533;15701;15532;15960;16019;15631;16009;15741;15702;15990;15946;15995;15945;15947;16053;15991;16039;15992;16040;16144;16054;16041;16108;16145;16366;16109;16295;16221;16148;16147;16146;16244;16159;16149;18017;16110;17165;17338;16222;17166;17167;17168;17169;17170;16160;17171;17172;16296;16211;16297;17173;17994;17175;17174;16263;17176;16384;17177;17178;16264;16298;17179;17621;17180;17181;18309;17146;17182;19827;17183;17184;17185;17186;17187;18441;16367;16361;17188;18310;16385;17189;16368;17147;17207;17148;17190;17149;16370;17191;16369;16371;16386;17192;18442;17264;17339;17129;17252;17265;17340;17266;18018;18443;17267;17310;18312;17589;17622;18311;17268;18160;18161;17269;19542;17270;18128;18313;17591;17365;17590;17644;17366;17995;17645;17623;17624;17625;19688;17659;17660;18093;17646;17626;17627;17628;17979;17980;17679;19828;19986;18469;17981;17680;19672;19987;18108;18094;18095;18278;18019;19829;18129;18147;19283;18109;18196;18162;18148;18111;18130;18279;18110;19988;19691;18197;18163;18280;18198;18470;18253;18385;18421;18500;18444;18238;18239;18386;18407;18240;18241;18387;18388;18408;18390;18510;18389;18423;18422;18409;18472;18471;18554;19712;18474;18473;18476;18501;18475;18512;19989;18511;18555;18556;18557;19543;19990;18594;19390;19830;18687;18648;18688;19213;18635;18657;19296;19380;19284;19422;19285;19268;19381;19409;19277;19332;19331;19673;19423;19286;19297;19410;19832;19831;19991;19411;19992;19412;19993;19424;19994;19425;19413;19489;19488;19490;19491;63828;20044;19674;19544;19675;63829;20045;19713;20046;19677;20047;19676;19833;19834;19714;19836;19835;20048;19837;19995;20058;20059;20049;20060;20050;20051;20107;20143;20105;20204;20104;20237;20238;20205;20144;20145;20106;20146;20141;20208;20206;20207;63830;20268;20360;20362;20269;20361;20270;20364;20363;20366;20365;21086;20367;21029;21030;20732;21031;21087;21032;21088;21033;20751;20480;21089;20398;20733;20752;20482;20481;20399;20922;20400;20753;20856;20965;20855;20857;21042;20858;20898;21034;20899;20900;20886;20966;63831;21005;21043;21134;21135;21286;21090;63832;21180;21181;21287;21362;21232;21363;22084;21257;22220;21364;21288;22219;22085;21592;21365;21367;21366;22086;21682;21593;21636;22068;21721;21594;21595;21637;22043;21638;21683;21672;21915;22110;22069;22044;21722;21916;22015;22111;22045;22054;22221;22088;22222;22112;22071;22070;22330;22291;22243;22223;22149;22113;22114;22150;22121;22151;22201;22202;22264;22122;22224;22293;22344;22292;22265;22266;22331;22345;22463;22442;22347;22346;22443;22360;22359;22357;22358;63833;22444;22523;22474;22524;22473;22472;22918;22940;23677;22896;22525;23676;23678;23682;23631;23680;23679;23681;23683;23798;23960;23684;23797;23959;23961;23962;24009;23993;24010;24314;63834;24315;24212;24363;24211;24676;63835;24317;63836;24259;24896;24316;24318;24364;25313;25314;63837;25312;24319;24833;25238;24320;25315;63838;63839;25316;24696;24707;24677;24774;24708;24678;24697;24724;25317;63840;24948;63841;25319;25320;24775;25318;25321;25065;24897;24949;24950;25322;25323;24951;25324;25066;25067;25325;25068;25326;40702;40703;25328;25327;25135;25140;25136;25137;25139;25138;25141;25145;25144;25146;25142;25143;25158;25330;25192;26903;25213;25329;25331;25267;25362;25333;25332;25334;25193;25270;25269;25268;25239;27828;25538;25363;25454;28235;25404;25604;25364;25366;25519;25365;25476;25367;25520;25477;25478;25481;25479;25480;25522;25521;25539;25482;25605;25523;25606;25722;26189;25723;25607;25540;25608;27829;25984;27830;25622;25609;25623;25611;25610;25724;25686;27831;27832;63842;25624;25725;25876;25924;25726;28236;25727;40704;28237;26050;27833;28238;25828;25815;25751;25752;25816;25817;25753;25829;25818;25819;27834;25797;28239;28240;25877;25985;25878;25986;28241;27563;63843;40705;40706;40707;26108;25987;25948;26109;43833;26190;25988;25970;25989;26051;27564;26110;26191;26052;26111;26951;26952;27035;26112;26953;26954;26904;26905;26906;27616;27565;26907;40708;26955;27036;28201;40709;28202;27052;27644;27645;27646;28242;27566;27567;27569;27568;27571;27570;28363;28243;28246;28245;27602;28244;27835;36860;28168;27836;27837;37484;27838;27852;36380;27839;63844;27840;27853;28247;28248;40710;29203;63845;28169;36457;28364;28365;28367;28366;43834;29301;29773;29302;28353;28368;28354;63846;29235;29204;29774;29303;63847;40711;29692;29736;29737;29693;29775;29776;29875;29876;29778;29777;29974;29975;29976;29977;30001;30002;30003;29954;30140;31448;29956;29955;30034;30035;32419;30004;30090;30091;40712;30245;31159;30247;40713;30246;31305;31086;40714;33247;31160;31161;40715;31162;31984;31185;31306;63848;31307;31388;40716;31163;31308;31186;31985;31616;32019;31595;31389;32018;31617;63849;63850;31618;40717;31754;32354;31619;31755;31756;31694;31695;31757;40718;32160;31840;63851;32420;31986;32161;31987;32112;40719;31988;32162;32020;32021;32022;40720;40721;43835;32163;63852;63853;43836;63854;32355;32421;32356;32391;32471;63855;32472;32422;32423;32425;32424;32426;32427;33783;32428;32429;33248;33096;33153;33152;33151;33376;33154;33086;33098;33097;63856;33377;33087;33155;63857;43837;43838;33156;33157;33462;33192;33510;33191;33512;33423;33511;33424;40722;33249;33495;33250;33496;33425;33578;33579;33497;34953;33580;33463;33475;63858;40723;33529;33528;33570;33830;33530;34955;33571;34954;43839;43840;63859;43841;40724;34057;33784;33582;33581;33584;33585;33583;40725;33865;33586;40726;33892;33884;63861;63860;63862;63864;63863;63865;63866;34058;63867;33893;34023;34063;34054;34064;34034;34065;63868;34274;34190;34275;34288;34191;34328;40727;34464;34229;34329;34465;34466;40728;34333;34330;34384;34696;34467;63869;34690;34505;40729;34751;34691;34841;34842;35190;40730;34763;34764;63870;35038;34752;34811;43842;34956;35178;35179;40731;35180;35181;40732;35182;35183;35191;40733;35192;40734;40735;35323;40736;35315;35300;35316;35301;35317;35318;35652;35357;35358;40737;40738;35302;35381;35319;35324;35429;63871;35434;35551;35433;35585;36014;35653;35586;35654;35645;35605;35616;35617;35615;35721;36029;35918;35757;35722;35772;35773;35774;36069;38870;63872;35919;35775;63873;36015;36098;36097;35970;35971;35776;35944;63875;63874;35972;36099;63876;63877;35947;40739;35945;36030;36031;35946;36032;40742;63878;40740;36111;40741;36113;36112;36044;36065;36043;36114;36159;36177;36160;36115;36179;36178;36214;36213;36180;36181;40743;37605;38659;38193;38660;43843;38709;38661;38710;40744;38732;38768;38769;38816;38819;38817;38818;38820;40745;38821;63879;38871;38872;38874;38873;38922;38945;38983;39307;39306;63880;39369;39370;39411;39412;39413;39430;39431;39432;40746;39461;39525;39526;39527;39528;63881;39529;39531;39530;39583;39584;39798;39599;39597;39598;63882;63885;63883;63884;39770;39799;39850;40340;40341;40401;40342;40400;40402;40432;40440;40433;40439;40431;40441;63887;63888;40747;63886;40487;40748;40542;40749;40541;40543;40510;40544;63889;40639;40608;40640;40609;40765;40795;40782;40766;40814;40834;40835;63891;40836;40837;40838;63890;63892;40839;63893;63894;40840;63895;40901;40902;40923;40921;40998;40922;41008;41031;41032;63896;41942;41065;41620;63898;63899;41951;63897;41962;41963;42065;42064;42077;42159;42134;42160;42161;42163;42162;42135;42165;42164;42285;42430;42216;42286;42287;42288;42312;42313;42357;42359;42358;42360;42432;42431;42455;42456;42469;42470;42828;42790;63900;63901;63902;42850;42890;43844;42944;43845;43846;43046;63903;42945;42946;63904;43047;43080;43078;43048;43079;63906;63905;43081;63908;63907;63909;53539;43168;63910;43170;43169;43171;43179;43178;43180;43597;43627;43628;43819;43820;43821;63912;43868;63911;43882;43883;44030;44062;44029;63913;63914;44063;44104;44105;44386;63915;63916;44430;63918;63917;44605;44633;44634;44635;44651;63919;44652;44665;44924;44666;44957;44956;44973;63920;44974;46263;46266;46264;46265;46267;46268;63922;63921;46270;46269;63923;46271;46274;46272;46273;46275;46276;46277;46280;46282;46279;46278;46281;46283;46285;46284;63924;46286;46287;46288;63925;46292;46289;46290;46291;46293;46295;46297;46294;46296;63926;46298;46300;46301;63927;46299;46302;63928;46303;63932;63931;63929;63930;46304;46305;46306;46307;46309;46308;46665;46310;63933;46681;46682;46683;46684;63934;46780;46735;46833;46834;46835;63935;79274;63936;47017;47026;47027;79275;47034;47043;47044;47117;47870;47119;47118;47869;47871;63937;47872;47873;63938;47874;47875;47876;47878;47877;47879;63939;47880;47881;47882;47883;47885;47884;63940;47886;63941;48210;47905;48211;48212;48231;63942;48252;48257;48258;48232;48312;63943;48313;79276;63945;63944;48314;63946;79277;48400;63947;63948;63949;48750;48423;48899;48934;48751;63950;49129;48935;63951;49128;63952;49130;49132;49131;53540;49133;49232;49233;63953;49301;49639;63954;49640;49744;63955;49745;49747;49746;49748;49749;49796;49797;49785;49786;49798;49799;49800;49801;49990;49974;49802;50009;50037;50040;50039;50038;50077;50078;50079;50341;50340;50297;50360;50361;50446;50408;50363;50362;50407;50447;50473;50537;63957;63956;50474;50629;50630;50633;50634;50632;50631;50635;50638;50636;50637;50639;50640;50641;50643;50642;50620;50644;50645;63958;50646;50647;50648;63959;63960;50703;50841;50851;50840;50850;50852;50853;50870;63962;63961;50871;50869;51056;63965;51107;63963;51072;63964;51108;51109;51110;51133;51153;51154;51157;51155;51156;51197;51183;63966;51355;51357;51354;51358;51410;63967;51417;51500;51452;51432;51522;51523;51524;63968;63969;63970;51561;51562;51563;51571;51569;51570;51589;51590;51671;51672;51811;51825;51826;51866;51827;51869;51867;51868;51917;51918;52487;51952;51993;51933;51994;51995;63971;52007;53535;52008;52009;63972;52020;52021;52063;52062;52064;63973;52065;52161;52488;52489;52490;52491;52492;52493;52494;52496;52495;52497;52524;52542;52595;52594;52578;52605;52596;52606;63974;52607;52608;52628;52627;52700;52701;52709;52749;52750;52760;52761;52763;52762;53204;52764;53205;53206;63975;53207;53246;53245;53293;53292;53291;53328;53311;53310;53329;53352;63976;53399;53400;53371;53370;53445;79278;53482;53500;63978;53525;63977;53483;53526;53581;53580;53582;53583;53584;53630;53646;63979;53631;53819;53820;53821;53874;53873;53853;53867;53911;63980;54590;54591;54592;54593;54594;54595;63981;54596;54598;54597;54599;54600;54941;54926;54927;54601;54925;54928;54929;54930;54932;54933;54931;55011;55010;54984;55014;55013;55012;55015;55016;55159;55160;63982;63983;63985;63984;55398;63986;55399;55400;55450;55401;63987;55519;55451;55452;55539;55520;55597;55598;55585;55584;63989;63988;63991;55616;55626;63990;55642;55643;63992;63993;55644;55645;55635;55646;55636;55667;55647;55684;55685;55710;79279;55725;55724;55726;55727;63994;55755;63995;55756;55809;55824;55813;55854;55825;55855;55856;63996;55879;55880;55881;55882;55917;55964;55965;55966;55999;56110;56000;56001;63997;56029;56028;56027;56030;56031;56032;56086;56047;76632;76633;76634;56111;56113;56112;56114;56170;56205;56188;63999;63998;64000;64001;56235;64002;56250;56251;64003;56252;56253;56254;56326;56304;56255;56278;56327;56328;56404;56329;56405;56383;56410;56411;56463;56505;56534;56533;56553;56552;56560;56561;56578;56577;56628;56579;56636;64004;79280;56661;56698;64005;56741;56709;56740;56699;56742;56743;56745;56744;56766;56811;56859;56866;56867;56927;56974;56942;56975;56989;56990;56991;57011;57012;64006;57015;57014;57013;57016;57017;64007;64008;57018;57019;57020;57021;57022;64009;57036;57023;57037;64010;57053;64011;64012;64013;64014;57054;57081;64015;57296;57295;57311;57310;57312;64016;57356;57391;79281;57408;57409;64017;64018;57464;57481;76635;57491;57482;57494;57492;57493;57594;57595;64019;64021;57657;64020;57677;57676;57678;76636;57746;57679;57747;57748;57759;64022;57761;57760;57787;57788;57789;57820;64023;57822;57821;57823;76637;76638;64024;64025;57870;64026;57871;57885;57928;57929;64027;79282;57930;57931;57957;57969;57991;57956;57992;57995;57994;57993;64028;58027;58052;58053;58054;64029;79283;58056;58055;58057;58059;58058;58060;58062;58061;58063;58064;58065;58066;58067;58068;58083;58084;58085;58111;58086;76639;58194;58261;64030;58284;58298;58285;58338;58262;58339;58361;58394;58407;58441;58442;79284;58507;79285;58508;58509;58510;58523;64031;58672;58673;58586;58674;58675;58676;58718;76640;58719;58772;76641;58773;79286;58841;58840;58866;58868;58867;58869;64033;64032;58882;76643;76642;64034;78922;58940;78923;59028;59029;59030;59031;64035;64036;59106;76644;59222;64037;59223;78924;59224;78925;59306;59307;59253;64038;59383;59392;59363;59423;64039;59424;59467;59468;59491;59489;59492;59490;59562;59563;59584;59585;59564;59587;64040;59586;59590;59589;59588;59592;59593;59591;59594;59597;59595;59596;59598;59599;59600;59638;64041;59637;59636;64042;64043;59711;59712;78926;64044;59721;59751;59752;59753;59844;64045;64046;64047;59946;78927;59947;59952;59982;64048;60010;60008;60009;60011;60057;60058;78928;60076;64049;60124;60159;60160;61377;61376;64050;61378;61389;61390;61404;61403;61405;64051;61452;76645;61546;78929;61454;76646;76647;61559;61603;61604;61618;78930;64052;78931;61653;61654;64053;61690;61689;61691;61704;61705;61769;61768;61767;64054;61770;78932;62001;64055;61793;64056;62024;62055;62056;62069;62070;62087;78933;62088;62091;62090;62089;62093;62209;62092;76650;76648;76651;76652;62169;76649;62195;62303;62170;62196;62405;78935;78934;62406;62407;78936;64057;62472;62471;62473;62541;62505;62542;62543;62544;62572;78937;78938;62613;64058;62614;62615;62635;62636;62732;62755;64059;62771;62772;64060;64061;62833;62834;62857;62916;62897;62922;62917;62923;62930;62931;62932;64062;62980;62981;64063;76653;78939;78940;78941;64064;63105;64065;78942;64066;63162;63152;64067;64068;64069;63182;78943;119427;63190;63258;63292;64070;63293;64071;76233;63404;63403;64072;63405;63408;63406;64073;63409;63407;64074;63410;63414;63413;63412;63411;63415;66879;63416;63446;63445;64075;119428;63465;119429;64076;63534;63466;78944;64077;63590;63662;63641;63663;63675;63676;64079;64080;78946;78945;78947;64280;119430;64281;78948;64387;64388;64389;64390;64391;64393;64392;119431;64479;64465;64466;64468;64467;64498;64518;64517;64519;64564;64520;64628;64565;64627;76234;76235;64694;64695;64697;64746;64696;64747;64748;64749;64750;65171;64752;64751;64753;64755;64754;64758;64757;64756;64759;64761;64760;64763;64764;64762;64765;64766;64767;64769;64768;64770;64771;64772;64773;64775;64774;65172;78949;64793;64794;76654;76656;76655;76657;64904;64903;76658;64943;78950;64924;64944;64945;65005;65004;119432;65041;65006;65007;65070;65071;65069;65073;65082;65074;65075;65072;65083;66880;78951;65085;65084;65200;65173;65201;65203;76659;65202;65205;65204;65207;65206;78952;65238;65237;119433;78953;65543;65562;65544;65625;65605;65561;65626;65697;78954;65651;65652;65678;65698;65714;65677;65728;65780;65779;65729;65781;119434;119435;65863;119436;65905;119437;119438;119439;65922;65938;65990;66192;65976;65991;66014;66013;66015;78955;66030;66029;65992;66212;66211;66225;66213;66370;66331;78956;66438;66403;66437;66439;66458;66440;66457;66488;66459;66489;76660;78957;66522;66525;66524;66523;66971;66536;78958;66537;66550;66659;66660;76236;66661;66690;66705;66662;66706;66707;78960;78959;66771;66772;66773;78961;78962;66853;78963;66883;66882;66939;66949;66948;66940;66979;66980;66981;76238;67184;76237;76661;78964;67219;67239;67238;76289;67240;68865;68866;68900;68921;68901;79288;79287;78965;68944;68922;69011;69111;69012;69110;69160;78966;69161;78967;76239;69162;69222;119341;119342;69254;69255;69256;69315;78968;72261;69341;69413;76662;76663;76664;69493;69502;69777;78969;69778;119343;119344;78970;69882;69883;72238;78971;69795;69823;76290;69851;78972;79289;76665;69943;70010;70011;69944;70013;70012;70114;76667;70163;76666;70244;70243;70246;70247;70245;70248;70249;70250;70371;71188;70327;70387;70451;70348;78973;70466;72237;70488;70536;70489;78974;70553;70554;78976;78975;70555;70600;70601;70602;78977;70694;70695;70696;70697;70703;76669;70771;70755;70791;70792;70793;70870;70871;70913;78978;70999;71001;71000;78979;71002;71003;71006;71005;71007;71004;71008;71009;71012;71011;71013;71010;71014;71015;71017;71016;71018;71019;78980;78981;71093;78982;71189;71190;78983;71900;71242;71225;71224;71243;78984;78985;71389;71291;71292;71290;71293;71335;71336;71370;71337;71369;78986;78987;71390;78988;78989;76671;71516;76670;71557;78990;72390;76187;71558;71612;71877;71613;78991;71909;71878;71962;71987;71963;71986;78992;78993;72059;78994;72060;72161;76672;72196;72274;72273;72209;72317;72319;72318;72321;72320;72363;72364;78996;78995;78997;72420;72473;72454;72474;72497;78998;72498;72499;72567;72568;72643;72679;119345;72678;72698;72736;72737;78999;119346;72793;72853;72794;72810;72854;76673;119347;72923;72975;79000;73010;79001;72976;73011;73071;73072;73091;73090;79002;73113;73174;73175;73198;79003;73199;73281;73282;73283;79004;73295;73284;73325;73326;73396;79005;79006;73451;79007;73452;79008;73586;73585;73587;79009;73608;79010;79012;79013;79011;79014;73663;79015;119349;119348;73678;76674;73705;79016;76676;76675;73781;73780;73796;73782;119350;119351;73901;73937;74005;79017;74020;79018;79019;119440;74032;74031;79020;74102;79021;76240;76241;119352;119353;74144;74204;76677;79023;79022;74205;74206;79024;74300;74301;74207;74302;74346;74303;74348;74347;74304;79025;79026;79029;79028;79027;76889;76890;76894;76891;76893;76892;76895;76896;76898;76900;76897;76899;74458;74459;74460;74461;79030;74486;74485;119354;119355;119356;76156;79031;76242;76901;76243;76291;76244;76274;76292;76293;79032;79290;79033;79108;79034;76398;76902;76401;76399;76400;76679;76678;76444;76445;76447;76446;76903;76550;76549;76516;76515;76585;79035;79036;76680;79109;76696;76904;79110;76698;76697;76699;76700;76749;76905;76750;76906;76751;79111;79037;76907;79038;76908;79112;79039;76997;77012;77013;77014;77016;77015;77078;77046;79113;77079;77080;79114;77081;77082;77083;77141;77178;77142;77143;77193;77194;77195;77243;79040;77271;77298;79041;77386;77357;77356;79043;79042;77464;79045;79044;77518;77519;77520;77522;77521;79046;77523;77561;79047;77567;77626;77627;79048;77661;77628;77695;77697;79049;77696;77698;77699;77741;77806;77827;77826;79050;77815;77828;79051;77896;77895;79052;78006;77979;78007;78008;77980;78009;78023;78073;79054;79053;79055;78405;78406;78407;78408;78409;78410;78412;78411;78413;78414;78415;78456;78455;78457;78458;78459;78502;78532;78503;78533;78534;78535;79057;78594;79058;79056;78595;79059;78621;78620;79060;78722;78735;78736;79061;79291;78758;78759;78760;78840;78867;78884;79115;119441;79117;79116;79202;78909;79203;79205;79204;79206;79207;79228;79302;79326;79327;79303;79328;79329;79377;79352;79378;79351;79380;79379;79425;79426;79595;119357;79596;79597;79736;79682;79684;79683;79685;79710;79711;79737;79849;79848;79850;79851;80012;80010;80011;80009;80013;80072;80073;80074;80096;80097;80098;80159;80115;80116;80160;80161;80213;80216;80388;80215;80214;80396;80408;80469;80440;80506;80505;80470;80508;80507;80509;80878;80544;80879;80881;80880;80882;80930;80931;80932;81013;81014;81033;81034;81032;81035;81036;81069;81068;81104;81070;81071;81143;81158;81200;81159;81201;81202;81203;81204;81244;85712;81290;81291;81292;81293;85713;81339;81340;85714;81468;81469;81470;81473;81472;81471;81474;81475;81504;81506;81505;81539;146265;81624;81626;81627;81625;81628;81629;81630;81631;81632;81634;81633;81636;81635;81637;81639;81638;81640;81664;81662;81663;81661;85704;81905;81750;81728;81727;81769;81906;81907;81908;117467;81969;82492;81949;82067;82290;82017;82291;82018;82493;82427;82292;82466;82467;82495;82494;82496;82564;82519;82619;82636;82637;82693;82656;82790;82809;82758;82791;82810;82811;82846;82812;82896;82895;82897;82909;82984;82910;82908;112239;82985;82986;83048;83027;83161;83028;83132;83172;83405;83343;83173;83424;83406;83407;83408;83409;83410;83411;83412;83426;83427;83425;83429;83428;83430;83432;83537;83753;83431;83536;83433;83986;83844;83754;83808;83968;83843;83987;84005;84077;84111;84076;84075;84112;84188;84143;84142;84204;84189;84225;84258;84355;84356;84358;84357;84360;84359;84392;84420;84421;84391;84422;84465;84466;84486;84467;84535;84610;84609;84758;84660;84787;84789;84631;84788;84871;84820;84873;84911;84872;84912;84936;84939;84937;84940;84938;84941;84942;84943;84945;84944;84946;84947;84892;84948;84893;84949;84950;84951;84953;84954;84952;84977;84976;84955;84956;85039;84978;85040;117306;85041;85070;85068;85069;85248;85238;85149;119359;119358;85249;85295;85341;85705;85342;85441;85373;85716;85372;85715;85396;85442;85494;85495;85443;85497;85496;85530;85563;85531;119360;85616;85615;85618;85617;85643;112240;85644;85619;85645;85680;85717;88636;85969;85718;85970;85971;85972;85973;85999;85975;85974;119361;85976;85978;86000;117307;85977;85979;86702;85981;119362;85980;86097;86099;86098;117308;86201;86200;119363;86844;86306;86361;86242;86241;86362;86411;86396;112241;86413;86412;86414;86488;86439;86523;86524;86525;86526;86597;86558;86561;86559;86560;86562;117309;86614;119364;86625;86716;86744;86717;86718;86745;86719;86746;86845;86861;86862;87043;86910;86893;86928;86929;86966;86968;86930;86967;86969;86931;86970;86971;86932;86972;86933;86973;86934;86935;86974;86936;86976;86975;86937;86977;86978;86980;86979;86981;86982;86983;86984;86985;86986;86987;86988;86989;87044;86990;86991;88571;87045;87046;87047;87048;87049;87050;87099;87100;87101;87190;87179;87102;87191;87193;87192;87194;119365;87837;87195;87234;87233;87275;87274;88572;88573;87305;87306;87334;87307;87304;87335;87336;87397;87452;87399;87398;87337;87454;87455;87456;87453;87457;87458;119366;87637;87519;87490;87664;87665;87805;87754;87804;87806;87807;87808;87811;87810;87809;87812;87855;90077;87856;87886;87937;87998;87999;88035;88072;88036;88073;88074;88075;88076;88173;88077;88172;88574;88404;88405;88406;88448;119442;88447;88449;88506;88479;88482;88480;88481;117310;88554;88556;88555;88557;88558;88617;88675;88618;88588;112242;88690;88746;88787;88786;88785;88784;88788;88789;88790;88791;88792;88793;88794;88859;88890;88889;89068;89067;89069;89070;89071;89073;89096;89072;89097;119367;89720;89771;89772;89773;89774;89819;89820;89862;89861;89821;89917;89983;89954;89956;89955;89984;89985;89986;90078;90114;90079;119368;90115;90116;90141;90140;90117;90179;90180;90181;90261;90184;90183;90182;90299;90300;90343;90386;90301;90302;90388;90387;90389;90391;90390;90990;90491;90490;119369;90530;90493;90492;90494;90495;90499;90497;90496;90498;90570;90500;90616;90669;90615;90668;90671;90670;90672;90750;90748;90749;90819;90818;90851;90852;90853;119370;90882;90881;91035;91034;91033;117311;91073;91036;91077;91074;91075;91076;91038;91037;91078;91114;119371;91115;91080;91079;91116;91117;91118;91157;91156;91179;119372;91214;91245;91246;119373;91307;119374;91380;91317;91381;91383;91382;91420;91440;91449;91495;91496;119375;91497;91536;91632;91621;91642;91711;91757;91724;91801;91803;91802;91804;91851;91805;91852;112243;91872;112171;92029;91988;92030;92399;92398;119376;92044;92400;92401;92451;112244;92490;92509;92510;92508;92578;92552;92579;92553;92603;92580;92604;92692;92693;92694;92695;92696;92717;92697;92718;92814;92837;92748;92836;92856;92855;92857;119377;92858;92938;117312;92939;92940;92995;92941;93039;93041;93040;93042;93044;93043;93070;93118;93119;93094;93149;119378;93095;93269;93339;119379;93364;112245;93365;112246;112172;93450;93555;93502;93451;119381;119380;93452;93504;93503;93556;93642;93586;93681;93764;93762;93763;93785;93784;93805;93826;112173;93843;93858;93891;93950;93951;112247;93952;94066;94035;119382;94103;94104;112248;94105;94130;94131;94188;94189;94150;94191;94190;94192;119383;94265;94230;94315;94314;94313;94317;94316;94318;94431;94348;94452;94453;94454;94462;94499;94463;94500;94502;94501;94503;94538;94536;94537;94539;94540;94541;94543;94544;94542;94545;94546;94548;94549;94547;94550;94552;94551;94553;94554;94556;94555;94558;94557;94559;94560;94562;94561;94563;94564;94565;94567;94566;94568;94569;94603;94606;94604;94605;112249;112250;112251;94625;94623;94624;94651;94626;94665;94667;94666;119384;94896;94897;94910;119385;94912;94911;94920;95024;94937;95047;95291;110330;95292;95381;95382;95465;110331;95562;95600;119386;95563;95622;95819;110332;95820;95982;95981;96038;95983;96039;96267;110333;96040;96307;96306;96309;96311;96310;96308;96312;96313;96402;96480;96428;96403;96524;96523;96525;96560;96592;96593;96594;96595;96597;96596;96972;96971;96598;112174;96651;96650;96754;96693;96652;96755;96756;96791;96867;96825;96824;96826;96920;96921;96949;96922;96948;97009;112252;97010;96973;97012;97011;97013;97059;97060;97061;97062;97121;97095;97185;97200;97199;97348;97349;97294;97350;97374;97373;97375;97413;97414;97460;97461;97462;97463;97487;97464;97488;97465;97490;97492;97491;97489;97510;97509;97512;97511;97513;97514;97548;119387;97594;97628;97596;97595;97629;97630;97929;97928;97930;97931;97717;97718;97750;97792;97766;97767;97769;97768;97844;97822;97871;97823;97872;97873;97874;97875;97876;97877;97878;97879;97882;97880;97881;97883;97885;97884;97932;97886;97933;112253;97909;112254;112255;112256;97910;97911;99335;99336;99337;117313;117314;99339;99338;99340;99341;99342;99346;99344;99343;99345;99347;99348;99453;99431;99501;99455;99502;99454;112175;99503;99504;99570;99572;99571;99573;99650;99574;99682;99651;99652;100047;99683;100021;100091;100142;99684;100092;100093;100143;100117;100094;100095;100119;100118;100172;100240;100144;100239;119388;112257;100288;100316;100287;100315;100317;100318;100370;100345;100346;100371;100400;100401;100454;100452;100453;100455;100457;100456;100531;100508;100532;100533;100534;100587;100660;100716;100631;112258;112176;112259;117315;100777;117316;100833;100801;100778;100890;100979;100892;100891;100893;100894;100896;100897;100895;100898;100899;100900;100901;100980;100902;100982;112260;100981;100949;100983;100950;101023;101078;101077;101099;101101;101100;101103;101102;101141;101253;101254;101255;101360;101384;101385;112261;101386;101518;101786;101880;101799;101881;101879;112177;101882;102012;101883;101939;102090;102142;102139;102141;102140;102143;102144;102102;102103;102147;102104;102145;102146;102149;102105;102106;102148;102107;102108;102110;102109;102111;102112;102150;102114;102113;102151;102115;102153;102152;102116;102154;102155;102156;102117;102118;102119;102157;102348;102159;102187;102158;102250;102304;102305;102350;102349;102306;102410;102411;102412;102517;102492;102518;102535;102519;102520;102536;102537;102538;102574;102575;102634;102692;102813;102775;102726;102727;102950;102951;102909;103038;103039;102971;103040;103042;103041;103044;103043;103045;103046;103349;103119;103167;103169;103168;103170;103172;103171;103206;103239;103205;103208;103207;103240;103241;103209;103242;103243;103350;103351;103352;103453;103405;103407;103406;103408;103492;103465;103493;103494;103495;103498;103496;103497;103499;103526;103527;103561;103500;103562;103628;103629;103630;103631;103632;103633;103686;103685;103687;103804;103766;103805;103956;103915;103957;103958;103916;104003;104090;104004;104006;104005;104091;104116;104092;104139;104170;104140;104205;104251;104250;104372;104267;104455;104456;104457;104493;104538;104458;104540;104541;104539;119389;104566;104620;104567;104568;104621;104622;104699;104700;104775;104800;104774;104801;104839;104802;104865;104841;104840;104842;104843;104986;104987;104950;104949;104951;104988;105017;119390;105018;105029;105069;105209;105091;105092;105210;105267;105268;105252;105269;105367;105368;105369;105407;105345;105479;105522;105559;105560;105523;105524;105525;105526;105527;105528;105529;105530;105531;105533;105532;105561;105672;105563;105562;105564;105565;105673;105567;105674;105566;105602;105568;105603;105569;105604;105605;105606;105607;105608;105609;105675;105610;105676;105677;105679;105678;105680;105681;105682;105645;105646;106088;106089;105743;106122;106182;106244;106246;106183;106245;106247;106248;106249;106251;106252;106250;106253;106254;106256;109427;106255;106329;106330;106331;106525;106334;106333;106332;106335;106336;106573;106574;106650;106553;106651;106615;106925;107058;106616;106671;109428;107053;107019;107018;107017;107016;107081;107082;107114;107187;107186;107188;107189;107190;107207;107191;107208;107287;108322;119391;108325;108274;108324;108323;108275;108276;108277;108326;108328;108327;108330;108329;108331;108362;108332;108361;108396;108397;108395;108448;108480;108683;108865;108644;108643;108866;108982;108867;108868;108869;108942;108983;108984;108985;108986;108987;108988;108989;108990;108991;108993;108992;108996;108994;108995;108998;108999;108997;109026;109070;109009;109027;109115;109116;109160;109117;109335;109195;109300;109194;109301;109299;109302;109303;109304;109305;109307;109306;109387;109337;109336;109338;109339;119392;119393;119396;119395;119394;119397;119398;119399;119400;109388;109390;109389;109391;109566;109442;109441;109443;109444;109567;109568;109546;109569;109633;109634;109570;109635;109638;109636;109637;109640;109639;109641;109669;109642;109754;109755;109670;109831;109832;109833;109834;109836;109835;109906;109837;109838;109905;109907;109839;109840;109841;109843;109842;109844;109845;109846;109847;109908;109909;109990;109910;109991;109992;109994;109995;109993;109996;109997;110215;110216;110217;110218;110219;110073;109998;109999;110000;110001;110002;110003;110004;110074;110006;110075;110005;110007;110008;110009;110010;110013;110012;110011;110014;110015;110018;110016;110017;110076;110077;110078;110080;110081;110111;110079;110082;110083;110086;110085;110087;110084;110112;110113;110114;110116;110117;110115;110118;110119;110120;110221;110279;110220;110280;110281;110405;110406;110467;110468;110506;110469;110507;110541;110601;110602;110600;110603;110604;110605;110606;110608;110607;110618;110630;110631;110654;110708;110632;110709;110793;110692;110710;110712;110711;110713;110714;119401;110715;110716;110794;110795;110885;110796;110753;110798;110797;110754;110756;110757;110755;110758;110759;110799;110800;110919;111026;111027;111028;110999;111000;111001;111029;111030;111031;111145;111033;111032;111034;111147;111146;111148;111256;111255;111257;111342;111321;111324;111323;111322;111325;111326;111366;111327;111364;111365;111486;111487;111489;111490;111488;111491;111492;111514;111516;111515;111623;111493;111774;111727;111728;111731;111729;111730;111732;111735;111734;111733;111775;111736;112026;112027;112028;111776;112030;112029;111802;111803;111805;111804;111994;119402;119403;112131;112133;112104;112134;112132;112178;117317;117318;112179;117320;117319;117321;117323;117322;112284;119404;117324;117398;117447;117468;117470;117469;117471;117494;119405;117535;117626;117625;117587;117680;117681;117774;117773;117772;117771;117775;117776;117777;117780;117778;117779;117781;117816;117782;117817;117783;117784;117818;117865;118028;117912;117895;117971;117972;118126;118029;118030;118127;119406;119407;118077;118162;118128;118163;118164;118165;118185;118187;118186;118369;118513;118370;118373;118371;118372;118374;118375;118376;118515;118377;118516;118514;118517;118518;118522;118521;118519;118520;118523;118524;118526;118527;118528;118525;118529;118530;118531;118532;118533;118534;118535;118536;118537;118538;118539;118540;118541;118542;118543;118545;118544;118546;118547;118548;118726;118549;118551;118550;118554;118552;118553;118555;118556;118557;118559;118558;118560;118582;118744;118583;118785;118786;118787;118789;118788;118790;118791;118792;118745;118793;118943;118815;118816;118944;118945;118862;118863;118864;118865;119408;119410;118946;119409;119112;118947;119411;118948;118950;118949;118964;119412;119075;119167;119168;119076;119169;119171;119173;119170;119172;119174;119175;119413;119294;119414;119415;119416;119330;119331;119486;119485;119488;119487;119568;119443;119705;119489;119734;119735;119798;119797;119799;119736;119800;119758;119802;119803;119801;120978;121143;120979;121280;121203;121173;121325;121380;121338;121337;121379;121449;121448;121451;121450;121452;121454;121453;121501;121528;121502;121527;121529;121530;121531;121585;121606;121587;121586;122110;122111;122112;122329;122142;122330;122175;122331;122332;122334;122336;122335;122333;122292;122337;122463;122442;122464;122441;122465;122634;122635;122637;122636;122526;122525;122606;122737;122739;122738;122638;122639;122659;122712;122711;122771;122713;122839;122842;122841;122806;122843;122840;122807;122865;122886;122866;122939;122993;122994;123146;123056;123123;123432;123433;123487;123488;123486;123434;123647;123914;123987;123963;123916;123915;123988;123964;124049;123990;124098;123989;124099;124015;124232;124136;124137;124138;124233;127087;124256;124255;124258;124257;124259;124260;124261;124838;124662;124664;124663;124665;124667;124669;124668;124666;124671;124670;124690;124691;124673;124672;124692;124693;124839;124842;124752;124840;124843;124841;124844;124845;124846;124847;125011;125033;125034;125013;125035;125012;125014;125015;125036;125038;125039;125037;125117;125118;125040;125043;125042;125044;125046;125041;125045;125047;125048;125049;125050;125051;125119;125120;125121;125122;125192;125123;125124;125125;125126;125127;125193;125194;125128;125195;125196;125197;125198;125199;125053;125054;125052;125200;125322;125201;125239;125347;125240;125381;125382;125383;125445;125385;125384;125446;125616;125590;125711;125690;125691;125692;125756;125712;125714;125713;125805;125841;125840;125842;125806;125915;125940;125939;125967;125969;125968;125872;125971;125970;125972;125974;125973;126057;125975;125976;125977;126025;125978;126026;126027;126028;126029;126058;126084;126030;126085;126086;126087;126301;126089;126088;126251;126250;126252;126302;126319;126320;126322;126321;126323;126452;126489;126453;126520;126521;126558;126675;126559;126677;126678;126676;126594;126611;126612;126681;126680;126682;126709;126710;126711;126712;126679;126757;126758;126759;126761;126760;126762;126939;126941;126942;126940;126943;126972;126973;127032;127033;127619;127618;127620;127622;127621;127623;127624;127625;127626;127627;127628;127629;127630;127631;127633;127632;127634;127635;127636;127637;127638;127639;127641;127640;127642;127643;127645;127644;127646;127647;127648;127649;127650;127651;127652;127653;127654;127657;127658;127656;127655;127659;127660;127664;127661;127663;127662;127665;127666;127669;127667;127668;127670;127671;127672;127675;127673;127676;127677;127674;127678;127680;127682;127679;127681;127683;127684;127685;127688;127687;127686;127689;127690;127692;127693;127691;127695;127694;127696;127701;127700;127699;127698;127697;127702;127705;127704;127706;127707;127703;127708;127711;127713;127710;127712;127709;127714;127716;127717;127719;127715;127718;127720;127829;127721;127986;127722;127828;127830;127877;127832;127831;127879;127878;127987;127988;127989;127990;128068;127991;127992;128106;128109;128108;128107;128406;128515;128069;128300;128299;128205;128407;128446;128408;128447;128449;128448;128451;128450;128497;128496;128495;128452;128498;128516;128536;128657;128658;128517;128659;128849;128660;128627;128661;128662;128663;128664;128665;128850;128852;128851;128666;128853;128854;128855;128857;128856;128858;128859;129037;128860;130185;128962;128982;128983;128984;128985;129142;129143;129144;129038;129039;129089;129040;129041;129265;129145;129266;129090;129091;129331;129092;129147;129146;129148;129149;129150;129268;129396;129269;129267;129270;129271;129273;129272;129274;129275;129276;129371;129332;129333;129372;129373;129479;129374;129480;129516;129520;129519;129518;129517;129804;129576;129738;129739;129740;129741;129742;129859;129862;129860;129861;129957;129863;129864;129865;129866;129867;129958;129959;129991;129960;129993;129992;129994;129995;129996;130041;130042;130043;130045;130044;130141;130140;130046;130186;130154;130155;130188;130189;130190;130248;130249;130187;130332;130330;130331;130250;130251;130354;130371;130372;130374;130375;130373;130376;130377;130378;130379;130380;130381;130382;130383;130384;130416;130385;130417;130418;130419;130443;130444;130445;130526;130446;130528;130527;130530;130532;130529;130531;130534;130533;130535;130537;130538;130536;130541;130539;130540;130542;130543;130544;130545;130547;130548;130546;130549;130551;130550;130553;130552;130554;130555;130557;130558;130556;130559;130560;130561;130564;130563;130562;130566;130565;130567;130569;130568;130570;130571;130572;130573;130738;130575;130574;130741;130739;130740;130742;130744;130743;130746;130745;130747;130748;130749;130924;130925;130927;130926;130930;130929;130928;130931;130932;130933;130998;130934;130935;130999;131001;131000;131002;131004;131003;131049;131050;131005;131053;131051;131052;131152;131151;131153;131210;131154;131176;131212;131211;131213;131216;131215;131214;131217;131177;131218;131298;131300;131299;131376;131374;131375;131377;131378;131379;131523;131522;131380;131524;131526;131525;131527;131528;131529;132222;132223;132224;131719;131675;131530;131677;131676;131678;132226;132225;131975;131976;131745;131746;131747;131749;131748;131919;131920;131921;131977;131978;131981;131980;131979;131982;131983;131984;131985;132031;131986;132227;132229;132228;132230;132231;132232;132233;132234;132392;132330;132235;132331;132382;132393;170322;132882;132684;132669;132685;132687;170331;132686;132700;132701;170311;132883;132885;132884;132947;132948;132886;133022;132887;133023;133024;133025;133026;133124;133027;133028;133125;133156;133157;133158;133127;133159;133126;133160;133161;133164;133165;133162;133163;133166;133167;133189;133188;133168;133190;133191;133247;133246;133221;133222;133248;133249;133223;133282;133281;133283;133280;133285;133287;133284;133286;133334;133333;133336;133337;133335;133383;133384;133385;133387;133386;133338;170326;133445;133478;133446;133477;133479;133480;133481;133482;133484;133485;133483;133486;133516;133487;133633;133635;133634;133638;133636;133637;133639;133640;133664;133746;133713;133712;133747;133749;133748;133751;133750;133752;133753;133783;133784;133787;133785;133786;170285;133824;133825;133942;133943;133941;133944;134025;134026;134028;134027;134029;134030;134032;134031;134033;170351;134034;134062;170321;134063;134064;134065;134066;134067;170312;134068;170354;170341;134192;134098;134144;134148;134146;134147;134145;134259;134260;134263;134264;134389;134261;134262;134390;134558;134391;134557;134392;134265;134266;134269;134268;134270;134267;170307;170293;134344;134345;134360;134272;134271;170343;134361;170292;134393;134394;134439;134827;134615;134612;134613;134614;134665;134666;134838;134670;134825;134667;134671;134826;134676;134672;134669;134673;134668;134674;138073;134675;134834;134833;134832;134830;134828;134831;143082;134861;134829;134869;134868;134867;170353;143006;134837;134836;135230;134860;134859;134858;134857;134870;134895;134939;170339;134940;170334;134943;134941;135035;135052;135066;135080;135073;135044;135075;135070;135079;135058;135076;136321;135077;135064;135049;135069;135038;135061;135078;143095;135063;135047;135054;135055;135043;135034;135040;135062;135036;135072;135042;135056;135059;135060;135046;135051;135074;135068;135039;135057;135037;135048;135053;135095;135045;135041;135067;135065;135071;135050;135033;135083;135081;135085;135084;135082;170306;135087;135090;135088;135092;135089;135086;170287;135091;135183;135184;170290;170348;135175;135174;135176;135173;135185;135257;135259;170305;135256;135258;135236;135234;135232;135233;135235;135231;135242;135241;135240;135254;135244;135272;135250;135247;135253;135252;135249;135243;135239;135245;135248;135246;143039;170288;139382;135251;139381;135414;137245;137244;135288;135415;137246;135912;135456;135460;135459;143038;136038;135458;143035;135457;135461;135686;135689;135769;135684;135688;135687;135685;135691;135692;170323;135767;135774;135876;135776;135768;135772;135788;135905;135770;135775;135875;135908;139379;135909;135861;135862;135773;135874;170300;135910;135911;135914;135915;135913;135927;136045;136116;143032;143040;143018;143041;143037;136044;143042;143019;136058;136057;136042;136053;136041;136040;136050;143031;136117;143008;136039;143016;136059;136048;143015;136052;143034;143011;143029;136049;136114;143023;136051;136046;136115;136054;136113;143004;143009;136056;143010;136043;143013;136118;136055;143012;136047;136060;143020;136064;136112;136062;136061;136063;136320;136065;136319;136101;136102;136103;170352;136184;136111;136185;136181;136186;136188;136322;136187;136585;136342;136343;136344;136349;136351;136354;136350;136352;136471;136353;136470;136476;136475;136477;136479;136495;136494;136498;136480;136478;136519;136500;136499;136497;136517;136518;136525;136523;136496;136526;136516;136520;136524;136521;136522;170313;136558;136582;136584;136586;136583;136610;136717;136609;136611;136713;170329;136718;143017;136714;136976;136977;170299;136736;136735;136739;136740;136737;136738;170344;136820;170318;143003;170315;170330;137062;143022;137061;136900;143021;137060;170357;136912;170335;136899;136898;136913;139384;139378;170294;136974;136975;139380;137082;137059;137064;137063;143075;137069;137066;137139;137881;170355;137083;137070;137186;137138;138387;137140;137237;137204;137238;137236;137239;137240;137274;137278;137275;137313;137276;137562;137305;137273;137561;137727;137277;137307;137310;137306;137314;137309;137311;137315;137667;137668;137312;137395;137396;137308;137394;137324;137414;137325;137331;137412;137333;170327;137334;137393;137330;137335;137360;137363;137359;137413;137409;137410;137411;170314;137560;138032;138026;138029;137563;137726;137666;137704;137709;137664;137756;170350;137665;137669;137707;137706;137711;137715;137708;137828;137705;137755;137710;137833;137830;137749;170356;137834;137831;137832;137829;137752;137894;137895;143005;137751;137750;137760;143027;137885;137759;137775;137758;137896;137882;137898;137897;137883;137884;138022;137893;138217;138033;138013;137892;138028;138023;170295;138020;138021;138031;138089;170308;138030;138090;138027;138146;138144;138141;138143;138142;138145;138162;138154;138157;138155;138161;138153;138160;138159;138158;138173;138172;138169;138156;138178;138170;143086;138171;138384;138186;138187;170284;138185;138383;138386;138382;138447;138450;138765;138388;138451;138502;138504;138505;138500;138609;138559;138557;139383;139455;138558;138556;138565;138566;138842;138606;139006;138764;138805;138806;138807;138802;138803;138799;143036;139041;138809;138801;138798;138800;138808;138811;138810;138804;170319;170336;138846;138843;138845;138847;138849;138844;138850;138848;138886;138885;138879;139038;170333;139042;139072;139234;139194;139198;139188;139183;139200;139199;139187;139193;139192;139191;139195;139197;139190;139189;139331;139332;139196;139186;139289;139201;139285;139284;139286;139288;139294;139283;139291;139296;139287;139293;139295;139292;139322;170289;139290;139319;139321;139320;139323;139333;139335;139336;139376;139375;139385;139334;139467;139462;139460;139466;139461;139464;139463;139465;139481;139620;139482;139511;139508;139515;139621;139538;139537;139617;139616;139618;139623;139622;139619;139670;139669;139673;139671;139672;139674;170309;139919;139772;139809;139807;139811;139808;139810;139851;139860;139854;139920;140129;140121;140083;140120;140110;140124;140127;140128;140130;140489;140204;140579;140407;140389;143033;140393;140394;140397;140390;140399;140400;140392;140461;140460;140435;140391;140396;140398;140434;140490;140488;140484;140487;140485;140493;140492;140494;140523;170316;140581;143030;140602;170320;140587;140582;140594;140597;140599;140598;140746;140745;140750;140749;140780;140747;140748;140778;141125;140782;140779;140781;143073;141042;143077;143068;143088;141028;141015;141041;141016;141044;143078;141025;141029;143089;141024;141047;141033;143092;141056;141048;141050;141060;141055;143080;141058;141051;141010;141031;141040;141017;141021;143079;141023;141037;143084;143087;141013;141018;141020;141043;141027;141038;141039;143096;141012;143074;141022;141035;143091;141032;141014;141030;141019;143094;141036;143072;143024;143028;143014;141045;141011;143025;143026;143007;141034;141306;141128;141057;141026;141052;141046;141059;141049;143069;141089;143085;141123;170317;141087;141088;141086;141085;141127;170347;141305;141124;141129;141126;141174;141175;143070;170349;170286;141184;141199;141264;141196;141265;141197;141307;141201;141260;141814;141200;141453;141457;141455;141454;141456;170297;141458;141582;170296;170304;141536;141547;141628;141540;141577;141546;141548;142034;170302;141580;141581;141603;141606;141627;141774;170310;170303;142002;141812;141811;141826;141816;141819;170324;141818;141823;141911;170325;141817;170291;142004;142003;142008;142009;142006;142007;170345;142028;142029;142030;142025;142452;142430;142400;142429;142392;142404;142385;142418;142440;142378;142436;143093;142396;142432;142426;142393;143090;142399;143071;142428;142389;142448;142433;143076;142379;142380;142376;142391;142403;142384;142414;142398;142441;142382;142377;142387;142381;142442;142413;142434;142431;142427;142375;142417;142401;142383;142407;143083;142394;142437;142435;142416;142402;142449;142405;142446;143081;142451;142445;142439;142408;142447;142443;142444;142412;142397;143097;142410;142395;142438;142386;142390;142388;142415;142374;142406;142450;142409;142457;142454;142459;142453;142458;142455;142461;142460;142463;142471;142474;142475;142476;142469;142477;142470;142478;142480;142479;142643;142673;142674;142672;142675;142705;142707;142704;142699;142696;142906;142701;142703;142708;142709;142706;142700;170342;142702;142697;142698;142710;142715;142716;170332;142714;142871;142863;142864;142907;170301;142982;170328;143240;142992;142994;142973;143054;142972;143364;143162;143160;143163;143164;144199;143161;143213;143199;143198;143212;143200;143235;143209;143203;143208;143211;143205;143202;143204;143236;143238;143237;143239;143241;143279;143281;143280;143275;143276;143365;143369;143278;143277;143370;143366;144200;170298;170346;170340;170338;145070;170337;143442;143469;143473;143472;143474;143605;143604;143606;143603;143602;143607;143601;144553;144410;144115;144113;144114;144116;144201;144204;144202;144205;144203;144399;144382;144273;144389;144276;144420;144419;144274;144280;144281;144552;144414;144404;144423;144275;144384;144402;144380;144421;144551;144393;144392;144400;144415;144407;144418;144390;144379;144383;144377;144385;144409;144391;144397;144422;144406;144381;144403;144378;144412;144396;144401;144388;144398;144387;144394;144376;144408;144509;144405;144386;144395;144411;144413;144416;144417;146810;144505;144604;144506;144605;144507;144510;144522;144512;144511;144557;144548;144554;144558;144556;144560;144555;144559;144550;144754;144706;144705;144765;144753;145049;144846;145089;144847;144942;144848;144850;144845;155786;144872;144936;144871;144941;144937;144931;145229;144939;145088;144935;144996;144934;145085;145083;145087;145082;145079;145077;145044;145042;145068;145043;145226;145067;145406;145076;145243;145227;155781;145497;145074;145242;145500;145494;145493;145498;145495;145499;145496;145492;145536;145403;145404;145701;145443;145408;145405;145407;145440;165124;145503;145507;145545;145506;145544;145543;145787;145541;145704;145790;145786;145788;146072;145789;146073;146076;146082;146080;146075;146055;146081;146079;146074;146071;146093;146095;146094;146210;165149;146566;147015;146316;146379;146383;146382;146380;146378;146432;146381;165165;146434;146431;146493;146439;146491;146492;146541;165111;146545;146532;146533;146537;146550;146551;146542;146540;146547;146536;146584;146535;149503;149507;149504;149506;147013;146793;146801;146803;146813;146809;146815;146812;146817;146822;146811;146816;146820;146821;146930;146931;146929;155780;146932;147011;147010;147017;147018;147014;147016;146955;146951;146953;146961;146960;146959;146954;146952;146957;146950;146956;147009;147012;147707;147140;147023;147139;147143;147142;147199;147138;147201;147200;147197;147198;147208;147196;147194;147214;147209;147211;147215;147207;147210;147235;147212;147234;147232;147236;147365;147233;147643;147809;147805;147808;147706;165133;165112;148117;165113;147810;147806;147807;147828;147835;147836;147841;147827;147833;147831;147830;147837;147829;147838;147842;147826;147866;147832;147834;147868;147867;147881;147879;147880;147886;147882;148247;148224;148016;148018;148019;148020;148017;148032;148118;148122;148119;148120;148114;148116;148215;148113;148121;148115;148316;148490;148249;148888;148893;148886;148890;148887;148246;148889;148256;148257;148317;148331;148330;148329;148390;148319;148333;148328;148332;148369;148370;148368;148394;148379;148852;148397;148572;148393;148489;148460;148540;148566;148542;148543;148570;148561;148562;148568;148564;148569;148563;148684;148567;148769;148685;148771;148770;148806;148808;148807;148768;148857;148860;148851;148877;148876;157845;148853;148892;148854;148878;148880;148858;149063;148881;148943;148906;148879;148942;148950;148985;148981;148945;148903;148983;148984;148993;148989;148988;148982;149258;148990;149024;149236;149028;149235;149027;149029;149025;149091;155782;149060;149243;149240;149241;149239;149242;149318;149321;149319;149444;149441;149317;149435;149443;149445;149876;149978;149442;149793;149695;149670;149677;149653;149698;149693;149664;149705;149690;149657;149686;149680;149676;149692;149703;149697;149706;149712;149679;149682;149652;149678;149694;149683;149655;149671;149687;149660;149662;149701;149654;149691;149702;149710;149674;149669;149656;149658;149673;149688;149659;149696;149663;149684;149672;149709;149700;149675;149689;149708;149667;149713;149665;149714;149681;149666;149685;149711;149668;149720;149792;149707;149760;149726;149725;149721;149735;149724;149723;165164;149722;149813;149811;149841;149816;149980;149817;149815;149839;149835;149898;149840;165116;149997;149998;149904;165147;165129;165153;150075;150433;150117;150118;150296;150295;150290;150289;150125;165118;150701;150123;150124;150126;150700;150136;150135;150127;165127;150128;150148;150146;150149;150147;165144;165126;165130;150291;150294;150161;165139;165137;150293;150786;165121;165150;150323;150321;165122;150322;150785;150347;165114;150326;150346;150829;165132;150375;155785;150350;150392;150808;150390;150389;150388;150393;150391;150810;150379;150380;150378;150376;150382;150386;150377;150381;150387;150383;150820;150818;150421;150432;150422;150819;150826;150812;150817;150434;150825;150827;150823;150501;150813;150759;150816;150815;150758;150757;150790;150828;150795;150824;150792;150756;150781;150766;150776;150822;150814;150777;150775;150780;155783;151290;152103;150821;150844;150853;155784;150845;151117;150852;151276;150951;151018;150950;150963;150991;151426;151116;151115;151140;151142;151138;151135;151149;151136;165162;151143;151141;151139;151153;151137;151289;165131;151427;151428;165143;151446;151445;151454;151453;151493;151580;151579;151578;151864;151846;151871;151855;151857;151856;151854;151872;151862;151845;151850;151888;151863;151886;151889;151867;151887;151843;151842;151859;151858;151929;152003;155787;151671;151670;151668;151675;151811;151669;152080;151914;151908;151911;151913;151910;151912;151909;151852;151844;151848;151861;151865;151849;152001;152005;151927;152074;152077;152076;152133;152097;152132;152440;152352;152355;152350;152585;152347;152348;152346;152354;152351;152353;152447;152446;152444;152438;152740;152449;165128;152445;152443;152451;152439;152450;152448;152442;152441;152605;152595;152590;152584;152592;152586;152606;152604;152593;152581;152579;152600;152577;152603;152589;152602;152580;165159;152599;152613;152627;152620;152621;152619;152660;152832;152678;152661;165148;165160;152689;152688;152968;152975;152778;152779;152829;152828;152874;152781;152863;152906;152903;152862;152902;152905;152908;152932;152926;152904;152964;152934;152955;152965;152923;152935;152924;152939;152922;152925;152930;152938;165136;152937;152933;152931;152929;152972;152940;152977;153098;153099;176330;153095;153097;153102;153096;153101;153094;153103;153104;153100;165119;165158;165163;165138;165115;165135;165146;165154;165156;153228;153233;153231;153232;153230;153234;153229;153238;153235;153242;165151;165120;165123;165141;153370;153371;165157;153404;153513;153403;153523;153405;153517;153834;153525;153524;153518;153522;165142;165125;153552;153553;153833;153835;153832;153777;153764;153803;153776;153804;153886;153887;153902;153940;153873;154019;154023;154022;154018;165134;154024;154086;154071;154077;154084;154072;154076;165140;154047;154074;154075;154083;154046;154048;154070;154293;154080;154049;154078;154081;154135;154134;154082;154143;154168;154136;154170;154169;154324;154313;154294;154310;154311;154309;154307;154320;154260;154252;154254;154251;154261;154737;154669;154255;154667;154333;165152;154335;154295;154306;154312;154334;154419;154421;154420;154437;154670;154668;154938;154666;154784;154832;154856;154830;154855;154781;154841;154831;154846;154838;154834;154847;154843;154836;154842;154893;154849;154840;154854;154887;154891;154909;155292;154910;154944;154947;155105;154942;155132;154943;155058;155172;155178;155197;155168;155151;155090;155085;155201;155194;155200;155217;155193;155094;155169;155210;155152;155110;155073;155091;155144;155181;155080;155089;155159;155224;155190;155112;155167;155165;155086;155160;155079;155209;155216;155207;155171;155111;155212;155072;155100;155092;155219;155059;155126;155155;155093;155133;155153;155122;155170;155208;155225;155150;155101;155179;155103;155211;155185;155071;155146;155184;155106;155214;155114;155082;155088;155087;155192;155203;155202;155206;155107;155096;155148;155102;155164;155204;155113;155081;155218;155158;155104;155182;155108;155183;155149;155215;155115;155109;155021;155074;155022;155023;155075;155223;155336;155332;155335;155333;155334;155364;155612;155361;155368;155360;155366;155367;155371;155359;155386;155365;155384;155378;155385;155376;155377;155599;155544;155542;155614;165161;155618;155654;155613;165145;155689;155684;165155;155690;155691;155688;155686;155682;155685;155831;155765;155755;155858;165117;155728;155718;155720;155719;155725;155736;155756;155743;155741;155746;155745;155764;155763;155762;155832;155833;155835;155941;155830;155820;155937;155891;155890;155928;155868;155927;155940;155931;155955;155968;155951;155954;155956;155971;155950;155977;155985;155988;155974;155983;155995;155976;156003;156005;155966;156004;156038;156044;156037;156107;156109;156106;156127;156108;156129;156111;156126;156134;156202;156133;156201;156128;156225;156250;156246;156247;156249;156251;156248;156261;156454;156452;156453;156463;156465;156464;156716;156548;158870;156658;156659;156726;156656;156632;156660;156730;156655;156657;156653;156696;156905;156734;156729;156728;156735;156727;156731;156739;156738;156737;156733;156736;156788;156774;156792;156819;156793;156798;156873;156878;156874;156866;156865;157053;156872;156869;156909;156912;156913;157046;157044;157045;157049;157056;157052;157054;157051;157089;157100;157099;157111;157097;157135;157133;157132;157095;157071;157091;157134;157106;157136;164873;164872;164870;157904;164861;164852;157166;157163;157226;157168;157167;157183;157268;157165;157264;157265;157267;157270;157880;157296;157269;157285;157309;157295;157312;157314;157313;157311;157331;157337;157336;157366;157384;157363;157362;157364;157376;157374;157375;157411;157412;157420;157455;157417;157414;157418;157415;157465;157854;157454;157466;157451;158096;157874;157875;157873;158119;157861;158066;158047;158055;158048;158056;158057;158071;158082;158075;158093;158074;158080;158070;158078;158077;158076;158120;158132;158129;158115;158326;158106;158116;158356;158368;158260;158248;158263;158216;158215;158266;158261;158262;158264;158323;158321;158322;158324;158325;158341;158347;158327;158334;158333;158351;158360;158349;158353;158355;158505;158556;158464;158354;158504;158565;158735;158727;158555;158736;158674;158741;158745;158811;158993;158814;158812;158803;158807;158813;158808;158804;158805;158873;158895;158806;158802;158810;158822;158816;158906;158815;158913;158809;158924;158918;158923;158912;159114;158907;158914;159185;159165;159168;158948;158942;158950;158952;158947;158951;158949;159122;158943;159041;159000;159030;159119;159118;159108;159214;159218;159121;159213;159120;159216;159215;159217;159201;159194;159199;159198;159197;159195;159200;159196;159169;159296;159167;159166;159289;159210;159226;159222;159291;159282;159301;159284;159290;159288;159287;159285;159283;159298;159274;159275;159286;159297;159292;159299;159310;159398;159390;159319;159314;159399;159469;159467;159468;159660;159470;159489;159520;159508;159521;159533;159531;159552;159538;159724;159539;159551;159595;159603;159597;159596;159622;159623;159613;159612;159614;159653;159664;159646;159635;159650;159691;159649;159688;160020;159669;159731;159727;159999;160030;159912;159903;159901;159908;159913;160255;160015;160033;160031;160023;160021;160022;160032;160037;160039;160055;160238;160210;160187;160192;160454;160198;160229;160231;160226;160215;160240;160224;160243;160232;160227;160230;160225;160228;160237;160241;160244;160242;160256;160288;160455;160512;160313;160320;160384;160321;160378;160415;160418;160417;160416;160414;160476;160515;160520;160503;160513;160539;160534;160509;160514;160634;160621;160635;160541;160624;164869;160966;160637;164866;161023;161045;161052;161035;161019;161003;160996;160994;161046;161051;161036;161009;161021;161005;161017;161050;161000;161001;161026;161027;160998;161028;161010;161030;161018;161040;161024;161044;161042;161041;160997;161014;161033;161032;161029;161039;161008;161006;161049;161022;161034;161012;161011;161047;161048;161015;161020;161038;161013;160995;161037;161016;160999;161031;164859;161068;161072;161083;161069;161076;161073;161079;161152;161075;161074;161070;161077;161067;161071;161081;161355;161078;161151;161080;161084;161082;161168;161155;161161;161216;161240;161215;164875;164858;164868;164876;164845;164851;164853;164847;164863;164844;161358;161354;161368;161361;161619;161621;161366;161443;161471;161475;161491;161490;161511;161462;161620;164862;161641;161643;161631;161637;161635;164856;161632;161625;164849;161642;161639;161638;161640;164874;161673;161678;161674;161675;161677;161662;161672;161676;161679;161710;161709;161705;161719;161704;161718;161720;161708;161726;161706;161779;161769;161783;161763;161770;161776;161784;161782;161781;161772;161780;164860;161815;161816;161796;161985;161814;161795;161835;161817;161818;161832;164855;161987;161898;161897;161905;161911;161923;161910;161924;161925;161965;162135;161963;161964;164848;164878;164865;164857;161966;161967;164854;162299;162161;162160;162158;162149;164850;162164;162229;164877;162165;162231;162304;162297;162298;162301;162230;162300;162303;162305;164846;162302;162329;162326;162327;162487;162328;162325;162486;162477;162479;162575;162478;162580;162581;162582;162584;162571;162583;162572;162573;162578;162655;162666;162654;162652;162658;162663;162649;162653;162651;162574;162632;162633;162630;162644;162647;162643;162637;162646;162634;162635;162579;162657;162622;162640;162638;162629;162631;162628;162641;162645;162665;162639;162668;162667;162659;162636;162642;162662;162656;162664;162650;162825;162704;162827;162829;162828;162826;163260;163076;163077;162986;163269;163300;163284;163303;163290;163291;163297;163296;163295;163340;163339;163338;163336;163337;163393;163444;163438;163445;163443;163446;163439;163452;163463;163462;163465;163464;163466;163472;164871;163503;163655;163524;163652;163654;163667;163670;163666;163653;163669;163678;163673;163672;163671;163664;163665;163697;163696;163703;163676;163695;163792;163795;163706;163791;163793;163729;163732;163709;163794;163694;163693;163796;163797;163936;163845;163850;163963;163962;163916;163937;163960;163972;163973;163964;164009;163961;164038;164014;164123;164127;164128;164130;164126;164129;164151;164867;164864;164152;164322;164385;164389;164403;164407;164395;164391;164380;164393;164406;164399;164414;164388;164390;164396;164400;164405;164409;164410;164401;164413;164408;164398;164397;164402;164411;164507;164498;164513;164512;164516;164620;164616;164631;164615;164618;164626;164679;164792;164789;164793;164794;164788;164835;164832;164833;164824;164836;164834;164879;164842;164843;164975;164974;164962;164973;164960;164959;164957;164958;164972;165009;165008;164971;164964;165014;165013;165010;165093;165092;165094;170386;170368;165091;165090;165190;165195;165429;169721;165236;165187;165264;165267;165269;165274;165270;165271;165263;165266;165268;165460;165475;165472;165471;165473;165462;165469;165467;165468;165464;165522;165458;166475;165474;165628;165553;165640;165567;165552;165637;165636;165635;165646;165643;165655;165644;165652;165645;165649;165665;165657;165673;165720;165696;165980;165959;165724;165981;165729;165728;165730;165739;165737;165738;166007;166009;166018;166011;166022;166019;166152;166148;166150;166149;166151;166207;166056;166170;166173;166180;166171;166200;166201;166199;166197;166231;166204;166328;166275;166196;166285;166280;166287;166284;166282;166279;166288;166290;166327;166281;166283;166273;166221;166326;166217;166259;166218;166225;166223;166220;166224;166263;166271;166342;166345;166344;166343;166340;166341;166431;166476;166430;166445;166444;166479;166464;166492;166474;166478;166540;166543;166480;166541;166542;166473;166477;166470;166539;166564;166490;166482;166484;166486;166483;166463;166465;166481;166491;166699;166485;166471;166521;166771;166700;166802;166823;166775;166776;166888;166789;166882;166884;166886;166887;166883;166881;166885;166878;166903;166880;166879;166946;166947;166948;167146;167095;167077;167128;167153;167087;167127;167082;167085;167145;167125;167080;167083;167093;167148;167150;167097;167079;167193;167102;167194;167090;167084;167165;167151;167089;167173;167124;167091;167088;167081;167129;167132;167126;167136;167152;167155;167141;167139;167074;167138;167167;167169;167123;167073;167130;167137;167179;167142;170379;167086;167205;167215;167458;167078;167501;167644;167597;167544;167590;167600;167578;167623;167595;167571;167540;167525;167618;167607;167642;167613;167593;167591;167643;167588;167605;167569;167596;167570;167568;167603;167628;167554;167566;167621;167624;167641;167604;167572;167617;167606;167619;167610;167626;167523;167601;167627;167636;167614;167622;167616;167620;167609;167567;167625;167582;167598;167599;167534;167535;167576;167602;167583;167608;167612;167611;167635;167645;167788;167742;167741;170372;167749;167651;167832;168014;168012;168013;168026;168031;168016;168033;168024;168027;168032;168029;168047;168025;168028;168136;168212;168030;170373;168131;168324;168211;168213;168210;168218;168219;168214;168209;168217;168258;168323;168221;168220;168271;168268;168267;168259;168266;168265;168272;168411;168377;168410;168383;168384;168409;170376;168414;168416;168413;168415;170370;168423;168412;168473;168421;168498;170362;170385;170377;170364;170369;170374;170363;170375;170366;170388;170378;170361;170381;170380;170359;170387;170358;170360;170382;170365;170367;170371;170384;168638;168497;168672;168667;168476;170383;168675;168698;168668;168702;168695;168674;168711;168709;168712;168713;168706;168710;168735;168704;168847;168707;168925;168835;168923;168850;168833;168838;168831;168843;168837;168844;168830;168924;168846;168922;168849;168845;168842;168848;169449;169448;169708;169706;169493;169526;169704;169718;169885;169882;169709;169710;169886;169921;169920;169918;169919;169973;169970;169967;169961;169969;169965;169959;169966;169957;169971;169960;169963;169958;169981;170027;169964;170074;170075;170069;170070;170072;170071;170073;170068;170104;170133;170141;170128;170405;170139;170277;170132;170134;170138;170130;170142;170131;170490;170129;170423;170456;170463;170454;170429;170687;170393;170686;170275;170389;170392;170278;170274;170390;170394;170411;170279;170283;170402;170276;170426;170424;170282;170281;170414;170419;170408;170406;170427;170407;170425;170403;170404;170420;170418;170422;170400;170468;170410;170416;170421;170401;170446;170455;170466;170465;170449;170470;170435;170475;170491;170500;170508;170531;170480;170533;170479;170532;170522;170511;170535;170630;170529;170530;170534;170635;170645;170629;170649;170633;170641;170648;170634;170685;170856;170874;170869;170855;170853;170852;170876;170865;170909;170870;170914;171028;170911;171037;171057;171036;171033;171024;171032;171035;171025;171034;171022;171030;171031;171029;171026;171023;171021;171095;171027;171094;171091;171098;171093;171101;171097;171089;171111;171113;171110;171208;171207;171209;171223;171210;171224;171225;171231;171235;171232;171234;171236;171648;171435;171647;171644;171646;171645;171640;171641;171661;171662;171649;171668;171652;171653;171660;171655;171651;171723;171727;171721;171722;171715;171725;171700;171720;171724;171726;171719;171699;171717;171701;171718;171982;171794;171984;171973;171796;171977;171978;171972;171974;171975;171981;171987;171962;171983;171963;171979;171976;171971;171970;171980;172041;172042;172039;171968;171996;172118;172211;172119;172117;172182;172116;172224;172212;172232;172225;172226;172220;172372;172369;172373;172400;172370;172371;172374;172501;172548;172543;172546;172542;172547;172544;173043;173045;172549;172586;173046;172587;173306;173318;173316;173041;173042;173308;173315;173322;173314;173303;173309;173324;173311;173323;173312;173325;173313;173305;173307;173320;173304;173310;173321;173332;173317;173319;173428;173422;173420;173421;173435;173427;173423;173453;173426;173690;173692;173691;173796;173777;174029;189647;189648;173872;173864;173857;173877;173844;173860;173871;173845;173875;173851;189669;173869;189668;173870;173852;173868;173841;173847;173878;173873;173850;173862;173867;173846;173926;174176;173925;173921;173924;174389;174030;189659;174004;174387;174130;174132;174128;174129;174127;174131;174133;174268;174180;174178;174229;174181;174267;174270;174269;174346;174347;174349;174341;174343;174348;174342;174345;174408;174420;174412;174415;174414;174411;174693;174563;174406;174702;174407;174676;174690;174561;174562;174687;174699;174671;174675;174483;174688;174482;174689;174629;174714;174514;174628;174703;174516;174729;174710;174717;174712;174951;174732;174952;174588;174587;174619;174590;174592;174691;174692;174731;174733;174726;174735;174730;174725;174756;174727;174755;174728;174734;175000;174754;174950;174994;174998;174999;174992;174995;174993;175026;175024;175118;175111;175117;175112;175113;175119;175114;175122;175460;175116;175120;175421;175445;175443;175410;175478;175483;175420;175430;175419;175465;175444;175480;175458;175404;175399;175473;175479;175422;175466;175333;175411;175482;175448;175436;175442;175446;175457;175474;175472;175464;175475;175463;175423;175452;175439;175456;175435;175400;175471;175477;175468;175426;175469;175462;175438;175449;175461;175403;175459;175481;175447;175437;175476;175401;175467;175470;175431;175558;175486;175485;175489;175557;175556;175866;176146;175834;175864;176147;175828;175862;175872;175825;175854;175829;175840;175870;175871;176145;175832;175874;175881;175882;175903;175878;175865;175879;175867;175830;175859;175833;175861;175902;175836;175863;175900;175831;175826;175857;175901;175843;175853;175855;175827;175851;175844;175899;175875;175849;175895;175842;175846;175880;175908;175932;175938;175841;175924;175894;175873;175930;175933;175936;175941;175934;175918;175923;175917;175935;175943;175922;175921;175920;175937;175982;175940;175984;175979;175942;175981;175980;175983;176068;176205;176065;176202;176201;176204;176233;176246;176232;176203;176321;176250;176247;176245;176256;176320;176322;176391;176392;176683;176357;176656;176655;176652;176654;176651;176653;176650;176537;176535;176536;176538;176682;176541;176680;176718;176727;176681;176722;176720;176719;176723;176738;176728;176721;176750;176737;176768;176770;176760;176748;176751;176749;176983;176891;179874;177290;177096;177285;177286;177291;177284;177288;177289;177322;177321;177287;177292;177308;177301;177304;177316;177313;177299;177310;177303;177309;177320;177302;177319;177314;177311;177315;177300;177298;177318;177306;177348;177432;177425;177473;177424;177452;177494;177530;177531;177527;177529;177525;177528;177524;177526;177533;177534;177637;177665;177614;177535;177662;177655;177428;177663;177658;177666;177664;177659;177656;177661;177657;177671;177660;177672;177670;177738;177786;177767;177768;177765;177737;177785;177762;177766;177787;177764;177760;177761;177763;177788;178118;178121;178112;178099;178104;178120;178119;178234;178232;178182;178235;178237;178239;178233;178238;178236;178269;178252;178246;178270;178250;178247;178249;178251;178248;178257;178274;178255;178253;178273;178272;178256;178258;178268;178259;178254;178271;178334;178332;178335;178333;178421;178336;178422;178429;178431;178427;178423;178435;178425;178428;178433;178430;178434;178432;178424;178426;179054;178571;178634;178682;178574;178564;178573;178733;178570;178561;178568;178563;178567;178565;178569;178572;178562;178633;178631;178681;178438;178440;178439;178566;178632;178732;178767;178768;178630;178904;178766;178765;178949;179059;179053;179051;179057;179055;179060;179316;179058;179056;179052;179156;179161;179149;179155;179157;179165;179147;179154;179158;179150;179152;179148;179159;179162;179153;179164;179160;179181;179163;179151;179180;179182;179206;179201;179179;179215;179216;179307;179308;179324;179323;179320;179321;179327;179325;179322;179326;179392;179397;179402;179404;179403;179409;179399;179398;179411;179400;179401;179410;179439;179437;179452;179450;179458;179455;179456;179451;179454;179475;179457;179438;179474;179453;179508;179506;179507;179879;179810;179812;179817;179813;179809;179811;179818;179815;180027;180020;180028;179814;179816;180026;180037;180036;180031;180032;180034;180030;180209;180210;180035;180033;180214;180213;180212;180211;180208;180238;180242;180239;180246;180241;180243;180240;180249;180248;180244;180245;180247;180281;180237;180470;180327;180262;180417;180418;180282;180419;180480;180483;180476;180482;180479;180475;180486;180478;180484;180477;180498;180481;180485;180487;180474;180499;180500;181234;180579;181233;181239;181242;181240;181241;181244;181284;181243;181245;181281;181279;181286;181285;181287;181283;181282;181280;181370;181371;181374;181545;181520;181372;181373;181528;181537;181539;181544;181527;181546;181530;181526;181534;181538;181547;181529;181535;181548;181533;181532;181524;181525;181531;181536;181573;181605;181609;181604;181603;181608;181606;181610;181601;181599;181600;181602;181622;181624;181607;181617;181618;181623;181619;181633;181621;181632;181616;181695;181694;181693;181620;181631;181891;182429;182166;181892;181889;181890;181893;182439;182551;182536;182535;182537;182553;182554;182534;182555;182538;182533;182552;182539;182532;182540;182600;182606;182601;182603;182608;182607;182599;182595;182602;182598;182604;182597;182596;182623;182605;182593;182592;182594;182622;182683;182621;182684;182780;182783;182779;182784;182775;182777;182781;182776;182782;182785;182787;182786;182778;182788;182837;182829;182834;182823;182832;182839;182822;182836;182827;182831;182840;182830;182825;182835;182826;182833;182821;182824;182828;182990;182993;182838;182988;182991;182989;183191;182992;183082;183183;183184;183189;183187;183194;183188;183204;183186;183192;183185;183203;183190;183364;183202;183373;183376;183369;183371;183374;183327;183370;183329;183326;183334;183201;183332;183331;183333;183200;183339;183338;183335;183363;183336;183328;183340;183221;183222;183229;183228;183220;183224;183223;183227;183226;183225;183255;183254;183256;183253;183262;183252;183261;183301;183305;183251;183260;183302;183304;183303;183330;183375;183337;183367;183365;183372;183401;183368;183377;183399;183366;183400;183435;183436;183735;183402;183403;183732;183729;183995;189654;183737;183730;183733;183734;183736;183971;183972;183764;183731;183922;183782;183772;183781;184022;183883;184021;184020;184039;184041;184040;184050;184048;184044;184049;184045;184042;184051;184043;184046;184038;184077;184047;184076;184133;184134;184173;184171;184172;184203;184174;184208;184202;184205;184207;184204;184201;184200;184275;184276;184206;185088;185104;185092;185121;184277;185120;185136;185100;185124;185112;185130;185139;185106;185150;185109;185096;185099;185153;185097;185127;185152;185134;185113;185129;185093;185132;185115;185156;185110;185126;185103;185125;185155;185117;185102;185146;185098;185107;185105;185108;185123;185119;185128;185154;185133;185149;185159;185148;185141;185122;185131;185138;185095;185094;185091;185111;185145;185089;185140;185142;185144;185137;185118;185151;185135;185101;185157;185114;185090;185158;185147;185143;185116;185376;185358;185367;185419;185370;185375;185361;185357;185355;185359;185363;185360;185369;185362;185356;185381;185495;185379;185380;185494;185492;185493;185498;185666;185686;185699;185655;185700;185653;185675;185685;185656;185684;185658;185657;185691;185702;185687;185683;185659;185690;185660;185692;185694;185652;185667;185665;185695;185688;185661;185654;185676;185668;185678;185705;185703;185664;185704;185669;185650;185679;185662;185697;185670;185673;185698;185663;185651;185706;185681;185707;185672;185696;185677;185674;185693;185680;185689;185682;185773;185701;185671;185774;185803;185808;185802;185807;185794;185796;185806;185799;185800;185810;185805;185795;189638;185804;185801;185798;185809;185905;185797;186074;186033;186053;186041;186057;186063;186062;186044;186042;186064;186034;186066;186061;186073;186075;186048;186050;186056;186072;186060;186047;186059;186067;186049;186055;186054;186071;186045;186058;186051;186043;186052;186065;186046;186068;186069;186194;186195;186070;189664;186247;186248;186246;186313;186314;186311;186309;186310;186316;186315;186318;186320;189657;186312;186317;186319;186371;189650;186308;186375;189667;189645;189651;189639;189642;186374;186372;189660;186373;189637;186370;186369;186391;186392;186383;189661;186431;186434;186433;186438;186439;186432;186436;186675;189653;186437;186674;186435;186484;186538;186542;186543;186544;186620;189640;186618;186619;186621;186721;186665;186664;186729;186727;186728;186726;186725;186762;186764;186763;189656;186761;186759;186760;186799;186802;186804;186798;186796;186801;186800;186803;186805;186797;186827;186828;186852;186853;186829;186854;186849;186851;186850;186842;186846;189655;186847;186848;186930;186939;186940;186938;186929;189641;187083;187085;187084;187082;187086;187088;187069;187087;187125;187126;189663;187124;187414;187408;187420;187425;189662;187413;189644;187426;187422;187411;187427;189643;187482;187423;187412;187409;187481;187418;187410;187421;187428;187614;187632;187424;187674;187419;187675;187785;187786;187744;187784;187851;189649;187850;187882;187849;187898;187893;187887;187881;187894;187877;187883;187889;187892;187888;187897;187878;187891;187880;187886;189658;187879;187885;187895;187890;187884;187896;187914;187911;187909;187912;187910;187915;187913;189665;189174;189175;189078;189173;187967;189079;189084;189082;189081;189083;189127;189133;189121;189135;189140;189136;189134;189122;189128;189139;189123;189129;189138;189137;189120;188059;188058;188060;189085;189080;188057;188061;189192;189132;189530;189193;189271;189130;189191;189131;189285;189488;189522;189529;189526;189528;189524;189525;189527;189521;189554;189523;189652;189487;189539;189646;189573;189555;189543;189553;189542;189558;189541;189566;189549;189557;189569;189582;189565;189560;189574;189562;189546;189544;189578;189567;189585;189563;189556;189570;189580;189538;189579;189547;189577;189571;189572;189564;189575;189552;189581;189584;189540;189587;189568;189551;189588;189561;189545;189559;189548;189576;189586;189550;189583;189744;138374;139374;90250;12512;59189;189750;189743;189741;105412;14657;179396;152610;189742;33126;125835;39807;39808;39809;149983;33562;10204;21141;18559;18560;10392;189409;189432;189418;189429;189448;189415;189421;189451;189438;189442;189457;189433;189411;189440;189426;189416;189435;189427;189430;189449;189447;189417;189413;189446;189444;189412;189450;189419;189407;189445;189414;189434;189410;189420;189452;189439;189422;189423;189456;189441;189431;189424;189443;189455;189458;189437;189454;189408;189453;34030;189428;189436;189425;54602;70352;58171;148695;95950;66317;103221;150716;163098;155127;162320;185948;66316;66315;35737;33476;59607;90712;51461;51462;51463;185070;184893;187059;184542;184504;184549;184639;185084;184881;184908;184894;184969;184596;184906;184867;184748;184636;184780;185056;184895;184556;184689;184561;184840;184484;184733;184768;185013;184994;184988;184480;184681;184904;184510;184706;184858;185061;185038;184508;184824;185023;184890;184876;184911;184918;184555;184543;184778;184503;184781;185067;184919;184655;184535;184678;184516;184619;184957;184986;185029;184573;157830;185032;184927;184832;184607;185006;185004;184729;184534;184608;185072;184872;184972;185054;184570;184572;184669;184499;184961;184660;185028;184545;184708;184953;184648;185040;184770;184653;184773;184985;184677;184747;184491;184930;184582;184489;184835;184870;184909;185064;184538;184691;184679;184825;184855;184759;184912;185080;184877;185009;184929;184662;184860;184764;184633;184896;184853;184826;184892;184949;184700;184786;184711;184732;184967;184539;185047;184724;184968;185039;184782;184836;184767;184490;184488;157809;184690;184948;184686;184501;184687;184978;157789;184715;184588;184471;184755;185011;184771;184550;184869;184966;184558;184937;185045;184629;184922;184568;185079;185015;184935;184740;184659;184868;184668;184838;184744;184546;184965;184496;184742;184761;184506;184746;184723;184575;184816;184946;184477;184991;184760;184983;157744;157816;157782;157793;157742;157768;157734;157732;157760;157731;157769;157800;157749;157779;157747;157836;157774;157827;157835;157767;157799;157772;157733;157811;157762;184646;157803;157825;157797;157834;157806;157748;157771;157764;157763;157798;157804;157754;157817;184821;157794;157838;184626;184784;157785;157745;157759;157776;157750;157792;185012;157766;157808;184704;157784;185025;184756;157781;157821;157775;157752;157743;157756;157795;157765;157818;157730;157758;157773;157810;157812;184945;184515;185048;157755;157802;185033;157746;157788;157791;157783;157829;184785;157828;157824;157741;185021;157839;184695;157751;157777;157740;157757;157826;157837;157814;184665;157736;184766;184847;157820;157787;184763;184505;184701;185065;184562;184871;184928;184693;184819;184637;184667;184583;184975;184851;185043;184602;184822;185037;184684;185007;184996;184888;184696;184774;184750;184889;185024;184604;184751;185083;184902;184971;184828;157801;184938;157761;184578;185051;185030;157815;157813;184618;184641;184532;184666;157823;184873;184548;184845;184674;185082;184600;184765;184958;184941;157737;185001;184731;184910;184850;184915;164488;184970;157739;157735;184738;184962;184944;184960;184710;184551;184537;185055;184531;184670;157831;185017;157770;184862;157805;184843;184541;184485;157833;184699;184610;184473;157822;184727;184611;184597;185066;184685;184933;184974;184998;184530;184533;184649;184642;184698;184921;184925;184577;185035;184625;184476;184977;184644;184481;185008;185044;184979;185075;184901;184643;184647;184664;184813;184688;184829;184609;184697;184565;184736;184936;184952;184566;184963;184658;184749;184536;184595;184645;185042;184814;184487;185058;184585;159611;184981;184623;184924;184920;184650;184852;160293;160291;184886;160292;185036;184694;184839;185022;157832;184859;184627;160669;184992;157796;184982;184630;184956;161341;167826;184718;184950;184964;184897;184593;184776;185019;161343;161340;185081;161338;184743;184616;184483;184584;184762;184472;157738;184735;184775;184615;157819;184898;184613;161346;184954;184621;184841;184553;184882;161333;184552;184973;184728;184683;161344;161350;161342;184486;161349;161351;184734;184757;161208;161339;161348;184479;184866;161345;161334;161347;184865;184905;157778;157807;157780;157753;157786;157790;184833;184492;162846;157844;162845;184651;184875;162850;184554;184478;162841;184758;184848;184769;184692;184923;162853;162847;185049;157863;184654;157864;185014;184717;162851;162852;184834;162838;162848;162843;184820;184567;184917;162849;184656;184863;185034;184856;184739;184564;184726;184817;162842;184605;184652;162978;162840;162982;184590;163135;163215;163478;184599;163479;184818;184702;163477;184657;184932;185063;184772;164133;184557;184907;171016;164132;184563;164131;185071;184730;185018;184672;184987;185003;184624;184926;185031;164490;184547;184591;184580;164489;164649;184990;164650;184500;184571;167797;184612;167804;184628;184569;167825;184671;184879;167800;171017;184675;184878;167791;184741;184899;184783;184880;184997;167805;184581;167802;167795;184752;184830;184719;184509;167824;171018;184663;184815;167815;184885;184720;185002;167808;167818;167801;184574;184493;184916;167827;167816;184900;185046;167817;184980;167813;167810;167796;185005;167807;167823;184823;184529;167819;184995;185069;184831;185077;184705;184887;184842;167803;167798;184594;171546;184883;167822;184601;184661;167790;184513;168481;184779;184640;167828;184857;184725;170777;167830;167789;170776;170775;167820;184714;167809;167793;185059;184576;167831;167792;167806;184993;184586;184603;184474;167814;167821;184989;167812;167794;184846;167811;185074;170780;167829;184614;184913;170774;170782;170705;185050;170703;184475;184482;170646;184673;184507;184620;184716;185026;184864;170778;184498;184709;170713;184560;184984;184497;170640;184703;184849;170647;185041;185020;185052;184638;184631;185076;170714;158842;185078;184682;184544;158867;185027;185062;158877;184939;158868;184592;184540;184680;158876;184777;185057;184622;184837;185000;184511;184606;184635;184754;184579;168134;184617;170773;184934;168128;184827;168480;184943;184589;170781;168482;170779;170052;158965;184891;184861;168884;170051;185010;184854;184947;184737;184632;184745;184844;184559;184495;184598;184514;184707;184712;184976;185053;184502;184874;184721;184931;184753;184940;171015;185068;184519;184787;184713;184903;185016;184587;184884;184955;184951;184722;184512;184942;184528;184914;184959;184999;184676;184494;185073;184634;184523;184520;184526;184525;185060;184517;171092;171559;171543;171096;171100;171099;171542;171540;171745;171541;171755;171751;171758;171750;171746;171748;171752;171759;171757;171760;171763;171762;171756;173651;171945;171950;173999;173987;173982;173993;173996;173990;173989;172327;172046;173985;172338;172318;172325;173484;173984;172618;173483;173480;173476;173482;173991;173994;173981;173992;173995;173986;173997;173980;173988;174794;173983;174171;174169;174795;174799;174797;174802;174800;174796;174808;174803;174798;174801;174809;175145;176400;175286;175146;176396;176395;175139;176077;176081;176080;176086;176082;176085;175965;177619;176386;176083;176079;176393;177255;180387;177261;177618;180404;177262;184522;177604;177601;180395;177605;177617;180401;177602;180384;180385;180400;180386;180390;180407;177613;180396;180399;180397;180405;180403;180388;180398;184521;177603;178050;180391;180393;178049;178048;178491;178051;184518;180392;180402;180394;184524;178490;180408;179464;179465;179448;179446;179470;179471;182728;179467;179473;179444;179445;179449;179468;179466;179472;180156;182733;179447;180154;180218;182729;182723;182734;182720;183080;182721;179469;180217;180160;180161;180155;180157;180159;182722;180219;182726;180389;180158;180406;182727;182724;181627;181887;181630;181628;181629;182732;182730;181886;181884;181888;181885;182619;182618;182620;182617;182725;182719;183081;183078;183079;183796;183814;183815;183818;182731;183813;183816;183797;183793;183812;183795;183794;183791;183810;183817;183792;183811;185466;185471;185475;185469;185474;185468;185467;185470;185472;186405;185473;186399;186395;186394;186401;186400;186397;186404;186403;186402;186396;186398;186633;186634;186632;186631;187705;187719;187716;187706;187720;187718;187717;187715;187713;188022;188023;188021;187714;188020;188017;188018;188019;188016;189074;189073;70144;70143;69428;70745;70746;108889;69427;62438;57347;69515;57348;57349;99477;99476;50000;26062;31993;33226;34772;38745;39339;35687;40554;42478;46838;39767;47888;45045;49144;50654;52613;53411;55639;56483;59069;58323;71616;31788;12000;65612;147022;63686;170272;170271;170270;171439;171438;171437;169747;159761;170269;159760;166123;164072;179661;169745;174174;179663;146444;168749;172581;182509;176210;172580;176206;176208;176209;168363;175670;176207;166122;166121;146443;55650;40617;72211;55651;40618;32194;36073;29924;36163;31122;67129;24236;25734;69956;12001;21725;162508;109143;109144;19506;11561;144105;144104;20863;21226;21629;22371;22097;23634;25351;23928;24735;33506;33394;35220;34269;36130;35978;34768;39494;45111;40874;25765;25842;27536;28374;42307;31653;43175;50386;30210;51124;52769;52533;45395;53597;44660;47126;57317;47785;59411;49149;50088;60046;61718;62583;62592;62747;63001;63554;55884;65187;64726;65809;69272;69996;70719;70950;55885;71349;56041;56123;58009;57772;57921;56337;57353;58352;58901;77283;73771;73101;72333;77909;82042;15820;80525;15822;38687;183689;26921;88907;107268;11583;20975;39564;40421;42369;46329;44094;48436;50387;107267;51936;55833;55142;57941;56734;59047;61536;62702;64621;67233;65913;69844;71342;72435;84765;72983;86633;85882;97835;100806;80169;104628;124028;187943;167278;179637;168748;181417;151666;177369;152522;150863;145549;174522;145491;149326;164063;150140;152659;162727;162726;175628;66839;66840;51894;51895;42399;58134;23969;35327;21576;33125;30206;50597;45060;45061;50598;42148;101085;101084;66695;20090;29250;21209;60162;60163;60164;60167;60165;60166;60168;60170;60171;60169;60172;60173;60174;60175;60176;60179;60177;60178;60180;60181;60183;60182;60185;60184;60186;60187;60191;60188;60190;60189;60192;60193;60194;60197;60195;60196;60198;60199;60201;60203;60202;60200;60205;60204;60208;60209;60207;60206;60210;60211;60213;60214;60212;60215;60217;60216;60219;60220;60218;60221;60223;60222;60224;60225;60226;60227;60228;60229;60232;60230;60231;60233;60235;60234;60239;60238;60236;60237;60241;60240;60245;60242;60244;60243;60246;60247;60249;60251;60248;60250;60253;60252;60255;60254;60256;60257;60259;60258;60260;60261;60263;60262;60264;60265;60267;60269;60268;60266;60270;60271;60274;60273;60272;60275;60276;60277;60280;60278;60279;60281;60283;60282;60284;60285;60287;60286;60288;60289;60291;60290;60292;60294;60295;60293;60296;60297;60301;60298;60300;60299;60303;60302;60304;60306;60305;60307;60308;60309;60312;60311;60310;60313;60314;60315;60318;60317;60316;65042;60320;60319;60323;60322;60321;60324;60326;60325;60328;60327;60329;60330;60331;60332;60335;60334;60333;60336;60338;60337;60340;60339;60341;60342;60343;60344;60345;60347;60346;60348;60350;60349;60352;60351;60353;60354;60355;60356;60359;60358;60357;60360;60362;60361;60363;60364;60365;60366;60368;60367;60369;60370;60371;60372;60374;60373;60375;60376;60377;60378;60379;60380;60382;60381;60383;60384;60385;60386;60388;60387;60389;60390;60391;60392;60394;60393;60396;60397;60395;60398;60399;60400;60403;60401;60402;60405;60404;60406;60409;60408;60410;60407;60412;60411;60416;60414;60413;60415;60417;60418;60421;60419;60420;60422;60423;60424;60425;60426;60427;60428;60429;60430;60431;60433;60432;60434;60435;60436;60437;60438;60439;60440;60441;60442;60444;60445;60443;60446;60447;60448;60450;60449;60451;60452;60454;60453;60455;60456;60457;60458;60460;60461;60459;60462;60463;60464;60465;60466;60467;60468;60469;60470;60471;60472;60474;60473;60477;60475;60476;60478;60479;60480;60482;60483;60481;60484;60485;60486;60487;60488;60489;60490;60492;60491;60494;60495;60493;60496;60498;60497;60499;60501;60500;60502;60503;60504;60507;60506;60505;60509;60510;60508;60512;60513;60511;60514;60515;60516;60518;60517;60519;60522;60521;60520;60524;60525;60523;60526;60527;60528;60530;60531;60529;60532;60533;60534;60535;60538;60536;60537;60539;60540;60541;60542;60544;60546;60545;60543;60547;60548;60551;60550;60549;60552;60553;60554;60557;60558;60555;60556;60559;60562;60564;60560;60563;60561;60565;60566;60570;60567;60569;60568;60571;60572;60573;60574;60576;60575;60578;60577;60580;60579;60582;60581;60583;60585;60586;60584;60587;60588;60589;60591;60592;60590;60594;60593;60595;60598;60596;60597;60601;60600;60603;60602;60604;60599;60606;60607;60612;60605;60611;60608;60609;60610;60614;60613;60615;60616;60617;60618;62808;62809;60620;60621;60619;60624;60622;60623;60625;60626;60627;60628;60629;60631;60630;60632;60633;60635;60636;60638;60634;60637;60639;65043;60640;60641;60646;60642;60643;60644;60645;60647;60648;60649;60650;60652;60651;60653;60654;60656;60658;60660;60655;60657;60659;60662;60663;60664;60666;60665;60668;60661;60667;60670;60669;60671;60672;60674;60673;60676;60675;60678;60680;60679;60677;60681;60682;60685;60684;60683;60686;60687;60689;60690;65044;60688;60691;60692;60695;60694;60693;60696;60698;60697;60699;60700;60701;60702;60703;60704;60706;60705;60707;60708;60709;60710;60711;60712;60713;60714;60715;60716;60718;60719;60717;60720;60722;60721;60724;60725;60723;60727;60726;60728;60729;60731;60730;60732;60733;60734;60736;60735;60737;60738;60739;60740;60741;60742;60743;60744;60745;60746;60748;60747;60749;60751;60750;60752;60753;60755;60756;60754;60757;60758;60759;60760;60762;60761;60764;60763;60765;60766;60769;60767;60768;60770;60772;60771;60773;60774;60776;60775;60777;60778;60779;60780;60782;60781;60783;60784;60786;60785;60787;60788;60790;60789;60792;60791;60794;60793;60796;60795;60798;60797;60799;60800;60801;60802;60803;60804;60805;60806;60808;60807;60809;60811;60810;60812;60813;60814;60815;60817;60818;60816;60819;60820;60821;60824;60823;60822;60825;60826;60827;60829;60828;60830;60831;60832;60834;60835;60833;60836;60838;60837;60841;60839;60840;60842;60843;60844;60846;60845;60847;60848;60849;60850;60852;60851;60853;60854;60855;60857;60858;60859;60856;60860;60861;60862;60863;60864;60865;60866;60867;60869;60870;60871;60868;60872;60873;60876;60877;60874;60875;60878;60879;60883;60882;60880;60881;60884;60885;60886;60889;60888;60887;60891;60890;60894;60895;60893;60892;60896;60897;60898;60901;60900;60899;60903;60902;60907;60905;60906;60904;60909;60908;60912;60910;60911;60913;60914;60915;60916;60917;60918;60919;60921;60920;60922;60923;60924;60925;60927;60926;60928;60929;60930;60931;60933;60932;60934;60935;60936;60937;60939;60938;60940;60942;60944;60943;60941;60945;60946;60949;60950;60948;60951;60947;60952;60954;60957;60953;60955;60956;60958;60959;60962;60963;60961;60960;60964;60969;60966;60965;60967;60968;60970;60971;60973;60972;60975;60974;60976;60979;60977;60978;60981;60980;60982;60983;60985;60984;60986;60987;60988;60991;60989;60990;60992;60993;60994;60997;60996;60995;60998;60999;61000;61002;61004;61001;61005;61003;61006;61007;61008;61009;61010;61011;61012;61013;61014;61016;61015;61017;61018;61019;61020;61021;61023;61022;61024;61026;61027;61028;61025;61030;61029;61031;61032;61033;61034;61035;61036;61037;61038;61040;61042;61041;61039;61043;61044;61047;61046;61045;61048;61050;61049;61053;61052;61054;61051;61056;61055;61059;61060;61058;61057;61061;61063;61066;61065;61064;61062;61067;61068;61069;61070;61071;61072;61073;61074;61076;61075;61077;61078;61079;61081;61080;61083;61082;61085;61084;61086;61087;61089;61088;61090;61091;61094;61093;61095;61092;61097;61096;61099;61098;61100;61101;61102;61103;61105;61104;61106;61108;61107;61109;61111;61110;61112;61114;61113;61115;61117;61116;61118;61119;61120;61123;61122;61124;61121;61126;61125;61127;61128;61129;61131;61130;61132;61133;61134;61135;61136;61137;61138;61139;61140;61141;61142;61144;61143;61145;61147;61146;61148;61149;61151;61150;61152;61153;61154;61155;61157;61156;61158;61159;61160;61161;61163;61162;61164;61165;61166;61169;61167;61168;61170;61171;61174;61173;61172;61175;61176;61177;61179;61178;61180;61181;61182;61183;61185;61186;61184;61187;61188;61190;61189;61191;61192;61193;61195;61194;61198;61197;61199;61196;61201;61200;61202;61204;61205;61203;61206;61207;61208;61211;61210;61209;61213;61212;61217;61216;61214;61215;61218;61219;61221;61222;61223;61220;61224;61225;61229;61227;61226;61228;61231;61230;61232;61233;61234;61235;61237;61236;61238;61239;61240;61241;61242;61243;61244;61245;61247;61246;61248;61249;61250;61251;61253;61252;61254;61255;61256;61259;61257;61258;61260;61261;61263;61264;61265;61262;61266;61267;61270;61269;61268;61271;61272;61273;61274;61276;61275;61277;61278;61281;61282;61279;61283;61280;61284;61285;61289;61286;61288;61287;61290;61292;61293;61291;61294;61295;61296;61299;61297;61301;61300;61298;61302;61303;61305;61306;61304;61307;61308;61309;61313;61310;61311;61312;61314;61315;61319;61318;61317;61316;61320;61322;61325;61323;61324;61321;61326;61327;61329;61328;61330;61331;61332;61335;61333;61334;61336;61337;61338;61340;61339;61342;61341;61343;61344;61347;61345;61348;61349;61346;61350;61354;61351;61353;61355;61352;61356;61360;61359;61357;61358;83916;61361;61363;61365;61366;61362;61364;61367;61370;61368;61371;61369;61406;61372;61408;61407;61410;61426;61427;61409;61428;61455;61560;61456;61605;61606;61655;61656;61692;61694;61693;61657;61726;61727;61785;62071;61784;61786;61794;61795;62057;62058;62059;61796;62094;62095;62108;62109;62106;62107;62172;62171;62173;62174;62175;62197;62218;62346;62426;62427;62304;62428;62432;62492;62554;62506;62493;62555;62556;62616;62617;62653;62773;62618;62774;62775;62918;62859;62858;62898;62924;62919;63019;63018;62934;62933;63020;63071;63183;63191;63192;63106;63313;63314;63591;63592;63601;63294;63471;63593;63595;63596;63594;63597;63598;63599;63603;63600;63602;63604;63605;63472;63607;63664;63606;63677;63678;64090;64091;63679;64282;64423;64424;64425;64427;64428;64426;64489;64605;64429;64499;64522;64521;64523;64776;64566;64777;64779;64778;64947;64946;65563;65008;64948;64949;65009;65010;64950;64951;65011;64952;64953;65012;65013;64955;64956;64954;64957;64958;65014;65015;64959;64960;65016;65017;64962;64963;64964;64961;65018;65019;65076;65020;65022;65086;65021;65087;65090;65089;65088;65091;65092;65094;65239;65093;65174;65242;65243;65564;65241;65240;65244;65565;65606;65654;65627;65653;65679;65715;65716;65762;65783;65782;65761;65864;65906;65993;66016;65957;65977;66017;66018;66214;66226;66019;66227;66228;66229;66371;66441;66460;66461;66462;66490;66491;66551;66664;66663;66708;66665;66709;66778;66779;66780;66774;66884;66891;66885;66950;66952;66951;66982;66983;66984;67185;67241;68867;67220;68868;68945;69013;68946;69068;69163;69164;69165;69223;69166;69167;69257;69279;69258;69440;69342;69504;69503;69796;69786;69946;69945;70014;70015;70016;70017;70115;70388;70467;70188;70390;70389;70365;70392;70391;70364;70394;70393;70468;70491;70490;70537;70577;70576;70603;70605;70604;70578;70704;70705;70707;70756;70706;70757;70708;70772;71294;71191;71192;71297;71296;71295;71490;71196;71298;71194;71193;71195;71299;71197;71199;71201;71200;71198;71302;71303;71304;71202;71301;71300;71341;71339;71340;71305;71306;71338;71371;71373;71391;71372;71424;71491;71630;71517;71641;71629;71632;71631;71894;71910;71988;71893;72083;71989;72084;72162;72210;72275;72197;72276;72322;72476;72365;72323;72475;72421;72569;72680;72570;72501;72500;72477;72796;72811;72699;72795;72739;72738;72855;73014;73013;72924;73012;73073;73116;73177;73114;73115;73176;73074;73368;73201;73285;73286;73296;73200;73408;73369;73453;73588;73454;73589;73590;73664;73797;73706;73679;73798;73938;74103;74172;73907;74208;74209;74307;74306;74308;74305;74349;74487;74490;74489;74488;74350;74491;74492;76197;76157;76245;76246;76449;76448;76552;76551;76450;76681;76752;76701;76702;76703;76782;76753;76783;77017;77018;77047;77084;77144;77215;77216;77272;77465;77551;77552;77553;77700;77598;77554;77629;77954;78416;77865;78417;78418;77955;77956;77957;78460;78419;77981;78841;78842;78843;78844;78845;78847;78846;78641;78642;78643;78644;78848;78645;78849;78850;78646;78536;78537;78622;78647;78648;78649;78853;78851;78852;78854;78855;81294;79082;79229;79081;79230;79231;79304;79305;79331;79330;79381;79427;79657;79712;79713;79658;79714;79715;79759;80014;80016;80015;80017;80018;80019;80075;80020;80099;80100;80117;80162;80164;80163;80397;80409;80546;80545;80902;80903;80905;80904;81015;80933;81037;81038;81072;81073;81074;81160;81308;81309;81310;81476;81477;81478;81540;81541;81479;81751;82248;82249;82250;82252;82251;82254;82255;82257;82253;82256;82259;82260;82258;82261;81770;81809;82262;82263;82264;82265;82294;82468;82469;82266;82293;82520;82521;82694;82522;82638;82759;82760;82813;82815;82814;82816;82987;82988;82989;83029;83450;83174;83451;83452;83454;83455;83453;83456;83457;83458;83459;83538;83460;83969;84015;84113;84144;84078;84114;84259;84226;84536;84538;84537;84394;84539;84393;84540;84541;84542;84543;84611;84790;84661;84894;84791;84793;84792;85189;84895;85191;85190;85193;85192;85195;85194;85196;85198;85197;85199;85200;85201;85204;85203;85202;85205;85206;85207;85209;85004;85210;85208;85071;85072;85119;85211;85120;85212;85150;85296;85264;85343;85397;85498;85499;85500;85501;85564;85502;85503;85621;85622;85620;85623;85646;85706;85760;85785;85759;85786;85788;85787;85790;85866;85789;85867;85961;85960;86202;86100;86101;86243;86364;86363;86527;86489;86528;86529;86671;86563;86564;86615;86626;86747;86748;86749;86750;86751;86846;86894;86938;86939;87548;87549;87550;87551;87552;87553;87555;87554;87556;87638;87558;87557;87559;87561;87560;87562;87563;87564;87565;87566;87567;87568;87569;86992;87571;87573;87570;87572;87574;87575;87579;87577;87576;87578;87580;87062;87120;87103;87235;87121;87582;87581;87584;87583;87585;87308;87401;87400;87403;87402;87459;87586;87460;87491;87773;87492;87639;87587;87838;87839;87840;87841;87813;87842;87843;88000;87844;87938;88078;88037;88079;88175;88407;88080;88174;88450;88451;88676;88452;88484;88483;88795;88796;88799;88800;88797;88798;88801;88860;89074;89098;89099;89075;89823;89822;89824;89957;89825;89864;89863;89958;90020;89987;90080;89959;89988;90081;90144;90145;90143;90142;90241;90146;90242;90243;90244;90344;90345;90392;90393;90501;90502;90503;90617;90504;90618;90674;90751;90673;90753;90752;91040;91039;90939;90854;91042;91041;91538;91539;91537;91643;91541;91540;91216;91542;91081;91215;91296;91543;91644;91421;91645;91646;91513;91514;91647;91712;91648;91806;91853;91807;92032;92031;91808;91809;92402;92403;92581;92582;92404;92491;92605;92719;92722;92698;92721;92720;92859;92749;92996;92998;92965;92997;93071;93072;93150;93096;93366;93340;93454;93453;93557;93794;93795;93643;93797;93796;93892;94003;94004;93859;94005;94151;94266;94194;94248;94193;94570;94432;95834;95833;94571;95832;95836;95835;95839;95837;95840;95838;95842;95841;95845;95843;95844;95846;95848;95847;95849;95852;95851;95850;95853;95854;95855;95857;95858;95856;95860;95859;96386;95863;95862;95861;95865;95864;94627;94653;95914;94652;95049;95052;95050;95051;95293;95866;95868;95867;95869;95872;95871;95870;96042;96041;96043;95985;95984;96044;96330;96302;96301;96331;96280;96332;96333;96562;96563;96526;96481;96561;96758;96760;96600;96759;96757;96599;96792;97038;96975;97037;96974;97039;97201;97122;97295;97378;97377;97376;97379;97516;97517;97493;97515;97415;97597;97632;97845;97751;97631;97770;99218;99217;99216;99215;99214;97846;99221;99224;99220;99222;99219;99223;97934;99227;97935;99228;99226;99225;99300;99350;99301;99351;99349;99229;99354;99456;99352;99506;99353;99505;99576;99621;99619;99575;99620;99577;100049;99622;100097;100120;100048;100096;100350;100349;100348;100173;100347;100372;100373;100536;100458;100402;100535;100403;100779;100537;100568;100802;100903;100904;100984;101079;100906;101104;101041;100905;101258;101256;101105;101388;101257;101387;102032;101884;102635;101800;101925;102636;102641;102637;102640;102638;102639;102642;102643;102644;102645;102646;102647;102648;102649;102651;102650;102652;102653;102654;102655;102656;102657;102660;102658;102659;102663;102662;102661;102665;102664;102666;102521;102668;102667;102670;102669;102671;102673;102576;102672;102674;102676;102675;102776;102677;102852;103173;102853;102972;103175;103174;103244;103353;103409;103410;103501;103502;103411;103595;103594;103634;103688;103730;103635;103806;103959;103831;103960;104007;104008;104206;104207;104093;104268;104373;104269;104624;104701;104623;104803;104866;104804;104989;104868;104867;104990;105019;105030;105031;105032;105070;105387;105071;105534;105536;105535;105537;105570;105611;105571;105683;105573;105572;106227;106123;106124;106258;106257;106337;106338;106339;106369;106340;106341;106554;106575;107020;107084;107083;107021;107209;107210;107211;107250;108278;108363;107212;108364;108365;108333;108366;108398;108334;108399;108481;108645;108944;108870;108943;109010;109445;109446;109447;109449;109448;109450;109451;109452;109453;109455;109454;109456;109457;109459;109057;109460;109458;109196;109461;109340;109462;109463;109308;109465;109464;109644;109643;109671;109571;109849;109848;109851;109853;109852;109850;110019;109854;110020;110023;110021;110022;110025;110024;110026;110028;110027;110088;110122;110121;110282;110508;110283;110307;110886;110542;110887;110888;110889;110890;110892;110891;110893;110655;110717;110718;110720;110971;110719;110935;110920;111003;111002;111258;111113;111050;111260;111259;111494;111495;111343;111344;111497;111496;111806;111523;111777;111778;112053;111807;112105;112136;112135;117472;117473;117474;117627;117628;117682;117786;117785;117787;117850;117788;117851;118031;117973;118056;118057;118058;118108;118166;118217;118167;118218;118442;119176;118443;119178;119179;119177;119182;119181;119180;119183;119184;119185;119188;119187;119186;119189;119190;119191;119194;119193;119195;119192;119197;119196;119199;119198;119201;119200;119202;119203;119205;119204;119206;118584;118727;118585;119207;119208;119209;118853;118866;119210;119250;119249;119252;119444;119251;119445;119446;119881;119883;119884;119882;120980;121204;121205;121409;121326;121410;121455;121456;121457;121503;121532;121504;121533;121534;121535;121607;122389;121631;122390;122391;122392;122466;122468;122467;122527;122528;122640;122844;122641;122845;122846;122961;122887;122962;123057;122995;123058;123147;123435;123436;123490;123489;123491;123648;123917;123965;123966;124184;124100;124185;124139;124234;124290;124235;124262;124704;125016;124705;124753;125202;125203;125204;125205;125129;125206;125208;125207;125447;125531;125448;125449;125715;125591;125716;126763;125981;125980;125916;125979;126090;126366;126091;126145;126434;126303;126435;126613;126454;126455;126436;126683;126684;126715;126714;126945;126713;126944;126946;127723;127725;127034;127724;126974;127726;127727;127728;128207;128206;128208;128211;128209;128210;128212;128213;128214;128215;128216;128217;128220;128218;128219;128221;128222;128223;128225;128226;128224;128228;128227;128230;128231;128232;128229;128234;128233;128235;128236;128237;128238;128239;128242;128240;128241;128243;128244;128245;128248;128246;128247;128249;128250;128252;128253;128251;128254;128255;128256;128259;128257;128258;128260;128261;128262;128264;128263;128265;128267;128266;128268;128271;128269;128270;128273;128272;127880;128311;128499;127881;128501;128500;128502;128861;128862;128667;129042;129093;129151;129278;129152;129277;129334;129577;130047;130048;130078;129997;130142;130156;130157;130192;130252;130191;130386;130498;130499;130618;130447;130750;131006;131007;131054;131055;131056;131531;131680;131679;131830;131831;131832;131987;131988;131989;131990;132085;132306;132888;132332;132307;132889;133029;133030;133128;133129;133192;133193;133169;133196;133194;133195;133197;133388;133339;133517;133447;133538;133518;133754;133641;133755;133756;133788;133789;133826;134069;134071;134070;134072;134149;134151;134150;134274;134273;134275;134346;134395;134440;134646;134647;134648;134649;134651;134650;134692;134652;134693;134695;134694;134847;134849;134754;134848;135002;135261;135797;135798;135262;135796;135800;135799;135803;135804;135802;135801;135806;135805;135808;135807;135278;135809;135810;135811;135812;135814;135813;135279;135815;135816;135818;135819;135820;135817;135821;135822;135825;135824;135823;135826;135827;135828;135830;135829;135832;135831;135834;135833;135837;135835;135836;135838;135839;135843;135842;135382;135841;135844;135840;135845;135575;135886;135716;135888;135887;135890;135891;135959;135889;136162;135960;136389;136391;136390;136486;136603;136487;136690;137038;137039;137040;137041;136991;137175;137174;137176;137292;137294;137293;137348;137347;137533;137389;137390;137534;137698;137741;137742;137743;137772;137773;138419;138205;138206;138489;138538;138584;138586;138827;138585;139220;139301;139300;139399;139353;139354;139400;139894;139893;140239;140440;139895;140441;141104;141710;141691;141748;141649;141686;141687;141753;141746;141677;141681;141690;141754;141747;141707;141698;141760;141736;141703;141720;141743;141664;141711;141683;141734;141727;141761;141702;141694;141657;141652;141738;141667;141650;141729;141685;141661;141688;141679;141695;141723;141696;141744;141689;141663;141728;141654;141770;141713;141709;141755;141767;141648;141762;141708;141704;141716;141150;141656;141653;141699;141759;141412;141680;141410;141741;141838;141842;142012;142015;142014;142556;142563;142548;142570;142810;142816;142822;142821;142819;142823;142820;142818;142999;142817;143044;143000;143243;143246;143371;143361;143360;143359;143533;144215;144214;144295;144294;144211;144297;144293;144296;144369;144367;144292;144843;144368;144744;144987;145438;145460;145442;145697;145504;146063;146062;146064;146065;148973;146270;148972;148971;147135;147136;147206;147714;150160;150159;150446;150448;150760;150710;150800;150479;150709;150711;150478;150768;150789;150761;151503;151447;151678;152088;152089;152087;152192;152086;152364;152866;152867;152952;152951;152950;152946;152949;153168;152948;153227;153225;154132;154130;154202;154131;154201;154275;154821;154412;154823;154276;155949;155948;155953;156176;156178;155972;159006;156456;156719;156717;156718;156720;156757;156799;156803;157131;157050;157859;157247;157227;158054;158079;158331;158328;158329;158330;158875;159648;159554;158922;159640;158348;161383;160643;160059;160543;160259;161106;161510;161409;161758;161506;161803;161804;162480;162592;162323;162593;162595;161974;162594;163726;162725;163708;162723;163710;164011;164487;164479;164480;164010;164008;164485;165607;165683;165740;164889;165606;165741;166416;166333;166334;166413;166415;166777;167255;166780;167258;167259;166778;168629;168455;167745;168734;168879;168878;170452;170457;170428;169875;169876;170639;170638;171076;170892;170643;170642;170754;172357;171664;171654;172009;172359;171259;124650;173720;172289;172290;61373;50575;11709;50574;160486;17212;40887;42411;10396;23974;11777;33852;105613;26918;108810;93962;56954;48763;106716;58181;99439;63080;87013;23973;35730;103871;65791;10456;99364;62042;18585;44401;60119;10395;178102;20811;63155;58452;22313;18602;10398;72367;76056;66350;22024;10901;10908;10904;10902;10905;10906;26919;10903;10907;10859;56210;44676;13855;65057;49274;133147;48762;51587;56824;52456;53503;53830;52977;55286;72909;70395;62466;59916;62468;59915;62224;63380;63372;63231;62467;63426;64587;66869;64508;64918;65692;65222;65884;66448;66425;66870;67216;69332;69333;70855;69334;70854;71324;69840;73990;71323;70856;71322;71265;71325;71945;74154;72286;72608;72936;73418;73992;73865;73989;73742;73991;76464;74429;78446;76416;76123;77161;77170;78444;79839;77580;79145;78447;80489;79444;80948;81209;81731;81046;81884;83359;82779;81732;82075;82823;84763;84737;84058;83369;84742;84645;84052;85880;84367;84809;87875;85329;86065;86371;86149;86856;87876;86469;86818;87893;87249;87671;91045;90511;87252;87313;92818;122484;101113;21655;100051;135901;18028;16337;20368;12209;19407;18680;19408;20006;18502;21193;21696;20928;20008;22034;22194;25700;25699;21334;34311;29855;106298;72908;34412;34413;34821;35362;35635;34477;48761;42443;47750;47045;47556;55802;58335;62045;59044;33881;66423;34414;43089;35634;39350;39783;39622;44045;46017;148541;10911;10397;38689;10912;63478;10913;10915;10916;10914;161502;10394;134420;10404;11454;134421;38153;134942;11818;66424;42410;10785;10893;10894;15996;10892;10910;17607;88699;18491;12298;10433;18085;11330;10434;10482;10486;10485;10499;10504;10509;10519;10525;10632;10563;10555;10603;10693;10615;10668;10619;10734;10806;10866;11309;11366;10861;10865;10926;20885;10945;10944;11307;11326;10943;10964;11143;11306;11325;11029;11304;11091;11301;11322;11336;11300;11144;11145;11177;11146;11148;11147;11286;11178;11215;11191;11194;11212;11231;11413;11423;11433;11485;11528;11534;11541;11683;11595;11774;11878;11787;11790;11792;11789;11803;11802;11804;16299;11832;11831;11886;11887;11888;11921;11885;11928;11992;11920;11989;12052;12051;11990;12090;12092;12091;12206;12208;12205;12235;12207;12267;13637;13643;13638;13640;13639;13641;14732;13642;14254;15455;15467;14724;15458;15456;15457;15459;17976;15460;15714;15894;15965;15966;15964;15963;16123;16124;15962;16125;16333;16332;16331;16324;16328;16325;16326;16327;16329;18020;16330;18021;18022;18023;18024;18025;18026;18215;18490;18482;18483;18484;18488;18489;18492;18487;18485;18486;18681;18679;18682;19401;19402;19403;19405;19406;19404;19997;19999;19998;20000;20002;20001;20003;20004;20005;20172;20298;20299;20382;20389;20390;20904;20905;20906;20907;20908;20909;20910;21077;21078;21210;21211;21212;21331;21213;21332;21685;21687;21686;21689;21688;21690;21691;21692;21695;21694;21693;22027;22028;22029;22030;22031;22032;22033;22182;22183;22184;22185;22187;22186;22188;22191;22189;22190;22193;22332;22192;22333;22449;22334;22529;22530;22531;22534;22533;22532;22536;22537;22535;23644;22538;23643;23645;23647;23646;23837;23833;23836;23835;23834;23839;23999;23838;23998;24000;24329;24330;24333;24331;24332;24335;24336;24334;24337;24339;24338;24340;24911;25026;25023;25022;25024;25025;25162;25163;25167;25166;25164;25165;25168;25484;25489;25487;25486;25485;25488;25687;25688;25690;25689;25692;25691;25880;25881;25885;25884;25882;25883;25902;25901;25886;26017;26022;26018;26019;26961;26962;26963;26964;26965;28183;29307;26966;28184;29308;29309;29310;29311;29312;29313;29893;29894;31039;31037;31038;31040;31041;31042;33107;31043;31044;31413;31046;31047;31414;31416;31415;31793;31792;31791;31794;31795;31796;32310;31798;31797;32312;32311;32313;33132;33133;33134;33135;33136;33137;33138;33442;33441;33443;33444;33870;33871;33872;33874;33875;33873;33877;33876;33878;33880;33879;34120;34121;34122;34401;34402;34123;34404;34403;34405;34406;34409;34407;34408;34410;34411;34476;34743;34744;35070;35071;35069;35072;35073;35074;35075;35076;35221;35361;35630;35631;35632;35633;35822;35823;35824;36149;36148;36147;36150;36151;36152;36153;36154;38742;39340;39341;39342;39344;39345;39343;39347;39346;39348;39792;39791;39349;39794;39793;39795;40407;40555;40435;40557;40558;40556;40559;40560;40561;40888;40889;40565;40562;40890;40891;40892;42106;42107;42108;42110;42109;42111;42113;42114;42112;42115;42116;42117;42437;42438;42439;42118;42440;42441;43061;42442;43062;43063;43064;43065;43865;44110;43066;44413;44415;44414;44417;44416;44418;44419;44420;44421;44422;44423;44425;44424;45020;45021;45506;45378;45507;45508;45509;45510;45512;45514;45513;45511;45515;45516;46312;46313;46839;46840;46841;46842;46845;46844;46843;46847;46846;46848;47711;47710;47712;47713;48216;48284;48285;48286;48287;48289;48288;48290;48291;48292;48293;48296;48295;48294;49219;48297;49222;49221;49220;49224;49223;49225;49226;49695;49227;49948;49950;49949;49953;49951;49952;49954;49955;49956;49958;49957;49959;49961;49960;49962;49963;50528;50529;50530;51162;51163;51164;51165;51166;51167;51168;51169;51170;51171;51172;51173;51174;51175;51176;51178;51177;51454;51455;51903;51904;51905;51906;51909;51908;51907;51910;51912;51911;51913;51914;52583;52584;53375;52585;53376;53377;53378;53379;53380;53381;53383;53382;53384;53385;53387;53386;53388;53389;53390;53858;53391;55117;55118;53859;55119;55121;55122;55120;55123;55124;55125;55127;55126;55128;55129;55130;55131;55132;55571;55569;55570;55572;55787;55789;55790;55788;55791;55792;55793;55796;55794;55795;55797;55798;55799;56173;56174;56175;56176;56449;56177;56450;56451;56453;56452;56454;56455;56736;56456;56737;56738;56739;57273;57275;57277;57274;57276;57279;57278;57283;57281;57282;57280;57284;57285;57469;57470;57471;57414;57473;57472;57474;57943;57942;57475;57944;57945;57948;57946;57947;57949;57950;58329;58330;58332;58331;58333;58655;58656;58658;58334;58657;58659;59039;59037;58660;59038;59040;59041;59043;59454;59456;59455;59042;59457;59459;59458;59907;59460;59906;59908;59909;59910;59911;59912;59913;61527;61528;61529;61530;61531;61533;61532;61534;61535;62044;62043;62223;62459;62460;62462;62464;62463;62461;62903;62465;62904;62905;62907;62908;62906;63224;63225;63227;63226;63229;63228;63230;63419;63421;63420;63424;63423;63422;63425;63522;64570;64573;64572;64571;64574;64575;64578;64577;64579;64576;64580;64581;65210;65212;65211;65214;65215;65875;65213;65876;65877;65878;65879;65880;65881;65883;65882;66412;66413;66414;66415;66417;66419;66416;66418;66421;66422;66863;66864;66865;66866;66867;67212;67210;67209;67213;67211;67214;67215;69325;69324;69327;69326;69328;69329;69330;69828;69829;69831;69830;69827;69331;69832;69834;69835;69833;69836;69927;69837;69838;70333;70334;70332;70335;70846;70847;70338;70337;70339;70336;70852;70850;70851;70848;70849;70853;71312;71313;71314;71316;71311;71315;71317;71318;71319;71321;71320;71942;71943;71941;71944;72429;72428;72430;72431;72433;72432;72434;72930;72931;72932;72934;72935;73415;73416;73417;73805;73413;73983;73982;73981;73984;73986;73985;73988;73987;74422;74423;74425;74424;74427;74426;76406;76408;76407;74428;76409;76410;76411;77162;77163;77160;77164;77165;77166;77169;77168;77167;77572;77573;77574;78431;78432;78433;77575;78434;78435;78438;78439;79125;78437;79126;79127;79128;79311;79130;79131;79129;79132;79133;79134;79135;79827;79137;79138;79136;79828;79831;79830;79832;79833;80490;79834;80491;80492;80493;80494;80495;80496;80497;81263;81262;81266;81264;81265;81268;81267;81269;81270;81733;81734;81736;81735;81737;81738;81739;81741;81740;81742;81743;81744;81745;82770;81757;82771;82772;82769;82793;82775;82774;82776;82773;82777;82778;83358;83362;83440;83416;83357;83356;83354;83355;83370;83361;83364;83360;83363;84054;84053;84738;84055;84056;84059;84060;84057;84085;84736;84761;84743;84734;84762;84735;84744;84745;84739;84747;84741;84746;84748;84882;85333;85348;85350;85321;85332;85335;85330;85346;85334;85323;85406;85322;85324;85331;85540;85845;85843;85846;85876;85877;85884;85844;85879;85847;85883;85848;85849;86372;86367;86365;86366;86374;86373;86820;86819;86821;86822;86824;86826;86823;86830;86825;86827;86828;87254;87253;86849;87255;87256;87259;87261;87258;87260;87257;87262;87264;87263;87878;87877;87879;134204;87892;87881;87882;87880;87890;88642;87895;88644;88643;88645;88646;88648;88647;88650;88652;88649;88651;88653;89746;89748;89747;89749;88654;89750;89753;89751;89754;89755;89752;89779;89756;89757;90431;90432;89835;90434;90437;90435;90433;90436;90438;90441;90440;90439;90442;91001;90443;91002;91003;91005;91006;91004;91007;91008;91009;91011;91010;91012;91596;91014;91016;91013;91015;91598;91597;91599;91601;91600;91611;91602;91603;91604;91606;91605;91612;91607;91608;92015;91609;92016;91672;92017;92018;92020;92021;92019;92022;92023;92024;92820;92821;92819;92025;92843;92822;92823;92839;92824;92825;93464;93465;93466;93467;93469;93468;93481;93471;93470;93472;93474;93473;93651;93475;93963;94011;94014;94017;94016;94008;94012;94013;94009;93964;94340;94630;94631;94632;94633;94635;94634;94636;94637;94638;94639;94641;94640;94643;95764;94642;95809;95766;95765;95813;95811;95767;95768;95770;95769;96390;96391;95772;95771;96393;96392;97729;97325;97745;97730;97737;97731;97732;97743;97741;97794;97744;97740;97733;97738;97754;97742;97736;97734;99285;107195;97735;104044;104043;100054;99365;99306;99286;99305;99307;99282;99287;99308;99304;99288;99309;99312;99289;102264;104665;104889;99314;99290;102265;104382;102267;102266;102268;102269;102270;122485;104890;102273;102272;102271;105179;105178;105182;105180;105181;105183;105184;105185;105186;105187;105188;105190;105189;105191;101365;105192;101522;104383;101368;101366;101367;101369;101370;104891;101373;101374;101371;101372;102035;101375;133048;100761;100760;100759;100762;100764;100763;100765;100767;100785;100766;104892;100782;100787;100786;100783;100768;100788;100791;100058;100056;100057;100059;100055;104045;100061;100060;104893;100062;100063;100103;104548;104549;104547;104550;104551;104552;104553;104555;104554;104556;104894;104557;104558;104559;104570;104560;104561;103747;103746;103745;104562;103748;103749;104384;103750;103924;104895;103751;103784;103753;103786;103785;103752;103816;103754;104385;103128;103127;103129;103130;103131;103132;136946;103137;103220;103139;103138;103133;104896;103134;103141;103192;103135;103123;103456;103122;103136;108960;103140;108963;108964;108961;108962;108965;108966;108967;108968;108969;108970;108971;108972;108973;108974;109036;108975;109029;108976;105796;111685;111684;111686;111687;111688;111690;111689;111691;111693;111692;111755;111695;111694;112116;122486;111786;111698;111697;111696;111699;111756;111787;111973;111700;119582;119583;119584;119585;119587;119586;119589;119588;119590;119591;119612;119592;119593;119594;162063;136616;119595;162079;119597;119609;119596;119686;119768;119769;119770;119773;119772;119771;119774;119599;119598;162073;162017;119611;106795;106796;106799;106798;106797;106800;106655;106802;106803;106801;106804;106805;106806;106817;106818;105585;106807;105731;105693;105546;105548;105549;105547;105550;105552;105551;105553;105554;105730;105694;105728;105695;105696;105697;105698;105699;110980;105700;110981;110982;110983;110986;110984;110985;110987;110988;110989;111071;111070;110990;110992;110991;110993;111042;111045;111008;111007;110994;110484;110485;110487;110488;110486;110489;110490;110491;110492;110414;110493;110494;110496;110495;110497;110500;110498;110499;108284;110501;108285;108286;108287;108288;108290;108289;108291;108292;108757;111072;108336;108407;128764;108408;108293;108294;108295;108296;108297;108300;108298;108299;109652;108301;109603;109604;109605;109606;109608;109607;109609;109610;109611;109731;109732;109612;109615;109684;109613;109614;109618;109616;123513;109651;118910;109617;123514;118911;118913;118912;118914;118915;118916;122818;118917;118918;118919;122819;118920;122820;119463;118979;119095;118921;118978;162032;118922;162094;118923;118924;118925;118958;118926;162091;118927;118928;119017;118929;117998;162034;117997;118930;118000;117999;118004;118001;118002;118003;118005;118006;118148;118149;118007;162084;118009;118008;162056;118010;118011;118012;118013;118014;118094;118015;162081;162098;162021;118016;110642;117412;117411;117413;117414;117415;117416;117417;117418;117419;117420;117481;117431;117421;117422;117460;119239;117423;117424;117458;117425;123940;117426;123942;123941;123939;123943;123947;123945;123944;123946;123948;123974;123949;162036;123950;123951;123975;123952;162071;123955;127842;127841;127843;123953;127846;127844;127845;127847;127849;127861;127848;127851;127850;127852;127853;127860;127909;162075;127854;127856;127855;131926;162072;131925;131927;131928;131929;131930;131931;131933;131932;131934;131935;162041;131936;162031;131937;162090;131938;132020;131940;131939;162033;122121;122119;122118;122123;122120;122122;122126;122125;122124;122127;122234;122154;162062;122128;122130;122129;122131;122132;162029;122155;122974;122255;122185;122133;122317;121013;121012;121011;121014;121015;121016;121017;121018;121019;121020;121109;123131;123132;121021;121022;121023;121035;121024;162100;121044;121026;121025;121213;121027;121189;121065;121028;162092;126569;126570;126571;126574;126573;126572;126575;126576;126577;126578;126579;126601;126602;126600;126580;162101;126582;126630;126581;126631;126583;126585;162078;126628;126584;126641;126604;125816;125818;125819;125817;125820;125821;125822;125823;125826;125824;125825;125881;125827;125829;125828;125830;162082;130260;125831;125832;122779;125833;125834;122781;122780;122782;122783;122784;122785;122786;122778;122787;122788;122789;122790;122859;122975;122869;122791;122792;125058;125059;125060;125062;125061;125064;125063;125164;125065;125066;125217;125067;125074;125225;125149;126634;125068;125069;125057;125070;162118;125071;130261;125227;125163;125255;125073;125072;130901;130902;130903;130904;130905;130906;130907;130909;130908;130910;130911;162105;130912;130913;131025;130915;130914;162111;130969;129716;129718;129720;129717;129719;129722;129721;129723;129726;129724;129725;129727;162121;129729;129728;162108;129730;129715;129885;131318;129731;128635;128634;128636;128639;128638;128637;128641;128640;128642;128643;128644;128771;128770;128742;128772;128645;128707;162049;128646;129166;128647;131567;128648;162077;162102;128686;128767;129167;128649;135464;128708;135463;135465;135466;135467;135469;135468;135470;135471;135472;135475;135474;135473;162052;136425;135590;137399;136474;135718;162026;135476;135477;135675;135682;135587;135478;135479;162087;135758;135462;162070;135480;135481;162027;135719;135482;139484;139485;139486;162109;139487;139491;139489;139492;139488;139490;139493;139496;139701;139495;140595;139494;139598;139497;139498;162053;162024;139499;139500;139501;139502;139503;139505;139584;139504;140596;139507;139506;143561;143569;162040;143558;143570;143571;143572;143559;143565;143562;143560;143564;143566;162119;143608;143557;147956;143555;162086;144057;144058;164176;144059;144056;143556;162104;143563;143567;143568;143573;133608;133609;133610;133611;133612;133613;134863;133615;134864;133614;133616;162065;133617;133718;133619;133716;133618;133719;162106;133621;132857;132858;133622;133620;132859;132863;132862;132860;132861;132864;132993;132994;132866;132865;133049;132999;132867;162074;132869;132870;132868;162115;138453;138454;138456;138455;138457;138458;138460;138459;138461;138600;138463;138462;138465;138464;138466;138468;162028;138512;138467;138469;138470;138452;139314;138471;138473;138472;138474;137304;162050;137254;137257;137255;137256;137258;137259;137261;137260;137263;137262;137264;162088;137265;137267;137266;162039;137268;137369;137269;137270;137271;138088;162093;134368;137272;134369;134370;134371;134865;134372;134373;134866;134428;136472;134374;134375;134376;134377;136473;134416;162025;134378;134379;134380;134381;134382;162067;136501;136502;136503;136505;136504;136506;136527;136508;136507;136509;136510;136565;136564;136566;136513;136511;162099;136512;136515;136514;142684;142681;142680;142682;142693;142679;142683;142687;142690;142686;142685;142692;162018;142888;142691;142689;162068;142808;142806;142809;142695;142807;143043;142688;142694;162058;141430;141433;141427;141423;141422;141420;141424;141431;141434;141416;141426;141432;141503;141417;162085;141429;141491;141493;141418;162022;141435;141425;141436;141419;141931;141421;141428;142595;141415;140414;162120;140415;140416;140418;140417;140422;140419;140420;140421;140425;140423;140501;162083;140424;140426;140429;140427;140428;140518;162038;140430;140520;140521;140534;140519;140431;140465;140432;140433;149259;162069;148466;148461;148468;148475;148486;148473;148465;148477;148469;148471;148485;148467;148482;148480;148463;148479;148470;162035;148474;148476;148737;162117;148738;148740;148739;149367;148538;148464;148553;148714;148552;148478;152435;152430;162061;152431;148483;152434;152422;152436;148484;152421;152428;152433;152528;152425;152488;152525;152520;152432;152524;152526;162055;152669;152426;152437;152429;152423;152521;156063;156072;162016;156065;156068;156071;156066;156070;156064;156067;152427;156069;156073;156227;156074;162116;156062;162020;158167;158164;158166;158165;159064;158206;156194;146326;146329;146345;146335;158205;178436;146337;158251;146342;146338;146339;146344;146341;148979;146327;168396;146346;146328;146336;162048;146343;146330;146331;146418;146419;146455;146454;146457;146333;146456;146479;146332;153214;146340;146426;146334;144887;144884;144882;144874;144873;144880;145040;145039;145041;144888;144879;144881;162113;144877;144878;144885;145033;162047;145091;145094;145092;144886;144889;162057;144875;151606;144876;145093;151592;151588;151596;151599;151604;144883;151598;144977;151471;151601;151611;151472;151473;151475;151474;151477;151476;151478;151479;151488;151609;162107;151664;151597;151603;151595;162023;151608;151590;162089;151605;151589;151602;151594;150369;150370;150367;150374;151607;150354;150368;150353;150357;150363;150708;151647;150365;162043;150371;152587;150356;150351;162114;150360;150372;150364;150352;150418;150366;150358;150361;150373;147226;147222;147230;147220;147224;147223;147217;150355;147231;150359;147229;147221;147946;147225;162066;147024;147003;147228;147218;161755;147753;147750;147751;147657;147752;164177;147638;147227;147216;147219;161756;161753;147749;149383;149382;149391;149396;149398;149390;149440;149394;149438;149389;149392;149397;162042;149401;162095;149393;149386;149395;149385;149387;149479;149400;149402;149436;154986;149399;162122;154990;154989;154994;154993;154987;154997;154984;149388;154995;154996;154983;154982;161757;154999;154985;155962;155174;155000;161754;155143;155020;155018;155306;154037;154033;154034;154026;154029;154041;154042;154043;154991;154035;154988;154040;154036;154027;154172;162064;154175;154038;154032;154028;162080;154030;154171;154173;154039;154051;154031;153383;153373;153381;162059;153372;153377;153384;153375;153386;153379;153380;153385;162103;153374;153387;153378;153388;162054;153428;153389;153376;160641;153470;153382;159679;159671;159685;159677;159681;159684;159682;159675;159680;159672;159676;164503;159673;168395;159732;162076;162037;159683;159674;159686;159670;162669;159763;159678;159733;163943;163951;163940;163946;163953;163952;163945;163941;163947;159916;163948;163974;164502;163942;163949;164044;164080;164043;164147;163950;163944;164007;164090;168679;168688;164042;168694;168686;168693;168690;168681;168685;168683;168826;168747;168687;168680;168745;168827;168737;168736;168729;168689;168682;168677;168692;168691;168731;169003;168730;168678;157429;158037;157428;157432;157440;168684;157435;157436;157426;157437;169974;157431;157442;157427;157879;157441;162096;162110;157433;157849;157850;157851;157852;157841;157439;156617;156618;156620;156619;156621;156622;156624;156625;156623;156626;157438;156627;156713;162045;168397;156628;156745;156771;156630;162044;156640;156641;156639;156714;156642;156631;162019;156629;163048;163049;163052;163046;163041;163045;163053;163051;163050;163042;163043;164501;163073;163044;163080;163047;162205;162197;162188;162189;162201;162196;162206;162194;162191;162193;162314;162202;162204;162393;162312;162195;162200;162199;162203;162192;162190;162198;162311;162547;162317;158716;158701;158703;158704;158711;158717;158712;158700;158709;158718;158702;158713;164504;158786;158818;162060;158759;158927;162112;158715;158708;158710;158714;158705;160927;162030;160928;160930;160929;160932;160938;160934;158706;160937;160931;160926;160936;158707;160946;167885;160940;161089;162046;161054;162097;160945;160942;160943;160933;161087;160939;160941;161119;161118;160935;167107;162051;167115;167116;167111;167105;167112;176328;167104;167106;167118;167113;167109;167103;167254;168223;167108;167247;167117;167269;168224;167265;167266;167268;167114;167267;168503;168665;167246;167110;168222;166034;166039;166035;166032;166028;166025;166036;166038;167281;166029;166024;166030;166536;166555;166054;166037;165705;166027;166061;166033;166023;166116;166031;166026;164996;166060;164994;164999;164997;165006;164998;165005;165002;165004;166769;165007;165000;165076;168398;165077;165072;165336;164993;165211;165212;165213;165214;165001;165175;165107;165174;174107;174116;174120;174108;174113;174110;165003;174106;174121;164995;174103;174111;174219;174175;174118;174220;175450;174115;174119;174109;174117;174104;174114;174221;175441;175440;174163;174112;174222;179498;179497;179487;179495;174105;179499;179491;174162;179501;179494;179489;179488;179492;180502;179502;179664;180501;179490;179613;179486;179836;179500;179614;179642;179640;179641;179615;179632;179633;179496;179612;179670;179668;179671;179643;179644;179645;179669;179925;179493;186777;179672;186778;186787;186789;186790;186791;186785;186779;186782;179675;186781;186776;186784;186786;186788;186903;186906;186780;171547;186783;171445;186907;171448;171450;171441;171444;171452;171440;171447;171451;171610;171545;171598;171599;171442;171544;171604;171453;171555;171446;171506;171508;171505;171608;171509;171607;171507;171609;171602;171556;171443;171449;178029;171554;169787;169788;169784;171636;169779;169786;169777;169776;169785;169781;169782;169775;169789;169778;169783;169860;169895;169891;169898;169897;169896;169780;169968;178159;169890;178150;178152;178155;178166;178151;178154;178156;178168;178163;178275;178158;178206;178157;178297;178193;178171;178184;178204;178205;178169;178160;178167;178170;178165;178244;178203;178161;178245;178153;178162;177252;177246;178242;177247;178241;178243;177251;177235;177238;177242;177241;177250;177237;177244;177265;177393;177248;177297;177239;177296;177240;177243;177236;177396;177317;178851;177245;178852;177392;177353;177249;177383;172521;172520;172532;172533;177253;172518;172525;172529;172531;172519;174991;172517;172535;172611;172522;172606;172537;172530;172524;172534;172523;172536;172528;172527;172607;172526;175340;175350;175341;175339;175347;175345;175343;175344;175349;175348;172577;175338;175337;175392;175393;175369;175370;175336;175368;175342;175346;175334;185585;175391;185582;185583;185579;185576;185588;185580;175364;185589;185883;185587;185577;185593;185884;185592;185951;185886;185885;185887;185958;185959;185742;185586;185591;185770;185769;185584;185594;185741;185590;185578;185735;185581;185900;182854;182855;182865;182858;182862;182852;182851;182864;182853;182856;182857;183025;182957;183024;182917;182859;183033;182956;182860;182968;183032;182861;183020;181307;181312;182863;181303;181313;181311;181308;181298;181297;181299;181306;181302;181300;181277;181406;181375;181305;181304;181343;181309;181340;181295;181345;181310;181294;181296;181346;181301;181342;181443;181293;181292;187800;181344;187798;187795;187797;187803;187790;187805;187794;187789;181341;187799;187801;187859;187802;187901;187900;187899;187793;187792;187796;187804;187806;187791;123458;152100;123459;124120;123461;119150;123460;18592;11110;87734;17651;162529;35453;48405;11867;187973;11457;11459;10412;10427;10431;11458;11460;10413;10567;10430;10426;17662;11119;10401;10531;52459;38912;61647;72543;10449;160576;11868;46742;10432;12028;10429;10553;10400;50859;26917;48942;10428;24786;160511;126527;10860;73026;56211;10399;16314;10457;81425;10458;10895;11562;10897;10898;10899;10896;10900;97086;100871;100064;80333;103877;118716;137754;124117;118715;144952;144951;157063;161921;149377;170962;170963;47709;84729;11329;122614;182966;182964;88561;19699;122615;21626;154955;154957;154956;154958;154959;157062;97996;73182;164073;10835;23979;31856;55046;35352;55047;27586;25663;24755;40870;40871;72603;72604;25424;32081;14274;22941;22942;41066;22943;107294;22944;24952;38010;22946;22945;107295;22947;22948;22949;25194;22950;19214;24370;22951;20332;19202;21258;107297;107298;107296;19443;19444;39387;21792;21259;19367;37385;36851;36847;36284;23914;24844;107299;107300;107301;107302;107303;130508;107304;22952;107305;107306;22953;82536;19838;40924;67145;22955;107307;22954;19743;107308;107309;107310;107311;107312;107313;109911;47891;20052;107314;109882;107315;107316;22244;42066;29719;46333;107317;25456;105346;22956;107318;25385;46745;22957;107319;107320;19446;20739;19203;107321;19579;33791;107322;107323;107325;107324;107326;107327;107328;107329;107330;19204;138420;129869;107331;22958;61391;107333;107332;107334;107335;107337;107336;107338;107339;107340;107341;121174;107342;126716;138421;135434;129870;149794;140363;156785;25541;107343;172380;31596;107344;107345;24371;107346;148754;107347;107348;22959;19368;107350;107351;107349;71645;26157;107352;24372;21006;43884;25271;24343;24373;107354;107353;19215;107355;22960;22961;107356;107357;107358;111114;71646;25386;71813;25272;107359;107360;19447;107361;107362;30164;19448;20943;41952;30165;19449;19369;22962;25069;107363;107364;36541;37052;22445;107365;36389;20740;19839;107366;19744;107367;26981;107368;36756;32361;22963;107369;107370;25387;22965;107371;20271;20859;22966;107372;22967;38854;107373;25728;22968;22969;107375;25070;107376;107374;20272;20273;22059;43885;25388;107377;35407;24953;20380;53510;33204;26982;37390;107378;26983;37663;22970;39487;107380;33908;107379;154221;22971;41981;39488;22972;35408;25071;107381;21260;107382;107383;107384;22060;107385;107386;107387;23685;22973;22975;22974;107388;22061;109855;23686;22301;107389;25642;107390;107391;76070;30166;24845;107392;25643;25273;73908;107394;107393;37632;107395;107396;107398;107399;107397;24374;22897;107400;23915;24375;28278;25274;107401;33909;71814;107403;132890;107402;43886;23994;24377;24376;107404;107405;107406;107407;71647;23748;23916;47892;107408;107409;47156;27072;107410;35193;24378;24846;107411;107412;24379;24213;107413;24380;24954;107414;107415;37310;107416;26984;107417;26985;107418;107419;37997;107420;26956;129871;107422;107421;42970;26986;30005;135435;132891;148760;25644;107423;25433;107424;107425;107426;107428;107427;107429;24847;109883;46317;107430;26158;26987;26988;107431;26159;41943;107433;107432;25275;29826;30006;25276;107434;107437;107435;107436;107438;107439;130509;26989;71648;107440;107441;107442;107443;67146;30167;107444;126717;27073;26990;71649;107445;107446;71650;32492;117683;107449;107448;107447;31989;42171;107451;107450;26160;30007;41052;26161;26957;26991;107452;77913;107453;62305;97123;107456;107454;107455;26162;36604;107457;27075;27074;107458;32164;71651;36895;31758;107460;107459;35194;37884;35195;67147;107462;107461;26958;31759;45450;107464;107463;26908;107465;36551;29205;27617;27076;107466;62507;36474;32166;32165;32362;32168;32167;32169;107467;36856;32493;107468;29206;35409;107469;107470;31187;107471;36336;32494;36313;37316;107473;107472;107475;107474;107476;126718;121175;107477;30168;107478;33205;81875;107479;107480;30169;107481;31331;31332;107482;32495;32496;32363;107483;31333;107485;107484;107486;32364;62508;107487;34789;33206;34788;107488;43145;107489;38167;38168;38169;107490;107493;107491;107492;107494;107495;107496;71652;107497;33207;107498;107499;58842;32365;107500;33910;107501;33792;34066;107502;34790;77466;33911;34791;34792;96564;35196;34793;34794;34795;34796;35197;33793;34797;107503;36396;51969;35578;38822;107504;35410;35198;107505;39554;39553;39555;107507;107506;34798;107508;35199;107509;48917;40610;111115;34106;58843;107510;58844;107511;107512;36656;37958;37954;36623;35200;37547;107514;37522;107513;35201;36339;107516;107515;35411;35202;35203;36814;71815;38711;36600;38118;107517;35579;67148;107518;41053;71653;38780;38770;38771;38736;38823;38781;44387;107519;107520;35568;39414;55063;107521;35569;38737;38756;38738;107523;107522;35412;38782;38824;49787;38783;39325;36806;39317;71816;37667;107525;107524;36861;42136;39574;59285;107526;42182;42137;42138;39415;40586;42183;42098;42184;42185;42218;42217;107527;60090;42219;40776;39002;107529;107528;39762;39308;39326;107530;42099;42139;39532;39309;39763;107531;40969;107532;40367;107533;40937;42220;42140;43343;107534;46666;172385;42078;42221;45603;135436;42241;107535;71654;107536;107538;107537;71655;71817;43096;49134;67149;107539;71818;107540;42919;71656;107541;67150;67151;107544;107543;107542;107545;109856;71657;132892;138422;107546;107547;48936;107548;49135;49079;50041;49750;49136;107549;107550;107551;107552;107553;107554;107555;124073;135437;145192;44925;107556;107557;107558;44926;107559;71819;46318;107560;107561;46319;71820;107562;52470;51877;49080;49991;45116;107563;107564;71658;107565;107566;99432;45596;107567;46320;107568;55477;50572;56430;50364;132893;107569;56675;107571;126615;107570;66188;66187;49234;107572;107574;107573;132894;53275;107576;50621;107577;107575;47100;107579;107578;48937;55478;107580;50622;71659;107581;71660;107582;71661;71662;71664;71663;107583;93710;107584;107585;71665;107586;71666;107587;71667;50521;56431;107588;51878;51879;57632;56432;110656;64249;71668;107589;51880;107590;87367;51881;107592;62110;107591;107593;56676;54965;107594;107595;57834;64654;71669;71670;53247;107596;107597;53276;107598;59441;107599;52967;107600;71671;71672;71673;71674;71675;71676;71677;71135;64655;59601;107601;59979;54992;107602;107603;59049;93798;107604;107605;56433;71678;55479;107606;56434;56435;71679;71680;107608;107607;107609;58643;107610;107611;107613;107612;107614;71681;107615;107617;107616;107618;107620;107621;107619;71682;57392;107622;107623;58477;56464;107624;107625;107626;107627;107629;107628;107630;107631;69902;124074;71683;107632;56976;107633;57835;107634;59050;107635;59051;107636;59286;64656;107637;107638;107639;107640;107644;107641;107643;107642;66739;107645;107646;124075;107647;107648;68869;64657;71684;57680;107650;107649;66352;107651;107652;83539;121176;111116;64606;107653;58735;107654;59287;107655;107656;172377;64607;107657;107659;107658;66353;107660;64608;107661;79428;71685;107662;58028;58559;83540;107663;107664;58127;107665;68870;64609;107667;107666;59963;107668;65208;80844;107669;107670;58736;107671;64610;107672;66710;107673;72003;73054;107674;62450;107675;107676;63217;107677;65628;61482;107678;64611;107679;64612;106090;107680;107681;107682;59442;71687;156786;71686;107683;62433;61593;107684;91593;107685;107686;69903;71455;71688;107687;71689;107688;71690;74083;107689;107690;107691;65680;121177;80845;107692;65638;65681;107693;77721;107694;109071;107695;126719;107696;107697;107698;107699;107700;107701;107702;107704;107703;107705;107707;107706;172384;66800;174326;183293;72165;107708;107709;107712;107710;107711;107713;107714;107715;107716;107717;107718;107719;107720;107721;107722;111117;118060;121178;129872;132895;69904;107723;90082;71691;107724;69905;70442;107726;107725;107727;77680;84721;107728;70443;107729;107731;107730;107733;107732;107734;107735;107736;76517;80076;73055;107738;107737;74084;107739;79306;76086;107740;107741;85734;80846;82761;107742;107743;82762;107744;87493;90083;107745;107746;80847;107747;107748;107749;107750;107752;107751;111118;107753;118061;138423;126720;124076;154224;159890;172379;87640;174327;183291;107754;107755;90084;107757;84205;107756;107758;107759;86452;109072;107760;107761;86453;109073;107762;107764;107765;107763;90571;111119;107766;107767;107769;107768;111120;90572;107770;107773;107772;107771;111121;118129;118130;92405;87520;126721;107775;107774;87521;107776;107777;90703;132896;146233;107778;90704;107779;107780;107781;109074;87986;107782;90085;118062;107783;90573;107784;93587;107786;107785;109075;107787;126722;135438;138424;154226;97124;107788;97125;107789;107790;107791;126723;109076;138425;135439;154225;145191;159889;156749;97693;99756;100145;107792;107793;107794;100146;118131;111122;111123;118132;118133;126724;118134;121179;126725;141557;141558;172378;151901;174329;172388;22976;22977;107795;41067;22978;22980;22979;107796;22982;22981;23763;23687;23688;19205;22983;20333;19206;21261;20053;107797;107798;19450;19580;107799;107800;39388;19370;22154;21007;21262;36952;22245;22984;107802;24848;107801;107803;107804;107805;22985;130510;107806;82537;107808;22986;107807;24381;20054;41001;22987;19745;67152;107809;107810;22988;107811;107812;107814;107813;107815;107816;109912;20055;109884;47893;107818;107817;107819;22302;42067;46334;29720;107820;25457;107821;22989;105347;46746;25389;107822;22990;107823;19451;107824;33794;19581;107826;107825;107827;107828;107829;107831;107830;107832;107833;138426;129873;19207;107834;61392;22991;107836;107837;107835;107840;107838;107839;107841;107842;107843;121180;107844;107845;126726;129874;135440;149803;138427;140364;156784;172381;25542;107847;31597;107846;107848;107849;107850;24382;148765;107851;107852;107853;19371;22992;71692;24383;107854;26992;25277;24384;24342;19216;107855;107856;24385;107857;22993;107858;22994;107859;71693;107860;111124;25390;107861;25391;71821;19452;107863;107862;107864;19453;41953;30170;30171;20944;19372;22995;107866;107865;19454;107867;22446;36725;107868;20741;107869;19746;19840;26993;107870;32366;22996;38126;107871;25392;107872;20860;20274;107874;107873;22998;38855;22999;107875;25072;107876;20742;107877;43887;20275;20276;25393;35413;107878;20381;53511;24955;33208;26994;36329;36931;22062;107879;23000;21008;107880;33912;39489;107882;107881;39490;154219;41982;23001;25073;21263;35414;107883;107885;107884;107886;107888;22063;107887;23689;23002;107889;23003;23004;107890;107891;109857;25645;107893;30172;107892;24849;23739;107894;71694;107895;25646;107897;107896;73909;67153;107898;107899;107901;107900;107902;24386;22898;107903;23917;24387;25394;107904;33913;107905;132897;71822;107906;24388;23918;43888;24389;107908;107907;107910;107909;71695;107911;23749;47157;107912;107913;47894;23919;27077;35204;24390;107914;24850;24214;107915;24391;24851;107916;24392;107917;37742;107918;26995;107920;107919;107921;26996;26997;107923;107922;107924;42971;129875;30008;25543;132898;135441;148764;25647;25434;107925;107926;107927;107928;107929;107931;107930;24852;109885;37070;46321;26998;26999;27000;107932;27001;107933;41944;107934;29827;25278;30009;107935;107936;107937;107938;107939;130511;25395;107940;71696;107942;107941;107943;126727;30173;25729;69906;107944;27078;27002;107945;71697;107946;32497;107947;107949;107948;117684;31990;27003;27079;28279;42172;107951;107950;30010;41054;27005;27004;27006;27080;107952;77914;107953;107954;107955;62115;107956;97126;107957;27081;25648;107958;107959;27082;71698;32170;27083;107960;31760;31761;35206;38004;35205;107961;37728;31334;107962;107963;45451;27084;36874;29207;107964;27085;27086;32367;62509;107965;37278;32171;32173;29721;32172;32174;32176;32498;32175;107966;43889;37825;107967;29208;35415;107969;107968;31188;37188;32499;107970;107972;107971;107973;107974;107976;107975;126728;121181;30174;81876;107977;107978;30175;107979;31335;31336;107980;32500;32501;32177;32368;107982;107981;107983;31337;107984;32369;62510;107985;33209;34799;34800;107986;43146;107987;38170;38171;107988;107991;107990;107989;107992;107994;107993;71699;107995;33210;107996;107997;58760;107998;32370;33914;107999;33795;34067;108000;33915;34801;34802;34803;34804;35207;34805;96565;34806;34807;35208;108001;34808;37639;33796;51970;38825;108002;35570;108003;35209;39556;39557;108004;39558;108005;35210;40368;34809;108006;48918;35416;35211;108007;34107;111125;58761;108008;108009;58762;37702;37456;108010;36795;108011;35417;35212;108012;37287;108013;35213;108014;35214;36512;36555;38712;108015;41055;35571;108016;71700;71701;38772;38773;38784;38826;38785;38757;108017;44388;35572;108018;38739;55064;38740;108019;35573;108020;108021;35418;38786;38787;49788;38827;36559;39327;108022;39318;108023;36337;37297;39575;42141;39416;59234;42142;42186;40587;108024;42187;108025;42100;42166;42258;42188;42223;42222;108026;42224;40777;39003;108027;108028;39310;40750;39417;108029;39764;39765;42101;60091;43344;40369;108030;108031;40343;40970;108032;40938;42225;42143;108033;40925;172383;46667;135442;42226;46322;42242;108034;71702;71823;71824;43049;49137;108035;108036;67154;71703;67155;108037;108038;108040;108039;109858;71704;132899;138428;108042;108041;48938;49081;50042;49751;108043;108044;49138;108045;108046;108047;108048;108049;124077;44927;145172;135443;108051;44928;108053;108050;108052;108054;46323;108055;71825;46324;108056;71826;108057;44357;52471;49082;108058;49992;45117;108059;71705;108060;99433;108061;45597;46325;108062;108063;55480;56436;50538;108064;132900;50365;56677;108066;108065;126616;65978;108067;65979;108069;108068;53277;49235;132901;108070;50623;108071;108072;108073;55481;48939;50624;108074;71706;71707;108075;108076;71708;71709;93711;108077;71711;71710;108079;108078;71713;71712;108080;108081;71714;50522;108082;56437;53822;51882;57633;108083;56438;110657;108084;64250;87368;51883;108085;51884;108087;108086;56678;57836;56700;108088;54966;64658;108089;108090;53278;53248;108092;59443;108091;71716;71715;52968;71717;71718;71719;71720;71879;71721;108093;64659;55017;59013;108095;108094;93799;108096;108097;55482;108098;56439;56440;56441;71722;108099;71723;108100;58737;108101;108102;108104;108103;108105;108106;108107;71724;108109;108108;108110;108111;108112;108113;108114;71725;56465;108115;108116;58478;108118;108117;108119;108120;108121;108122;108123;124078;69907;71726;108124;56977;57837;108126;108125;59014;108127;108128;59052;59235;108129;64660;108130;108131;108132;108133;108134;108135;108136;66740;108137;92406;64552;108139;108138;108140;108141;124079;68871;71727;64661;108142;57681;108143;108144;66332;121182;108145;83541;111126;108146;64524;58738;108147;59236;108148;172382;64525;108149;108150;108151;108152;108153;66333;108154;64526;79429;71728;58587;58029;108155;108156;83542;108157;68872;58128;108158;108159;64527;108160;59953;108161;80848;108162;65186;58739;108163;58763;108164;64528;108165;108166;66711;108167;72004;73056;108168;108169;62451;63218;108170;65595;108171;61457;108172;64529;108173;64530;108174;106091;108175;59444;108176;156787;71729;71730;108177;108178;62429;61594;108179;91594;108180;69908;108181;71732;71456;71731;108182;71733;74085;108184;108183;65665;108185;121183;80849;65639;108186;108187;65672;108188;77722;126729;72166;109077;108189;108190;108191;108193;108192;108194;108196;108195;108197;108198;108199;108200;108201;108203;108202;118063;111127;121184;68873;132902;129876;90086;108204;91595;69397;108205;108206;69909;70444;84722;108207;70445;108208;108209;108211;108210;108212;108214;108213;76518;80077;108216;108215;74086;108217;79270;80850;82763;108218;82764;108219;108220;87494;90087;108221;108222;108223;108224;108226;108227;108228;111128;124080;118064;126730;138429;108225;159891;154223;87641;174325;183292;108230;108231;108229;172386;90088;108232;109078;108233;86454;108234;109079;86455;108237;108236;108235;111129;108238;108239;108240;90574;90575;108243;111130;108242;108245;111131;108241;118135;108244;118136;92407;108247;108246;87522;87523;126731;108248;108249;146247;90675;90676;132903;108252;108250;108251;87987;108253;109080;90089;108255;90576;108254;93588;108257;108258;108256;118065;108259;108260;109081;126732;154222;97127;108262;108261;135444;108264;138430;109082;97128;126733;145096;108263;135445;138431;159888;156750;99757;154220;97694;108267;108266;100147;108265;100148;111133;118138;111132;121185;118139;118137;126735;141553;118140;126734;141551;172387;172389;80581;151893;80580;174328;80583;80582;80589;80588;80587;80585;80584;80586;80591;88514;80592;80593;80590;80594;80595;78395;80597;80598;80600;80602;80601;80599;80603;80596;80606;80605;80609;80607;80608;80604;80612;80613;80611;80610;80614;80615;80617;80619;80621;80622;80624;80620;80616;80618;80623;80625;80629;80627;80626;80631;80632;80628;80634;80633;80636;80637;80630;80638;80639;80635;80641;80642;80640;80643;80645;80646;80648;80650;80649;80644;80647;80654;80652;80653;80651;80658;80657;80655;80656;80659;80661;80662;80664;80663;84807;80666;80665;80660;80668;80670;80667;80673;80672;80671;80674;80675;80678;80676;80677;80679;80669;80680;80683;80682;80684;80686;80687;80688;80689;80691;80692;80693;80681;80694;80696;80695;80700;80698;80690;80699;80685;80704;80702;80697;80706;80705;80703;80701;80708;80709;80707;80711;80714;80710;80713;80715;80716;80717;80719;80720;80718;80722;80712;80934;80721;80723;80728;80726;80727;80725;80729;80730;80732;80731;80724;80736;80735;80737;80734;80738;80740;80739;80733;80741;80742;80745;80744;80747;80743;80746;80748;80750;80749;80751;80753;80755;80754;80756;80752;80758;80760;80761;80759;80763;80764;80765;80762;80768;80767;80766;80769;80757;80771;80774;80775;80776;80778;80777;80772;80781;80770;80773;80780;80783;80782;80779;80785;80787;80784;80786;80791;80788;80794;80790;80789;80795;80792;80797;80798;80799;80796;80800;80793;80802;80803;80801;80807;80804;80808;80806;80809;80805;80810;80811;80812;80816;80813;80815;80814;80818;80819;80821;80820;80822;80817;80824;80823;36510;36870;37361;37948;36271;37928;38071;36972;37461;37878;38025;37416;37019;36808;36258;38046;37909;37902;37893;37580;36639;36565;37094;38094;38024;37862;23151;67156;23150;23147;23126;23155;23158;23159;37154;37833;23163;23164;23166;23165;36626;23168;23167;37540;23198;23223;23235;67157;23238;23239;23244;67158;23247;38116;23248;36327;23249;23254;23255;23257;24974;24975;23258;23260;23259;23262;23261;37130;23263;37857;36915;37700;23264;36272;38110;23265;37992;36616;37982;23266;23267;36678;37458;36872;23268;23690;23269;24393;24394;23285;23291;23294;23295;23296;23297;38067;36987;23301;13295;13296;13297;13298;13299;13300;13301;23304;13302;13303;13304;13305;33916;13306;13307;13309;26959;21170;23306;13312;13310;13311;13314;13313;13316;13317;13315;13318;18068;13319;13320;13322;13321;13323;13324;26909;67159;13325;13326;14199;23315;13327;21009;13328;13330;13332;13331;23316;13333;13334;17356;13337;13336;23321;13338;13339;13340;13342;13341;13343;13347;13346;13348;13349;13345;23326;13350;13352;72142;13351;13353;13356;13354;13355;13358;13357;22155;23327;13359;13360;13362;13363;13361;67160;23328;13364;13367;13365;13366;33211;13370;13368;13371;13369;13373;13372;23330;13374;13375;67161;13377;13378;13380;13381;13382;23334;23336;13383;23335;13385;13384;13386;67162;23338;13387;33797;13388;13389;36568;37081;23343;13390;13391;23344;13393;13394;13392;23346;13395;23345;23352;23351;23355;23358;13396;23359;13397;13398;16084;23360;13399;23361;13400;23362;23363;13401;23364;25730;23365;13402;23367;23366;23368;13403;23369;25074;23372;23371;24984;23373;23374;37808;13404;24985;23375;36946;23376;23377;23379;23378;13405;36543;43895;23381;23384;23383;23385;23386;23387;23388;23390;23391;23392;23389;22507;15482;15594;15744;15593;17357;18284;20945;13406;30176;23396;23397;23395;23402;23404;23403;23406;23405;19456;19455;23407;23409;37241;37226;36716;23411;37979;23410;36305;36406;23412;23413;24853;23414;24986;23416;23415;23417;33798;23418;37733;36577;24395;37548;37251;37271;23421;23423;27053;36302;37867;76553;27007;20946;23424;23427;23428;25279;73910;37363;24396;24398;24397;27509;24399;34996;37397;27008;24854;27010;25281;27009;25650;38026;27087;31762;26960;67163;36789;36415;37098;36954;29828;33426;33799;31598;34068;35222;71734;36494;40939;40971;67164;71735;71736;72144;71737;72143;76519;86456;86457;90578;90577;13407;13408;23430;13409;13410;23433;13411;13412;13413;13417;13415;13414;33918;13416;21171;13419;13421;13420;13423;13422;27011;13424;13425;13426;18070;13429;13427;13428;13431;13430;13432;13433;67165;14200;27088;23439;13434;13435;21010;27012;13437;13438;13440;23440;13441;17358;13442;13443;13445;13444;13447;13446;13448;13450;13451;13453;13452;13454;13455;13456;13457;13460;13458;13459;22156;13461;13462;13464;13463;13465;13466;13467;13468;13469;13470;13471;13473;13474;13472;33212;13475;13476;13477;13478;13481;13483;13480;23447;13485;13486;13484;13487;13488;13489;13490;13491;13492;23449;13493;13496;13498;13494;13495;13499;13497;16088;13500;13501;13504;13503;23452;13502;23453;23454;13506;13505;25731;23455;43896;13508;13507;25076;23457;22508;23460;23459;15595;17359;15483;15745;15596;18283;20947;13509;23461;23463;23462;19457;19582;23465;23466;37670;37821;23772;27014;38008;76554;20948;23470;24400;24401;24402;27015;27016;24856;25652;27017;27089;29850;33427;31599;35215;37644;34069;40972;40940;71738;72145;71739;86458;76520;86459;90579;90580;23473;23472;23474;67166;13510;13511;23477;13513;13514;14367;23478;13515;26165;13517;13516;19458;13518;13519;13520;33919;53353;13521;13523;13524;13525;16089;29209;53281;13527;13529;13740;34230;23480;22157;13530;23485;23486;13531;13534;14201;13536;72146;46797;23488;23491;23492;13541;13543;23493;16187;13544;23494;72147;23495;13545;46798;13546;13547;13548;13549;13551;13550;18074;15756;13553;13554;16090;27090;13556;13555;13558;13559;13560;31600;23496;23497;25732;13561;23500;23499;23501;13562;23498;23503;13563;13564;23504;13565;56688;24993;13566;23507;23505;21264;23509;23508;23510;45408;13567;23511;40973;13568;21011;13569;52731;23512;24994;13571;23513;23514;36978;23515;13572;13573;23516;13741;23517;49655;13574;13745;13575;37260;23519;49789;28280;55018;23521;23522;23523;15757;23524;23525;13576;23526;23527;23530;23528;23529;13577;26167;26166;45032;17360;23531;26910;18179;15609;30177;18285;23535;23536;23534;23542;23541;34998;23544;34997;23543;23545;76555;23546;21265;23547;19841;19459;19460;23550;23549;36670;37513;38081;37046;23551;37426;24995;36719;23552;19842;48941;17683;18609;23553;23555;33800;23556;23554;21172;25398;36504;37387;36889;24403;23559;37533;36257;56087;47895;23563;23562;24996;27018;36330;36676;33213;27019;23564;24858;25078;52732;24220;23567;23568;26168;24404;25283;36354;27091;73911;24405;24406;27092;34999;27021;27020;24407;45118;27022;27023;24859;36484;25285;71740;27093;37630;71741;27025;27024;31763;36547;35419;36684;67167;30178;37558;37722;33428;33801;35000;33802;32371;38075;35420;71742;35574;40974;39004;40941;71743;71827;67168;71828;71829;71744;55540;80884;46326;71745;71747;71746;77911;78112;72148;73593;76521;86460;90581;23569;86461;90582;72149;23570;13579;14366;13581;71830;23573;23572;13583;13584;16188;13585;13586;46799;13588;13589;13587;13590;13592;13591;13593;16091;46800;29211;18076;13594;33921;27094;13596;53527;18078;13600;22248;13601;13603;13604;16092;13605;13607;27095;13608;31601;13606;13609;13610;13611;23575;23574;13612;23576;25733;13616;13617;13615;14202;13620;23578;56679;21267;27026;23581;23580;45409;13621;23582;13622;13624;13623;13625;52733;40975;13626;13627;23583;27027;13629;23585;13743;23587;13630;23584;13631;23586;49790;34231;37470;23589;23591;15759;23592;23594;23593;23595;13633;13634;27029;45033;25196;23596;14672;17361;23597;15999;54967;27097;27096;18180;18286;46764;23599;23598;23603;35001;35002;23604;23605;23606;49656;21268;19843;23607;19583;19461;23609;23610;19844;22249;17686;23611;18610;23612;36841;33803;19462;25401;21173;36986;23773;23613;76556;38005;23620;56088;23619;33214;34232;24997;27030;21012;47896;23621;28281;36451;24861;52734;27031;25079;24222;24408;27032;73912;23623;24409;27098;67169;27099;24862;24410;27034;27033;24863;45119;27039;27100;71748;27042;31764;67170;33804;30179;32372;35421;33806;35422;35003;35423;33805;33429;37711;71749;40976;35576;39005;40942;71750;71831;71752;46327;71751;71832;71753;55541;77912;72150;76522;78113;73594;86463;90583;86462;76800;76801;44397;76802;90584;76803;76804;76805;76806;76807;82817;76808;90619;90620;90621;99457;99458;109172;99459;82818;109173;90622;109175;109176;109174;124153;135667;135669;159935;135668;124154;148933;159936;174473;174474;159934;174475;174477;174476;76809;78461;76810;76812;76814;76813;76811;76815;80935;80936;80940;80939;80941;88001;80942;80937;88002;88003;80938;96601;106125;121222;121221;121223;132996;132997;132998;156903;156901;156900;106126;170171;189223;96602;156902;76817;76816;189222;76818;76819;76820;84759;92454;92452;92455;76821;92453;101801;101802;84760;101803;101804;101805;111186;101806;111188;111187;111190;111189;111191;126765;126764;126769;126767;126766;126768;138539;163490;151923;163492;151922;163493;178629;163491;178626;178628;178627;76822;76825;76823;76826;76824;76827;76828;100997;76830;76831;76829;76833;76836;76835;76834;78463;78462;86531;86530;86532;86533;86534;76832;94133;94132;118188;94134;118189;118190;130006;130007;94135;130008;130009;141772;154264;141771;141773;154265;166386;183516;166385;183515;166384;86996;140041;86994;86995;126263;154473;185451;146992;144334;146808;130458;91123;77504;77503;86421;47137;159303;53812;58105;58106;31681;31680;42877;124062;47136;53811;57824;66351;53332;24912;47138;20865;91917;157871;27618;38929;29999;62948;25933;26002;39448;46860;72337;182511;34060;182510;131725;12215;163718;163719;49286;119846;58343;21726;140535;171077;21162;12634;97993;132025;81105;73943;60022;60021;56090;32394;65690;73212;73500;74421;77182;78584;82077;92557;83730;65689;66474;71566;68930;71567;78068;125387;71569;127137;40620;72744;71568;40619;78506;78507;62390;62389;33486;68958;77557;25000;24022;23931;25124;25627;25709;25370;25903;26923;30149;31344;31356;36034;35030;40495;42373;33488;33487;33545;124651;30148;25693;118226;41072;41068;41070;41069;41071;41075;41076;58224;41074;41073;41078;58225;41080;41077;41079;41081;41083;41082;41084;41087;41086;41085;41088;41089;41091;41090;41092;41093;41094;41096;41095;41097;41098;41099;41101;41100;41102;41103;41104;41105;41106;41107;41110;41108;41111;41109;41112;41113;41114;41115;41118;41117;41116;41119;41120;41122;41121;41123;41125;41124;41126;41128;41129;41127;41130;41131;41132;41133;41135;41136;41137;41138;41139;41134;41140;41141;41142;41143;41144;41145;41147;41148;41146;41149;41150;41153;41154;41152;41155;41156;41157;41151;41159;41160;41161;41162;41158;41164;41165;41163;41167;41168;41166;41169;58226;41170;41173;41172;41174;44653;41171;41175;41177;41176;41179;41178;41180;41181;41184;41185;41186;41182;41183;41187;41188;41192;41190;41189;41193;41197;41191;41194;41196;41195;41198;41200;41199;41201;41202;41203;41204;41205;41206;41207;41208;41211;41209;41210;41212;41214;41216;41215;41219;41220;41213;41218;41222;41217;41224;41223;41225;41221;41226;41231;41229;41227;41230;41233;41228;41232;41237;41236;41239;41238;41240;41234;41235;41242;41246;41244;41241;41249;41248;41245;41243;41250;41252;41247;41254;41253;41256;58227;41251;41257;41255;41261;41258;41259;41260;41264;41265;41262;41266;41269;41263;41267;41272;41270;41271;41268;41275;41277;41273;41276;41278;41279;41283;41280;41274;41282;41284;41285;41286;41281;41289;41287;41291;41288;41290;41292;41293;41295;41299;41296;41298;41300;41301;41294;41303;41302;41304;41305;41297;41310;41309;41308;41306;41307;41313;41311;41317;41314;41316;41318;41321;41312;41315;41323;41319;41325;41320;41322;41326;41964;41621;41324;41641;42227;41327;41954;42200;42048;42299;42243;42863;42920;42836;44929;42812;42948;42947;43147;43364;43379;44031;43854;43599;43598;44050;44304;44654;44591;44958;45452;45453;45125;44998;46205;45070;46335;46247;47107;58228;45401;46216;47688;46217;46685;46169;47795;46668;47018;47590;46863;47568;49255;47617;49101;48900;48901;49757;49191;49758;49759;48752;48429;49760;49823;51338;50854;50523;50982;50855;51660;49657;51953;58229;52629;51111;52702;52711;53823;53251;53312;53636;53355;52710;53401;53354;53637;53250;53585;53883;53868;54993;55617;55440;56033;53618;55768;55895;55826;55918;56002;41328;41329;41330;55971;41332;41331;41333;41335;41337;41339;41334;41336;41338;41341;41342;41343;41345;41344;41346;41347;41348;39877;41340;39878;39879;39876;39880;39882;39883;41349;39881;39885;39888;39886;39887;39884;39889;39890;40641;39891;40403;43395;42388;44358;44899;41033;47689;39892;39893;39896;39894;39895;45375;41009;44359;39897;39898;40841;40881;39899;47755;39900;45071;39902;39901;39903;44360;40642;39905;39904;39907;39906;39908;42244;44975;44124;47690;45598;39909;42245;39910;39911;39912;39914;42389;39915;46006;39916;42173;39917;44678;39913;39919;39918;39920;44361;39921;40442;42949;39922;44305;39924;39923;47569;40882;39925;43025;46185;39928;42228;39927;45339;39926;39931;39930;39932;39929;39933;39936;39935;45619;39934;47796;47570;39937;45349;42837;39938;39939;39943;39940;39941;42471;39944;43600;45096;45095;39945;39942;42314;40643;39946;41034;39947;39949;39950;39951;39952;39948;39953;39954;40842;39955;42102;39956;39957;46248;39958;42390;43148;44032;45531;40572;44976;40336;43050;40815;39959;39960;39961;39962;45522;40488;39963;39964;39965;44606;46879;46206;43855;44636;39967;39969;47815;39970;45532;39966;39971;39968;45383;44900;46007;40903;39972;39976;39975;39974;39977;39979;39973;39978;39981;39982;39984;44306;39983;39980;39985;44607;43380;39986;39987;39990;39988;39989;39991;40644;39994;39993;39992;46186;39995;39998;39999;39996;40524;39997;40000;42457;41622;42921;40816;46187;40001;40002;40003;40525;42851;40004;45454;45604;40005;45533;40006;40007;43051;42813;40008;40009;40012;40011;40783;44621;40010;40013;45010;40015;40016;40014;44086;45491;46727;40017;40018;40019;40020;40021;47120;47602;42864;40022;42229;46249;44679;40023;45492;43629;40645;40024;41035;46228;40025;40026;46218;40784;46229;40027;42315;40028;42201;40029;44999;40030;40032;40031;40034;40035;40033;40037;40036;40038;40040;40039;46353;40041;42852;43616;40042;45097;46339;42791;40044;40337;40045;40043;40046;40047;44362;40048;45455;40646;40049;47019;40499;40050;40051;40053;47591;40054;40055;40056;40057;40052;40573;40058;41002;40059;40060;44409;42972;40064;40062;40061;46008;40063;40545;46749;40066;40067;40065;40070;40068;46230;44608;40069;47706;42416;40071;40073;40076;40072;40074;40075;45523;41036;44087;42973;40077;40078;40443;46669;40079;40080;40081;41010;40082;40083;40084;43869;40085;44125;40087;47819;40086;41037;40089;40090;40088;40093;40094;40092;40091;42458;40859;40095;42922;40096;47725;40097;40099;47726;40100;40098;44609;40102;40101;40103;40104;44610;40106;40107;40108;43082;42230;40105;44044;40109;44990;47820;40111;40110;40112;41938;44051;47727;40115;40114;40116;40117;43345;40113;40119;42859;44930;40120;40121;40122;40118;40124;40125;40123;40126;44977;40128;40127;40129;40131;40130;40132;40133;41003;40134;42202;46686;40135;45126;40136;40137;40138;41038;42459;40139;45011;40140;40141;46207;40142;40588;46340;40144;40143;45456;44112;45457;40145;40146;42246;45350;45458;45481;40148;40149;40147;47773;40647;40150;40151;44363;40153;40152;40154;42068;40843;45072;42950;40844;40155;40785;40786;40156;40787;40158;40159;40157;40160;42417;40162;40161;40163;40164;40165;40166;40167;40169;40172;40168;40173;40171;40170;40174;40404;41039;40648;42391;44364;43396;47906;44901;47691;50460;53682;49279;40176;45524;40175;50461;45376;41011;49944;50366;40177;44365;40178;40845;53683;40179;45073;47756;40883;50012;40180;40181;40182;40649;40183;40184;44366;42247;44978;45599;47692;44126;53651;40185;49824;49083;42248;40186;42392;46009;40187;42174;53652;44680;46354;40188;49752;49212;40190;42175;40189;40192;44367;40191;40444;42951;40193;40195;40194;44307;47852;40196;40884;49753;47571;40197;40198;42231;45340;47572;40201;40199;40200;45620;47797;49667;40202;50415;53653;40204;42838;40203;45351;40205;45098;40206;43601;42472;45099;40208;40788;53654;40207;42316;41040;40211;40650;40210;40846;40212;40209;42103;53655;40214;53656;47816;42393;40213;53657;43149;44033;50316;45534;40574;40817;40338;43052;44979;40215;45525;40216;40489;43381;46880;44637;48320;49641;53658;40217;48753;44611;46208;49993;40218;40219;53659;40220;40222;45535;48233;46010;50367;44902;40221;44612;40223;40224;53660;45384;48259;40904;53661;40225;40228;40227;40229;40226;40230;40231;44308;49754;40651;43382;40232;40233;46188;40234;40235;49213;40237;40236;40526;42460;40238;40818;40239;41623;40240;42923;46189;53662;53663;48902;40241;40527;40242;42853;45605;45459;40243;50298;53664;45536;40245;40244;40246;53665;42814;53666;43053;40247;53668;53667;40249;40248;40250;40360;42334;40789;42952;44964;44034;47774;49668;53669;48280;53670;53671;40251;40819;40252;44088;40253;45493;46728;47603;53672;40254;48234;42865;40255;49975;40256;47121;46250;42232;44681;40652;50368;49669;48754;45494;41041;43630;40257;46219;46232;40790;46231;42317;40258;42203;50010;45000;53673;40259;40260;40262;42854;40261;53674;45460;53675;53676;40264;40263;40266;40265;43617;53677;46355;49192;40267;45100;42792;46341;53678;40268;40339;42144;44368;53679;40269;40270;45461;40653;40500;47020;40271;40272;47592;49264;40275;40274;40273;41004;40575;53680;42974;44410;40546;46750;49256;40276;40277;50011;46233;47707;44613;53681;40278;40279;42418;45526;40280;49945;41042;53684;42975;50462;44089;40281;40445;46670;40282;40283;40284;40285;43870;41012;40286;53685;44127;41043;40287;40288;40290;40289;40860;42461;42924;48430;50013;47728;40291;53686;40292;40293;47729;49257;40294;44614;44615;40295;40296;40905;43083;48372;40297;50369;44991;40298;40299;41939;49265;47730;44052;50370;40300;43346;40301;40302;42860;46781;40303;53687;40305;44931;40304;40306;44980;42205;42204;40307;40309;42206;40308;46687;50463;50371;49280;53688;41005;40310;50014;40311;45127;48235;40313;40312;40314;41044;42462;40589;45012;40315;46209;49214;46342;40316;49258;45462;45463;44113;40317;44682;45464;42249;45352;45482;44369;47775;40654;40319;40318;40321;40320;40322;40323;40847;45074;42069;42953;53689;46729;40791;40324;40792;42419;40325;53690;40793;40326;40327;42925;43383;44370;45527;47907;47693;44903;49281;50464;53769;53771;53770;45034;53772;47678;47868;45495;50465;49946;50372;53774;53775;53782;44371;53773;47757;45075;53691;50018;53784;44981;45600;49084;44128;47694;49825;53692;53693;46011;46356;53694;44683;53696;49210;47134;42954;53697;53695;44309;47853;53698;45341;53699;47573;49755;49670;53700;45621;47798;53701;50416;53702;42839;45353;45101;45102;43107;53703;53704;53705;53706;53707;53708;44053;46178;49302;53709;50417;53710;53711;53712;53713;53714;53715;47817;43150;53716;44035;44667;43054;50317;53717;44982;43384;46881;44638;48321;53718;49642;53719;53721;53722;53720;49994;48755;53723;44616;46210;53725;53724;48236;45537;53726;53727;50373;44904;44905;44618;44617;44622;53728;48260;53729;49756;44310;43813;46190;49215;53730;43385;42926;46191;48903;53731;53735;53733;53732;53734;42855;50299;45606;45465;53736;53737;42463;53738;45538;53884;43055;53739;42394;44411;49671;43631;45128;50409;50015;53741;53740;44090;42395;44668;45354;45607;46730;53742;53744;53745;53743;48237;47604;47122;49976;46251;53746;45496;44684;49672;43632;50374;48756;46234;50016;53747;46220;45001;53748;53749;46235;45466;53750;42856;53752;53753;53751;48322;53754;46357;49193;43618;53755;43856;45103;46343;53757;53885;53756;53758;44403;53759;44372;47021;45467;53760;53761;49266;53763;47593;53762;53886;53764;53765;53766;53838;44412;53767;53768;50017;46751;49947;53776;53777;50466;53778;44091;53779;42976;53780;46671;43871;53783;53781;44129;53785;42927;42464;47731;50019;48431;53786;53787;47732;53788;44619;53789;53790;48373;53887;53791;44623;44992;53875;53792;44054;47733;53793;46782;50375;53794;47758;53888;43347;44932;53796;53795;49267;44983;53824;43619;45035;47854;44906;45497;50376;50467;49282;53797;53798;53799;53800;45129;50020;48238;45013;49168;48281;53801;53802;46012;53803;46344;46211;49216;53804;45468;49259;53806;53805;44114;45469;44685;53807;44322;53889;53825;45470;44373;45355;47776;47777;42955;53808;45076;53809;75454;53810;49139;75486;75646;75647;75548;75648;75649;75651;75650;75652;75653;75654;75657;75656;75655;75659;75662;75660;75661;75658;75663;75664;75666;75665;75667;75668;75682;75683;75684;75688;75416;75419;75418;75687;75420;75417;75421;75422;75425;75424;75426;75423;75427;75428;75429;75430;75431;75432;75433;75434;75435;75436;75438;75437;75439;75442;75441;75440;75443;75444;75445;75446;75449;75447;75450;75448;75451;75452;75453;75455;75456;75459;75458;75460;75457;75461;75462;75464;75465;75463;75466;75467;75468;75469;75471;75470;75473;75472;75474;75476;75477;75478;75475;75479;75480;75481;75483;75482;75485;75484;75488;75489;75490;75487;75492;75491;75494;75493;75495;75497;75496;75498;75499;75501;75500;75503;75502;75504;75505;75506;75507;75508;75511;75509;75510;75513;75514;75512;75516;75517;75515;75519;75521;75522;75518;75524;75523;75520;75526;75525;75528;75530;75527;75529;75531;75532;75535;75536;75533;75534;75537;75538;75540;75539;75542;75541;75543;75544;75545;75546;75547;75551;75550;75549;75552;75555;75553;75554;75556;75558;75557;75560;75559;75561;75562;75563;75564;75567;75565;75566;75568;75570;75569;75581;75610;75609;75572;75573;75571;75575;75576;75574;75577;75578;75579;75580;75582;75584;75585;75583;75588;75589;75590;75591;75587;75586;75592;75593;75594;75595;75597;75596;75600;75602;75599;75601;75603;75598;75605;75604;75607;75606;75613;75611;75614;75612;75615;75608;75616;75618;75621;75620;75619;75617;75622;75624;75623;75626;75627;75625;75628;75629;75630;75631;75634;75632;75635;75633;75639;75640;75638;75636;75637;75643;75641;75645;75644;75642;75672;75670;75669;75671;75673;75675;75674;75677;75676;75678;75679;75680;75681;75689;75685;75690;75686;75694;75693;75691;75692;75696;75695;75697;75699;75698;75700;75702;75703;75701;75706;75704;75705;75708;75707;75709;75710;75712;75714;75711;75716;75713;75717;75715;75720;75718;75719;75721;75722;75723;75726;75727;75724;75728;75731;75725;75730;75729;75734;75732;75736;75733;75737;75738;75735;75740;75739;75742;75741;75743;75744;75745;75747;75746;75748;75751;75754;75749;75752;75753;75755;75756;75750;75757;75758;75759;75760;75761;75762;75764;75765;75763;75766;75768;75767;75769;75770;75771;75772;75773;75775;75777;75776;75774;75778;75779;75781;75828;75780;75944;75945;75946;75948;75949;75947;75951;75952;75953;75963;75964;75965;75950;75966;75968;75970;75969;75977;75976;75967;75782;75784;75786;75785;75783;75787;75790;75789;75792;75791;75788;75793;75795;75794;75797;75798;75796;75799;75800;75801;75802;75804;75803;75805;75806;75807;75808;75809;75811;75810;75813;75812;75814;75816;75818;75819;75817;75815;75820;75823;75821;75822;75824;75825;75826;75827;75831;75829;75832;75830;75833;75834;75836;75835;75837;75840;75839;75838;75843;75842;75841;75846;75844;75845;75847;75849;75848;75851;75850;75852;75855;75853;75854;75856;75857;75860;75859;75858;75861;75862;75863;75864;75865;75867;75868;75866;75870;75871;75869;75872;75873;75875;75877;75876;75874;75878;75879;75882;75881;75880;75883;75884;75885;75888;75887;75886;75889;75890;75891;75892;75918;75917;75894;75895;75893;75898;75896;75897;75899;75900;75901;75902;75903;75904;75905;75906;75908;75907;75909;75911;75914;75912;75913;75910;75915;75921;75920;75922;75916;75919;75924;75925;75923;75926;75928;75927;75930;75929;75931;75932;75933;75935;75936;75934;75937;75939;75940;75941;75938;75942;75943;75955;75956;75954;75957;75959;75958;75960;75962;75961;75971;75973;75972;75974;75978;75979;75975;75981;75980;75983;75982;75984;75986;75988;75987;75989;75990;75985;75993;75994;75992;75991;75996;75998;75995;75997;76000;75999;76001;76003;76004;76002;76005;76006;76008;76010;76007;76009;76011;76013;76012;76015;76014;76016;76017;76020;76019;76021;76022;76018;76023;76024;76025;76026;76028;76027;76029;76030;76031;76033;76036;76035;76032;76034;76038;76037;76039;76040;76041;76042;76043;76044;76046;76047;76045;76048;76049;76051;76052;76050;55161;66343;64158;41351;76188;41350;72977;80021;67105;68947;41352;41354;41353;41355;41356;41357;41358;42363;42876;41955;43386;44374;50872;44907;50873;52686;50874;50876;53252;52650;51591;50875;53647;55483;56003;57083;57970;57084;58112;57971;58524;64208;69344;81697;70189;74006;69343;82739;50877;64209;41359;51592;57086;57085;44375;41360;57972;41361;45064;51594;51593;50878;50879;51595;53890;73783;44376;50880;41362;44130;41364;50881;41363;42250;44984;51086;50884;50883;50882;57087;52565;57586;58774;64905;64098;66505;41366;71763;41365;41367;42251;44377;50887;50885;50886;50888;50889;52566;42252;57089;57088;51087;57090;65907;65023;77048;69474;82657;41368;71614;58030;41369;42176;44686;50973;50890;53282;55165;58740;64099;64101;64100;69294;64103;71964;64102;58615;64107;64105;69295;64106;64104;69296;71965;76367;76909;77742;79307;81507;81665;64108;69787;77099;69345;77196;64109;58263;44378;64110;77958;77850;42956;55547;41370;44311;64111;57091;64112;64113;64114;64115;72241;69259;64116;50891;80389;81076;64117;41371;53528;50892;83330;64118;76472;50893;51596;41372;42233;45130;50894;53586;57092;50895;58941;70018;58764;70019;71833;58942;64862;76523;41374;41373;73410;50897;51112;50896;41375;52765;50898;55972;64119;57093;66953;73129;65794;79760;83461;81389;53484;42829;64120;55711;41376;79738;81120;81970;50487;76198;70134;55586;83133;50899;80165;41377;42473;45104;45105;57094;50983;77217;70842;41378;82019;66354;67221;68948;41379;71786;72242;72243;81121;74115;41380;58140;42300;55618;57095;41381;41382;57096;53587;55587;52066;77755;76247;64121;50900;53356;64124;64123;57097;64122;66020;53357;41384;53501;64125;53402;41383;51597;64126;55827;83285;41965;81666;57098;51598;51599;41385;41386;45036;42866;53283;43151;52683;79618;64127;44036;70780;41387;74087;42989;79414;41389;41388;41390;57100;57099;44965;57465;64128;64129;65024;64130;80022;74173;57838;58973;64132;64131;64134;64135;64133;64136;65175;65596;65865;66666;67195;66667;68949;70935;70933;70934;73147;72554;76989;76990;77599;80023;81123;81122;82068;71559;79761;71560;41391;41392;43387;44639;50902;50901;51983;50903;50904;52959;53485;53912;55019;55162;55828;57102;57996;57101;58286;58560;64137;64138;64139;64140;64141;64143;64142;64636;64613;64965;65566;66492;65939;68950;66920;71492;69969;70936;72085;72700;72455;73075;73591;73850;74088;76105;76500;77672;77244;78885;79308;79686;80054;80995;80565;81077;81245;81877;82819;83486;55829;64925;50905;41393;50906;73510;55712;53313;58720;57103;81752;64144;44389;50907;83286;51600;64145;41394;50908;41396;64146;50909;50910;41395;52630;54985;64147;57104;64148;72422;64149;50911;51601;41397;57105;50912;55441;57106;57434;64150;71307;71308;76604;74351;77229;77673;81039;81295;81667;44908;57839;64151;41398;57696;41399;51198;64152;66287;66954;50913;72797;74321;82639;66955;68951;68952;70631;76501;77433;41400;64153;70758;44312;51602;41401;51661;57107;55981;72277;68874;64154;64155;64156;66741;66253;68953;73117;70289;41402;64157;57613;64906;64159;64160;50914;70872;41403;51603;65795;73609;57108;41956;81311;41404;51604;42928;43857;51605;52631;50915;56004;58113;64161;53891;64162;65545;64163;66193;66854;41405;69090;41406;42396;43872;51606;51667;50916;52751;58164;55619;64164;64165;64166;66194;65597;66616;69069;70960;72681;74284;77319;79634;81435;64167;58141;64168;64169;64780;64863;69029;65245;66538;71171;41407;50917;41408;50918;42857;50919;55137;64170;52067;66031;65246;64171;66855;69070;72555;74254;71020;79635;81436;69071;77273;72423;70873;74007;76998;81419;64172;53486;83287;79208;41409;52684;50921;50920;51199;76473;43858;81909;51088;43056;53284;54840;70632;77674;76754;41410;41411;41412;51607;42343;41414;41413;42990;44037;52685;51608;44966;50922;50923;51609;51610;51611;50924;51612;51613;51614;50925;52597;53570;53571;57109;55686;57111;57110;57854;57853;57297;64174;58845;64173;64176;64175;64179;64180;64177;64178;64500;64888;66539;66344;66742;68954;66912;67196;70039;70040;72163;72324;71034;71033;72325;72478;73554;74033;74462;78650;76557;78651;80249;80250;82020;51615;41415;50927;44092;50926;51934;50974;65717;57430;68875;71425;77145;77230;79232;42867;81312;41416;57725;54640;55620;68979;64181;73939;78105;76138;83515;81480;81481;41417;71035;83462;69054;58943;58767;50928;57596;65568;64192;57112;65567;55563;55564;82021;72615;42234;41418;53358;65682;65829;57113;73268;50929;78253;64182;50931;50930;41419;77959;74506;50932;69374;55431;77472;55484;55432;80166;81161;41420;51616;50933;43633;50934;76558;53314;81176;51617;81878;69511;70328;74373;77434;77435;82428;41421;50935;57115;57114;50936;64183;64531;42301;41422;51618;45002;41423;41424;50937;50938;50939;42830;51619;51620;52988;57116;55138;58031;57569;58677;58678;64184;64185;64186;73592;74352;65718;78886;81124;64187;77299;69457;57117;81996;71834;64188;41425;71835;50940;50941;41426;55896;58165;64189;64190;74210;51621;50942;43620;51622;65784;76139;41427;77179;64191;50943;51134;42793;51623;54641;77662;58479;79687;57118;64193;58721;77663;41429;52735;41428;55745;57119;81078;64194;55774;77600;64195;73511;82640;42145;64196;76755;73130;83543;50944;52712;41430;58775;53588;64197;64198;64199;66463;70794;41431;64200;51624;50945;55696;41432;70797;72229;64781;74507;70796;72769;58195;50946;55728;64201;64202;41433;56018;79332;41434;41436;41435;50947;53253;55697;57531;64204;64203;64205;64206;57682;66300;64207;58588;72198;79309;66288;51625;50948;70843;54827;53228;53839;53619;56019;50949;74021;80251;51626;42420;70938;70937;41437;52687;41957;44379;43388;42364;44909;50950;52688;50951;51627;50952;53229;53648;52651;57886;41438;58114;73297;83049;41439;42957;64926;55565;73707;72199;68980;78856;50953;74116;55548;66552;74117;41440;57121;71172;57120;57122;43873;76248;41441;71561;80217;76910;41442;81313;64210;83516;51628;57123;64211;50954;69375;76141;57124;41443;44131;76140;72856;71836;76106;41444;41445;57125;41446;67197;72244;79822;71137;55713;71136;55714;57126;41447;44592;52960;51844;73979;51629;50956;50955;51630;57127;41448;53892;43084;78667;55467;65247;54920;41449;51631;64212;50957;57128;64213;64214;80252;53529;53854;44055;41642;41450;52689;64215;50958;53230;65683;64216;82470;77524;77723;58203;50959;57129;65796;64217;64218;72200;73468;69233;54828;57130;76424;79739;72536;70724;72873;73751;77180;79619;74145;78254;64219;73512;64221;64220;73784;43348;41451;50960;53254;57132;57131;70020;64223;64224;57133;54642;44933;64222;76372;53826;41452;78464;54921;69168;65248;74118;71226;81040;57840;76212;57841;81508;41453;80024;70021;64864;57726;57134;64225;45131;64889;57727;77743;41454;73708;41455;41457;51632;41456;64226;69030;69191;69192;71392;76053;73555;66195;64227;51633;73327;66464;45014;80390;57555;50961;57597;65940;53446;52472;64228;64229;80253;50962;82658;66021;69414;50963;55503;50964;57855;77197;64430;69458;53638;80825;81543;58317;81542;55020;53231;70781;80996;81641;53827;51634;50965;56020;55453;52690;41458;41459;78887;41460;43085;51635;45077;54994;53315;57136;57137;58115;58944;64230;64231;64795;64469;64796;69091;66254;69893;69894;71138;72086;73178;73397;77960;79620;78868;81642;76373;41461;80254;82523;65797;64232;55973;50967;54934;58396;58395;50966;64235;64236;64233;64234;64237;66985;71393;64238;69297;71562;70969;73015;82990;41462;78652;53316;57138;73287;51636;70961;71937;80547;66801;81643;67106;72456;74463;69112;82641;67107;69114;67109;67108;69113;69115;69116;67111;67110;67112;67113;64239;67114;69117;57139;41463;64240;51637;52162;64241;64242;41464;56034;29911;27101;27102;27103;33378;34317;27603;39497;27105;29347;29348;27104;29349;27106;29350;27107;27108;29351;27110;27109;29352;29353;27604;33379;33380;39498;66345;27111;51682;35948;67255;59602;29355;27115;27114;27112;29354;27113;29356;27116;29358;27117;29359;29357;27121;27118;27119;29360;27123;27120;29361;29362;27122;27528;27529;28369;31087;31088;29363;31715;32113;31722;33498;32114;33499;33756;33757;34318;34319;34941;34957;41465;35303;41466;41467;41983;36199;41468;49887;44934;49888;41984;42868;42365;49890;49889;43397;49891;44380;44910;45498;49893;49892;50488;51411;49894;53232;57147;52736;57148;53649;57149;55485;56608;57150;56005;57151;57858;56609;57152;57153;58116;59520;27126;27124;27127;27128;27125;27129;27132;27130;27131;29912;29694;31620;31602;33120;33119;34198;34345;34428;41985;34958;41986;30121;27510;35325;27133;41469;35949;58032;41470;41471;41472;35950;41987;29364;27134;27135;27136;29365;27137;27139;27138;29366;29367;29240;27140;29368;29877;32023;34844;34843;41988;51683;51685;51684;51686;51687;27141;27142;29369;38910;51688;13753;51689;13754;13755;13756;13758;13757;13760;13759;13762;13761;13763;13766;13765;13764;13768;13767;13771;13769;13770;13772;13773;13774;13776;13777;13775;13778;13779;13780;13781;13783;13782;13786;13785;13784;13789;13788;13787;13791;13792;13790;13793;13794;13795;13796;13797;13798;13799;13801;13800;13804;13803;13802;13807;13806;13805;13809;13808;13810;13812;13813;13811;13815;13814;13816;13817;13818;13819;13822;13821;13820;13824;13823;13825;13827;13828;13826;13829;13831;13830;13833;13832;13834;13836;13835;13837;14206;14231;13838;14276;14264;14322;14667;14600;14658;14730;14769;14731;15423;15528;14775;15726;15552;15569;15755;15923;16303;16304;16306;16305;16307;16362;17217;17198;16454;16372;17238;17237;17242;17271;17300;17325;20082;17606;17671;17617;17618;18014;17982;18057;18082;18096;18112;18154;18462;18113;19240;18463;19241;19243;19244;19242;19245;19247;19246;19249;19248;19250;19333;19251;19382;19925;19924;19926;19927;19929;19928;19931;19932;19930;19933;19934;19935;19936;19996;19937;20064;20087;20083;20209;20240;20239;20334;20282;20335;20369;20483;20370;20758;20820;20821;20879;20923;20901;21013;20967;21014;21137;21093;21136;21138;21150;21163;21290;21368;21289;21233;21370;21369;21623;21622;21624;21723;24413;24412;24415;24414;24417;24416;24418;24419;24420;24422;24423;24421;24425;24424;24426;24427;24429;24428;24430;24431;24432;24434;24433;24435;24436;24437;24438;24439;24440;24442;24441;24443;24445;24444;24446;24447;24448;24451;24450;24449;24452;24453;24454;24455;24456;24457;24459;24458;24460;24461;24463;24462;24464;24465;24466;24411;25405;25406;25407;25408;25409;25411;25410;25412;25414;25415;25413;25418;25417;25416;25419;26169;26170;26172;26173;26171;26176;26175;26174;26178;26179;26177;26180;26182;26181;26183;26184;30141;83562;83560;83561;83563;83564;83565;83567;83568;83566;83569;83570;83573;83571;83572;83574;83576;83575;83577;83579;83580;83578;83581;83582;83583;83586;83585;83584;83587;83588;83589;83591;83590;83592;83593;83594;83596;83595;83597;83598;83599;83600;83601;83603;83602;83604;83606;83605;83609;83607;83608;83610;83611;83613;83612;83614;83616;83617;83615;83618;83621;83620;83622;83619;83623;83627;83626;83624;83625;83628;83629;83630;83633;83631;83632;83634;83635;83640;83637;83638;83639;83636;83845;83641;83643;83644;83642;83847;83846;83848;119958;83645;83849;83646;83648;83647;119959;83650;83850;83649;83651;83652;83653;83654;83655;83656;83657;83658;83659;83660;83661;83851;83662;83663;83664;83665;83666;83667;83668;83669;83670;83672;83671;83675;83674;83673;83677;83676;83678;83679;83680;83681;83682;119960;83683;83685;83684;83687;83686;83688;83689;83690;83691;119962;119961;83692;83693;83694;83695;83696;83697;83698;83702;83701;83699;83700;83703;83704;83705;83707;119963;83706;83708;83710;83713;83711;83709;83712;83714;83717;83716;83719;83715;83718;83720;83721;83722;83724;83723;83725;83852;83726;119964;83727;83728;83755;83757;83756;83853;83855;83854;83856;83858;83857;83859;83860;83869;83868;83870;83903;83947;83946;83948;83945;83970;83971;84080;84016;84079;83988;84082;84083;84115;84116;84081;84084;84145;119965;119966;84146;84147;84190;84191;84192;84206;84207;84260;84261;84227;84286;84285;84337;84423;84441;84338;84396;84395;84361;84425;84397;84424;84427;84442;84426;84443;84469;84468;84544;119967;84546;84723;84545;84547;84558;84560;84559;84548;84561;84562;84632;84634;84662;84633;84724;84663;84874;84725;84875;84876;119968;84897;84896;84898;84899;84914;84913;85121;84979;85073;85074;85153;85151;85179;85213;85152;85180;85239;85214;85374;85250;85215;119969;85375;85376;85378;85377;85398;85379;85400;85399;85505;85504;85401;85576;85532;85575;85577;85597;85598;85625;85681;85647;85624;85719;119970;85720;85721;85761;85762;85722;85723;85763;85764;85791;85793;85792;85794;85795;85796;85868;85841;85869;85870;85871;85902;85905;85903;85901;85904;85906;85941;86057;85942;85929;85928;86121;86140;86141;86143;86203;86217;119971;86142;86184;86288;86289;86290;86307;86308;86339;86340;86309;86341;86342;86343;86344;86345;86347;86346;86398;86378;86397;86399;86440;86441;86464;86490;86442;86536;86537;86535;86539;86538;86540;86627;86616;86648;86649;86628;86696;86695;86703;86705;86704;86706;86707;86708;86709;86753;86752;86755;86754;86756;86757;86803;86808;86867;86865;86866;86869;86895;86870;86868;86883;87642;86940;86941;87007;86943;86942;87008;87720;87009;87643;87010;87051;87063;87064;87721;87104;87105;87106;87122;87180;87181;87404;87196;87197;87644;87198;87199;87200;87201;87645;87202;87214;87215;119972;87646;87276;87277;87278;87279;87318;87280;87317;87319;87338;87405;87461;87496;87495;87524;87526;87527;87588;87589;87525;87528;87590;87591;87647;87649;87648;87650;87652;87651;87653;87654;87655;87666;87668;87669;87667;87723;87724;87731;87670;87857;87722;87858;87859;87860;87862;87861;87864;87863;87865;87866;87887;87867;87909;87911;87913;87912;87914;87910;87961;87962;87963;87988;87964;88005;88004;88006;88007;88008;88009;88038;88039;88140;88081;88082;88142;88141;88143;88176;88144;88177;88178;88408;88453;88485;88454;88507;119973;88486;88508;88559;88515;88560;88575;88619;88620;88621;88622;88623;119974;88677;88691;88692;88707;88710;88709;88708;88802;88803;88831;88833;88835;88834;88891;88832;88893;88892;88947;88948;88949;89021;89022;89076;89077;89654;89656;89655;89657;89722;89658;89723;89775;89918;89730;89731;89919;89921;89920;89960;89923;89929;89961;89922;89989;89991;89990;89994;89992;89993;90063;90064;90065;90092;90185;90093;90186;90187;90262;90303;90304;90264;90347;90305;90346;90263;90395;90348;90394;90396;90397;90398;90505;90506;90399;90420;90531;90532;90533;90534;90535;90536;90585;90595;90587;90586;90596;90597;90623;90755;90756;90754;90758;90757;90759;119975;90820;90883;90821;90885;90884;90886;90913;90914;90992;90993;90994;90991;91043;90995;91119;90996;119976;91158;91159;91121;91120;91161;91160;91180;119977;91247;91217;91248;91249;91250;91251;91252;91254;91282;91297;91281;91253;91298;91308;91309;91318;91319;91649;91651;91650;91652;91653;91654;119978;91556;91655;91657;91658;91656;91659;91661;91660;91664;91662;91663;91665;91666;91668;91667;91669;93151;93152;93154;93153;93155;93156;93157;93158;93159;93161;93160;93162;93164;93163;93165;93167;93166;93168;93170;93171;93169;93172;93173;93174;93175;93176;93177;93179;93181;93182;93180;93183;93178;93184;93187;93185;93186;93188;93190;93270;93271;93189;93273;93272;93274;93276;93275;93277;93278;93279;93280;93281;93283;93282;93286;93284;93285;93287;93288;93290;93291;93289;93292;93293;93294;93296;93295;93297;93298;93301;93299;93300;93302;93303;93304;93305;93306;93307;93308;93309;93312;93310;93311;93313;93314;93367;93341;93342;93369;93368;93370;93371;93372;93373;93437;93438;93439;93455;93458;93456;93505;93457;93459;93506;93507;93558;93589;93508;93590;93645;93591;93644;93647;93615;93646;93712;93713;93734;93714;93733;93735;93765;93766;93768;93767;93769;93770;93771;93772;93806;93807;119979;93808;93860;119980;93862;93861;93863;93894;119981;93893;93895;93909;119982;93910;93937;93935;93936;119983;94007;94006;94039;94038;94037;94036;94040;94041;94043;94042;94267;94269;94067;94268;94270;94271;94272;94274;94273;94275;94277;94276;94278;94280;94279;94281;94283;94282;94286;94284;94285;94319;94320;94321;94324;94322;94323;94325;94326;94349;94350;94434;94433;94435;94455;119984;94504;94505;94506;94507;94572;94608;94607;94609;94668;119985;94728;94729;94757;94739;94758;94921;94938;94939;95281;94969;95282;95283;95294;95313;95312;95314;95315;95317;95316;95368;119986;95367;95369;95384;95383;95396;95397;119987;95422;95398;95423;95424;95534;95452;95536;95453;95535;95537;95564;119988;95565;95607;95606;95608;95624;95623;95625;95626;95627;95651;95650;95652;95628;95660;95710;95709;95711;95712;95761;95797;95799;95798;95800;95801;95804;95805;95803;95802;95821;95806;96031;95822;95915;96032;95986;96034;95987;95988;96033;95990;95991;95989;96075;96078;96076;96077;96080;96079;96082;96087;96088;96081;96083;96135;96089;96134;96136;96137;96139;96147;96140;96148;96141;96138;96149;96255;96150;96257;96256;96258;96259;96260;96262;96261;96263;96264;96265;119989;96266;96303;119990;96335;96387;96334;96404;96429;96405;96430;96432;96431;96433;96435;96434;119991;96482;96527;96528;96529;96530;96566;96603;96604;96653;96654;96694;96696;96655;96695;96697;96698;96700;96699;96701;96715;96702;96716;96718;96761;96717;96794;96793;96762;96795;96868;96827;96870;96901;96869;96902;96903;96923;96926;96924;96925;96950;96976;96977;97014;97015;97040;97043;97041;97042;97044;97045;97046;97063;97064;97065;97081;97082;97080;97096;97097;119992;97186;97130;97129;97189;97188;97187;97204;97202;97203;97205;97206;97207;97297;97298;97296;97299;97300;97317;97381;97380;119993;97382;119994;97431;97433;97432;97466;97467;97494;97519;97495;97518;97520;97549;97550;97570;97652;97571;97653;97572;97598;97599;97654;97655;97656;97695;97657;97696;97771;97772;97773;97774;97776;97824;97777;97775;97825;97827;97830;97829;97828;97826;119995;97832;97831;97847;97849;97848;97850;97851;97913;97912;97914;97915;97916;99085;99083;119996;99084;99086;99087;99091;99090;99088;99089;99092;99114;99115;99117;99116;99118;99119;99120;99180;119997;99165;99181;99230;99231;99243;99242;99232;99244;99245;99261;99262;99302;99263;99356;99355;99357;99393;99358;99395;99394;99396;99397;99434;99461;99460;99462;99463;99464;99465;99467;99466;99468;99469;99507;99579;99578;99580;99508;99623;99624;99653;99654;99705;99625;99759;99758;99760;99761;99960;99959;99961;99963;99962;99964;99978;99979;99980;99991;99992;100022;100023;100024;100121;100050;100122;100150;100149;100152;100151;100206;100207;100209;100208;100211;100212;100210;100214;100215;100213;100241;100242;100243;100244;100246;100245;100264;100289;100290;100291;100292;100351;100319;100320;100352;100353;100354;100374;100375;100376;100377;100378;119998;100405;100406;100404;100407;100408;100409;100410;100459;100539;100538;100540;100542;100541;100543;100544;100569;100588;100614;100589;100661;100754;100803;100780;100834;100864;100865;100907;100909;100867;100866;100908;100910;100911;100912;100913;100914;100915;100916;100917;100952;100951;100918;100953;100954;100985;119999;100986;101042;101043;101055;101056;101057;101058;101059;101060;101061;101080;101081;101082;101106;101108;101107;101109;101142;101143;120000;101144;101145;101146;101201;101147;101202;101203;101204;101259;101221;101222;101223;101225;101226;101224;101228;101227;101230;101289;101260;101229;101290;101291;101292;101350;101293;101351;101352;101353;101391;101392;101389;101390;101393;101519;101394;101520;101762;101763;101764;101766;101765;101767;120001;101768;101807;101832;101808;101885;101831;101886;101887;101889;101888;101890;101891;101926;101927;101940;101941;101942;101944;101943;101945;101947;101946;101948;102066;102013;102067;102068;102069;102188;102070;102189;102190;102193;102191;102218;102192;102194;102219;102252;102254;102255;102251;102253;102256;102308;102257;102307;102309;102310;102311;102313;102314;102315;102312;102316;102317;102318;102352;102351;102320;102319;102353;102414;102354;102413;102415;102474;102475;102477;102476;120002;102478;102539;102540;102541;102542;102577;102626;102579;102578;102693;102627;102695;102694;102696;102728;102800;102729;102802;102801;102836;102837;102838;102839;102840;102854;102841;102856;102855;120003;102911;102910;120004;102912;102913;102914;102952;102953;104649;102954;120005;102955;102973;102974;102989;102990;103110;103120;103176;103177;103111;103179;103178;103180;103182;103181;103183;103185;103184;103186;103210;103212;103211;103214;103213;103216;103215;103246;103245;120006;103247;103248;103295;103294;103293;103297;103296;103298;103300;103299;103301;120007;103315;103316;103317;103318;103354;103355;103369;103371;103370;103412;103413;103414;103415;103454;103455;103503;103528;103564;103563;103636;103596;103597;103638;103637;103639;103640;103689;103690;103743;103742;103767;103768;103769;103770;103807;103771;103772;103832;103852;103833;103854;103917;103853;103918;103919;103920;104009;104010;103961;104013;104011;104012;104014;104015;104016;104018;104019;104017;104022;104021;104020;104023;104025;104024;104028;104026;104027;104029;104030;104094;104096;104097;104095;104098;104099;104141;104142;104117;104171;104172;104209;104252;104210;104253;104208;104650;104542;104255;104254;104270;104271;104374;104375;104427;104376;104429;104428;104471;104472;104473;104430;104475;104474;104494;104495;104476;104529;104531;104530;104776;104532;104651;104777;104778;104780;104779;104782;104781;104783;104870;104869;104806;104805;104872;104871;104873;104874;104875;104876;104877;104878;104879;104880;104952;104953;104954;104955;104957;104959;104956;104958;104961;104960;104965;104963;104964;104962;104967;104966;104992;104968;104991;104993;105020;105034;105033;105036;105035;105072;105073;105094;105093;105097;105095;105096;120008;105098;105148;105172;105149;105150;120009;120010;105271;105273;105253;105270;105272;105274;105278;105276;105275;105277;105279;105280;105281;105283;105282;105284;120011;105285;105286;105287;105290;105288;105289;105348;105349;105352;105350;105351;105353;105388;105408;105480;105458;105459;105409;105460;105461;105462;105463;105481;105483;105506;105482;120012;105513;105538;105541;105539;105540;105574;105576;105575;105577;105579;105578;105580;105582;105581;105647;105648;105685;105684;106092;105719;105721;105720;105744;105722;105763;105765;105764;106041;106042;106043;106046;106045;106044;106047;106049;106048;106073;106127;106093;106095;106094;106128;106129;106130;106131;106132;106133;106184;106185;106187;106186;107251;106259;106260;106262;106261;106263;106292;106294;106293;106342;106343;106344;106345;120013;106346;106436;106370;106435;106437;106438;106439;106441;106442;106440;106444;106443;106445;106448;106446;106447;106449;106450;106451;106452;106453;106454;106455;106456;106473;106471;106472;106470;106474;106475;106476;106479;106478;106477;106480;106526;120014;106527;106528;106529;106530;106481;106531;120015;106532;106555;106576;106579;106578;106577;106580;106602;106605;106604;106603;106617;106618;106652;106653;106654;106672;106673;106674;106708;106707;106746;106745;106747;106787;106786;106748;106788;106789;106834;106835;106836;106815;106865;106866;106896;106868;106867;106897;106898;106900;106899;106901;106926;106941;106942;106944;106943;107002;106967;120016;107022;107054;107055;107086;107085;107115;107116;107131;107140;107132;107141;107139;107142;107144;107213;107143;107252;107214;107255;107253;107254;107288;107289;120017;107291;107292;107290;108279;108509;108280;108511;108510;108512;108367;108368;108400;108401;108369;108402;108449;120018;108450;108451;108482;108528;108452;108531;108530;108529;108532;108533;108578;108579;108581;108580;108646;108647;108648;108651;108649;108650;108653;108652;118346;108656;108655;108654;108686;108685;108684;108705;108687;108744;108745;108747;108746;108748;108749;108824;108825;108826;108827;108828;108829;108831;108872;108830;108871;108873;108874;108875;108876;108877;108945;108946;108948;108947;109011;109000;109001;109012;109028;109014;109013;109015;109083;120019;109161;109084;109162;109197;109085;120020;109240;109241;109198;109242;109243;109244;109246;109247;109248;109245;109249;109250;109252;109251;109254;109253;109255;109256;109257;109260;109258;109259;109261;109262;109263;109264;109266;109265;109267;109268;109269;109270;109271;109272;109274;109273;109277;109276;109275;109309;109310;109278;109342;109355;109341;109356;109357;109358;109360;109359;109547;109548;109549;109550;109572;109598;109645;109599;118251;118252;109647;109646;109672;120021;109673;109675;109676;120022;109677;109674;109679;109721;109678;109757;109722;109756;109760;109758;109761;109762;109763;109759;109764;109765;109767;109766;109768;109769;109771;109770;109772;109773;109774;109775;109777;109776;109778;109779;109780;109783;109782;109784;109781;109785;109786;109788;109787;109789;109791;109790;109792;109793;109796;109795;109794;109797;109859;120023;109862;109860;109861;109886;109887;109888;109889;109890;109913;109891;118253;109937;109938;118254;110029;109939;118255;110031;110032;110030;110033;110035;110034;110036;110037;110038;110040;110039;110041;118256;110042;110043;110090;110091;110089;110092;118257;110093;110123;118258;110183;110184;110186;110185;110187;110188;110190;110189;110222;110224;110258;110223;110259;110260;110284;110261;110310;110338;110339;110340;110341;110342;110343;110344;110345;110346;110349;110347;110348;110350;110352;110351;110354;110353;110355;110356;110357;110360;110358;110359;110361;110362;110365;110367;110366;110364;110363;110371;110369;110370;110372;110373;110368;110376;110374;110377;110375;110378;110379;110380;110381;118259;110393;118260;110410;110411;110412;110443;110394;118261;110445;110444;110473;120024;110509;110511;110510;118262;110512;110531;110544;118263;110545;118264;110548;110594;110547;110546;110595;118265;118267;110620;118266;110596;110659;110636;110621;110635;110637;110638;118268;118269;110640;110639;110660;110661;110682;118271;118270;110683;110684;120025;110685;110760;110762;110761;110764;110763;110803;110804;110836;110837;110838;118272;120026;120027;120028;120030;120029;120031;120032;118273;120033;110938;120034;120036;110966;120035;110972;120039;120038;120037;120040;111051;118274;120042;120043;120041;120045;120044;111052;120046;111053;111054;111055;111056;111058;111057;111059;111101;111102;120047;120048;111134;118275;111150;120050;120049;120052;120051;111200;120053;111203;111202;120054;111201;118276;120055;120056;111261;111262;111263;120057;111264;120058;111328;111265;111329;111346;111347;111348;111368;111369;111367;111370;120059;120061;120060;111371;111372;120062;120063;120064;111433;111373;118277;111434;120065;111436;111435;120066;111437;111438;111439;120067;111441;111440;111442;111443;111444;111446;111445;111447;111448;111449;111451;111450;111452;111453;111455;111454;111456;111457;111459;111458;111460;111461;111462;111464;111463;111503;111505;111504;111506;120068;120069;111509;111508;111507;111525;111546;120070;111547;111548;111574;121042;120072;111575;120071;111591;111592;120073;120074;111662;111639;120075;111663;111664;120077;120076;111740;111741;118278;111743;118279;111742;111744;118280;111745;111781;111747;111746;111782;118281;120078;111784;120079;111783;111785;120080;111813;120081;118282;118283;111814;111815;111816;111817;111818;111819;111821;111820;111822;111823;111824;111825;111826;111829;111828;111827;111831;111830;111832;111833;111834;111837;111836;120082;111835;111838;111839;111842;111840;111841;112010;112011;112012;118284;120083;112013;112014;112015;112016;120085;120084;119211;119142;112055;112056;120086;120087;112057;112079;112080;112081;112082;112106;112107;119551;112108;112146;112145;112148;112147;118285;120088;112188;112199;112271;112200;112201;112202;112203;120089;112204;120091;120090;112273;112272;112274;117354;112278;112275;112287;112276;112277;118287;117355;118286;120093;120092;118288;117385;120094;117386;117448;117449;117450;120095;117451;117452;120096;117453;120097;120098;117478;120099;117527;117528;118289;120100;117529;120102;120101;117629;118290;117660;117661;117662;117663;120104;120103;117664;117694;117695;118291;118292;117696;117697;120105;117698;117699;118293;117700;117701;117703;117702;120106;117799;117800;117803;117802;117801;117804;120107;117820;120108;120109;120110;118294;120111;117821;118295;117822;117899;117823;117824;117858;120112;118296;117859;120113;120114;117866;117900;118297;120115;117901;120116;118298;117902;117903;120118;120117;117932;118299;120119;117933;120120;117989;117990;120121;117991;122393;120122;117992;118300;117993;118301;120123;117994;120124;117995;120125;118302;118032;118034;118033;120126;118078;118079;120127;118141;118080;118171;120128;120129;120130;120131;118172;120132;120133;118173;118174;118175;118198;118222;118303;118199;120134;118223;118304;118305;120135;118306;120136;118318;120137;118319;120138;118320;118321;118347;120139;120140;118349;118348;118350;120141;118351;118352;118354;118353;118355;118356;118357;120142;118388;118387;120143;118389;118390;120145;120144;118391;118454;118456;118455;118459;118457;118458;118460;120146;120147;118490;118491;120148;120149;118498;118499;118500;118501;119571;118502;120150;118564;119449;118565;118566;118587;119672;118588;119572;118589;120151;119450;118590;118729;119451;118728;119573;120152;120153;118749;118747;118748;119574;120154;120155;120157;119552;120156;118819;120158;120159;118854;120160;120162;120161;118882;118952;119553;118953;118965;120163;119575;119012;119011;119554;119644;119013;119031;119033;120164;119034;119032;119036;119035;119041;119042;119576;119115;120165;120166;119117;119116;120167;120168;119143;119144;119645;119145;119212;119213;119214;119215;119555;120169;119281;119283;119282;120170;119284;120171;120172;119285;119286;120173;119299;125666;120174;119333;119335;119334;120175;119336;119452;119453;119455;119456;119457;119454;120177;120176;120178;120182;119556;120179;120180;120181;120183;119577;119579;120184;119578;119646;119647;119648;120185;119649;120186;119650;129578;119651;119740;119718;119719;119720;119742;119744;120187;119743;119741;119745;119746;119747;119760;120188;119761;119762;119806;120190;120189;120191;119763;119807;119809;119808;119810;120192;119824;119825;119869;120193;119872;119870;119871;119937;119955;120194;120195;119956;119954;120196;120982;120984;120985;120986;120983;120987;126492;121003;121058;121060;121059;121061;121091;121092;121093;121094;121158;121159;121206;121209;121207;121240;121241;121208;121243;121292;121242;121293;121294;121296;121298;121297;121295;121299;121300;121301;121302;121303;121304;121305;121341;121342;121343;121344;121417;121416;121466;121465;121467;121539;121540;121568;121571;121570;121569;121610;121611;121612;121614;121613;121615;121617;121618;121616;121636;121637;121638;121635;122047;122048;122049;122113;122092;122050;122146;122147;122149;122182;122228;122181;122148;122229;122230;122309;122307;122306;122308;122310;122342;122340;122311;122312;122341;122343;122345;122344;122360;122361;122397;122419;122471;122473;122446;122474;122472;122475;122478;122530;122476;122477;122531;122532;122608;122663;122581;122645;122609;123780;122715;122666;122665;122664;122747;122774;122748;122773;122775;122776;122808;122850;122809;122810;122851;122889;122890;122944;122966;122965;122964;122967;122968;122970;122969;122996;122997;122998;122999;123060;123000;123061;123062;123064;123063;123066;123065;123067;123068;123069;123070;123125;123071;123126;123409;123411;123410;123412;123444;123413;123445;123446;123447;123449;123448;123451;123450;123496;123497;123499;123498;123500;123501;123546;123547;123548;123549;123551;123550;123633;123634;123635;123636;123672;123671;126524;123673;123747;123748;123749;123781;123783;123782;123785;123784;123822;123823;123824;123825;123923;123924;123925;123926;123927;123928;123929;123967;123968;123969;123970;123994;123993;123995;123997;123996;124055;123998;124056;124018;124082;124057;124109;124110;124083;124111;124112;124113;124148;124150;124149;124151;124190;124293;124269;124270;124268;124294;124295;124296;124314;124316;124315;124318;124317;124319;124361;124362;124363;124320;124364;124403;124404;124405;124452;124451;124453;124454;124455;124456;124644;124586;124645;124646;124647;124675;124674;124694;124715;124695;124716;124853;124852;124757;124855;124854;126493;126439;124857;124856;125023;126440;126441;125024;125214;125130;125920;126525;125132;125131;125133;125244;125245;126457;126458;125246;138490;125247;125248;125249;125281;125280;125282;125307;125283;126494;125333;125334;129878;125335;126336;125351;125457;125458;125459;125460;125461;125463;125462;125464;125465;126442;125467;125466;126686;130087;125468;125469;126443;125470;125536;125535;125471;125537;125539;125541;126736;125538;125540;126495;125592;125672;125673;125620;126459;126496;125675;125674;121005;121004;125676;121160;121468;121306;122051;122093;122094;122151;122150;122231;122867;122313;125677;122891;150628;126526;122945;122971;123452;123453;123073;123072;123455;123454;123456;123552;123554;123553;123638;123637;123674;123640;123639;123826;123971;123972;124365;124084;124321;124858;124406;150613;125250;125702;150546;125336;125284;125472;125473;125678;125703;125846;125759;125845;125984;125944;150510;150666;150625;150649;150551;150561;150575;150610;150585;150684;150662;150682;150512;150530;150626;150669;150600;150597;150648;150529;150681;150618;150540;150598;150594;150558;150664;150514;150620;150554;150563;150619;150633;150614;150624;150593;150533;125760;150660;150507;150642;150568;150650;150535;150552;150517;125761;150668;150638;125762;125763;125798;125764;150601;125799;125800;125847;125849;125848;125850;125873;125874;125876;125921;125875;125945;125922;125946;125985;125986;125988;125987;125947;125990;125989;125992;125991;125993;125994;125995;125996;126047;126044;126045;126046;125997;126062;126149;126151;126150;126063;126153;126152;126156;126154;126155;126157;126158;126159;126160;128071;126162;126161;126163;126164;126165;126166;126168;126167;126170;126169;126172;126171;126237;126173;126238;126239;126240;126253;126444;126460;126337;126461;126463;126462;126497;126498;126500;126499;126502;126501;126562;126560;126595;126561;127744;126596;126687;126617;126597;126618;126688;126619;126690;126689;126692;126691;128017;126695;126693;126694;126697;126696;126737;126738;126739;126740;126742;126741;126743;126770;126771;126744;126808;126809;126814;126811;126813;126812;126810;126913;126981;126982;126914;126983;126985;126984;127038;126986;128018;127039;127040;127089;127092;127091;127090;127745;127746;127749;127747;127748;127750;127751;127752;127754;127753;127755;127756;127758;127760;127757;127759;127761;127762;127763;127766;127765;127764;127768;127767;128019;127769;127771;127770;127772;127773;127775;127774;127776;127778;127779;127777;127782;127781;127780;127783;127784;127785;127788;127786;127787;127789;127790;127838;127885;128020;128021;127884;128610;128609;128022;128072;128048;128073;128144;128074;128146;128147;128145;128301;128302;128312;128752;128314;128313;128315;128316;128317;128318;128319;128410;128411;128466;128468;129096;128467;128469;128470;128471;128473;128472;128504;128520;128543;128542;128611;128544;128612;128870;128613;128628;128674;128673;128675;128677;128676;129844;128678;128679;128753;128873;128872;128871;128966;128988;128989;128991;128992;128990;129043;129044;129045;129047;129046;129153;129154;129155;129157;129158;129156;138248;129159;129160;129283;129284;129282;129286;129285;129287;129288;129347;129348;129349;129350;129381;129382;130088;129383;138249;129465;129403;129402;129401;129404;129526;129552;129529;129528;129527;129553;129554;129582;129555;129581;129583;129673;129674;129747;129746;129675;129676;129748;129772;129773;129845;129880;129879;129881;129961;129963;129962;129964;129966;129965;130001;130050;130051;130002;130941;130144;130089;130145;130161;130162;130164;130165;130163;130166;130942;130193;130943;130194;130195;130944;130196;130197;130198;130199;130253;130254;130256;130255;130257;130341;130340;130343;131067;130342;130344;130345;130361;130388;130389;130390;130391;130421;130422;130423;130425;130424;130426;130450;130449;130451;130452;130512;130584;130583;130619;138250;130620;130621;130753;130752;130755;130896;130754;130897;130899;130898;130900;130945;130946;130948;130949;130947;130951;130950;130954;130952;130953;130955;130956;130957;130958;130960;130959;131068;138251;131069;131070;131071;131118;131119;131120;131122;131121;131124;131123;131159;131160;131222;131221;131223;138252;131224;131302;131303;131304;131307;131305;131306;131308;131310;131309;134278;131312;131311;131385;131387;131386;131388;131389;131390;131391;131545;131546;131548;131547;131549;131551;131552;131553;131550;131554;131555;131557;131558;131752;131750;131751;131753;131556;131755;131754;138253;131756;131757;131758;131760;131759;138254;131999;131998;131833;132002;132001;132000;132004;132003;132005;132006;132007;132008;132010;132009;132070;132072;132073;132071;132089;132088;132090;132091;132092;132093;132094;132236;132237;132239;132238;132308;132309;132334;132335;132338;132336;132337;132387;132388;132389;132390;132394;132395;132396;132431;132432;132430;132670;132518;132671;132702;132703;132704;132705;132706;132707;132743;178281;132765;132745;132744;132766;132767;132850;132851;132852;132853;132921;132922;144032;132923;132924;132925;132926;132927;132928;132952;133032;138255;133033;133034;133035;133036;133037;133038;133134;133136;133135;133137;133139;133138;133140;133176;133175;133141;133201;133177;133202;133203;133255;133254;133256;133257;133348;133258;133259;133349;133389;133390;133392;133393;133391;133394;133395;133396;133438;133448;133397;133439;133493;133494;133495;133520;133539;133540;133541;133543;133545;133542;133544;133546;133547;133596;133594;133595;133597;133598;133599;133600;133601;133602;133761;133762;133763;133790;133791;133792;133829;133830;133831;133832;133833;133835;133834;133837;133838;133836;133839;133946;133947;133948;134035;133949;134036;134074;134075;134076;134078;134079;134080;134077;134081;134082;134083;134100;134099;134102;134101;134103;134104;134106;134159;134105;134158;134160;134161;134200;134199;134201;134202;134203;134286;134285;134287;134288;134289;134290;134291;134292;134293;134294;134295;134296;134297;138256;134351;134350;134364;134363;134365;134399;134400;134401;134441;134366;138257;134560;134561;134621;134623;134622;134625;134624;134654;134656;134655;134653;134697;134824;134698;134756;134757;134852;134853;134937;134854;134855;134972;134938;135023;135024;135025;135164;135165;138258;135166;135167;135168;135169;135196;135197;135223;135224;135225;135226;135227;139904;135228;135266;135267;135268;135281;135387;135389;135388;163266;135390;135391;135392;135393;135394;135395;135396;135397;135751;135579;135671;135580;135752;135753;135961;135893;135754;135962;135963;136014;135965;136013;136024;135964;136025;136026;136075;136076;136077;136078;136074;136079;136081;136080;136164;136082;136163;136165;136167;136166;136170;136168;136169;136279;136395;138259;136280;136394;136397;136396;136465;136462;136463;136464;136466;136467;136649;136648;136468;136469;136650;136651;136653;136654;136655;136652;136656;136657;136659;136658;136660;136661;136662;136782;136785;136784;136783;136786;136787;136788;136789;136791;136790;138260;136792;136793;136795;136796;136794;138261;136797;136798;137535;136800;137536;136799;137538;137537;138262;137540;137539;138263;137541;138540;137543;150582;137542;150590;150576;150661;150651;150605;150577;150679;150676;150528;137544;137545;150599;150511;150547;150538;150589;150588;150672;150583;150630;150644;150539;150557;150518;150627;150608;150555;150581;150553;150602;150673;150615;150544;150573;150522;150606;150635;150520;150680;150659;150652;150683;150578;150607;150525;150632;150665;150584;150641;150663;150623;150591;150564;150657;150545;150574;150647;150677;150639;150569;150616;150629;150595;150560;150531;150556;150643;150548;150674;150541;150580;150526;150542;150609;150603;150523;150527;150611;150592;150670;150634;150596;150513;150656;150636;150549;137546;137548;137547;137549;150637;150671;137550;137577;137552;137551;137578;137579;137582;138541;137580;137581;137583;137584;137585;137588;137586;137587;137589;137590;138264;137591;137593;137594;137592;137595;137596;138491;137598;137599;137597;137600;137601;137603;137602;137605;137606;137604;138542;137607;137608;137609;137610;137611;137612;137613;137614;137615;137617;137616;137618;137620;137619;137621;137622;137624;137623;138265;138267;138543;138266;138268;138270;138269;138273;138271;138275;138274;138272;138276;138278;138277;138280;138279;138282;138281;138283;138284;138285;138544;138287;138288;138286;138290;138291;138289;138293;138292;138297;138294;138296;138295;138298;138299;138303;138300;138301;138302;138304;138305;138308;138306;138309;138307;138310;138312;138311;138313;138314;138315;138316;138318;138319;138320;138321;138317;138322;138324;138323;138433;138432;138434;138492;138493;138494;138495;138545;138496;138546;138547;138548;138549;138550;138551;138758;138791;138759;138760;138792;138794;138795;138830;138831;138793;138833;138832;138871;138870;138992;138993;138994;138995;138996;139169;139170;139171;139173;139172;139174;139175;139177;139176;139178;139222;139223;139282;139309;139308;139310;139358;139360;139363;139359;139361;139362;139364;139405;139402;139403;139404;139406;139407;139409;139408;139452;139410;139453;139454;139532;139533;139535;139534;139536;139566;139594;139593;139592;139595;139657;139656;139836;139837;139658;139835;139685;139684;139687;139686;139688;139689;139690;139691;139722;139720;139721;139723;139781;139838;139839;139842;139841;139840;139843;139844;139847;139846;139905;139845;139907;139906;140027;140025;140026;140109;140242;140241;140243;140244;140245;140246;140247;140248;140446;140249;140250;140251;140253;140252;140254;140255;140258;140257;140256;140259;143618;140260;143713;140261;140263;140262;140264;140378;140381;140380;140379;140382;140383;140384;140385;140386;140387;140388;140447;140448;140476;140449;140477;140475;140478;140479;140512;140481;140480;140513;140515;140514;143683;143870;143849;143767;143790;143840;143746;143634;143833;143872;143733;143715;143835;143691;143693;143883;143734;143645;143782;143628;143825;143868;143739;143828;143732;143641;143655;143864;143807;143789;143667;143806;143774;143724;143877;143714;143810;143823;143808;143756;143736;143636;143829;143750;143793;143798;143800;143682;143651;143873;143685;143637;143853;143707;143610;143630;143663;143781;143665;143631;143805;143819;143718;143678;143657;143743;143690;143865;143866;163244;143721;143815;143671;143643;143679;143652;143783;143775;143839;143650;143612;143708;143842;143699;143801;143837;143747;143742;143640;143672;143762;143681;143609;143757;143786;143850;143884;143845;143615;143673;143722;143803;143744;143626;143862;143784;143882;143659;143758;143771;143751;143656;143759;143827;143649;143820;143670;143696;143709;143811;143614;143613;143838;143720;143766;143706;143848;143847;143638;143822;143813;143647;143816;143797;143684;143830;143726;143876;143635;143621;143832;143644;143754;143788;143851;143874;143689;143622;143765;143623;143791;143768;143777;143795;143863;143772;143779;143844;143632;143694;143761;143776;143854;143695;143658;143792;143719;143809;143629;143624;143763;143841;143727;143773;143885;143843;143688;143880;143697;143760;143716;143749;143799;143858;143664;143748;143620;143616;143730;143712;143855;143787;143660;143648;143852;143731;143728;143711;143831;143753;143745;143817;143627;143879;143676;143625;143881;143698;143703;143704;143725;143710;143737;143846;143814;143723;143869;143859;143794;143661;143700;143871;143617;143778;143770;143738;143796;143740;143639;143834;143654;143856;143802;143886;143668;143780;143735;143875;143752;143741;143764;143867;143857;143785;143646;143769;143812;143826;143687;143702;143662;143642;143686;143818;143701;143680;143611;143677;143675;143717;143861;143878;143836;143653;143674;143692;143755;143804;143824;143860;143666;143633;143619;143821;143729;143669;144046;144034;144027;143705;144037;144094;144101;144102;144095;144100;144173;144137;144171;144121;144143;144237;144259;144254;144318;144360;144354;144438;144348;144351;144427;144445;144443;144499;144432;144492;144501;144491;144476;144495;144493;144535;144527;144571;144532;144578;144581;144575;144580;144570;144576;144579;144596;144586;144608;144619;144599;144623;144637;144740;144733;144732;144760;144761;144763;144759;144764;144757;144911;144913;144921;144917;144910;144926;144909;189629;189632;144928;144912;189630;144915;144908;144914;144959;145018;144960;145025;144953;145022;145030;145020;145031;145029;145019;145120;145026;145205;145164;145179;145156;145198;145199;145181;145175;145239;145108;145258;145253;145291;145343;145352;189634;145490;145476;145300;189631;189635;145363;145470;145484;145479;145520;145481;145739;145487;145765;146051;146146;146050;146141;146156;146174;146145;146135;146322;146111;146187;146170;146362;146365;146359;146366;146367;146401;146394;146406;146395;146387;146416;146470;146478;146460;146463;146476;146474;146465;146475;146461;146520;146511;146526;146517;146523;146563;146530;146573;146553;146576;146577;146600;146579;146597;146615;146614;146669;146751;146643;146726;146685;146729;146653;146789;146788;146785;146795;146790;146794;146797;146796;146838;146849;146925;146923;146890;146910;146924;146921;146904;146885;146915;146920;146912;146889;146903;146891;146946;146936;146944;146940;146937;146941;146972;146966;146980;146973;146984;146967;146976;146983;146971;146978;146982;146987;146975;147030;147134;147050;147155;147060;147575;147162;147511;147463;147612;147570;147591;147568;147454;147464;147586;147579;147544;147452;147545;147529;147597;147571;147447;147502;147564;147436;147736;147741;147781;147735;147788;147786;147796;147801;147785;147843;147849;147875;147851;147944;147871;147936;147938;148144;148142;148149;148143;148164;148162;148165;148168;148177;148139;148171;148145;148175;148160;148138;148155;148150;163092;148167;148151;148237;148227;148226;148233;148252;148251;148269;148276;148299;148304;148303;148361;148365;148366;148362;148386;148389;148387;148413;148410;148388;148415;148443;148434;148437;148408;148414;148515;148523;148532;148529;148507;148504;148501;148502;148524;148528;148521;148509;148510;148533;148531;148594;148600;148639;148700;148636;148698;148747;148758;148761;148751;148757;148752;148753;148755;148838;148864;148872;148837;148867;148873;148868;148875;148874;148871;148929;148966;149006;149035;149012;149018;149080;149083;149075;149084;149076;149068;149074;149077;149179;149203;149180;150521;149113;149174;149195;149152;149135;149185;149230;149225;149224;150508;150658;150667;149227;150612;150515;150562;150622;150536;150654;150645;150631;149248;150586;150571;149266;150532;150559;150675;150516;149279;150509;149269;150566;150678;150524;150604;150534;150519;150565;150617;150537;150655;149276;150572;150646;150543;149274;150579;150621;150567;150550;150640;149271;150570;150653;150587;150888;150874;150902;150914;150872;151122;151099;151084;151127;151355;151201;151618;151993;152155;152128;151803;152221;152476;152199;152550;152762;152551;152544;152811;152810;153477;153484;152834;153461;153774;153626;153840;153867;154212;154250;153915;154640;154740;154862;155801;155819;155812;155798;155814;155905;156099;156167;156012;156290;156211;149265;149272;149264;149263;149268;149273;150274;150306;149340;149278;149347;149270;149429;149428;149422;149456;149457;149462;149461;149463;149458;149487;149459;149484;149494;149486;149491;149633;149716;149535;149516;149795;149717;149805;149808;149806;149800;149801;149798;149797;149802;149796;149804;149807;149856;149976;150014;150024;150017;150019;150012;150018;150100;150110;150101;150106;150083;150085;151492;150092;150112;150084;150086;150102;150108;150116;150082;150093;150201;150215;150182;150193;150203;150200;150222;150212;150220;150190;150223;150191;150257;150270;150267;150685;150266;150307;150686;150698;150695;150300;150697;150313;150318;152107;150305;150338;150335;150400;150402;150397;150699;150505;150413;150404;150696;150401;150407;150414;150396;150406;150399;150412;150395;150405;150415;150687;150411;150398;150410;150403;150473;150409;150470;150472;150459;150476;150458;150468;150746;150456;150730;150740;150726;150737;150745;150731;150739;150736;150738;150732;150733;150743;150742;150729;150728;150735;150727;150744;150734;150741;150891;150927;150889;150890;150901;150913;150870;150892;150898;150893;150871;150876;150877;150885;150895;150873;150884;150912;150896;150875;150894;150887;150882;150900;150883;150928;150886;150878;150881;150880;150899;150879;150897;151088;151086;151085;151094;151090;151106;151095;151098;151104;151087;151105;151103;151093;151110;151092;151108;151089;151109;151096;151102;151107;151101;151091;151100;151126;151097;151118;151124;151125;151123;151195;151206;151200;151205;151202;151194;151360;151204;151203;151354;151357;151356;151481;151491;151531;151532;151524;151523;151530;151617;151616;151650;151656;151649;151651;151654;151653;151652;152272;151659;151655;151657;151658;151760;151765;151757;151758;151763;151761;151764;151801;151759;151802;151805;151804;151815;151813;151821;151868;151869;151878;151877;151885;151875;151884;151880;151874;151881;151873;151870;151986;151998;151980;151995;151994;151996;151989;151991;151988;151983;151990;151997;151992;152056;151999;151981;152048;152055;152022;152032;152031;152023;152062;152061;152110;152105;152060;152104;152109;152106;152142;152158;152108;152113;152116;152146;152160;152159;152157;152156;152153;152162;152187;152188;152186;152167;152185;152202;152200;152222;152248;152201;152247;152239;152242;152246;152253;152252;152244;152251;152240;152245;152241;152254;152243;152269;152481;152478;152475;152479;152545;152480;152546;152567;152566;152612;152611;152649;152651;152643;152652;152648;152650;152641;152642;152654;152656;152653;152676;152655;152677;152690;152714;152691;152704;152710;152708;152715;152718;152705;152716;152711;152703;152712;152707;152706;152717;152713;152709;152759;152760;152763;152765;152761;152809;152766;152807;152804;152806;152802;152803;152805;152800;152801;152808;152833;152851;152845;152847;152842;152843;152890;152891;152836;152889;152888;152887;152915;152920;152914;152921;152919;152945;152947;153014;153020;152944;153015;153012;153019;153022;153018;153010;153016;153011;153017;152992;153021;153013;152996;153023;152997;152988;152990;152995;152993;152994;152989;153028;153027;152991;153125;153119;153120;153124;153122;153198;153192;153121;153191;153194;153189;153193;153197;153196;153190;153246;153249;153248;153423;153247;153465;153467;153463;153464;153469;153478;153468;153462;153466;153483;153535;153489;153542;153540;153536;153538;153580;153576;153581;153577;170506;153618;153611;153620;153623;153625;153622;153627;153619;153614;153615;153624;153621;153632;153775;153773;153784;153643;153787;153616;153798;153793;153794;153795;153791;153830;153831;153869;153919;153868;153903;153918;153907;153917;153923;153904;153920;153916;153921;153922;153905;153906;153951;153969;153999;154002;154003;153998;154067;154100;154087;154099;154090;154098;154102;154052;154093;154089;154068;154092;154062;154073;154095;154054;154101;154094;154129;154088;154063;154160;154161;154185;154133;154189;154183;154181;154190;154182;154217;154218;154256;154249;154210;154248;154247;154319;154299;154305;154322;154318;154298;154304;154321;154323;154308;154302;154301;154303;154314;154325;154317;154300;154355;154634;154638;154630;154632;154620;154629;154618;154637;154653;154651;154646;154647;154648;154645;154652;154641;154643;154654;154708;154742;154744;154741;154861;154745;154906;154907;154908;154904;154927;154924;154921;154922;155002;154941;155001;155004;155006;155007;155003;155005;155076;155213;155048;155157;155166;155134;155303;155304;155302;155465;155462;155466;155363;155464;155461;155463;155467;155581;155576;155582;155468;155580;155578;155579;155575;155577;155635;155640;155641;155646;155651;155650;155649;155644;155642;155648;155645;155647;155643;155659;155669;155671;155670;155668;155667;155666;155699;155698;155703;155700;155704;155702;178277;178276;178280;178278;178279;155724;155723;155813;155805;155748;155806;155791;155807;155800;155810;155809;155817;155797;155804;155795;155802;155803;155793;155792;155808;155799;155796;155816;155815;155794;155818;155811;155836;155837;155827;155829;155840;155828;155834;155856;155855;155910;155854;155912;155895;155902;155911;155894;155909;155893;155907;155903;155898;155913;155899;155897;155906;155904;155900;155896;155901;155929;155933;155959;155990;155981;155992;156009;155930;156008;156046;156006;156010;156019;156007;156047;156051;156050;156048;156049;156282;156092;156090;156088;156084;156081;156082;156086;156097;156083;156093;156089;156087;156080;156085;156096;156091;156095;156098;156110;156094;156169;156148;156172;156170;156213;156214;156209;156207;156212;158145;156245;156287;156281;156292;156291;156284;156288;156286;156285;156283;156330;156280;156289;156337;156342;156421;156420;156422;156446;156445;156468;156480;156611;156477;156479;156607;156475;156644;158146;156615;159133;156635;156634;156638;158142;156709;156699;156646;156703;156702;158061;156704;156701;156748;158174;156746;156760;156759;156758;156775;158063;170922;156776;156777;156923;156806;156814;158064;156810;156813;156807;156815;156817;156809;156805;156811;156816;156808;156882;156922;156881;158191;156883;166195;158060;156924;156927;156921;156926;158065;156928;156925;156919;158137;156951;156952;157090;157073;157094;156953;157128;157083;157079;157072;158091;157087;157070;157078;157098;157101;157076;157103;158139;157109;158156;157102;157075;157146;157144;157108;157145;157074;157151;157149;157202;157221;158175;157180;157188;157214;157233;157278;157271;157283;157281;157282;157276;157279;157280;157272;157273;157306;157300;157301;157298;159227;157308;157305;157310;157302;157315;157307;157342;157340;157303;157341;157344;157345;157304;157346;157334;157343;157392;157347;157395;157373;157396;157393;157394;157391;157390;157389;157419;157870;157869;157388;157900;157899;157898;157897;157895;157929;157894;157939;157932;158122;158124;158123;158062;158128;158126;158155;158136;158151;158141;158153;158144;158152;158184;158185;158138;158181;158186;158189;158179;158183;158190;158180;158182;158176;158173;158233;158226;158228;171197;158230;158227;158221;158244;158229;158242;158337;158238;158336;158225;158339;158430;158358;171409;158357;158415;158433;158446;158395;158445;159146;158447;159150;158503;158506;158448;159149;158569;158570;158579;158581;158571;158580;158568;159170;158620;158614;158602;158612;158603;158582;158601;159159;158621;158610;158616;158597;158594;158607;158598;158609;159155;159154;158615;158606;158599;158613;158596;158619;158595;170213;159148;158622;158605;158618;158608;158611;159153;158750;158593;159178;159151;158756;158758;158757;159164;158748;158753;159158;159156;158754;158755;158752;158765;158751;158763;159162;158772;158769;158771;158766;158770;158768;158798;158799;158801;159152;158880;158885;158916;158920;158908;159012;158910;158915;158926;158917;158919;158925;159018;158909;158911;158955;159147;158961;158966;158957;158960;158969;158967;158964;158963;159027;158958;159013;159034;159029;159028;159019;159031;159062;159161;159163;159128;159130;159171;159136;159127;159193;159131;159157;159129;159177;159176;159172;159174;159175;159179;159191;159230;159188;159232;159228;170921;159231;159279;159278;159337;159233;159344;159342;159339;159341;159338;159333;159343;159345;159334;170513;159340;159335;159336;159352;159358;159366;159369;159357;159353;159355;165748;159368;159371;159370;159354;159349;159356;159350;159351;159360;159367;159389;159391;164965;159475;159479;159476;159506;159502;159499;159505;159501;159500;159498;159567;159535;159600;159598;159599;159620;159618;159619;159617;159647;159652;159699;159661;159704;159705;159668;159695;159698;159697;159700;159702;159693;159703;159701;159738;159739;159736;159735;159734;159756;159754;159737;159749;159748;159755;159752;159757;159769;159751;159750;159753;159885;159768;159884;159883;159981;159932;159998;159990;159931;159996;160006;159951;159987;160048;159950;159938;160062;160066;160067;170223;160058;160064;170217;160063;170226;170211;160060;160056;160072;160057;160071;160070;160075;160074;160069;160073;160096;160092;160095;160091;160090;160094;160099;160098;160100;160093;170224;160103;160104;170230;160102;160202;160179;160196;160197;160194;160193;160223;160195;170214;160222;160219;160220;160280;160221;160281;160283;160277;160284;160282;160287;160279;160278;160285;160276;160326;160324;160329;160327;160322;160330;160328;170712;160388;160331;160325;160390;160381;160387;160382;160386;160380;160389;160462;156478;160460;160494;160461;156812;157077;172433;157086;157105;157154;158140;157150;158172;157868;158178;158188;158194;158338;158187;158604;158429;158749;158600;159017;159021;159032;159025;159033;159014;159134;159023;159396;172429;159135;159388;159534;159190;172439;159566;159696;160068;172434;160097;160286;160498;160489;160493;160500;170215;160488;160490;160492;160523;160499;160524;160522;160529;160521;160664;160672;160667;160716;160715;160879;160877;160881;160876;160886;160880;160878;160875;160882;160986;160885;160987;160990;160984;160989;160981;160988;161741;160974;160982;161158;161065;161086;161085;161164;161163;161162;161160;161221;161204;161239;161222;161224;161223;161229;161230;161225;161226;161234;161231;161228;161238;161220;161236;161232;161227;161237;161233;161235;161256;170227;161257;161259;161258;161255;161367;161362;161260;170208;161357;161365;161353;161352;161359;161356;161360;161394;161393;161397;161389;161391;161400;161390;161403;161396;161392;168342;161388;161423;161424;161425;161431;161468;161467;161469;161427;161459;161466;161460;161458;161465;161470;161499;161497;161591;161498;161496;161539;161538;161495;161574;161556;161550;161519;161568;161548;161646;161651;161647;161644;161652;161650;161645;161653;161682;161735;161683;161744;161738;161737;161743;161740;161742;161745;161736;161746;161739;161786;161787;161825;161785;161827;161828;161819;161831;161824;161822;161826;161823;161820;161821;161842;161833;161834;161841;161844;161846;161847;161845;161919;161917;161915;161918;161914;161916;172438;161941;161944;161945;161942;161943;161970;161999;162133;162007;162000;162131;162128;162129;162130;162132;162127;162176;162209;162187;162215;162211;162185;162184;162212;162207;162208;162177;162183;162236;162237;162241;162244;162235;162243;162232;162238;162234;162239;162233;162245;162242;162390;162388;162310;162240;162387;162389;162383;162379;162382;162381;162380;162378;162386;162470;162399;162472;162467;162469;170231;162468;162493;162495;162494;162492;162466;162491;162521;162519;162520;162523;162517;162522;162516;162524;162535;162540;162538;162537;162534;162539;162533;162531;162530;162542;162541;162544;162532;162543;162545;162558;162556;162546;162536;162559;162555;162557;162590;162598;162591;162599;162608;162609;162695;162607;162694;162693;162692;162707;172432;172430;162712;162709;162714;162713;162710;162766;162715;162711;162769;162764;162770;162765;162774;162767;162768;162771;162937;162933;162775;162953;162966;162954;162938;162777;162925;162936;162948;162939;162913;162911;162940;162929;162960;172436;162935;162951;162912;162910;162927;162926;162965;162955;162961;162941;162963;162959;162946;162950;162958;162930;162944;162947;162934;162964;162945;162957;162952;162956;162931;162924;163015;163018;163019;163007;162996;163002;163006;162999;163001;163005;163000;170233;163004;163003;163017;163009;162998;162997;163016;163062;163012;163063;163064;163065;163070;163066;163058;163061;163069;163060;163067;163068;163059;163095;163091;163239;163240;163096;163241;163093;163246;163245;163243;163242;163247;163263;163363;163367;163350;163364;163384;163357;163373;163355;163377;163366;163360;163365;163361;163383;163351;163374;163354;163359;163389;163369;163362;163388;163353;163356;163392;163391;163390;163379;163381;163380;163378;163418;163419;163421;163423;163420;163427;163417;163422;163426;163431;163424;163425;163429;163428;163430;163456;163457;163458;163484;163485;163482;163483;163506;163487;163504;163507;163511;163508;163512;163510;163720;163714;163591;163715;163646;163578;163721;163644;163648;163637;163636;163640;163639;163645;163647;163642;163638;163728;163641;163716;163690;163685;163683;163717;163687;163722;163686;163689;163692;163684;163713;163691;163727;163688;163752;163798;163817;163723;163826;163819;163812;163802;163804;163799;163825;163822;163823;163816;163805;163814;163815;163811;163800;163803;163820;163821;163818;163806;163824;163801;163873;163881;163877;163874;163876;163880;163878;163875;163879;163898;163897;163900;163902;163901;163914;163899;163925;163931;163930;164001;163989;163990;163999;163975;163993;164000;163976;163992;163991;163979;163994;163995;163988;163996;164002;163998;163981;164067;164065;164061;164056;164060;164068;164069;170229;170220;164062;164058;164064;164066;164055;164059;164098;164106;164095;164097;164102;164096;164101;164100;164104;164105;164103;164099;164139;164140;164174;164138;164224;164238;164220;164217;164234;164185;164231;164221;164227;164262;164252;164265;164269;164268;164263;164267;164264;164266;164308;164303;164307;164314;164306;164305;164310;164311;164312;164309;164304;164313;164315;164333;164337;164335;164302;164336;164334;164332;164331;164371;164367;164373;164372;164366;164370;164368;164428;164425;164369;164430;164426;164441;164443;164440;164448;164447;164439;164442;164444;164445;164464;164469;164466;164461;164462;164467;164460;164463;164468;164496;164499;164465;164497;164515;164549;164541;164547;164548;164542;164546;164543;164637;164545;164544;164643;164636;164635;164634;164644;164639;172437;164642;164633;164665;164662;164667;164663;164659;164664;164661;164660;164668;164692;164691;164666;164914;164693;164686;164702;164688;164689;164884;164913;164919;170232;170218;164887;164907;164888;164915;164920;164917;164882;164923;164886;164925;164908;164883;164922;164931;164934;164927;164921;164916;164918;164930;164885;164880;164881;164926;164924;164906;164909;164901;164902;164928;171196;164903;164899;164933;164932;164900;164939;164940;164937;164936;164941;164976;164966;164980;164967;164979;164978;164977;164969;164981;164968;165334;165193;165201;165196;165197;165199;165194;165191;165200;165189;165198;165192;165233;165228;165231;165229;165227;165234;165226;165235;165232;165230;165249;165252;166943;165250;165253;165254;165294;165293;165316;165305;165332;165306;165333;165304;165335;165421;165428;165420;165418;165426;165427;165425;165419;165424;165422;165434;165423;165435;165437;165433;165450;165436;165452;165453;165451;165448;172431;165492;165495;165498;165493;165482;165484;165499;165489;165491;165488;165487;165481;165486;165490;165483;165497;165501;172435;165485;165496;165562;165494;165557;165568;165566;165556;165560;165575;165574;165561;165555;165554;165559;165572;165558;165564;165565;165563;165583;165573;165581;165582;165580;165585;165584;165579;165578;165577;165615;165609;165608;165610;165613;165620;165617;165621;165614;165616;165618;165664;165688;165648;165672;165670;165666;165656;165679;165692;165660;165691;165659;166373;165671;165684;165681;166189;165667;165725;165727;165726;165756;165743;165752;165754;165750;165751;165753;165744;165755;165745;165749;166531;165776;165777;165778;166021;166105;166188;166193;166146;166194;166147;166192;166184;166153;166185;166183;166190;166256;166191;166187;166253;166257;166186;166248;166255;166252;166258;166254;166251;166247;166303;166304;166295;166296;166307;166246;166306;166300;166301;166311;166302;166299;166312;166358;166359;166360;166371;166372;166420;166423;166421;166424;166418;166419;166422;166432;166417;166446;166456;166451;166453;166442;166449;166443;166447;166455;166450;166454;166526;166534;166530;166537;166533;166538;166529;166535;166528;166527;166532;166580;166590;166596;166577;181673;181674;166603;166586;166581;166597;166579;166593;166592;166583;166584;166587;166585;166582;166683;166588;166595;166578;166693;166696;166694;166690;166692;166688;166691;166695;166689;166687;166736;166755;166764;166765;166751;166759;170222;166794;166785;166795;166783;170225;170210;170216;166805;170219;170234;170212;166824;166784;166792;166796;166942;166945;166793;166944;166951;166955;166950;166952;166954;166956;167036;167037;167039;167035;167038;177784;177790;177789;167064;167066;167067;167062;167063;167216;167223;167220;167209;167221;167218;167212;167208;167211;167222;167213;167210;167225;167217;167219;167241;167214;167243;167242;167337;167336;167349;167347;167331;167335;167326;167340;167346;167342;167327;167332;167339;167345;167334;168343;167351;167329;167341;167350;167343;167330;167518;167333;167517;167352;167516;167512;167514;167515;167757;167727;167726;167729;167769;167736;167751;167756;167649;167735;167648;167734;167760;167725;167728;167730;167650;167731;167724;167733;167647;167763;167786;167732;167754;167787;167761;167752;167768;167759;167779;167753;167773;167758;167766;167772;167762;167765;167764;167941;167755;167924;167932;167927;167949;167929;167928;167944;167943;167934;167939;167963;167923;167937;167950;167952;167946;167925;167951;167948;167935;167936;167930;167938;167931;167942;167940;167947;167922;167945;167933;168055;168121;168122;168072;168054;168112;168123;168092;168081;168126;168089;168099;168091;168140;168138;168144;168143;168142;168139;168161;168141;168173;168166;168176;168172;168178;168159;168168;168165;168163;168180;168175;168169;168167;168191;168192;168201;168200;168199;168195;168243;168242;168255;168253;168196;168248;168246;170221;168249;168244;168254;168251;168240;168247;168252;168250;168245;168256;168297;168303;168305;168291;168308;168307;168287;168309;168296;168288;168304;168295;168289;168293;168285;168302;168284;168301;168306;168298;168300;168299;168292;168290;168286;168294;168339;168340;168331;168335;168341;168334;168332;168333;168378;168468;168471;168469;168472;168490;168448;168486;168492;168540;168536;168543;168541;168537;168603;168611;168602;168609;168649;168616;168648;168671;168719;168721;168718;168716;170209;168720;168717;168714;168786;168715;168781;168789;168778;168780;168787;168788;168790;168782;168779;168784;168895;168888;168893;168889;168886;168894;168891;168887;168890;168885;168892;168904;168903;168905;168901;168902;168906;168900;168919;168920;168918;168921;168933;168935;168942;168944;168943;168937;168934;168936;168939;168938;168941;168940;168959;168953;168948;168955;168958;168956;168952;168957;168954;168949;168950;169278;169103;169104;169282;169105;169281;169291;170228;169288;169289;169290;169350;169348;169351;169352;169349;169292;169353;169354;169410;169412;169413;169411;169414;169430;169423;169422;169421;169434;169429;169465;169464;169468;169467;169471;169472;169469;169475;169474;169466;169470;169482;169484;169483;169473;169476;169477;169486;169665;169632;171417;169635;169636;169697;169686;171527;169720;169884;169839;169931;169840;169984;169980;169928;169932;170009;169945;170022;169986;170020;170008;170019;170013;170021;170096;172417;170097;170116;170118;170094;170186;170127;170189;170190;170184;170251;170248;170244;170250;170246;170252;170245;170242;170247;170249;170241;170478;170497;170253;170613;170607;170616;170614;170608;170664;170662;170665;170663;170704;170674;170677;170708;170673;170675;170702;170679;170678;170710;170701;170721;170695;170707;170719;170694;170696;170720;170718;170716;170709;170723;170706;170717;170722;170711;170742;170752;170746;170750;170743;170744;170748;170749;170747;170751;170901;170903;170896;170745;170900;170899;170902;170897;170904;170951;170949;170948;170943;170945;170944;170946;170950;170977;170975;170974;171000;171005;170976;171002;171003;171004;171066;171070;171064;171063;171062;171065;171193;171058;171059;171136;171187;171128;171132;171191;171145;171129;171188;171184;171200;171192;171138;171198;171194;171183;171134;171152;171147;171135;171130;171131;171406;171127;171403;171413;171402;171426;171416;171407;171425;171428;171420;171419;171427;171408;171424;171412;171405;171418;171423;171411;171430;171415;171429;171431;171401;171404;171400;171494;171496;171471;171493;171489;171491;171490;171495;171475;171486;171487;171477;171488;171481;171492;171478;171485;171526;171503;171474;171504;171538;171536;171525;171532;171534;171524;171529;171531;171537;171535;171528;171530;171584;171587;171589;171590;171620;171585;171618;171619;171689;171617;171685;171682;171688;171680;171687;171684;171679;171683;171681;171767;171766;171770;171768;171769;171765;171844;171886;171891;171843;171889;171841;171873;171880;171842;171881;171890;171892;171874;171915;171872;171910;171914;171913;171916;171911;171947;171906;171937;171909;171946;171955;171949;171934;171948;172021;171944;171936;172014;172018;172019;172020;172015;172013;172012;172022;172028;172017;172023;172043;172044;172059;172063;172064;172060;172061;172062;172067;172065;172101;172100;172099;172103;172098;172097;172102;172096;172175;172174;172254;172256;172252;172253;172403;172423;172418;172413;172416;172424;172419;172408;172415;172404;172421;172411;172414;172409;172425;172420;172402;172426;172412;172410;172509;172407;172474;172479;172473;172476;172477;172478;172475;172559;172564;172510;172563;172405;172562;172566;172567;172565;172561;172610;172571;172608;172570;172597;172598;172649;172654;172609;172650;172646;172648;172655;172645;172642;172638;172652;172651;172643;172653;172644;172677;172647;172665;172664;172678;172676;172675;172673;173216;173219;173218;173213;173225;173198;173209;173226;173215;173210;173200;173231;173199;173214;173217;173205;173224;173236;173222;173220;173212;173229;173221;173242;173201;173288;173286;173287;173285;173380;173289;173379;173375;173381;173376;173378;177827;173411;173382;173377;173408;173410;173407;173406;173447;173409;173612;173450;173448;173446;173452;173611;173454;173451;173455;173630;173641;173627;173636;173637;173632;173625;173642;173639;173640;173633;173631;173629;173638;173645;173644;173634;173643;173628;173626;173635;173688;173695;173682;173689;173700;173706;173680;173684;173697;173696;173698;173685;173704;173681;173703;173693;173683;173702;173687;173705;173686;173699;173701;173735;173694;173736;173728;173727;173725;173734;173733;173726;173729;173767;173766;173768;173774;173775;173771;173773;173770;173902;173772;173769;173827;173903;173884;173824;173899;173826;173825;173894;173901;173882;173889;173893;173900;173888;173887;173890;173892;173883;173891;173959;173958;173962;173961;173951;173956;173963;173957;174011;173960;174008;174010;174009;174013;174024;174023;174027;174025;174026;174049;174048;174050;174047;174144;174146;174374;174157;174142;174378;174373;174376;174375;174379;174371;174377;174369;174381;174372;174370;174380;174382;174428;174427;174531;174538;174536;174429;174529;174534;174532;174535;174533;174537;174530;174499;174495;174493;174498;174500;174491;174497;174492;174608;174496;174613;174612;174614;174611;174684;174609;174698;174694;174686;174672;174674;174719;174711;174707;174919;174720;174718;174716;174708;174774;174715;174785;174783;174768;174786;174777;174782;174779;174781;174778;174776;174769;174771;174770;174784;174773;174886;174780;174775;174893;174894;174895;174885;174891;174892;175029;174888;174890;174926;174917;174887;174889;174920;174918;174921;174916;174923;174922;174942;174948;174947;174949;174945;174946;174941;174943;174944;174979;174980;175028;175087;177502;175387;175362;175367;175124;175158;175375;175157;175159;175376;175363;175327;175361;175328;175160;175385;175402;175366;175548;175535;175517;175528;175355;175547;175533;175541;175539;175540;175549;175525;175531;175552;175546;175590;175532;175596;175593;175588;175592;175587;175589;175417;175597;175418;175594;175580;175595;175598;175582;175415;175591;175416;175581;175808;175815;175817;175806;175802;175813;175816;175801;175814;175809;175807;175803;175964;175974;175961;175957;175958;175956;175959;175963;175960;178456;176042;177484;176041;176046;176043;176059;176044;176045;176060;176058;178596;176100;176061;176057;176104;177610;176101;178414;176142;176099;178407;176140;177486;176139;176137;176141;176224;176136;177505;176222;176220;178692;176225;177491;176264;176270;176271;178696;176351;176384;176352;176385;176407;176406;176412;176355;176410;176405;177609;176402;176411;176517;176511;176502;176516;176513;176510;176508;176354;176512;176503;177499;176514;176507;176506;177407;176518;176509;176515;176505;176504;176500;176587;176586;176546;176620;176621;176618;176647;176648;176957;176619;176646;176649;176928;176969;176967;176974;176975;176930;176955;176956;176973;176963;176971;176931;176959;176958;176962;176952;176972;176929;176970;176979;176965;176978;176953;176960;176961;176964;176954;177058;176966;177061;177077;177060;177054;177056;177055;177053;177052;177059;177057;177062;177081;177085;177101;177099;178691;177100;177212;177191;177208;177192;177277;177282;177278;177279;177281;177276;177334;177283;177340;177381;177379;177409;177378;177377;177406;177408;177435;177436;177439;177444;177441;177445;177438;177448;177440;177437;177442;177447;177446;177443;177487;177461;177504;177501;177485;177548;177503;177497;177500;181260;177555;177552;177545;177550;177547;177554;177546;177556;177549;177624;177551;177611;177606;177622;177607;177591;177608;177623;177615;179683;177705;177707;177704;177709;177693;177702;177698;177692;177706;177708;177703;177699;177700;177697;177733;177730;177721;177725;177731;177719;177723;177722;177729;177716;177734;177724;177718;177717;177726;177720;177728;177727;177732;177802;177807;177829;177822;177809;177812;177806;177824;177810;177825;177823;177805;177808;177828;177803;177831;177826;177880;177830;177856;177870;177876;177872;177873;177877;177854;177853;177879;177878;177922;177874;177921;177917;177918;177923;177916;177920;177919;177992;177989;177991;177990;177988;177994;178008;181751;178009;178023;178045;178046;178044;178047;178117;178116;178179;178180;178181;178224;178225;178302;178305;178304;178315;178312;178303;178313;178314;178321;178317;178320;178318;178319;178316;178311;178401;178411;178402;178404;178408;178406;178405;178413;178409;178410;178400;178412;178455;178415;178453;178459;178458;178454;178594;178457;178598;178587;178591;178595;178588;178593;178597;178592;178589;178590;178695;178693;178694;177590;178689;178688;178757;178690;178759;178758;178761;178760;178800;178801;178802;178799;178805;178807;178803;178808;178804;178806;178923;178809;178928;178931;178933;178932;178927;178934;178925;178930;178922;178929;178926;178953;178924;178954;178955;179029;179036;179034;179028;179040;179038;179035;179037;179039;179031;179030;179033;179116;179123;179118;179128;179121;179129;179125;179130;179122;179119;179120;179131;179117;179124;179126;179115;179127;179132;179198;179193;179187;179194;179196;179197;179195;179186;179199;179190;179191;179188;179192;179189;179185;179298;179296;179293;179294;179291;179299;179304;179305;179295;179303;179292;179301;179297;179302;179300;179290;179353;179354;179348;179355;179347;179352;179349;179350;179356;179351;179357;179383;179384;179382;179427;179428;179430;179432;179433;179429;179431;179434;179593;179588;179435;179571;179580;179573;179596;179578;179577;179594;179592;179591;179576;179570;179595;179585;179589;179590;179581;179572;179574;179575;179579;179587;179658;179586;179656;179679;179685;179646;179657;179678;179684;179680;179681;179682;179677;179719;179725;179723;179721;182571;179724;179720;179827;179826;179825;179722;179820;179828;179830;179821;179823;179824;179822;179829;179914;179919;179882;179918;179916;179915;179964;179962;179917;179966;179968;179971;179961;179969;179963;179967;179965;179992;179970;179993;179987;179983;179988;179990;179984;179985;179991;179989;180045;179986;180047;180044;180041;180048;180042;180043;180151;180140;180046;180134;180147;180133;180136;180153;180137;180141;180139;180138;180152;180146;180143;180145;180144;180135;180150;180149;180142;180148;180303;180314;180309;180317;180306;180315;180295;180297;180308;180310;180313;180301;180318;180296;180322;180311;180305;180300;180304;180298;180312;180316;180294;180299;180302;180337;180334;180307;180336;180335;180333;180450;180449;180448;180452;180497;180451;180447;180457;180526;180533;180529;180536;180541;180530;180538;180528;180531;180539;180527;180535;180537;180525;180534;181200;181199;181196;180540;181257;181197;181198;181264;181201;184071;183767;181259;181262;181258;181256;181261;181263;181334;181336;181401;181335;181402;181403;181404;181405;181457;181779;181455;181778;181456;181498;181502;181495;181496;181500;181503;181501;181497;181499;181494;181584;181583;181581;181594;181582;181577;181578;181591;181586;181579;181592;181593;181590;181588;181585;181574;181587;181576;181575;181669;181589;181662;181580;181655;181663;181665;181666;181656;181664;181659;181667;181658;181668;181657;181660;181661;181752;181747;181741;181737;181753;181744;181740;181736;181750;181745;181742;181749;181738;181734;181746;181732;181748;181739;181733;181735;181743;181827;181777;181776;181819;181828;181829;181821;181825;181820;181824;181869;181826;181823;181822;181872;181870;181871;181909;181910;181868;181916;181915;181914;181913;181902;181908;181912;181911;181906;181903;181904;181905;181907;181917;182129;182091;182111;182125;182109;182108;182128;182121;182119;182118;182127;182104;182126;182106;182114;182115;182095;182124;182090;182122;182103;182107;182101;182097;182098;182123;182099;182112;182105;182094;182092;182117;182089;182120;182113;182102;182100;182110;182096;182116;182093;182180;182182;182184;182179;182176;182178;182173;182177;182174;182172;182181;182183;182175;182383;182385;182185;182388;182384;182390;182393;182392;182389;182391;182387;182386;182508;182497;182490;182495;182507;182496;182498;182491;182485;182502;182489;182493;182501;182500;182506;182505;182486;182492;182487;182499;182494;182504;182503;182488;182569;182564;182567;182484;182570;182561;182565;182568;182562;182566;182573;182563;182572;182674;182670;182672;182673;182671;182669;182675;182744;182799;182745;182742;182743;182798;182797;182906;182898;182894;182800;182895;182897;182903;182901;182902;182896;182893;182904;182905;182899;183013;183002;183030;182900;183005;183003;183016;183006;183009;183004;183012;183015;183010;183008;183007;183001;183014;183017;183011;183075;183071;183072;184801;183076;183074;183073;183077;183210;183209;183208;183211;183284;183277;183287;183278;183283;183282;183279;183285;183286;183280;183288;183281;183357;183361;183360;183359;183378;183380;183355;183379;183358;183356;183496;183381;183492;183382;183500;183501;183494;183495;183493;183497;183498;183499;183662;183663;183661;183664;183765;183771;183769;183766;183770;183768;183856;183862;183859;183854;183857;183861;183864;183863;183858;183855;183860;183899;183948;183937;183939;183947;183935;183945;183942;183946;183952;183950;183900;183940;183943;183936;183951;183941;183953;183949;183938;183944;183992;183987;183991;183989;183994;183990;183988;184033;184029;184036;184031;184034;184028;184032;184030;184035;184066;184067;184072;184070;184068;184069;184119;184107;184108;184123;184118;184122;184113;184114;184121;184106;184126;184101;184103;184105;184124;184120;184111;184117;184109;184125;184104;184112;184116;184102;184115;184110;184191;184192;184337;184193;184194;184341;184340;184338;184345;184342;184344;184346;184336;184339;184407;184343;184403;184402;184404;184406;184405;184408;184802;184798;184803;184800;184794;184799;184804;184792;184797;184795;184793;184796;185421;185450;185446;185445;185448;185449;185447;185462;185598;185596;185463;185602;185601;185603;185599;185604;185597;185595;185600;185725;185727;185726;185728;185730;185724;185881;185882;185938;185729;185937;185935;185940;185939;185947;185943;185936;185941;185944;185946;185945;185942;185976;185977;186020;185975;186024;186021;186026;186023;186022;186025;186149;186157;186155;186148;186151;186156;186146;186162;186147;186159;186154;186150;186170;186161;186158;186171;186164;186168;186163;186166;186152;186153;186169;186165;186160;186233;186237;186234;186167;186236;186235;186232;186253;186250;186264;186252;186259;186255;186256;186254;186251;186258;186261;186262;186257;186260;186348;186263;186346;186342;186338;186335;186333;186345;186340;186343;186344;186341;186336;186337;186339;186349;186347;186334;186409;186410;186465;186411;186408;186412;186464;186463;186471;186462;186470;186501;186503;186519;186520;186581;186647;186502;186640;186648;186639;186638;186641;186635;186646;186636;186642;186637;186685;186686;186684;186817;186745;186815;186746;186747;186744;186814;186812;186811;187014;186813;186816;186862;186881;186857;186810;187009;186950;186879;186901;186875;186858;186863;186855;186856;186876;186878;186868;186870;186899;186859;186861;186877;186869;186880;186874;186867;186873;186860;187000;186900;186994;186871;186872;187015;186997;186951;187012;186998;187007;187024;187016;187019;187022;187006;187008;187005;187023;187017;187025;186995;186934;187002;187010;187003;186999;187011;187021;186935;186996;187020;187013;187001;187018;187004;187072;187070;187073;187071;187037;187036;187157;187154;187176;187149;187115;187155;187174;187144;187159;187116;187153;187117;187150;187147;187151;187142;187146;187139;187156;187158;187145;187179;187152;187143;187141;187140;187181;187148;187180;187182;187178;187177;187175;187280;187276;187275;187198;187200;187199;187274;187204;187281;187273;187294;187303;187312;187304;187313;187376;187395;187389;187377;187394;187388;187387;187393;187390;187494;187495;187492;187489;187490;187491;187496;187493;187651;187663;187664;187661;187662;187723;187724;187722;187721;187854;187940;187941;187969;188063;187939;187970;188032;189168;188064;189102;189148;189147;189169;189109;189170;189172;189110;189111;189101;189208;189229;189228;189171;189212;189213;189204;189214;189210;189230;189211;189206;189205;189209;189207;189256;189249;189255;189257;189402;189308;189401;189400;189398;189399;189498;189500;189499;189502;189494;189496;189495;189497;189501;189616;189615;189618;189617;189719;189714;189711;189715;189713;189712;189709;189717;41989;27143;27144;29370;31125;31126;31296;189716;31297;33572;189718;33573;189710;189720;34942;36033;51690;34943;38856;51691;51692;41990;51693;42318;51695;51696;51694;51697;51699;51698;51700;51701;51702;51704;52567;51703;57587;57154;58776;64907;63610;66506;51705;29371;51706;51708;51707;51709;51712;51710;51711;51714;51713;51715;51717;51716;52568;35552;27145;29372;28282;58166;29373;31765;31767;34697;31768;34698;31766;34699;41473;34779;35920;42253;49826;42319;56600;57155;49827;46013;57298;65025;65908;56021;31319;57156;31338;31673;42397;29374;27146;29375;27147;27148;29378;29376;27149;27150;29377;29379;27151;29779;29878;27152;29780;34233;33266;33381;30092;41474;34429;35606;35004;41475;41476;36079;41477;49828;42177;42320;44687;49829;49830;50975;53285;57157;55166;57158;58480;59053;59445;61658;62198;62002;69172;29380;29879;61523;27154;27153;27155;27156;27157;31963;27158;31390;33894;35676;41478;35470;53233;57159;32076;29381;27159;27161;29382;29383;27160;27162;51718;51719;35565;49831;27163;61524;27164;27165;29384;29386;29385;27166;29387;27167;27168;29388;31449;33382;31450;33383;33500;33501;41479;35445;41480;41991;57160;59552;57161;57162;62176;61728;62674;34276;34289;36200;36016;31451;31452;53234;59983;29389;27594;57163;34070;34071;27595;41992;41481;53530;57164;58408;32211;32212;41482;28325;49832;31320;30191;30192;27169;31128;27170;31127;29390;27171;27172;28370;29391;29343;33099;29392;33100;41483;35025;42321;42235;49833;49834;45471;49835;49836;53589;57165;56601;57166;64865;58299;58765;27173;29393;27174;29394;29395;27175;27176;29396;27177;29397;27178;29398;27179;29399;27180;29400;27181;27183;27182;29401;29402;27184;29403;27185;29781;29404;29782;31111;32047;32048;31112;33385;33384;33503;33502;34166;34167;34944;41484;41485;34945;35103;41486;36121;41487;38180;41993;41488;45622;49838;50856;49837;51135;52989;57167;55974;57168;56602;57169;59948;65798;66956;29783;27186;34260;66355;67222;41489;29405;27187;31392;31391;41490;35471;41491;38643;42840;49839;57170;55715;62060;57171;55761;33223;29406;27188;35245;49840;27189;29407;45106;29408;27190;49841;27191;27192;29409;29410;29412;27193;29411;27605;27194;29413;29913;31394;31621;31393;28203;29914;31769;31770;33159;33158;34358;41492;34359;35368;41495;41494;41493;37844;39389;42815;43389;56603;49842;50984;57172;35758;41496;41994;41497;57842;66356;67242;51638;58142;33785;51720;52473;66617;57173;68955;41498;41995;42302;49843;42322;57174;55621;57175;56604;57176;56605;38946;31396;31395;27195;41499;34437;35034;53590;35955;57177;41500;57178;55588;28224;35715;41501;49844;42794;41502;57181;57180;53403;41996;57179;56606;61595;29414;27196;53502;57182;53317;53359;27197;57184;57183;27198;33895;27199;41997;27201;27200;34320;27202;42104;29243;35677;29415;35740;51639;51721;27203;27204;27647;29416;28355;29417;32439;32440;34213;41503;34708;29915;34709;31622;33121;35304;41504;29418;29419;27206;27207;29420;27208;27205;30049;30048;31398;31397;29421;34046;41505;41506;42958;45078;41507;49845;49846;29422;27209;51640;53286;27210;31453;33193;57185;31454;33194;27211;29423;38644;49847;42398;41508;42869;49848;43152;49849;49850;59639;44038;29424;27520;27213;27212;29425;29426;41509;27572;41998;27214;29427;27215;29428;27216;29429;27217;30036;49851;30037;45539;34199;51722;41999;51723;51724;42000;51725;51726;57186;51728;57466;51727;59682;65026;60059;27218;29430;58525;60092;62096;63091;62780;62573;63626;65866;65598;59354;66668;67198;50080;57187;54612;29431;42189;27530;49852;29432;27219;27220;59118;29433;27221;29434;29784;31964;34753;29785;31965;51729;34754;35246;51730;35747;51731;42001;51732;51734;51735;51733;51738;51737;51736;51984;51739;52969;57189;57188;57190;57192;57191;57195;57194;57193;58129;58300;58561;59451;59054;61596;62494;63279;62935;63473;64637;64966;64614;65569;65958;66493;66921;68956;27222;55830;57196;27223;34438;42049;41966;29435;27224;49853;27226;27225;29436;29437;27227;27228;33430;29438;33431;41510;38684;49854;53487;57197;49855;57198;58722;51740;51741;64092;51742;51743;51744;34192;51745;38857;27230;27229;29439;29440;27231;59854;27232;27233;34366;34967;30193;41511;30194;29916;36004;38807;41512;31321;41513;31322;58791;62210;27235;29441;29442;27234;29443;27236;29444;27237;51747;51746;52970;57199;57200;61641;61453;61680;27238;27239;34153;38181;35330;29244;50377;57201;55442;55920;57435;62960;63295;66802;27240;81125;58576;33267;33215;29445;33251;33896;27241;29446;29245;33559;34214;27242;29447;41514;34215;35080;41515;36201;42002;41517;41516;51748;59829;27243;66957;28170;66289;32115;27244;27245;29448;27246;29449;27247;29451;66958;29450;27248;27249;27251;27250;29452;49856;66959;34506;33161;34439;35741;33160;42003;41518;42004;27253;29453;27252;27254;59855;29455;27257;29454;27255;27256;27258;41519;29456;31190;35921;31189;29457;27260;27261;27259;29458;44313;49857;41520;35956;35922;35986;27262;29459;27263;27264;27265;27266;36005;34959;59190;27267;34430;29460;29461;27268;34431;34981;29246;28171;41521;31400;31399;68876;42005;41522;27269;35247;57614;29462;34193;34194;35005;27270;51749;29464;27271;34845;36006;29463;29465;64908;63021;29466;62061;27272;27273;34739;41523;34740;39514;49858;39433;27274;29467;34982;34968;57313;29470;29468;32049;29469;41524;34024;41967;41525;49859;49860;42929;59119;43859;51339;49861;49862;52632;57204;56006;57203;53893;57205;57683;59493;62961;62116;66196;66856;65546;27275;69092;29471;29473;29472;27276;31771;31772;27511;34036;34035;41526;29474;29475;27277;32050;34072;29476;34485;41527;34200;41528;41529;49863;43822;52737;50968;53235;49864;57206;55757;57207;62177;57208;59064;62962;65599;66197;66857;69093;27279;27278;27280;27512;30195;31773;34037;35305;36070;42006;42007;57209;51750;52752;55622;57210;57658;59065;63092;62381;65570;66198;66618;69072;30248;31774;32178;27513;34038;35306;36071;42008;51751;52068;57211;27281;27282;35331;61567;27283;27284;29477;27285;29478;27286;38645;41530;29479;51113;27287;29480;28204;29481;49865;27288;29482;42816;29483;30038;27289;30039;32179;43057;51089;49866;51364;32180;36710;41531;59120;59121;29485;29484;27291;27290;59122;29486;27292;27294;27295;27293;27296;29487;59123;29488;27297;59124;27299;27298;28172;29489;29248;59125;29880;30249;30142;59126;30143;30144;31090;30250;31089;41532;33252;59127;33253;59128;41533;33432;59129;41534;34331;59130;41535;59132;59131;34457;41536;59133;35026;34755;59134;35446;41537;59135;41538;59137;59136;41539;39335;41540;59138;59139;42009;41541;42465;59140;49867;59141;49868;59142;59143;43398;59144;49869;59145;44398;59146;49870;46252;49871;59147;59148;49872;59149;59150;59151;49873;49874;59152;51158;59154;52971;51752;59153;59155;59156;59157;57212;55504;55468;59158;57213;56607;59160;59159;57214;59161;57659;62675;62676;59522;59521;65959;65960;29490;66782;59162;66781;27300;27301;27302;32051;29786;34239;27303;27304;27306;27305;28173;36202;35973;29491;27308;27307;29492;27309;29493;27310;29494;27311;29495;29991;31623;29992;41542;31624;36122;49876;49875;44093;51159;68877;57431;27312;29496;27313;29497;29498;27314;27315;34780;49877;41543;42010;42236;55566;42323;57215;27316;34718;31401;31402;31403;42011;42012;67223;29499;27318;27317;29958;29957;60103;29500;27319;27320;29959;29787;29960;27321;34509;27322;42013;27323;28174;34679;49878;57216;29501;27324;55433;55434;57217;29502;27325;51753;27326;51754;29503;29504;28175;41544;35759;36007;42014;41545;30180;33885;49879;27327;29505;35248;35447;29506;42015;42324;45003;29344;49880;42325;27328;34261;38662;34073;27531;38923;38646;39445;35459;63072;29507;63680;27330;27331;27329;29508;29509;32024;32052;28326;35733;41546;35553;41547;35748;41548;42016;41549;49881;49882;55897;57218;58167;61547;59494;50821;28205;27332;30015;58577;57219;62781;52738;28176;34486;29510;29881;29851;41550;36080;57220;42017;55746;35027;33786;41551;38950;27333;29511;29512;27334;34074;34075;41553;41552;52990;49883;60077;57221;58777;53591;64093;60152;42018;35678;66465;42019;49884;43634;35607;49885;36182;41554;55850;57222;29513;27335;27606;29514;32473;32474;49886;58196;29515;27336;38788;27337;51755;27338;34025;30093;36203;42020;30094;51756;34207;30095;34208;34846;34983;34847;41555;35320;35699;50969;42021;41556;41557;57223;55698;59722;57684;59163;62003;63259;66301;33196;33195;34076;58616;34077;60104;32077;66290;27339;27341;27340;31775;27342;34812;32129;27343;57224;54829;29516;29518;27344;34984;29517;29519;34026;33939;57225;53639;27345;29520;27346;27347;35679;42022;27348;29521;27349;30181;27351;27350;31637;33837;33513;36008;33838;35448;36204;42190;42421;49895;29522;45499;50489;27352;49896;31697;32025;57226;31696;32026;31991;34367;34960;35307;42366;49897;49898;43399;44381;49899;49900;44911;49901;53236;45500;57227;52652;57228;53650;41558;27354;33386;27353;33387;27355;42959;41559;29523;42023;49902;27356;29524;27359;27358;27357;29525;30182;34985;33886;34765;45107;41560;49903;32117;42024;50021;32116;41561;55687;64927;57229;29526;28356;27360;34027;29527;57230;49904;53447;56610;57231;51757;35039;27361;42303;49905;29882;33787;29883;29528;35460;41562;60060;35646;41563;41564;66553;30016;29961;29529;35680;51758;51759;29530;42025;57232;29531;56611;30196;62004;30197;63345;29532;66230;27532;27362;29533;29534;41565;42026;29962;29535;27363;29536;28327;32079;32078;34440;34441;41566;49907;49906;34487;27364;34078;29537;34468;41567;34262;41568;50842;41569;29538;35681;27365;29539;27366;29540;27589;31841;31842;27367;34321;29541;61695;31843;27368;29543;27370;29542;27369;29544;29545;41570;41572;41571;41573;49908;42841;45385;49909;50610;57233;57234;53640;55139;56612;58033;57235;57570;58679;59237;65719;49910;44132;59316;56613;57236;41574;32454;36116;41575;42027;41576;67199;42028;27371;57237;33088;27372;27376;27375;27373;27374;27377;27378;27533;31309;29884;31844;33224;33574;34039;34469;34458;34687;35249;35957;42029;57238;55716;35784;27379;39361;31776;27380;57239;56701;35006;35007;27381;29546;34264;34263;41577;35736;27382;33162;49911;44593;49912;45540;28283;28284;29547;28285;29548;29885;29549;29886;31091;51845;33433;49913;27383;28177;27384;27385;27386;33089;33887;35028;29550;33090;28286;34040;49914;34041;51641;57240;53894;65249;39499;39434;49915;43086;29551;27387;31339;31340;34692;27388;27390;27389;27391;27393;29552;27392;27395;27394;27396;27397;31455;31456;34813;35449;42326;29887;36081;35682;35923;29553;27398;27399;29555;29554;28178;32118;32119;49916;42030;41578;43621;49917;65785;56702;57241;59164;59984;33888;29556;33897;49918;34240;53531;57243;27400;57242;29557;53855;27401;30251;29558;41579;30199;30198;36169;41643;42031;49919;44056;49920;49921;57244;53237;50043;62545;59384;41580;27404;27403;27402;27405;35785;57245;54830;53318;57246;56614;29559;57247;27406;27407;29560;27408;30145;30146;33924;35332;41581;33923;49922;51642;54643;57248;38713;58891;27409;59308;33163;43349;36082;49923;29561;27410;29563;29562;27412;27411;27413;29564;29565;27415;29566;27414;29567;27416;27417;41582;50822;39418;57249;53255;56615;59393;57250;61771;57251;27418;33898;29568;57252;33889;27419;34986;41583;27420;29569;29789;29790;32120;29570;27421;29572;27422;29571;27423;29573;34028;28328;34020;51760;42032;57253;69118;34987;28371;65799;34988;28206;27424;28225;27425;34042;29574;27426;27427;27428;29575;27429;27430;31457;27431;27432;29577;29576;32181;35647;27433;29578;27434;27435;27436;27437;27438;27439;27440;27441;27442;27444;27443;27573;27581;29695;31113;29888;31114;31845;32027;34201;34360;34961;35250;39462;27445;42327;27446;29579;44935;49924;31777;27447;42033;27448;31458;59830;27451;29580;27450;29581;27449;33434;29582;27453;29823;27452;29824;32182;49925;32183;45132;64866;41584;27454;27456;27457;27455;27458;34814;34848;35040;35598;35184;38776;42034;42035;29583;41587;41585;27459;41586;41588;49926;59355;41589;69055;36049;41590;42036;35472;33216;45015;49927;59288;51447;27460;66466;34241;27461;57872;29584;27607;59523;27462;59524;29585;27463;29586;27464;27465;29587;49928;27466;29588;29889;29890;51761;29589;27467;27468;57254;32184;55505;29590;27469;31846;31847;33123;33122;27470;28287;29592;27471;29591;31298;31675;31674;34154;34155;34499;34442;41591;41592;45472;49930;46170;49929;52525;56035;57255;57843;56616;57256;31698;64431;33435;34168;42037;27472;41594;41593;27473;31699;29593;31676;41595;53256;27514;34249;57257;51762;51763;34989;33788;27474;42328;57258;55021;35683;33091;33092;51764;57259;34079;53828;29594;27475;57260;49931;41596;41598;41597;27476;42038;27477;27478;30050;31404;31778;34047;35272;34990;35729;42039;38924;42070;57261;53319;57262;54995;56617;57263;57264;58945;59723;58117;64797;62097;69169;27479;66255;29595;27480;31115;42040;30096;32441;51765;51766;32502;59469;56618;27481;57265;62025;62963;29891;27482;28207;29596;29792;29791;57266;29963;63153;57267;41599;42041;29597;30097;27483;31779;34302;31780;30099;34303;30098;30100;31460;31459;31723;31716;31781;31782;32392;32393;51767;51768;35599;51769;51770;38846;27484;29598;27485;27486;29599;27487;27488;29600;29601;29602;27489;27490;27491;34234;41600;38847;35723;41601;49932;29603;57268;49933;53404;43365;57269;30017;58143;30101;67256;30040;30102;49934;33164;33165;30103;27492;30104;29604;27493;30041;27494;29605;29606;27495;29607;33166;27496;66803;27497;29608;28179;41602;29609;38182;27498;42406;42422;41603;42042;49935;51365;27500;29610;27499;33101;52163;29611;27501;41604;33743;29612;27502;33742;34991;35369;28180;34962;41605;29613;57299;27503;56619;27504;57270;27505;25927;70970;25926;70971;70972;70974;70973;70975;70976;70977;70978;70979;70980;17162;132057;44959;30133;51813;47152;17163;69263;55116;25707;22226;55115;73946;138209;76403;73947;131765;80911;151469;137827;31858;67002;81600;81599;62925;77404;77406;103195;69307;91124;104573;91125;103839;103837;125372;171960;172499;71993;90199;77050;91895;93717;96045;97661;104459;100593;136619;110778;119616;124768;131233;119617;151470;133675;59366;169425;73964;59367;66927;71994;59365;72542;79083;84368;85256;86873;90200;91894;136620;141082;133676;151468;56413;56412;69803;58514;62458;62715;50432;62716;52052;56378;45017;45018;50433;51190;59192;102204;59193;104972;102203;57795;57796;58204;93409;93654;93344;93658;93408;31857;67229;92757;92840;67003;68936;67004;68935;91915;93652;130630;133410;47046;63067;56666;91261;60161;74152;83117;74153;72218;72219;105300;46733;185888;185896;168261;162548;63418;13852;140918;171605;50603;135706;135707;135708;135709;49175;49176;105074;52716;52715;101160;135970;101159;107096;171539;176296;100574;142054;150797;131726;23650;46784;32443;14729;35702;39563;25954;58814;66256;74369;80481;53625;47901;58813;80482;86318;70126;55817;86317;88090;100422;72203;64568;58389;77528;64567;86326;64569;55593;57062;11059;34361;54990;40927;40926;183027;181672;134892;91428;159537;149094;154960;160335;164982;171389;173271;166380;176551;134871;93483;17213;93482;62628;52044;135409;135410;66811;35648;133361;133269;34050;134629;149064;154962;133217;103968;103969;34216;34490;34363;35451;50831;133623;154351;24683;158648;25171;25172;29724;25925;84008;84007;104354;27583;24682;49707;24681;16192;24815;154961;134302;134452;148428;139668;139667;32400;58597;35042;25148;25120;25757;25547;58580;17611;14686;12076;11428;69421;34432;35743;100962;100961;49791;20484;49803;20485;50044;20486;49805;49804;49995;50046;50045;50081;50300;50301;50319;50524;50318;51501;20487;50410;50378;50411;50490;50491;50492;50412;50559;50560;50649;50573;51114;50823;51115;20488;50824;50843;50857;50970;51184;51073;51074;51075;51076;20489;51116;51117;51136;51340;51433;51421;51434;51435;51436;51437;20490;51525;51453;51502;51509;51572;51583;51643;51584;51668;51669;52527;51673;20491;52579;52526;51771;51847;51846;51870;51848;51858;51871;51900;20492;51954;65098;51985;51986;51996;51997;52022;52023;52069;52070;20493;52164;52474;52475;52477;52476;52478;52479;52480;65099;65100;20494;52499;52498;52500;52528;52529;65101;52580;52581;52667;52598;65102;52739;52682;20495;52991;52740;52972;65103;53219;53218;53220;53221;53222;53238;20496;20497;53257;53287;53294;53295;53296;53321;53320;53303;53372;55067;53408;20498;55068;55069;55070;55071;55072;55073;55074;55075;55076;55077;55078;20499;55079;55080;55081;55082;55084;55083;55085;55087;55086;55088;55090;55089;20500;55091;55092;55093;55094;55095;55096;55097;55098;55099;55100;55101;20502;55103;55104;20501;55105;55102;55106;55108;55107;55109;55113;55114;55407;20503;55469;55163;55605;55168;55167;55282;55172;55283;55408;55409;55413;55414;55589;20504;55454;55590;55522;55521;55530;55531;55591;55567;55592;55606;20505;55607;55637;55648;55699;55689;55688;55700;55717;55718;55730;55729;20506;55731;55758;55762;55921;55784;55982;55785;55810;55922;55857;55858;20507;55898;55899;56562;55957;55923;55967;55968;56036;56115;56139;56089;56140;56279;58511;56048;58532;20509;20508;56161;56189;56190;56191;56192;56206;56194;56193;56207;56236;56237;20510;56257;56256;56330;56331;56280;56305;56281;56332;56343;56344;20511;56346;56345;56347;56387;56375;56406;56389;56388;56384;56466;56390;56506;56479;56507;20512;56555;56554;56580;56581;56556;56563;56582;56583;56629;56638;56637;56630;20514;20513;56639;56642;56641;56640;56644;56643;56646;56645;56664;56647;20515;56680;56775;57393;56747;56746;56767;56768;56777;56776;56778;20516;56817;56853;56860;56854;57685;56861;56868;56869;56870;56943;20517;56911;56913;56912;56914;56916;56917;56915;56919;56944;56947;56946;20518;56945;56948;56970;56969;56971;57997;56949;56978;57024;57005;57038;57047;20519;57048;57055;57056;57057;57058;57059;57060;57061;57271;57300;20520;57301;20521;57302;57303;57304;57305;57457;57306;57458;57314;57315;57321;57341;20522;57342;57343;57345;57344;57370;57357;57447;57436;20523;57448;57467;57449;57495;57496;57498;57532;57497;57533;20524;57534;57535;57588;57616;57615;57660;57661;57662;57663;20525;57697;57665;57664;57686;57687;57688;57689;57706;57698;20526;57707;57873;57762;57763;57874;57790;57845;57844;57856;57887;57846;57932;57933;57888;20527;20528;57934;57935;57938;57937;57936;57958;57973;57998;58035;58036;58034;57999;58037;20529;58069;58179;58130;58118;58104;58131;58144;58145;58169;58168;58146;20530;58197;58170;58264;58223;58266;58265;58267;58268;58269;20531;58271;58270;58288;58287;58289;58301;58325;58318;58340;58326;58341;20532;20533;58383;58384;58425;58589;58807;58397;58481;58443;58444;58492;58494;58493;58496;58497;58495;20534;58498;58499;58533;58534;58578;58590;58600;58617;58680;58618;20535;58741;58723;58742;58743;58870;58808;58871;58872;58873;58892;20536;58922;59470;59015;58946;58923;63107;59032;58948;58947;59016;58974;58986;58964;20537;59033;59186;59034;59107;59170;59187;59238;59188;59364;59225;59226;20538;20539;59289;59254;59290;59291;59292;59320;59309;59321;59322;59323;59324;59385;20540;59386;59394;59525;59724;59654;59640;59396;59395;59725;59397;59399;59398;59452;59472;59471;20541;59473;20542;59474;59476;59475;59495;59526;59496;59553;59554;59565;59567;20543;59566;59604;59603;59605;59755;61568;59754;59783;59809;59784;59811;59810;59812;20546;20545;20544;59815;59813;59814;59831;59816;59832;59833;59856;59845;20547;59891;20548;59954;59955;59903;59956;59957;59965;59964;61729;59985;59986;20549;20551;60013;60012;20550;20552;60078;60079;60105;60014;61506;60106;60136;60125;60137;60126;61379;61380;61411;20553;61445;61458;61483;61484;61485;62036;61507;20554;61508;61509;61510;61511;61512;61513;61525;61526;61549;20555;61548;61569;61619;61570;61608;61607;61642;61643;61706;61707;62062;20556;61730;20557;20558;61745;62382;61772;61773;61787;61788;62005;62007;62006;62037;20559;62038;62039;62041;62072;62040;62073;62098;62112;62111;20560;62178;62179;62199;62180;20561;62200;62211;62219;62238;62212;62434;62239;62240;20562;62241;62290;62306;62307;62347;62366;62348;62365;62387;62388;63285;20563;62408;62409;62430;62411;62410;62436;62437;62435;62475;62474;20564;20565;62476;20566;62495;62497;62496;62660;62511;62512;62515;62514;62513;62546;20567;62547;62619;62548;62557;62620;62661;62677;62700;62708;62707;62709;20568;62733;62756;62816;62815;62817;62888;62818;62860;62868;62870;62869;62899;20569;62936;62900;62982;63022;62937;62983;63024;63023;63026;63025;63027;63058;63145;20570;63108;63093;63109;63118;63117;63116;63119;63120;63121;20571;63123;63122;63124;63154;63164;63163;63184;63165;63219;63220;63260;20572;63261;63221;63222;63262;63264;63287;63296;63286;63288;20573;63297;63316;63299;63298;63315;63317;20574;63320;63322;63321;63367;63447;63467;63448;64480;63665;63474;63475;63535;63538;63537;63536;63539;63540;63608;63609;63541;20575;63611;63612;64433;64432;63614;63613;63615;64434;63616;20577;20576;63666;64435;63667;64436;63668;64283;63669;64284;64285;64289;64290;64291;20578;64375;64376;64481;64482;64616;64617;64615;20579;64619;64629;64618;64639;64638;64680;64641;64640;64681;64967;64698;20580;20582;20581;20583;64782;64783;65684;64798;64968;64799;64800;64801;64802;64804;64803;64805;64806;20584;64808;64809;64807;64810;64811;64890;64891;64909;64892;64910;20585;64911;64928;64929;64969;65095;65045;65077;65096;65104;65251;65250;65252;20586;65547;65571;65572;65573;65607;65574;65608;65609;20587;65611;65629;65610;65640;65667;65641;65666;65655;65685;20588;65763;65686;65730;65786;65787;65816;65788;65800;65817;20589;65818;65819;65868;65867;65869;65871;65870;65872;65923;20590;20591;65980;20760;65981;66022;66199;65994;66171;66032;66200;66215;20592;66231;66291;66292;66232;66303;66302;66348;66347;66314;66346;66442;66357;66372;66467;20593;66443;66470;66468;66469;66471;66494;66496;66669;66540;66495;66587;20594;66590;20595;66588;66589;66670;66691;66714;66692;66713;66712;66715;66716;66816;66783;66817;20596;66818;66819;66821;66822;66820;20597;20598;66823;66825;66824;66826;66828;66829;66827;66830;66831;66833;66832;20599;66858;66834;66892;66886;66893;66877;66900;66901;66902;20600;66903;66904;66922;66924;66962;66960;66923;66961;20601;67000;67015;67001;67186;67016;67138;67189;67188;67187;67139;67190;20603;67206;20604;67191;20602;67224;68902;68924;68923;68957;68903;68925;69119;69031;69073;20605;68926;69120;69173;69121;69123;69122;69124;69125;69126;69174;69127;20606;69175;69234;69260;69235;69366;69373;69367;69415;69416;20607;69417;69418;69419;20608;69798;69807;69797;20761;69808;69809;69811;69810;69843;69824;20609;69812;69862;69947;69971;69970;69972;69973;69974;69975;69976;69977;20610;69978;69979;69980;69981;70086;70087;70116;70117;70190;20611;70191;70193;70192;70194;70251;70253;70252;70255;70254;20612;70256;70267;70266;70268;70270;70269;70366;70367;70452;70492;70538;20613;70539;70540;70541;70542;20614;70543;20615;20616;70580;70581;70579;70582;70583;70584;70607;70606;70608;70698;20617;70725;70759;70798;70782;70783;70799;70801;70800;20618;70802;70803;70804;70845;70844;70874;70805;70875;70876;70962;71021;71036;20619;71037;71094;71203;71139;71204;71205;20620;71206;71207;71208;71210;71209;71211;71244;71253;71260;20621;71309;71374;71375;71376;71394;71493;71518;71531;71532;20622;20623;71564;71563;71615;71565;71794;71793;71792;71791;71795;20624;71798;71796;71797;71837;71895;71799;71855;71938;20625;71896;71939;72005;71990;72088;72087;72089;72115;20626;72117;72116;72164;72230;72231;72232;72235;72233;72326;72278;72234;72502;72424;72386;20628;72366;20627;72425;72479;72457;72571;72503;72598;72572;72573;20629;72574;72576;72575;72577;72578;20630;72599;72701;72719;72682;72720;73398;72799;72798;72740;72812;72857;72858;72875;20631;72874;72876;72897;72898;72899;72900;20632;72901;72902;72978;72979;72925;72980;73017;73016;73077;73078;73076;73092;20633;73148;73180;73179;73181;73202;73245;73223;73288;73316;20634;73328;73329;73400;73399;73401;73402;73513;73556;73665;20635;73514;73666;73680;73723;73709;73681;73722;73724;73725;73727;73726;73728;20636;73752;73820;73753;73799;73800;73785;73786;73801;65105;73802;73821;73822;73803;73885;73883;73884;73882;73887;73886;20637;73888;73889;73890;20762;73891;73892;73903;73904;73902;73893;73905;73906;73940;20763;74022;74023;73941;74034;74035;74420;74134;76107;74135;74136;74137;74182;20764;20765;74183;74185;74211;74184;74212;74213;74214;74215;20766;74285;74322;74353;76199;77245;74508;74354;74355;74356;74357;74359;74358;74361;20767;74360;74494;74464;74493;74509;76108;76109;76143;20768;76142;76159;76158;76160;76249;76201;76200;76251;76250;76275;76294;76276;20769;76295;76296;76297;76298;76378;76354;76380;76379;76381;20770;76382;76383;76384;76385;76386;76524;76425;76525;76451;76559;20771;76561;76560;76563;76562;76564;76565;20772;76568;76566;76567;76569;76586;76587;76704;76682;76705;76707;76706;20638;76757;76756;20773;20774;76784;76961;76785;76962;76935;76991;77568;77019;76999;77049;77085;20775;77146;77147;77148;77181;77320;77198;77199;77218;77237;77219;77236;77274;77387;77724;20776;77300;77323;77322;77321;77324;77325;77485;77436;77420;20777;77486;77664;77488;77487;77490;77489;77491;77492;20778;77526;77527;77555;77525;77569;77601;77570;77602;78465;77701;77744;77726;77725;20780;20779;77807;77816;77808;77809;77817;77818;77819;77821;77820;20781;20782;77851;77852;77897;77854;77898;77853;77961;78010;78041;78040;78042;77982;20783;78106;78466;78107;78255;78504;78257;78256;78258;78259;20785;20784;78260;78261;78467;78468;78539;78505;78538;78653;78654;78668;20786;78698;78723;78762;78761;78821;78764;78763;78765;78869;78888;20639;20787;79119;79120;79209;79122;79121;79210;79211;79212;20788;79213;79214;79244;79333;79354;79430;79382;79383;79431;79432;79433;79434;20789;79436;79435;79576;79598;79622;79621;79623;79688;79716;20790;79659;79717;79689;79740;79718;79741;79824;79823;79853;79825;79852;79854;80025;20791;80026;80029;80027;80028;80030;80031;80034;80032;80167;80168;80033;80218;20792;80411;80410;80392;80391;80412;80441;80549;80413;80548;80471;81041;21054;80851;80473;80472;80510;80474;80511;80512;80515;80514;80513;81177;80516;21055;80550;80517;80551;80552;80826;80827;80853;80852;21056;81016;80854;21057;80945;80943;80944;81018;81017;81019;81042;81043;81341;81144;81045;21058;81163;81162;81165;81164;81178;81255;81296;81256;81314;81297;20640;21059;81400;81398;81399;81412;81420;81483;81644;81544;81482;81729;81484;21060;81566;81565;81567;81509;81568;81645;81590;81646;81569;81571;81570;81572;21071;81573;81753;81668;81698;81754;81755;81756;81771;81772;81773;81774;81775;21061;81776;81879;81880;81910;81881;81951;81950;81971;82022;21062;82023;82069;82024;82070;82073;82071;82072;82267;82268;82074;21063;82471;82524;82565;82497;82525;82526;82527;82642;82643;82644;82659;21064;82660;82661;82662;82697;82695;82696;82765;82766;21065;82847;82792;83109;82911;83086;82991;82993;82992;83051;83050;83052;21066;83111;83110;83176;83175;83277;83177;83134;83112;83178;83181;83179;21067;83180;83182;83251;83255;83252;83258;83256;83257;83331;83259;83332;83333;20641;83260;21072;83261;83334;83262;83434;83544;83344;83413;83345;83414;83777;83435;21068;83759;83758;83778;83762;83760;83761;83861;83809;83779;83780;83810;83863;21069;83811;83862;83972;83990;83950;83949;84045;83989;21070;84117;84119;84120;84118;84121;84123;84125;84124;84122;84148;21182;84209;84317;84208;84316;84210;84318;84213;84212;84319;84211;84214;84320;21151;84228;84230;84229;84487;84339;84430;84429;84428;84664;84794;84444;21183;84564;84563;84612;84614;84615;84613;84616;84618;84619;84617;84620;21184;84635;84665;84666;84900;84957;84915;84958;85240;84980;84982;21204;84981;84984;84983;84985;84986;85075;85042;21216;85077;85076;85079;85078;85080;85123;85122;85081;85155;85154;85156;21234;20642;85157;85159;85158;85251;85345;85344;85578;85252;85253;85265;85444;86400;21270;85297;85445;85533;85508;85507;85506;85509;85648;85512;85510;21291;85511;85534;85579;85660;85682;85684;85683;85724;85735;21292;85797;85765;85798;85799;85800;85872;85873;85801;85875;85874;85907;21300;21568;85982;85983;85984;86144;86102;86103;86145;86146;86291;86147;86185;86189;86204;86190;21301;86207;86205;86206;86218;86292;86208;86219;86293;86220;86244;86294;86221;21321;86297;86296;86295;86298;86299;86310;86401;86443;86379;86565;21371;86491;86415;86416;86466;86493;86465;86492;86468;86467;21372;86494;86617;86566;86629;86630;86650;86758;86652;86809;86651;86720;86672;21373;86759;86783;86786;86760;86785;86787;86784;86789;86788;20643;21374;86813;86810;86812;86811;86814;86815;86847;86816;86848;86871;21375;86897;86872;86911;86896;86944;87065;86993;87066;87168;87107;21376;87123;87170;87169;87320;87108;87203;87204;87216;21377;87205;87217;87236;87237;87238;87369;87408;87406;87239;87409;87407;87462;21569;87464;87463;87465;87466;87467;87468;87470;87469;87497;87498;87529;87499;87530;87471;87531;87532;21588;87533;87535;87534;87536;87537;87755;87757;87756;88804;87759;87758;87761;87760;21604;87915;87868;87774;87815;87814;87816;87845;87846;87888;21612;87939;87916;88010;88012;88011;88016;88014;88013;88015;88017;88040;88018;88455;88019;88083;88084;21613;27858;27859;27860;88456;88487;88637;88457;88409;88516;88518;88520;88519;88517;88521;88522;88524;88525;88523;27861;88526;88576;88712;88678;88861;88711;88747;88748;20644;88749;88750;27862;88805;88806;88838;88928;88837;88836;88929;89776;88896;88897;88894;88895;88899;88898;89023;89024;88900;89025;89026;27863;88901;88930;88902;88951;88952;88953;88950;89078;89079;89733;89732;89100;90421;89826;90598;27864;89660;89659;89734;89865;89827;89778;89777;89828;89866;89930;27865;89932;89931;89933;89935;89934;89937;89995;89936;89962;89996;89997;90021;90822;90855;91255;90147;90095;90094;27866;90188;90400;90245;90349;90306;90350;90401;90403;90402;90405;90404;90507;90406;27867;90915;90588;90824;91256;91333;90589;90760;90678;90825;90677;90826;90827;27868;90858;90856;90887;90857;27869;91257;90917;90916;91083;90918;91082;91086;91084;91085;91088;91087;91089;27871;91090;27870;27872;91092;91091;91093;91094;91258;91095;91181;91122;91182;91183;91184;91187;91185;91186;91188;91189;91190;27873;91218;91191;91219;91220;91341;91334;91259;91320;91422;91424;27874;91423;91450;91425;91451;91559;91499;91558;91498;91557;91560;91561;20645;91563;20646;27875;91562;91564;91565;91566;91569;91568;91567;91570;27876;91726;91725;91727;91728;91729;91758;91914;91874;91875;91873;91877;91876;91878;91880;91881;91879;27877;91882;91883;91884;91954;91893;92408;91955;91956;91968;91957;92009;92010;27878;92011;92033;92311;92313;92312;92314;92316;92315;92317;92318;92319;92409;27879;92456;92511;92784;92584;92583;92751;92750;92699;92785;92815;92966;27880;92860;92861;92862;92863;92864;92865;92866;92867;93509;92868;27881;92869;92985;92999;93025;93045;93046;93047;93106;93120;27882;93107;93217;93241;93219;93242;93243;93218;93220;93682;93399;93398;93460;93683;93510;93511;93600;93559;27883;93601;142021;93602;93603;93604;93605;93648;93607;93606;93684;93649;93715;93774;27884;93773;93775;93827;93938;93801;93800;93809;93864;93896;93953;93954;93955;93956;93957;93958;27885;93959;20647;94068;94045;94044;94152;94069;94153;94154;94156;94155;94157;94158;94249;94159;94195;94287;27886;94288;94352;94508;94351;94353;94289;94464;27887;94465;94467;94468;94466;94510;94509;94574;94573;94669;95025;94730;94731;94732;94734;94733;94735;94737;94736;27889;27888;94954;95054;95466;95053;95284;95285;95371;95318;95295;95385;27890;95386;95425;95427;97351;95426;95429;95428;95431;95430;95432;95433;95467;95434;95566;95567;27891;95569;95568;95570;95572;95573;95571;95629;95661;95574;95808;95807;96035;95873;95992;95993;95949;27892;95994;95995;95996;95998;95997;95999;96000;96336;96304;96406;96436;96871;96437;96440;96438;96439;27893;96441;96442;96445;96444;96443;96605;96483;97852;96656;96872;97047;96719;96720;96978;96763;96796;27894;97083;96927;96951;96953;97853;96952;96954;96955;97016;96981;96979;96980;97017;97018;27896;27895;97048;97049;97098;97050;97099;97084;97208;97190;97209;97221;97301;102814;20648;27897;27898;97222;97223;97302;97303;97304;97318;97320;97319;97321;97323;97322;27899;97324;97383;97434;97384;97521;100545;101833;102258;97468;97551;97523;97522;99121;97600;97603;97602;97601;97604;27900;97605;97633;97608;97606;97607;97634;97720;97659;97660;97719;97658;97721;97752;27901;97723;97753;97722;97973;97778;97779;99093;97854;97793;97855;27902;97856;97887;97917;97936;97857;97937;99122;97938;99023;99024;99094;99025;99096;99095;99097;27903;99098;99099;99100;99101;100677;99182;99195;99196;99278;99198;99197;99279;99303;99435;27904;100153;99626;99581;99582;99583;99655;99657;99656;99659;99660;99658;99685;27905;99686;99723;27906;99724;99725;99726;100247;99966;99965;100154;100216;99993;100248;100293;100098;27907;100249;100099;100100;100265;100101;100102;100379;100156;100218;100217;100155;100219;100250;27908;100251;100252;100266;100253;100267;100254;100268;100255;100294;100412;100411;100413;100414;100415;20649;27909;100460;100549;100509;100547;100548;100546;100570;100590;100591;100632;100633;100662;27910;100919;100663;100667;100666;100665;100664;100668;100678;100835;100755;100781;100836;27911;100837;100921;101148;100920;101261;100922;100924;100923;100925;100927;27912;100926;100928;100929;100930;100932;100931;100987;100933;100989;100988;100990;101149;27913;101024;101150;101062;101083;101152;101153;101151;101154;101156;101155;101231;103319;101157;101262;101263;27914;101354;101546;101545;101770;101769;101809;101835;101834;101892;101894;27915;101893;101928;101929;101949;101951;102091;101952;101973;101950;101974;102092;102014;102015;102016;102033;27916;102071;102093;102034;102161;102195;102160;102197;102196;102198;102259;27917;102260;102417;102261;102416;102418;102419;102422;102421;102420;102423;102424;102493;27918;102522;102543;102523;102580;102524;102525;102581;102582;102583;102584;102679;102680;102678;20650;27919;102681;102777;102816;102697;102815;102817;102818;102956;102857;102820;102819;102957;27920;102975;102976;103047;103187;103217;103372;103218;103320;103250;103249;103321;27921;103322;103323;103324;103325;103326;183526;103327;103356;103417;103416;103418;27922;103466;103641;103643;103642;103644;103645;103646;103662;103667;103691;103808;103692;27923;103773;103774;103731;103775;103777;103779;103778;103776;103780;103809;103810;103812;27924;103811;103813;103814;103863;103815;103834;103835;103921;104118;27926;104119;104120;104121;27925;104122;104211;104173;104213;104212;104143;104272;104321;104320;104318;104317;104319;27927;104323;104322;104431;104377;104477;104432;104496;104652;104994;105542;104807;104569;27928;104543;105543;104625;104712;104653;104713;104714;104716;104715;104717;104734;104735;104736;104737;104738;104739;27929;104808;104784;104809;104785;104995;104810;104846;104845;104881;104844;20651;104882;27930;104883;104884;105021;105037;105038;105101;105099;105100;105104;105103;105102;105105;105354;105106;27931;105355;105107;105173;105254;105583;105544;105650;105649;105686;27932;105687;105688;105723;105724;105745;105725;105726;105746;105747;105748;105727;105750;105749;106482;105751;27933;27934;105766;105767;108750;106074;106264;106096;106134;106135;106265;106267;106266;106268;106270;106269;106271;106272;106295;106347;106790;106348;108751;106371;106372;106373;106483;27935;106533;106534;106557;106556;106581;106558;106619;106582;106675;106620;27936;106676;106677;106678;106709;106791;106749;106792;106793;125352;27937;106794;106816;106837;106839;106838;106927;106869;107145;106928;106929;106968;107215;27938;106945;107087;106969;106970;106972;106971;107003;106973;107023;107146;107117;107147;107148;27939;107192;107256;107194;107293;107193;108335;107257;108371;108372;108403;108370;108949;20652;108453;108484;108513;27940;108483;108514;108582;108657;108706;108583;108658;27941;108707;108793;108709;108708;108710;108794;108834;108833;108832;108840;108835;108841;27942;108843;108842;108878;108879;109058;108950;108951;183533;109002;109086;109199;109200;109466;109312;109311;27943;109467;109314;109315;109313;109316;109317;109343;109468;109600;109648;183611;109469;27944;109649;109681;109892;109680;109650;109723;109798;109863;109812;109940;109893;27945;109894;110044;110045;183610;110046;110047;110048;110049;110050;110051;110094;110052;27946;110225;110124;110191;110226;110262;110320;110263;110264;110285;110286;27947;110382;110321;110322;110395;183612;110413;110474;110549;110475;110476;110477;110478;110479;110481;110480;110513;110550;27948;110515;110516;110514;110532;110517;110552;110533;110551;110611;110622;27949;110623;27950;110641;110939;110662;110721;110805;110765;110894;110895;110898;110896;110897;110900;110899;110921;20653;27951;110922;110940;110923;110924;110925;110941;110974;110942;111005;110973;110975;111006;27952;111038;111040;111041;111039;111060;111061;111266;111062;111135;111267;111268;27953;111330;117825;111269;111331;117537;111349;111374;111510;111375;111511;111512;111526;111576;111513;27954;111577;111578;111579;111581;111580;111640;111641;111672;111748;183608;111673;27955;111749;111752;111750;112017;111751;111753;111843;183638;112032;112033;111844;112058;117479;27956;112084;112149;112083;112109;112110;112113;112189;112111;112112;112150;112190;27957;117331;112151;112205;27958;117454;117356;117455;117538;117496;117357;154827;117456;117595;183598;117539;117630;27959;117631;117867;117805;117806;117870;117869;117868;117871;117873;117872;27960;118322;117913;117904;117915;118067;117914;117916;117934;118794;118068;117996;117935;118081;118358;118142;27961;118323;118082;118083;118143;118324;118176;118200;118325;118144;119300;118327;118201;118326;118328;118329;20654;27962;118359;27963;118392;118492;118567;118393;118568;119146;118591;118751;118750;183596;118795;152537;27964;118796;118797;118820;118904;118855;118905;118906;119253;119043;118907;118954;118966;118968;118969;27965;118967;118970;118971;118972;118973;119118;119014;119254;119216;27966;119256;119255;119257;119301;119337;119496;119302;119303;119338;119339;119459;119652;119458;119340;183599;27967;119497;119580;119653;119655;119581;119654;125542;119828;119826;119829;119827;119830;119832;119831;27968;121062;183626;121063;121096;121095;121161;121186;121187;121210;27969;121212;121211;121224;121328;121244;121329;122398;183637;121345;122479;121346;27970;121382;121432;121381;121469;121592;121594;122052;121593;121470;121506;121541;183642;121507;121508;121595;122053;183651;121596;27971;121597;121598;121619;121639;122055;122054;121640;122610;183648;122152;122183;122153;27972;122184;122314;122362;122481;122480;122399;183645;20655;122499;27973;122482;122500;27974;27975;122646;122533;122647;122667;122668;122669;183594;122811;122716;122812;122813;27976;122892;122868;122893;122946;136604;123001;124152;123074;183630;123075;123076;123077;123078;123127;123502;27977;124114;183603;124271;123414;183633;123503;123457;123504;123555;123641;123505;27978;123675;27979;123677;123676;123678;123680;123679;123681;123682;123751;123750;124272;123786;123787;27980;123933;123931;123930;123932;123934;123999;123973;183623;124085;124019;124115;27981;124116;124273;124191;124274;124297;124758;124275;124323;124407;124322;125386;27982;183631;183649;125765;124408;124457;124458;124561;124587;124676;124677;124679;124678;125593;124759;27983;124696;124717;124718;125026;125025;125028;125027;125135;125134;125136;125474;125475;125353;126095;125137;27985;27984;65106;125138;27986;125139;125141;125142;125143;125140;125144;125145;125251;125215;125252;27987;125337;125253;125338;125339;125766;125355;125354;125948;125476;125594;125544;125543;125545;125621;125622;20656;20657;27988;125623;125625;125704;125624;125705;183607;125720;125721;125722;125723;125724;125725;125726;125767;125768;125769;27989;125770;125772;125771;125811;125812;125851;125813;125853;125852;125854;126064;126065;125998;27990;126066;126067;126068;126096;183643;126097;27991;126098;126099;126241;126174;183605;126242;126255;126254;126256;126257;126305;126503;183600;27992;126306;126374;126375;126464;126504;126445;126465;126564;126563;127791;126565;126567;27993;126566;126568;126598;126698;126745;127093;126746;126747;126748;126749;27994;126772;126773;126774;126815;126816;126817;126948;126947;126818;126949;126950;27995;127792;127886;127041;127042;127043;127887;127094;127096;127095;127097;127794;127795;127793;27996;127796;127798;127800;127797;127799;127801;127802;127805;127804;27997;127803;127806;127840;127839;127888;127889;127890;127891;128023;127892;128024;20658;27998;27999;128025;128026;128028;128027;128029;128030;128031;128049;128075;128050;128076;28000;128320;128322;128323;128321;128412;128474;128993;128680;128476;128475;128477;128478;28001;128505;128506;128507;128681;128545;183606;128614;128629;128521;128630;128682;28002;128754;129048;128631;128755;128756;128874;128875;129289;128967;134888;129049;129351;129050;28003;129384;129290;129385;129466;129489;129488;129490;129491;129677;129712;129556;129749;28004;183629;129774;129775;129882;129808;129967;130146;130003;130147;129968;130052;130148;28005;28006;130149;130150;130151;130152;130167;130200;130392;130362;130585;130393;130394;28007;28008;28009;130427;130395;130513;130586;130396;134657;142870;130428;130587;130429;130588;130622;130623;130756;28010;130961;130962;130757;130963;131694;130964;131011;131012;130965;130966;131013;131014;131015;28011;131313;131016;131017;131072;131073;131074;131161;131182;131226;131225;131162;131314;20659;28012;131315;131392;183628;132011;131559;131560;131695;131561;131562;131696;28013;131563;131565;131564;131722;131761;131723;132012;131923;131924;183555;132014;132013;28014;132016;132015;132310;132240;132095;132689;132690;133142;132692;132691;183644;183542;28015;132748;132747;132746;132768;133224;132929;132854;132930;132931;183636;132932;28016;28017;132933;133039;132953;133040;133143;133144;133179;133178;133204;133205;28018;133206;133207;133225;133289;133548;133350;133290;133291;133292;133293;133294;133352;133351;133353;133354;28019;133355;133356;133449;133398;133450;133496;133497;133523;133522;133521;28020;133524;133549;133551;133550;133646;133648;133647;133649;133715;183716;183647;133764;133840;28022;28021;133793;133794;133795;133798;133796;133799;133797;133800;133950;134037;133951;28023;134038;134298;134039;134299;134301;134300;134367;134402;28024;134442;134658;20660;134659;134661;134660;134662;134664;134663;134699;135027;134758;134856;28025;135026;135028;135171;135170;183650;135029;135269;135229;135270;28026;135271;28027;135282;135283;135285;135398;135286;135284;135455;135581;28028;135399;136398;135672;135847;136027;136281;135895;135894;135846;135896;135966;135967;136083;135968;28029;151919;136028;136029;136084;136086;136171;136085;136087;136282;136088;136089;136173;136172;28030;136400;136399;136401;136493;136420;136545;136605;136606;136546;136607;28031;136608;28032;136663;136692;136708;136964;136709;136710;136711;136731;136730;136732;136965;136733;28033;136759;136966;136801;136802;136894;136943;136803;136944;136967;137044;137043;28034;137045;137133;137046;137178;143270;137179;137232;137295;137352;137296;137297;137299;28035;28036;137298;137300;137301;137555;137554;137353;137553;137556;137625;20661;28037;137744;137745;137824;137825;137849;137848;137891;137872;138132;28038;138136;138134;138135;138133;138137;138139;138138;138165;138166;138167;138168;28039;138208;138325;138497;138326;138835;138834;138498;138552;138836;138872;28040;138874;138873;138997;139179;139365;138875;138999;138998;139023;139024;139180;139025;139027;139026;139028;28041;139366;139181;183602;139182;139311;139312;140028;139313;139367;28042;139368;139369;139370;139371;139372;139373;139480;139479;139567;139568;28043;139659;139660;139596;139661;139662;139693;139692;139724;139725;147981;28044;139782;139770;139783;139784;140176;139848;183635;139908;140029;140265;140030;183622;140031;28045;140177;140179;140178;140182;140180;140181;140183;140267;140184;140266;140450;28046;140451;140458;140589;140590;140593;140600;140592;140603;140591;20662;140601;140604;28047;140646;140647;140645;140641;140639;140644;140642;28048;140640;140648;140637;140638;140643;140650;140649;140652;140651;183583;28049;140659;140701;140717;140719;140723;140720;140724;140730;140722;28050;140729;28051;140736;140751;140755;140753;140752;140786;140754;28052;140788;140801;140787;140784;183597;140803;140802;140925;140800;141482;140929;140924;140919;140922;140921;28053;140920;140923;141825;140927;140928;142027;141092;141109;141054;141112;28054;141097;148334;141111;141095;141922;141110;141180;148842;141182;141178;141183;141179;141181;28055;141177;141176;141206;141302;141301;141451;141449;141450;141448;141447;28056;183639;141483;141936;183624;141459;141537;141542;183552;141543;141545;141479;28057;141538;28058;141539;141541;141615;141544;141621;141620;141862;141824;141821;141923;142502;28059;20663;141863;28060;141934;141822;141820;141913;141921;141937;142367;141932;142001;142865;142017;28061;142026;142055;142368;142218;142369;142371;142370;142499;142464;142501;28062;142498;142735;142500;142729;142732;142727;142730;142721;142741;142731;149521;28063;142736;142866;142739;142969;142968;142966;142967;142998;143127;143121;28064;143119;143120;143214;143215;143249;143206;143242;143264;143266;143271;143269;143267;143268;144890;28065;143376;143375;143373;145013;143374;143428;143430;143432;143433;143431;143429;144111;144110;28066;144112;143445;143476;143585;143587;143584;144012;144078;144011;144015;144013;144016;144709;28067;144066;144300;144299;144337;144710;144704;144745;144746;144747;144751;28068;144750;144749;144752;144785;144786;144789;144788;144787;144849;144869;144897;144808;28070;28069;145234;144870;145228;144943;144944;145046;145007;145047;145011;145048;145084;145078;147987;20664;28071;145081;145409;145410;145463;145464;145517;145514;28072;145516;145510;145221;145518;145511;145512;145515;146349;145542;146043;146044;146069;146066;146306;28073;146070;146068;146209;146301;146208;146302;146303;146348;146350;146351;28074;146375;146385;146384;146435;146436;147988;146437;146494;146538;148006;28075;147996;148011;147979;147976;147999;147986;147980;147990;147977;147975;147983;28076;148009;147978;147982;148005;147991;147997;147995;148008;148000;147994;147984;148004;28077;147993;148007;148010;147985;147998;147989;183108;183571;183587;183641;183538;28078;183557;183640;183539;183619;183546;183702;183126;183620;28079;183175;183530;170923;183132;183698;183158;183618;183141;183705;183582;183181;28080;183553;183528;183532;183616;183738;183566;183693;183704;183156;183548;183701;20665;183554;28081;183113;183180;183709;183692;183543;183558;183531;183617;183157;28082;183166;183715;183155;183621;183541;183588;183700;183130;183573;183119;28083;183717;183556;183550;183609;183584;183570;183168;183585;183634;28084;183595;183109;183110;183124;183627;183160;183563;28085;183625;183162;183170;183604;183179;183178;183118;183547;28086;183691;183646;183148;183114;183560;183551;183712;183632;28087;183601;183578;183163;183139;183697;183161;183103;28088;183182;183536;183572;183137;183115;147992;148001;147974;28089;148003;148002;147968;147970;147973;147969;147972;148089;147971;148034;28090;28091;148108;148130;149032;148218;148891;148135;148248;148244;20666;148279;148260;148295;28092;148335;148498;148495;148491;148497;148493;28093;148492;148494;148496;148555;149044;148554;148689;148691;148911;148690;149244;148819;28094;148810;183116;148991;148856;148859;148938;148855;148953;148987;149055;148992;28095;149092;149093;149251;149474;149252;149253;149323;149306;149322;149332;150325;149324;149419;149417;28096;149418;149409;149405;149408;152134;149416;149410;149661;149415;149407;28097;149411;149406;149478;149404;149446;149519;149477;149649;149527;149651;149650;149520;28098;28099;149742;149727;149834;183142;149818;149906;149903;149908;149905;149907;149991;150029;150712;149988;150028;150030;150324;28100;150130;150131;150129;150492;150132;153852;150134;150144;150143;164828;150320;150151;150152;28101;150155;150164;150232;150233;150292;150394;150234;150420;150436;150691;150692;150690;183707;150793;150846;150809;28102;150858;150867;150857;150939;150940;150942;150947;150949;151017;150948;150953;153127;20667;20668;151000;150954;28103;150957;153131;150956;150955;150952;151444;169510;150995;151583;151443;151451;151452;151679;28104;28105;156562;151680;151800;151830;151835;153130;151836;151907;151921;28106;153129;151920;151924;151837;152002;156918;152555;152081;152079;152135;153942;152136;152144;152145;152178;152143;152180;152229;152181;28107;152216;152230;152235;157372;152363;152362;152420;152416;183153;152417;152830;152508;152539;152536;28108;152632;183559;156633;152640;152637;152639;152665;152681;152702;183586;28109;152784;152774;152870;152868;152846;183706;152913;152869;152918;152917;152916;28110;152954;152953;152957;153134;153138;183579;157224;153143;153145;153361;153139;153144;153137;153142;153156;28111;153445;153174;153526;153178;153179;153177;153527;153211;153476;153183;153243;153367;153408;153366;153391;154053;153407;153406;153511;28112;153510;153447;153446;153448;153514;153508;153449;153573;153569;153591;153568;153593;153592;153768;28113;153766;153781;153785;153769;153801;154162;154205;153770;153799;153797;153802;153779;153788;153789;153851;153853;153856;20669;28114;153854;153855;153857;183575;153866;153888;153910;153959;153908;153925;183529;28115;154203;28116;154204;154227;154241;154242;154273;154279;154278;154328;154274;28117;154352;154338;154337;154779;154405;154415;154431;154414;154413;154704;154569;154709;154778;28118;154783;154883;156561;154903;154977;154974;154972;155222;154980;28119;155221;155162;155220;155232;155297;183131;155892;156041;155296;155295;183580;155375;155351;155308;155374;155602;155655;183591;28120;155637;155722;155687;155681;155672;155727;155729;28121;183147;155751;183710;155752;155749;155768;155750;155747;183614;155766;155908;155923;183152;155767;28122;155943;183690;155935;183703;183549;155944;155936;183592;156043;155938;155939;183129;160896;28123;155925;183120;155952;183111;183123;183164;183154;156042;155970;156203;156040;28124;183104;156055;156054;156161;157139;156076;178945;156105;183525;183708;156122;156104;156168;20670;183724;156171;28125;156155;156190;156472;156485;183169;156482;156484;156486;28126;156710;156483;156481;156544;156568;156543;183149;183172;156612;183112;156613;156608;28127;183145;183135;176377;156712;183545;156645;156743;156650;156711;156742;166448;156772;28128;183176;156744;183133;156801;183171;156853;156802;156804;183576;183122;183173;183117;156880;156879;28129;156915;156917;156934;156914;183177;160853;157143;156962;28130;156960;157057;156961;183106;157059;157085;157112;157160;183143;163079;157162;183589;157243;183720;183150;157299;160668;28131;160980;157286;157287;157371;157357;183544;157349;157350;157351;157458;158125;157353;157352;157355;157404;28132;183127;157356;157370;183146;183159;183138;157463;157457;28133;157843;157456;157882;183165;183174;183590;158072;158053;28134;158212;183134;158134;158160;158258;158162;158255;158135;183577;158159;158161;158256;158250;158253;158249;158254;20671;28135;158259;158679;158572;158273;158271;158272;158454;158456;158455;158453;158457;28136;183694;158458;28137;158502;158680;161245;158574;158573;158683;159309;183136;158646;158731;158688;158737;158728;28138;158789;159022;159208;158817;158866;158901;158902;158905;158941;158939;158940;158987;158932;28139;158937;159631;158938;159059;159024;159020;159058;159026;159142;159144;183713;159107;28140;159143;159138;183711;159137;159255;183568;183125;183695;159160;159192;159189;159204;159268;183613;183593;28141;159248;159243;159331;159308;159346;159330;159328;160588;159363;159361;159364;159386;159372;159373;159384;159380;28142;162171;159385;159387;159395;159524;159515;159589;160234;159579;183567;28143;159594;28144;159593;160309;165813;159690;159689;159639;159630;183107;159645;159729;159687;160207;160211;159711;28145;159714;159719;159725;159882;159982;160401;160026;160028;160027;160025;160065;183140;160188;160206;160213;160205;28146;160478;160214;160233;160290;160275;160307;160308;160519;161983;160317;20672;160318;160323;160444;28208;160474;160636;160507;160502;161611;160538;160506;161480;160724;160674;160959;160977;169518;28209;161025;161058;161059;161061;161062;161063;161064;161060;161170;28210;28249;161209;161171;161219;161251;161248;161249;161386;161250;161252;161253;161330;161336;161447;28250;161663;161337;183574;161449;161450;161448;161451;161452;161446;183561;28251;28288;161473;161474;161481;161811;161810;161809;161812;161874;161576;161690;161615;161613;161634;161630;28357;161633;161671;161724;161670;161723;161728;161790;161750;161759;183151;28358;161789;29236;161908;161912;161909;161920;161922;163755;161957;161938;161954;161950;161956;161955;28359;161959;161958;161981;161982;163110;161986;164377;162173;162221;162170;162172;162718;162290;162263;28360;162962;162377;172054;162376;162394;162688;162404;162425;162515;162773;28372;162426;162424;29213;162514;162471;162485;162552;162689;162553;162614;162554;162625;20673;183718;162691;29696;29304;29214;162690;162733;162702;163026;162822;162734;162821;162932;162735;29215;162994;162993;163035;163055;163112;163113;163108;163107;163111;29237;163104;163117;163106;163109;163267;183540;163272;164944;163285;163270;163302;163294;163305;164256;183699;163287;163325;29238;163469;163436;163454;183714;163468;163467;163520;163521;163561;163522;163523;163525;29239;163680;163545;163577;163679;163701;163829;163756;163871;163863;163855;163865;29305;163872;163860;163922;163924;163921;163923;164003;164005;29738;164015;164013;164012;164016;164146;164036;164029;164031;164030;164034;164037;164124;29739;164157;164275;164287;164281;164280;166179;164327;164324;165631;164326;164378;164376;164381;164382;29740;164421;164386;164486;164392;165062;164506;164483;164493;164627;29793;164529;164528;164538;164617;164628;164587;164671;164655;164669;164654;164670;164682;164680;20674;29892;164683;164891;164681;164896;164890;164929;164950;165110;165011;29917;165015;165084;165082;165016;165109;165188;165205;165247;165662;165204;165524;165220;165278;165248;165277;29918;165287;165286;183721;165280;165281;165282;165325;165289;165290;167743;183121;165324;29919;165323;165319;183128;165321;165320;165417;165322;165326;165457;165461;167852;168153;165463;165465;29920;165470;165505;165504;165459;165466;165526;165525;165600;29921;165527;165601;165602;165668;165680;165669;165653;165650;165651;165706;165716;165690;167065;165718;29922;165717;183144;183615;166014;165731;165820;166013;166010;29964;166008;166006;166012;166049;166089;166088;166108;166103;166109;166106;166114;166115;29978;166113;166155;183105;166156;166154;166219;166178;166262;167834;168011;166265;173620;166264;166560;168231;166266;166261;29979;166286;166276;166272;166414;166569;166339;166452;166498;166499;166500;20675;166514;30018;166559;166558;166561;166576;166574;166619;166748;166669;166668;166799;30042;30019;166800;166798;167273;166861;166939;166940;166941;167060;167166;167061;167196;168311;167197;30043;167234;167229;167542;167513;167272;167530;167286;176237;167770;167919;167771;167744;167920;168282;167921;167767;30147;167874;167865;167900;168010;168148;168146;168160;30183;168154;168150;183723;171732;168152;168193;168208;168185;168184;168337;168227;168234;168280;168281;168275;30184;168279;168316;168312;183696;168317;168347;168635;168376;168345;168348;168375;168631;168349;168344;168391;168346;183569;30252;168460;168467;168464;168466;168452;168470;168479;168489;168516;168465;168534;172127;168533;31092;168509;168518;168628;168627;168630;168642;168636;168673;168653;171576;168724;183719;168732;31093;168733;168744;168840;169727;168883;169586;169461;169516;169587;169707;169585;169583;169584;31164;169692;169732;169883;169689;169688;169726;169691;169730;169904;169909;169690;169711;170082;169712;169734;169807;169905;20676;31165;170010;170001;169997;170012;170011;170039;170103;170078;170415;173050;170110;31166;170126;171734;170109;170111;170181;170180;171087;170179;170178;170412;170185;170187;170280;170188;171012;31341;170417;65107;170413;170473;170556;170728;171964;172056;170727;170562;170565;170762;170561;170644;171009;170650;171011;170632;170651;170658;31405;170734;170735;170891;170898;170912;170910;170907;171251;170908;171250;170928;170913;170927;170925;170926;170960;31406;170961;170966;171014;171090;171056;171109;171103;171211;171088;171105;171212;31461;171249;171248;171261;171252;171263;171266;172613;173780;174409;171364;171264;171265;31603;171269;171361;171262;171270;171260;171392;171386;171365;171388;171472;171470;31625;171483;172055;171484;171513;171575;171579;171577;171573;171578;31638;171592;171574;31783;171810;172031;171637;171733;171867;171812;171926;171928;171939;171930;31639;171952;171941;171942;172223;171951;171943;171954;171940;171985;171969;171938;171986;20677;31677;172025;176218;171967;172024;172049;171965;172053;173052;172050;172057;172048;172082;31678;172133;172094;172136;172092;172091;172093;172095;172135;172132;31700;172126;172213;172131;172134;172229;172222;172228;172209;31701;172227;172230;172216;172241;172243;172238;172246;172367;172365;172362;172366;31702;172443;172442;172444;173277;172441;172495;172488;172497;172496;172504;177460;31703;172511;172558;172574;172545;172576;172575;173425;172573;172589;172588;172590;172614;31704;172631;172632;172617;172619;173037;173039;173432;173051;173253;173326;173781;173265;173269;31784;173349;173374;173433;173437;173434;173372;173424;173440;173443;173441;31785;173481;173619;173618;173652;173654;173653;173648;173621;173718;173717;31848;173834;173782;173730;173795;173797;173794;173831;176265;173861;173945;173863;20678;173949;31966;20679;173946;174044;174006;173944;174141;174161;176456;174154;174160;174153;31967;174155;174173;174172;174437;174787;174228;174230;174272;174271;174276;174274;174805;174266;32053;174330;174449;174344;174331;174410;174450;174458;174461;32028;174459;174460;176892;32029;174486;174553;174484;174485;174457;174591;174610;174751;174750;187743;174752;32054;174749;174772;174806;176252;174906;174807;174804;174932;174929;174907;32185;175976;174961;174960;174959;174997;175083;175109;176364;175150;175149;175147;175148;32186;175284;175723;175288;175283;175487;175285;175561;175537;175566;175560;32187;175565;175567;175573;175572;175574;175394;175575;175599;175600;176242;175579;175666;176241;176248;176243;175820;176327;175722;175671;175821;32188;175916;175915;175914;178444;175883;175975;175884;177429;175977;175996;175988;176063;176064;176067;176088;176257;32189;176089;176090;176091;176228;176215;176226;176227;176240;176239;20680;176244;32190;176326;176325;176323;176324;176340;176338;176336;176342;176341;176361;176388;32191;32192;32193;176455;176459;176458;176670;176482;176478;176480;176489;176479;176493;176491;65108;33197;65109;33254;32357;32359;32358;32360;32431;32430;33198;176492;176490;176484;176488;176487;176501;176534;176540;176550;176561;176562;32432;178778;176565;176564;176617;176563;176616;176639;176713;176715;176712;176714;33093;176744;176726;176745;176886;177216;177463;176968;176981;176885;177109;176986;176987;33124;177080;177107;177108;177050;177051;177111;177114;177260;177390;177352;177115;177256;33199;177558;177275;177326;177263;177327;177324;181249;177323;183410;177325;177431;177356;177423;177354;177453;33217;33388;183564;177389;183565;183722;183562;183527;177426;177430;177433;177454;33255;177459;177471;177472;178445;177476;177536;178656;178326;178660;178661;177696;177537;181839;177711;33436;178657;178653;178654;177902;177891;178659;177901;177900;20681;33389;183752;177910;177999;178000;177934;178779;178001;177998;178658;178662;178655;178105;178107;33390;178106;183524;178108;178212;178211;178210;178209;178207;178208;33464;178652;178649;183535;183534;178222;178648;178260;178223;33544;178651;178283;178282;178680;178650;178647;178443;186986;178677;178482;178481;178486;178636;181247;178487;45473;33504;178750;178755;178749;179075;178780;179616;178777;178789;178795;178794;33531;178797;178914;178913;178796;178798;178940;178919;178912;178915;178920;178947;33827;33758;178974;178948;178946;179061;179146;179062;179063;180286;179076;33560;179246;180003;179247;179436;179203;179331;179332;179334;179306;179340;179333;179459;179406;179584;179659;179691;179597;179653;33575;179652;179660;179705;179704;179734;179733;179881;179706;183789;179880;33587;179893;179902;179904;179905;179903;179938;179907;179940;179929;179939;20682;179941;33759;179937;179936;180004;180011;180008;180103;180029;180181;180223;180187;33760;180224;180222;180226;180236;180227;180259;180258;180257;180260;180268;180261;33807;180274;180285;180321;180361;180332;180362;180431;180446;33808;180444;180442;180443;180445;180472;180471;180441;180468;180473;180488;180511;181189;180510;181184;181248;181561;33809;181185;180512;180532;180545;181186;180558;180562;180557;180559;180556;180560;33940;181004;181005;180561;181006;181129;181318;181178;33941;181237;181238;181315;181769;181316;181317;181883;181319;183874;181364;181362;181363;181393;181838;181410;181426;181411;182081;34048;181453;181427;181451;181452;181540;181450;183427;181482;181542;181541;34059;181613;181543;181560;181638;181637;181639;181636;182376;182469;181635;181641;181900;181640;181688;181689;34080;181687;181765;181692;183232;181766;181767;181899;181764;182612;181898;181943;181945;34094;181944;20683;186327;182420;182520;182421;184162;183751;182431;182892;182432;182843;182437;182471;182470;183750;34116;182480;182528;182531;182530;182577;182529;182557;182468;182691;182582;183426;182558;182578;182583;36904;182769;183787;182789;182792;182791;183273;182817;182845;182944;183272;182844;183428;182907;182872;182932;182891;183271;37738;183537;183197;183581;182982;183230;183231;183308;183887;183307;183384;183342;183429;37936;183458;183873;183457;183888;183455;183754;184026;183460;183456;183461;183788;183780;183454;183459;183779;183924;183753;36243;185738;183773;183778;38073;65110;183834;183790;183886;183889;184087;183923;184025;184095;184188;183929;184009;185512;184027;184018;184019;38000;184086;184085;184088;186613;185456;184098;184096;184168;185457;184161;184097;184210;184451;37910;184190;184209;184303;185162;185342;185739;185416;185504;185569;185503;36953;185708;185778;185780;185781;185779;185910;185930;185568;186010;186016;186013;186993;186014;36855;186015;186037;186038;186085;186039;186083;186082;186078;186490;186489;186488;186077;20684;186086;187680;186084;36256;186301;186081;186382;186718;186076;186079;186080;186491;186193;186192;186191;186190;186358;186209;37068;186208;186534;186221;186219;186225;186307;186226;186289;186299;186291;186367;186300;186368;186440;37333;186381;186446;186443;186445;186677;186442;186444;186441;186449;186541;186448;36805;186587;186586;186610;186609;186608;186758;186622;186615;186825;186624;186614;189108;38049;186623;186676;186644;187919;186682;186711;186717;186720;186734;186719;186743;186793;186989;186826;187787;187934;186742;186756;187657;186823;37662;187935;186755;186757;186773;186824;186809;186772;186844;186991;186990;37836;189088;186992;187105;187955;187106;187613;187938;187626;187627;187682;187683;187406;187684;37944;187429;187742;187808;187788;187937;187918;187807;187933;187936;187956;187954;36491;188073;188048;188056;188049;188054;188055;188062;189086;189143;189195;36681;189087;189194;189293;189292;189295;189360;189375;189294;20685;189520;189459;189519;20686;189537;38023;189613;189607;189608;189536;189758;189614;189609;37570;189612;189759;189611;189610;37499;37161;38095;37631;38074;37538;189735;189749;189736;37649;36711;36364;20687;37299;37886;189748;36499;36916;37203;37887;36899;37965;37355;36611;37546;37045;37177;20688;36745;37683;37853;37207;36374;37977;38099;36927;36652;37422;36896;36225;36262;20689;37474;65111;36984;37654;36761;37984;36657;36815;36674;37447;37828;37968;20690;20691;37888;65112;37362;37162;37746;37974;36382;36220;36397;38132;37876;36714;20692;37842;37381;37469;38044;36454;36279;38011;65113;37217;36218;65114;20693;37002;36665;36720;36786;38070;37810;36478;37148;38131;38036;37740;65116;65115;20694;37504;36589;37042;36746;36749;37364;38092;37956;38037;36361;37607;20696;37220;20695;37463;37359;36471;37935;38148;37983;36537;36366;37606;20697;36907;37337;36418;37152;37498;37389;37438;37819;36530;36635;20698;37978;37849;38194;37762;37806;36228;38195;38196;38205;38685;38647;38714;38715;20699;38686;38716;38741;39362;38758;38777;38759;38848;38984;20700;39390;20701;39311;39313;39312;39336;39533;39353;39337;39363;39371;39491;39419;39515;39516;20702;39517;39518;39534;39586;39600;39619;39620;39601;40348;39786;20703;39787;20704;39788;40655;39800;39789;44326;39851;40329;40416;40361;40417;40656;20705;40491;40490;65117;40492;40528;40529;40531;40530;40547;40576;40590;40751;40657;40658;20706;40752;40943;40767;40768;40769;65118;40906;40848;40794;40944;20708;20707;40981;40982;41006;41013;41045;41046;41606;41624;41969;20709;41940;41968;42043;42081;42079;42080;42050;42051;42082;42146;20710;42093;42167;42207;42237;42344;42209;42208;42335;42474;42407;42408;42466;42467;42817;20711;42795;42858;42891;43001;42930;43026;43058;43059;43087;43097;20712;65119;43108;43109;43110;43367;43153;43366;43368;43622;43823;65120;20713;43824;43825;43874;43897;44039;65121;44057;43898;44058;44106;20714;44115;44107;44108;44133;44323;44669;44327;44335;45549;44336;44585;44655;44399;44656;44586;44594;20715;20716;44688;44640;44641;44912;44913;44936;45037;45016;44985;45038;20717;45079;45042;45081;45080;45108;65122;45343;45342;45377;20718;45483;45484;45398;45474;65123;45475;45476;45485;45486;45487;47159;47160;47821;47823;47822;45550;45551;45589;20719;47161;47162;47824;47574;47855;47825;45575;46014;45576;46179;46253;46192;46254;46336;46672;20720;47799;46688;46691;46700;46731;47618;46752;65124;46810;46811;46812;46836;46855;20721;47035;47109;47108;47110;47111;65125;47856;47575;47857;47826;47679;50342;47695;47734;20722;47742;47778;47858;48242;48282;48283;48261;48253;48315;20723;48262;48349;48361;48362;48904;49169;48381;48757;48758;49268;49269;48905;49170;49065;49066;20724;49102;49141;49140;49303;49304;49171;49305;49236;49283;49306;20725;20726;49643;49673;49644;49763;49761;49762;49765;49764;50082;49772;169894;50083;189187;35608;189186;10289;59642;57891;42844;152357;108797;33850;72582;11765;136950;136949;60109;168917;178103;184459;168945;173398;185458;185460;185459;24734;34820;18551;16230;101294;101295;146990;178748;174480;91126;175434;100272;174321;91127;20182;55983;33900;175425;176066;182588;180544;180543;183880;184197;183414;186418;186419;186430;186427;175424;186426;186429;33819;40549;62901;76536;62100;62798;68984;72007;83729;72008;72985;130056;166291;63646;40548;42831;156846;170137;78549;92788;92789;20993;54644;65701;150989;31853;33278;34400;33485;40466;35068;34730;48760;55024;41626;55608;63137;48906;50650;51772;52976;51851;53405;60049;63381;58416;66216;70560;69015;137357;137358;72279;78626;137397;100592;136896;112216;105294;136999;111518;136895;126246;128080;136422;31852;40374;40375;40373;40372;40376;40370;40382;40380;40378;40377;40379;40381;40387;40386;40384;40383;40385;52010;42178;40389;40390;40388;40391;40392;40393;52011;42179;42289;42870;89735;52012;43826;45386;44642;89736;45402;89737;44993;89738;89739;56246;89740;47150;46765;52014;49085;49703;89742;89741;50611;50858;89744;89743;51077;50985;89745;99166;51422;51971;52582;53840;53592;54968;56508;55747;56665;57749;58302;58362;58535;58744;58903;58977;59506;59966;61747;62944;63332;64642;64643;65735;66723;64812;69193;70527;69550;72006;71214;71245;71617;72958;73469;73851;74244;74465;77630;78025;79762;81079;86254;87889;88954;93512;96084;99102;103357;105584;105410;105768;110901;110902;111350;118360;118955;123556;124192;125146;127807;126699;129161;128994;130346;136174;132017;131018;137354;137047;137826;139849;141757;57397;143166;31727;140045;140044;140043;151129;152047;171789;162736;70448;133843;134216;56997;108711;179665;76945;99708;82741;111386;94053;122976;111601;132753;84150;76964;76966;84804;99709;105787;104852;111602;140772;143450;141803;76944;157129;57398;57399;57400;63113;32503;33105;31729;63112;34156;34818;42308;36117;51057;45541;54996;63074;63075;77332;84219;84220;72038;31728;59091;59729;63076;76454;73672;81185;74265;71231;58793;84805;87926;91226;92945;95288;97990;105783;110098;105555;111978;20729;26200;105793;161605;164422;177328;168362;180506;125884;184130;105788;111220;133208;151012;151285;84340;180179;66896;63062;66897;76426;180178;82899;76946;76947;84341;79147;154017;78669;145402;82708;66908;76356;66909;77727;79864;83184;63681;63683;63684;63682;64920;63685;59372;33106;40907;105789;105794;134163;105790;105795;25119;72040;26201;59092;59730;63077;73674;81187;76456;97834;84223;93521;58794;64921;74267;87928;84806;91227;131129;134627;132417;134973;137663;137077;157130;164057;97941;95290;92947;99105;99590;100418;103380;104853;105785;105487;105791;111761;110099;111979;123002;118467;125224;127138;140773;26911;73595;64558;64559;76355;95657;21336;12006;33859;22047;69274;69275;58620;81787;81702;12005;42292;69516;69517;73758;70119;83739;73520;83743;73759;57709;62943;63098;62120;63099;73103;57710;125896;124567;132341;133357;133402;137633;137658;139326;139237;139238;140187;99906;139227;139730;83288;108485;83491;93049;57708;141344;141343;141345;101838;141347;141349;105082;141348;129168;108883;141342;108486;141346;123510;96663;99907;72646;79217;99236;72644;77542;80855;70070;80856;80857;71466;80858;80859;134308;70069;21749;140578;38734;96533;63280;12019;96534;112194;108811;21733;20973;20826;21738;25770;22921;25956;35788;33820;38858;29998;27040;43181;47717;50846;51091;50379;56681;57363;71787;19217;67207;59756;11530;15952;16152;16199;16204;15817;170626;131317;158243;131835;147420;70613;70614;162174;70615;70616;70618;70617;70619;80887;70621;177217;70620;70622;74442;12054;70623;70626;70627;70624;70629;70625;70628;171956;70630;164690;141782;152102;141783;70329;70330;66420;77668;70331;171957;139239;63620;38652;170016;10309;21674;22022;23732;10310;10311;25879;11429;10313;25684;28182;20392;22072;31641;24277;122448;180174;122422;15970;54585;10315;40564;15912;72388;72389;73613;78078;72387;177397;76167;26027;21737;11884;23648;78673;17362;78675;34335;35629;36127;34113;41029;69105;77731;79251;176373;70762;69881;71521;72942;73864;76150;76992;77732;89103;90786;91820;79252;80459;92816;81672;83488;84398;85405;86480;87824;48213;40335;48943;40999;55510;46864;44338;43350;56689;49978;57538;59239;58517;60116;61571;50678;51458;52502;55411;53473;56163;54942;62477;61572;64361;66543;63095;65253;66894;56164;57539;56690;58518;59240;60117;71520;69880;60118;70763;72941;61573;64362;63096;65254;62478;66544;66895;102919;103984;87825;69104;89104;90787;91821;93518;93940;92817;103985;96765;176372;95435;100671;97574;99437;101898;119419;102921;118206;102920;121107;125365;129301;124164;126923;103986;105007;106142;107093;110269;126921;108885;129061;131950;134114;136922;111387;118207;140777;117339;121108;119420;129299;125367;124165;124166;136926;140775;129059;125369;126919;131948;133212;134110;133215;147645;148946;151643;134112;155571;138087;136924;135857;139573;140757;142678;142421;144642;144634;155573;157893;156390;144640;164838;147647;148948;151641;146105;154824;156388;170000;170172;172121;174236;176368;178197;182524;185771;187623;158992;164831;166608;185776;169990;187625;170169;172137;174238;176370;178199;180101;187630;182526;104741;97997;105151;34112;111227;137657;88958;64687;164085;143151;24269;24270;64788;88959;24282;100994;45050;43830;48337;45051;73437;51187;71637;72482;61797;24271;40477;72684;52001;155963;44871;51186;52668;70767;71246;102992;56467;104854;88960;24272;85736;105045;104855;104856;108411;104857;88961;88962;59275;65548;91990;51902;34220;135860;24871;25197;34252;70768;88963;59641;24274;182965;137565;63619;24273;21625;45052;20224;24757;11049;12108;14597;44046;24245;40333;20212;74327;74328;47701;55535;59174;58386;66859;59606;62121;69137;71864;30130;29825;30205;58000;11432;25932;25459;24913;23870;25955;25798;20737;51833;29896;21620;164211;48273;119242;135188;161760;164143;161702;168802;168819;168812;168824;168794;168817;168814;168818;168821;168815;168796;168807;168813;168793;168804;168791;168822;168795;168799;168805;168800;184364;184368;177233;177230;184373;177221;177231;184380;177219;177220;177223;184376;184378;184377;184358;184379;179598;184371;184366;184369;184360;184374;184370;184361;185524;185549;185528;185527;185545;185529;185526;185547;185531;118801;25460;148706; + +TARGET +192.168.40.11,192.168.40.32,192.168.40.251,192.168.40.104 + +compliance_generate_description +no + +listen_address +0.0.0.0 + +local_portscan.snmp +yes + +severity_processed +202401301519 + +disable_api +no + +slice_network_addresses +no + +non_simult_ports +139, 445, 3389 + +local_portscan.netstat_ssh +yes + +hostMedScanTime +1772 + +ssl_mode +tls_1_2 + +dumpfile_rotation_time +1 + +max_checks +4 + +attached_report_maximum_size +25 + +stop_scan_on_disconnect +no + +network_scanners.syn +yes + +severity_basis +cvss_v3 + +report_crashes +yes + +hostMaxScanTime +1799 + +scan_history_expiration_days +0 + +network_scanners.tcp +no + +disable_guides +no + +xmlrpc_listen_port +8834 + +dumpfile_max_files +100 + +report_cleanup_threshold_days +30 + +discovery_mode +portscan_common + +engine.max_hosts +16 + +name +Credentialed Patch Audit + +whoami +soteria + +hostCredsFailedCount +0 + +logfile_rotation_time +1 + +hostAvgScanTime +1775 + +advanced_mode +default + +scan_description + + +bw_prevent_agent_scans +yes + +track_unique_agents +yes + +oracle_database_use_detected_sids +no + +reverse_lookup +yes + +engine.min +12 + +dumpfile_max_size +512 + +optimize_test +yes + +log_whole_attack +no + +loaded_plugin_set +202401301519 + +portscan.ping +yes + +cgi_path +/cgi-bin:/scripts + +unscanned_closed +no + +scan_end_timestamp +1706649340 + +hostCredsWithoutCount +0 + +listen_port +1241 + +network_scanners.udp +no + +engine.max +48 + +auto_update +yes + +local_portscan.netstat_wmi +yes + +checks_read_timeout +5 + +plugins_timeout +320 + +auto_enable_dependencies +yes + +safe_checks +yes + +hostCredsSuccessCount +4 + +report_task_id +13e710b8-ebe3-7d8e-a706-d044f4439dd1aab924ba43607dcd + +hostMaxScanTimeHosts +WKS1-Soteria + +visibility +private + +bw_permanent_blackout_window +no + +allow_post_scan_editing +yes + +wizard_uuid +0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f + +scan.unlimited +no + +max_hosts +30 + +engine.max_checks +64 + +scan_name +Soteria WKS scan + +logfile_max_size +512 + +plugin_upload +yes + +reduce_connections_on_congestion +no + +scan_start_timestamp +1706647511 + +silent_dependencies +yes + +logfile_max_files +100 + +scan_vulnerability_groups +yes + +feed_type +ProFeed + +dumpfile_rot +size + +scan_vulnerability_groups_mixed +yes + +port_range +default + +logfile_rot +size + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller : +Domain Controller : +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain : +Domain : +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username : +Domain Username : +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password : +Domain Password : +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 2: +Domain Controller 2: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 2: +Domain 2: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 2: +Domain Username 2: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 2: +Domain Password 2: +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 3: +Domain Controller 3: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 3: +Domain 3: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 3: +Domain Username 3: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 3: +Domain Password 3: +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 4: +Domain Controller 4: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 4: +Domain 4: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 4: +Domain Username 4: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 4: +Domain Password 4: +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 5: +Domain Controller 5: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 5: +Domain 5: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 5: +Domain Username 5: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 5: +Domain Password 5: +password + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch Environment API URL : +AirWatch Environment API URL : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch port : +AirWatch port : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch username : +AirWatch username : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[password]:AirWatch password : +AirWatch password : +password + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch API key : +AirWatch API key : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +AirWatch API Settings +76460 +AirWatch API Settings[checkbox]:Verify SSL certificate : +Verify SSL certificate : +checkbox +no +no + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[file]:File containing machine readable results : +File containing machine readable results : +file + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[radio]:Mode +Mode +radio +Map applications;Just grab banners;Port scan only +Map applications;Just grab banners;Port scan only + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:Quicker +Quicker +checkbox +no +no + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:UDP scan (disabled in safe_checks) +UDP scan (disabled in safe_checks) +checkbox +no +no + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:SSL (disabled in safe_checks) +SSL (disabled in safe_checks) +checkbox +yes +yes + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:RPC (disabled in safe_checks) +RPC (disabled in safe_checks) +checkbox +yes +yes + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Parallel tasks +Parallel tasks +entry + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Connection retries +Connection retries +entry + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Connection timeout +Connection timeout +entry + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Read timeout +Read timeout +entry + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Antivirus Software Check +16193 +Antivirus Software Check[entry]:Delay (in days, between 0 and 7) : +Delay (in days, between 0 and 7) : +entry +0 +0 + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Apple Profile Manager server : +Apple Profile Manager server : +entry + + + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Apple Profile Manager port : +Apple Profile Manager port : +entry +443 +443 + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Apple Profile Manager username : +Apple Profile Manager username : +entry + + + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[password]:Apple Profile Manager password : +Apple Profile Manager password : +password + + + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[checkbox]:Force Device Updates : +Force Device Updates : +checkbox +yes +yes + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Device Update Timeout (Minutes) : +Device Update Timeout (Minutes) : +entry +5 +5 + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region af-south-1 : +Region af-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-east-1 : +Region ap-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-northeast-1 : +Region ap-northeast-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-northeast-2 : +Region ap-northeast-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-northeast-3 : +Region ap-northeast-3 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-south-1 : +Region ap-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-southeast-1 : +Region ap-southeast-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-southeast-2 : +Region ap-southeast-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ca-central-1 : +Region ca-central-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region cn-north-1 : +Region cn-north-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region cn-northwest-1 : +Region cn-northwest-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-central-1 : +Region eu-central-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-north-1 : +Region eu-north-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-south-1 : +Region eu-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-west-1 : +Region eu-west-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-west-2 : +Region eu-west-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-west-3 : +Region eu-west-3 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region me-south-1 : +Region me-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region sa-east-1 : +Region sa-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-east-1 : +Region us-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-east-2 : +Region us-east-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-gov-east-1 : +Region us-gov-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-gov-west-1 : +Region us-gov-west-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-west-1 : +Region us-west-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-west-2 : +Region us-west-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[password]:AWS Access Key ID : +AWS Access Key ID : +password + + + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[password]:AWS Secret Access Key : +AWS Secret Access Key : +password + + + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[radio]:Authentication Method : +Authentication Method : +radio + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Authentication Environment : +Authentication Environment : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Username : +Username : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[password]:Password : +Password : +password + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Client ID : +Client ID : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Tenant ID : +Tenant ID : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Subscriptions : +Subscriptions : +entry + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Hostname : +Blackberry UEM Hostname : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Port : +Blackberry UEM Port : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Tenant : +Blackberry UEM Tenant : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Domain : +Blackberry UEM Domain : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Username : +Blackberry UEM Username : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[password]:Blackberry UEM Password : +Blackberry UEM Password : +password + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[checkbox]:Blackberry UEM SSL : +Blackberry UEM SSL : +checkbox +yes +yes + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[checkbox]:Blackberry UEM Verify SSL Certificate : +Blackberry UEM Verify SSL Certificate : +checkbox +no +no + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[radio]:IOS Config File To Audit : +IOS Config File To Audit : +radio +Saved/(show config);Running/(show running);Startup/(show startup) +Saved/(show config);Running/(show running);Startup/(show startup) + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[entry]:Username : +Username : +entry + + + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[password]:Password : +Password : +password + + + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[entry]:Port : +Port : +entry +443 +443 + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cleartext protocols settings +21744 +Cleartext protocols settings[entry]:User name : +User name : +entry + + + +Cleartext protocols settings +21744 +Cleartext protocols settings[password]:Password (unsafe!) : +Password (unsafe!) : +password + + + +Cleartext protocols settings +21744 +Cleartext protocols settings[checkbox]:Try to perform patch level checks over telnet +Try to perform patch level checks over telnet +checkbox +no +no + +Cleartext protocols settings +21744 +Cleartext protocols settings[checkbox]:Try to perform patch level checks over rsh +Try to perform patch level checks over rsh +checkbox +no +no + +Cleartext protocols settings +21744 +Cleartext protocols settings[checkbox]:Try to perform patch level checks over rexec +Try to perform patch level checks over rexec +checkbox +no +no + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Database settings +33815 +Database settings[radio]:DB Type : +DB Type : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Database service type : +Database service type : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Database SID : +Database SID : +entry + + + +Database settings +33815 +Database settings[entry]:Database port to use : +Database port to use : +entry + + + +Database settings +33815 +Database settings[entry]:Login : +Login : +entry + + + +Database settings +33815 +Database settings[password]:Password : +Password : +password + + + +Database settings +33815 +Database settings[radio]:Oracle auth type: +Oracle auth type: +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:SQL Server auth type: +SQL Server auth type: +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Sybase ASE auth type: +Sybase ASE auth type: +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (1) : +Additional DB Type (1) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (1) : +Additional Database service type (1) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (1) : +Additional Database SID (1) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (1) : +Additional Database port to use (1) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (1) : +Additional Login (1) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (1) : +Additional Password (1) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (1) : +Additional Oracle auth type (1) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (1) : +Additional SQL Server auth type (1) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (1) : +Additional Sybase ASE auth type (1) : +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (2) : +Additional DB Type (2) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (2) : +Additional Database service type (2) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (2) : +Additional Database SID (2) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (2) : +Additional Database port to use (2) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (2) : +Additional Login (2) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (2) : +Additional Password (2) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (2) : +Additional Oracle auth type (2) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (2) : +Additional SQL Server auth type (2) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (2) : +Additional Sybase ASE auth type (2) : +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (3) : +Additional DB Type (3) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (3) : +Additional Database service type (3) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (3) : +Additional Database SID (3) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (3) : +Additional Database port to use (3) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (3) : +Additional Login (3) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (3) : +Additional Password (3) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (3) : +Additional Oracle auth type (3) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (3) : +Additional SQL Server auth type (3) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (3) : +Additional Sybase ASE auth type (3) : +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (4) : +Additional DB Type (4) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (4) : +Additional Database service type (4) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (4) : +Additional Database SID (4) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (4) : +Additional Database port to use (4) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (4) : +Additional Login (4) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (4) : +Additional Password (4) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (4) : +Additional Oracle auth type (4) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (4) : +Additional SQL Server auth type (4) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (4) : +Additional Sybase ASE auth type (4) : +radio +RSA;Plain Text +RSA;Plain Text + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Address : +K1000 Address : +entry + + + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Port : +K1000 Database Port : +entry +3306 +3306 + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Organization Database Name : +K1000 Organization Database Name : +entry +ORG1 +ORG1 + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Username : +K1000 Database Username : +entry +R1 +R1 + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[password]:K1000 Database Password : +K1000 Database Password : +password + + + +Do not scan fragile devices +22481 +Do not scan fragile devices[checkbox]:Scan Network Printers +Scan Network Printers +checkbox +no +no + +Do not scan fragile devices +22481 +Do not scan fragile devices[checkbox]:Scan Novell Netware hosts +Scan Novell Netware hosts +checkbox +no +no + +Do not scan fragile devices +22481 +Do not scan fragile devices[checkbox]:Scan Operational Technology devices +Scan Operational Technology devices +checkbox +yes +yes + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +F5 Settings +95387 +F5 Settings[entry]:Username : +Username : +entry + + + +F5 Settings +95387 +F5 Settings[password]:Password : +Password : +password + + + +F5 Settings +95387 +F5 Settings[entry]:Port : +Port : +entry +443 +443 + +F5 Settings +95387 +F5 Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +F5 Settings +95387 +F5 Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Service Detection +22964 +Service Detection[radio]:Test SSL based services +Test SSL based services +radio +All ports +All ports + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Google Cloud Platform Settings +150079 +Google Cloud Platform Settings[file]:Service Account JSON Key File : +Service Account JSON Key File : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Global variable settings +12288 +Global variable settings[checkbox]:Probe services on every port +Probe services on every port +checkbox +yes +yes + +Global variable settings +12288 +Global variable settings[checkbox]:Do not log in with user accounts not specified in the policy +Do not log in with user accounts not specified in the policy +checkbox +yes +yes + +Global variable settings +12288 +Global variable settings[checkbox]:Enable CGI scanning +Enable CGI scanning +checkbox +no +no + +Global variable settings +12288 +Global variable settings[radio]:Network type +Network type +radio +Mixed (use RFC 1918);Private LAN;Public WAN (Internet) +Mixed (use RFC 1918) + +Global variable settings +12288 +Global variable settings[checkbox]:Enable experimental scripts +Enable experimental scripts +checkbox +no +no + +Global variable settings +12288 +Global variable settings[checkbox]:Thorough tests (slow) +Thorough tests (slow) +checkbox +no +no + +Global variable settings +12288 +Global variable settings[radio]:Report verbosity +Report verbosity +radio +Normal;Quiet;Verbose +Normal + +Global variable settings +12288 +Global variable settings[radio]:Report paranoia +Report paranoia +radio +Normal;Avoid false alarms;Paranoid (more false alarms) +Normal;Avoid false alarms;Paranoid (more false alarms) + +Global variable settings +12288 +Global variable settings[entry]:HTTP User-Agent +HTTP User-Agent +entry +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) + +Global variable settings +12288 +Global variable settings[file]:SSL certificate to use : +SSL certificate to use : +file + + + +Global variable settings +12288 +Global variable settings[file]:SSL CA to trust : +SSL CA to trust : +file + + + +Global variable settings +12288 +Global variable settings[file]:SSL key to use : +SSL key to use : +file + + + +Global variable settings +12288 +Global variable settings[password]:SSL password for SSL key : +SSL password for SSL key : +password + + + +Global variable settings +12288 +Global variable settings[checkbox]:Enumerate all SSL ciphers +Enumerate all SSL ciphers +checkbox +yes +yes + +Global variable settings +12288 +Global variable settings[checkbox]:Enable CRL checking (connects to Internet) +Enable CRL checking (connects to Internet) +checkbox +no +no + +Global variable settings +12288 +Global variable settings[checkbox]:Enable plugin debugging +Enable plugin debugging +checkbox +no +no + +Global variable settings +12288 +Global variable settings[entry]:Java ARchive Detection Path : +Java ARchive Detection Path : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:GMC Server : +GMC Server : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:Port : +Port : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:Domain : +Domain : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:Username : +Username : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[password]:Password : +Password : +password + + + +Good MDM Settings +66963 +Good MDM Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Good MDM Settings +66963 +Good MDM Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[entry]:HCL BigFix Web Reports Server : +HCL BigFix Web Reports Server : +entry + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[entry]:HCL BigFix Web Reports Port : +HCL BigFix Web Reports Port : +entry + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[entry]:HCL BigFix Web Reports Username : +HCL BigFix Web Reports Username : +entry + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[password]:HCL BigFix Web Reports Password : +HCL BigFix Web Reports Password : +password + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[checkbox]:HCL BigFix SSL : +HCL BigFix SSL : +checkbox +no +no + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[checkbox]:HCL BigFix Verify SSL Certificate : +HCL BigFix Verify SSL Certificate : +checkbox +no +no + +Hosts File Whitelisted Entries +73980 +Hosts File Whitelisted Entries[file]:Upload file with custom hosts entries : +Upload file with custom hosts entries : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[radio]:HP ProCurve File To Audit : +HP ProCurve File To Audit : +radio +Saved/(show config);Default/(show default-config);Running/(show running-config) +Saved/(show config);Default/(show default-config);Running/(show running-config) + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +HTTP cookies import +42893 +HTTP cookies import[file]:Cookies file : +Cookies file : +file + + + +HTTP login page +11149 +HTTP login page[entry]:Login page : +Login page : +entry +/ +/ + +HTTP login page +11149 +HTTP login page[entry]:Login form : +Login form : +entry + + + +HTTP login page +11149 +HTTP login page[entry]:Login form fields : +Login form fields : +entry +user=%USER%&pass=%PASS% +user=%USER%&pass=%PASS% + +HTTP login page +11149 +HTTP login page[radio]:Login form method : +Login form method : +radio +POST;GET +POST;GET + +HTTP login page +11149 +HTTP login page[checkbox]:Automated login page search +Automated login page search +checkbox +no +no + +HTTP login page +11149 +HTTP login page[entry]:Re-authenticate delay (seconds) : +Re-authenticate delay (seconds) : +entry + + + +HTTP login page +11149 +HTTP login page[entry]:Check authentication on page : +Check authentication on page : +entry + + + +HTTP login page +11149 +HTTP login page[entry]:Follow 30x redirections (# of levels) : +Follow 30x redirections (# of levels) : +entry +2 +2 + +HTTP login page +11149 +HTTP login page[entry]:Authenticated regex : +Authenticated regex : +entry + + + +HTTP login page +11149 +HTTP login page[checkbox]:Invert test (disconnected if regex matches) +Invert test (disconnected if regex matches) +checkbox +no +no + +HTTP login page +11149 +HTTP login page[checkbox]:Match regex on HTTP headers +Match regex on HTTP headers +checkbox +no +no + +HTTP login page +11149 +HTTP login page[checkbox]:Case insensitive regex +Case insensitive regex +checkbox +no +no + +HTTP login page +11149 +HTTP login page[checkbox]:Abort web application tests if login fails +Abort web application tests if login fails +checkbox +no +no + +Remote web server screenshot +59861 +Remote web server screenshot[checkbox]:Allow Nessus to connect to the cloud to take a screenshot of the public targets +Allow Nessus to connect to the cloud to take a screenshot of the public targets +checkbox +no +no + +Hydra: Cisco enable +15870 +Hydra: Cisco enable[entry]:Logon password : +Logon password : +entry + + + +Hydra: HTTP +15873 +Hydra: HTTP[entry]:Web page : +Web page : +entry + + + +Hydra: HTTP proxy +15874 +Hydra: HTTP proxy[entry]:Web site (optional) : +Web site (optional) : +entry + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Hydra: LDAP +15877 +Hydra: LDAP[entry]:DN : +DN : +entry + + + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Always enable Hydra (slow) +Always enable Hydra (slow) +checkbox +no +no + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[file]:Logins file : +Logins file : +file + + + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[file]:Passwords file : +Passwords file : +file + + + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[entry]:Number of parallel tasks : +Number of parallel tasks : +entry +16 +16 + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[entry]:Timeout (in seconds) : +Timeout (in seconds) : +entry +30 +30 + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Try empty passwords +Try empty passwords +checkbox +yes +yes + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Try login as password +Try login as password +checkbox +yes +yes + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Exit as soon as an account is found +Exit as soon as an account is found +checkbox +no +no + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Add accounts found by other plugins to login file +Add accounts found by other plugins to login file +checkbox +yes +yes + +Hydra: PostgreSQL +18660 +Hydra: PostgreSQL[entry]:Database name (optional) : +Database name (optional) : +entry + + + +Hydra: SAP R3 +15883 +Hydra: SAP R3[entry]:Client ID (between 0 and 99) : +Client ID (between 0 and 99) : +entry + + + +Hydra: SMB +15884 +Hydra: SMB[checkbox]:Interpret passwords as NTLM hashes +Interpret passwords as NTLM hashes +checkbox +no +no + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Server : +Web Reports Server : +entry + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Port : +Web Reports Port : +entry + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Username : +Web Reports Username : +entry + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[password]:Web Reports Password : +Web Reports Password : +password + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:SSL : +SSL : +checkbox +no +no + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Intune Settings +125030 +Intune Settings[entry]:Intune Tenant : +Intune Tenant : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Client : +Intune Client : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Secret : +Intune Secret : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Username : +Intune Username : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Password : +Intune Password : +entry + + + +Active Connection to or from Host Listed in Custom Netstat IP Threat List +147190 +Active Connection to or from Host Listed in Custom Netstat IP Threat List[file]:Custom Netstat IP Threat List : +Custom Netstat IP Threat List : +file + + + +Active Outbound Connection to Host Listed in Known Bot Database +58430 +Active Outbound Connection to Host Listed in Known Bot Database[file]:Custom Netstat IP Threat List : +Custom Netstat IP Threat List : +file + + + +IBM iSeries Credentials +57861 +IBM iSeries Credentials[entry]:Login : +Login : +entry + + + +IBM iSeries Credentials +57861 +IBM iSeries Credentials[password]:Password : +Password : +password + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Kerberos configuration +17351 +Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : +Kerberos Key Distribution Center (KDC) : +entry + + + +Kerberos configuration +17351 +Kerberos configuration[entry]:Kerberos KDC Port : +Kerberos KDC Port : +entry +88 +88 + +Kerberos configuration +17351 +Kerberos configuration[radio]:Kerberos KDC Transport : +Kerberos KDC Transport : +radio +tcp +tcp + +Kerberos configuration +17351 +Kerberos configuration[entry]:Kerberos Realm (SSH only) : +Kerberos Realm (SSH only) : +entry + + + +LDAP Active Directory - Identity Data Enumeration +165066 +LDAP Active Directory - Identity Data Enumeration[checkbox]:Collect Identity Data from Active Directory +Collect Identity Data from Active Directory +checkbox +no +no + +LDAP Active Directory - crossRef Enumeration +176549 +LDAP Active Directory - crossRef Enumeration[checkbox]:Collect Identity Data from Active Directory +Collect Identity Data from Active Directory +checkbox +no +no + +LDAP 'Domain Admins' Group Membership Enumeration +58038 +LDAP 'Domain Admins' Group Membership Enumeration[entry]:LDAP user : +LDAP user : +entry + + + +LDAP 'Domain Admins' Group Membership Enumeration +58038 +LDAP 'Domain Admins' Group Membership Enumeration[password]:LDAP password : +LDAP password : +password + + + +LDAP 'Domain Admins' Group Membership Enumeration +58038 +LDAP 'Domain Admins' Group Membership Enumeration[entry]:Max results : +Max results : +entry +1000 +1000 + +Login configurations +10870 +Login configurations[entry]:HTTP account : +HTTP account : +entry + + + +Login configurations +10870 +Login configurations[password]:HTTP password (sent in clear) : +HTTP password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:NNTP account : +NNTP account : +entry + + + +Login configurations +10870 +Login configurations[password]:NNTP password (sent in clear) : +NNTP password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:FTP account : +FTP account : +entry +anonymous +anonymous + +Login configurations +10870 +Login configurations[password]:FTP password (sent in clear) : +FTP password (sent in clear) : +password +nessus@nessus.org +********* + +Login configurations +10870 +Login configurations[entry]:FTP writeable directory : +FTP writeable directory : +entry +/incoming +/incoming + +Login configurations +10870 +Login configurations[entry]:POP2 account : +POP2 account : +entry + + + +Login configurations +10870 +Login configurations[password]:POP2 password (sent in clear) : +POP2 password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:POP3 account : +POP3 account : +entry + + + +Login configurations +10870 +Login configurations[password]:POP3 password (sent in clear) : +POP3 password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:IMAP account : +IMAP account : +entry + + + +Login configurations +10870 +Login configurations[password]:IMAP password (sent in clear) : +IMAP password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:IPMI account : +IPMI account : +entry + + + +Login configurations +10870 +Login configurations[password]:IPMI password (sent in clear) : +IPMI password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:SMB account : +SMB account : +entry + +degthat + +Login configurations +10870 +Login configurations[password]:SMB password : +SMB password : +password + +********* + +Login configurations +10870 +Login configurations[entry]:SMB domain (optional) : +SMB domain (optional) : +entry + + + +Login configurations +10870 +Login configurations[radio]:SMB password type : +SMB password type : +radio +Password;LM Hash;NTLM Hash +Password + +Login configurations +10870 +Login configurations[entry]:Additional SMB account (1) : +Additional SMB account (1) : +entry + + + +Login configurations +10870 +Login configurations[password]:Additional SMB password (1) : +Additional SMB password (1) : +password + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB domain (optional) (1) : +Additional SMB domain (optional) (1) : +entry + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB account (2) : +Additional SMB account (2) : +entry + + + +Login configurations +10870 +Login configurations[password]:Additional SMB password (2) : +Additional SMB password (2) : +password + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB domain (optional) (2) : +Additional SMB domain (optional) (2) : +entry + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB account (3) : +Additional SMB account (3) : +entry + + + +Login configurations +10870 +Login configurations[password]:Additional SMB password (3) : +Additional SMB password (3) : +password + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB domain (optional) (3) : +Additional SMB domain (optional) (3) : +entry + + + +Login configurations +10870 +Login configurations[checkbox]:Never send SMB credentials in clear text +Never send SMB credentials in clear text +checkbox +yes +yes + +Login configurations +10870 +Login configurations[checkbox]:Only use NTLMv2 +Only use NTLMv2 +checkbox +no +yes + +Login configurations +10870 +Login configurations[checkbox]:Only use Kerberos authentication for SMB +Only use Kerberos authentication for SMB +checkbox +no +no + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Username : +Username : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[password]:Password : +Password : +password + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Root URL : +Root URL : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Platform ID : +Platform ID : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Billing ID : +Billing ID : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:App ID : +App ID : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:App version : +App version : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:App access key : +App access key : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect All Device Data : +Collect All Device Data : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Summary : +Collect Device Summary : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Applications : +Collect Device Applications : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Compliance : +Collect Device Compliance : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Policies : +Collect Device Policies : +checkbox + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron VSP Admin Portal URL : +MobileIron VSP Admin Portal URL : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron VSP Admin Portal Port : +MobileIron VSP Admin Portal Port : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron port : +MobileIron port : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron username : +MobileIron username : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[password]:MobileIron password : +MobileIron password : +password + + + +MobileIron API Settings +72904 +MobileIron API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +MobileIron API Settings +72904 +MobileIron API Settings[checkbox]:Verify SSL certificate : +Verify SSL certificate : +checkbox +no +no + +MongoDB Settings +76512 +MongoDB Settings[entry]:Username : +Username : +entry + + + +MongoDB Settings +76512 +MongoDB Settings[password]:Password : +Password : +password + + + +MongoDB Settings +76512 +MongoDB Settings[entry]:Database for authentication : +Database for authentication : +entry + + + +MongoDB Settings +76512 +MongoDB Settings[entry]:Port : +Port : +entry +27017 +27017 + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Nessus TCP scanner +10335 +Nessus TCP scanner[radio]:Firewall detection : +Firewall detection : +radio +Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) +Automatic (normal) + +Nessus SYN scanner +11219 +Nessus SYN scanner[radio]:Firewall detection : +Firewall detection : +radio +Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) +Automatic (normal) + +Netapp API Settings +112118 +Netapp API Settings[entry]:Username : +Username : +entry + + + +Netapp API Settings +112118 +Netapp API Settings[password]:Password : +Password : +password + + + +Netapp API Settings +112118 +Netapp API Settings[entry]:vFiler : +vFiler : +entry + + + +Netapp API Settings +112118 +Netapp API Settings[entry]:Port : +Port : +entry + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Enable Nikto +Enable Nikto +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Disable if server never replies 404 +Disable if server never replies 404 +checkbox +yes +yes + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[entry]:Root directory +Root directory +entry + + + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[entry]:Pause between tests (s) +Pause between tests (s) +entry + + + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[radio]:Scan CGI directories +Scan CGI directories +radio +User supplied;All;None +User supplied;All;None + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 1 Show redirects +Display: 1 Show redirects +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 2 Show cookies received +Display: 2 Show cookies received +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 3 Show all 200/OK responses +Display: 3 Show all 200/OK responses +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 4 Show URLs which require authentication +Display: 4 Show URLs which require authentication +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: V Verbose Output +Display: V Verbose Output +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 1 Interesting File / Seen in logs +Tuning: 1 Interesting File / Seen in logs +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 2 Misconfiguration / Default File +Tuning: 2 Misconfiguration / Default File +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 3 Information Disclosure +Tuning: 3 Information Disclosure +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 4 Injection (XSS/Script/HTML) +Tuning: 4 Injection (XSS/Script/HTML) +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 5 Remote File Retrieval - Inside Web Root +Tuning: 5 Remote File Retrieval - Inside Web Root +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 6 Denial of Service +Tuning: 6 Denial of Service +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 7 Remote File Retrieval - Server Wide +Tuning: 7 Remote File Retrieval - Server Wide +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 8 Command Execution / Remote Shell +Tuning: 8 Command Execution / Remote Shell +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 9 SQL Injection +Tuning: 9 SQL Injection +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 0 File Upload +Tuning: 0 File Upload +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: a Authentication Bypass +Tuning: a Authentication Bypass +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: b Software Identification +Tuning: b Software Identification +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: c Remote Source Inclusion +Tuning: c Remote Source Inclusion +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: x Reverse Tuning Options (i.e., include all except specified) +Tuning: x Reverse Tuning Options (i.e., include all except specified) +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 1 Test all files with all root directories +Mutate: 1 Test all files with all root directories +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 2 Guess for password file names +Mutate: 2 Guess for password file names +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 3 Enumerate user names via Apache (/~user type requests) +Mutate: 3 Enumerate user names via Apache (/~user type requests) +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) +Mutate: 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) +checkbox +no +no + +Nutanix Settings +160184 +Nutanix Settings[entry]:Nutanix host : +Nutanix host : +entry + + + +Nutanix Settings +160184 +Nutanix Settings[entry]:Nutanix port : +Nutanix port : +entry +9440 +9440 + +Nutanix Settings +160184 +Nutanix Settings[entry]:Nutanix username : +Nutanix username : +entry + + + +Nutanix Settings +160184 +Nutanix Settings[password]:Nutanix password : +Nutanix password : +password + + + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:Auto Discover Managed Nutanix Hosts : +Auto Discover Managed Nutanix Hosts : +checkbox +yes +yes + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:Auto Discover Managed Virtual Machines : +Auto Discover Managed Virtual Machines : +checkbox +yes +yes + +Office 365 Settings +109581 +Office 365 Settings[entry]:Username : +Username : +entry + + + +Office 365 Settings +109581 +Office 365 Settings[password]:Password : +Password : +password + + + +Office 365 Settings +109581 +Office 365 Settings[entry]:Client Id : +Client Id : +entry + + + +Office 365 Settings +109581 +Office 365 Settings[password]:Client Secret : +Client Secret : +password + + + +OpenShift Settings +161407 +OpenShift Settings[entry]:Service Account Token : +Service Account Token : +entry + + + +OpenShift Settings +161407 +OpenShift Settings[entry]:Port : +Port : +entry +6443 +6443 + +OpenShift Settings +161407 +OpenShift Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +OpenShift Settings +161407 +OpenShift Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +OpenStack Settings +86348 +OpenStack Settings[entry]:Username : +Username : +entry + + + +OpenStack Settings +86348 +OpenStack Settings[entry]:Tenant Name for Authentication : +Tenant Name for Authentication : +entry +admin +admin + +OpenStack Settings +86348 +OpenStack Settings[password]:Password : +Password : +password + + + +OpenStack Settings +86348 +OpenStack Settings[entry]:Port : +Port : +entry +443 +443 + +OpenStack Settings +86348 +OpenStack Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +OpenStack Settings +86348 +OpenStack Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[radio]:Oracle Character Length Semantics : +Oracle Character Length Semantics : +radio +byte +byte + +Oracle Settings +22076 +Oracle Settings[radio]:Oracle service type : +Oracle service type : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Oracle Settings +22076 +Oracle Settings[entry]:Oracle SID : +Oracle SID : +entry + + + +Oracle Settings +22076 +Oracle Settings[checkbox]:Test default accounts (slow) +Test default accounts (slow) +checkbox +no +no + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Username : +Palo Alto Username : +entry + + + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[password]:Palo Alto Password : +Palo Alto Password : +password + + + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Port : +Palo Alto Port : +entry +443 +443 + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Patch Report +66334 +Patch Report[checkbox]:Display the superseded patches in the report +Display the superseded patches in the report +checkbox +yes +yes + +PCI DSS compliance +33929 +PCI DSS compliance[checkbox]:Check for PCI-DSS compliance +Check for PCI-DSS compliance +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[entry]:TCP ping destination port(s) : +TCP ping destination port(s) : +entry +built-in +built-in + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do an ARP ping +Do an ARP ping +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do a TCP ping +Do a TCP ping +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do an ICMP ping +Do an ICMP ping +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[entry]:Number of retries (ICMP) : +Number of retries (ICMP) : +entry +2 +2 + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) +Do an applicative UDP ping (DNS,RPC...) +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Make the dead hosts appear in the report +Make the dead hosts appear in the report +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Log live hosts in the report +Log live hosts in the report +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Test the local Nessus host +Test the local Nessus host +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[checkbox]:Fast network discovery +Fast network discovery +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Interpret ICMP unreach from gateway +Interpret ICMP unreach from gateway +checkbox +no +no + +Nessus Launched Plugin List +112154 +Nessus Launched Plugin List[checkbox]:Enable Plugin List Report +Enable Plugin List Report +checkbox +no +no + +Port scanners settings +33812 +Port scanners settings[checkbox]:Check open TCP ports found by local port enumerators +Check open TCP ports found by local port enumerators +checkbox +no +no + +Port scanners settings +33812 +Port scanners settings[checkbox]:Only run network port scanners if local port enumeration failed +Only run network port scanners if local port enumeration failed +checkbox +yes +yes + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Rackspace Settings +79355 +Rackspace Settings[entry]:Username : +Username : +entry + + + +Rackspace Settings +79355 +Rackspace Settings[password]:Password or API Key : +Password or API Key : +password + + + +Rackspace Settings +79355 +Rackspace Settings[radio]:Authentication Method : +Authentication Method : +radio +API-Key;Password +API-Key;Password + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Dallas-Fort Worth (DFW) : +Dallas-Fort Worth (DFW) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Chicago (ORD) : +Chicago (ORD) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Northern Virginia (IAD) : +Northern Virginia (IAD) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:London (LON) : +London (LON) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Sydney (SYD) : +Sydney (SYD) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Hong Kong (HKG) : +Hong Kong (HKG) : +checkbox +yes +yes + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +RHEV Settings +77089 +RHEV Settings[entry]:Username : +Username : +entry + + + +RHEV Settings +77089 +RHEV Settings[password]:Password : +Password : +password + + + +RHEV Settings +77089 +RHEV Settings[entry]:Port : +Port : +entry +443 +443 + +RHEV Settings +77089 +RHEV Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Salesforce.com Settings +76710 +Salesforce.com Settings[entry]:Username : +Username : +entry + + + +Salesforce.com Settings +76710 +Salesforce.com Settings[password]:Password : +Password : +password + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Server : +Satellite 6 Server : +entry + + + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Port : +Satellite 6 Port : +entry +443 +443 + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[checkbox]:Satellite 6 Use SSL : +Satellite 6 Use SSL : +checkbox +yes +yes + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[checkbox]:Satellite 6 Verify Certificate : +Satellite 6 Verify Certificate : +checkbox +yes +yes + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Username : +Satellite 6 Username : +entry + + + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[password]:Satellite 6 Password : +Satellite 6 Password : +password + + + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite server(s) [separated w/ semicolons] : +Red Hat Satellite server(s) [separated w/ semicolons] : +entry + + + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite port(s) : +Red Hat Satellite port(s) : +entry +443 +443 + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[checkbox]:Verify SSL certificates : +Verify SSL certificates : +checkbox +no +no + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite username(s) : +Red Hat Satellite username(s) : +entry + + + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[password]:Red Hat Satellite password(s) : +Red Hat Satellite password(s) : +password + + + +Modbus/TCP Coil Access +23817 +Modbus/TCP Coil Access[entry]:Start reg : +Start reg : +entry +0 +0 + +Modbus/TCP Coil Access +23817 +Modbus/TCP Coil Access[entry]:End reg : +End reg : +entry +16 +16 + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[entry]:SCCM Server : +SCCM Server : +entry + + + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[entry]:SCCM Domain : +SCCM Domain : +entry + + + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[entry]:SCCM Username : +SCCM Username : +entry + + + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[password]:SCCM Password : +SCCM Password : +password + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #1 : +SCAP File (zip) #1 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #1 : +SCAP Version #1 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : +SCAP Data Stream ID (1.2 only) #1 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #1 : +SCAP Benchmark ID #1 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #1 : +SCAP Profile ID #1 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #1 : +OVAL Result Type #1 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #2 : +SCAP File (zip) #2 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #2 : +SCAP Version #2 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : +SCAP Data Stream ID (1.2 only) #2 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #2 : +SCAP Benchmark ID #2 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #2 : +SCAP Profile ID #2 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #2 : +OVAL Result Type #2 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #3 : +SCAP File (zip) #3 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #3 : +SCAP Version #3 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : +SCAP Data Stream ID (1.2 only) #3 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #3 : +SCAP Benchmark ID #3 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #3 : +SCAP Profile ID #3 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #3 : +OVAL Result Type #3 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #4 : +SCAP File (zip) #4 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #4 : +SCAP Version #4 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : +SCAP Data Stream ID (1.2 only) #4 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #4 : +SCAP Benchmark ID #4 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #4 : +SCAP Profile ID #4 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #4 : +OVAL Result Type #4 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #5 : +SCAP File (zip) #5 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #5 : +SCAP Version #5 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : +SCAP Data Stream ID (1.2 only) #5 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #5 : +SCAP Benchmark ID #5 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #5 : +SCAP Profile ID #5 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #5 : +OVAL Result Type #5 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #1 : +SCAP File (zip) #1 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #1 : +SCAP Version #1 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : +SCAP Data Stream ID (1.2 only) #1 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #1 : +SCAP Benchmark ID #1 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #1 : +SCAP Profile ID #1 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #1 : +OVAL Result Type #1 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #2 : +SCAP File (zip) #2 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #2 : +SCAP Version #2 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : +SCAP Data Stream ID (1.2 only) #2 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #2 : +SCAP Benchmark ID #2 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #2 : +SCAP Profile ID #2 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #2 : +OVAL Result Type #2 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #3 : +SCAP File (zip) #3 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #3 : +SCAP Version #3 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : +SCAP Data Stream ID (1.2 only) #3 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #3 : +SCAP Benchmark ID #3 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #3 : +SCAP Profile ID #3 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #3 : +OVAL Result Type #3 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #4 : +SCAP File (zip) #4 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #4 : +SCAP Version #4 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : +SCAP Data Stream ID (1.2 only) #4 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #4 : +SCAP Benchmark ID #4 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #4 : +SCAP Profile ID #4 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #4 : +OVAL Result Type #4 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #5 : +SCAP File (zip) #5 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #5 : +SCAP Version #5 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : +SCAP Data Stream ID (1.2 only) #5 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #5 : +SCAP Benchmark ID #5 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #5 : +SCAP Profile ID #5 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #5 : +OVAL Result Type #5 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SMB Scope +10917 +SMB Scope[checkbox]:Request information about the domain +Request information about the domain +checkbox +yes +yes + +SMTP settings +11038 +SMTP settings[entry]:Third party domain : +Third party domain : +entry +example.edu +example.edu + +SMTP settings +11038 +SMTP settings[entry]:From address : +From address : +entry +nobody@example.edu +nobody@example.edu + +SMTP settings +11038 +SMTP settings[entry]:To address : +To address : +entry +postmaster@[AUTO_REPLACED_IP] +postmaster@[AUTO_REPLACED_IP] + +SNMP settings +19762 +SNMP settings[entry]:Community name : +Community name : +entry +public +public + +SNMP settings +19762 +SNMP settings[entry]:Community name (1) : +Community name (1) : +entry + + + +SNMP settings +19762 +SNMP settings[entry]:Community name (2) : +Community name (2) : +entry + + + +SNMP settings +19762 +SNMP settings[entry]:Community name (3) : +Community name (3) : +entry + + + +SNMP settings +19762 +SNMP settings[entry]:UDP port : +UDP port : +entry +161 +161 + +SNMP settings +19762 +SNMP settings[entry]:Additional UDP port (1) : +Additional UDP port (1) : +entry + +161 + +SNMP settings +19762 +SNMP settings[entry]:Additional UDP port (2) : +Additional UDP port (2) : +entry + +161 + +SNMP settings +19762 +SNMP settings[entry]:Additional UDP port (3) : +Additional UDP port (3) : +entry + +161 + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name : +SNMPv3 user name : +entry + + + +SNMP settings +19762 +SNMP settings[password]:SNMPv3 authentication password : +SNMPv3 authentication password : +password + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm : +SNMPv3 authentication algorithm : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[password]:SNMPv3 privacy password : +SNMPv3 privacy password : +password + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm : +SNMPv3 privacy algorithm : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (1) : +SNMPv3 user name (1) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (1) : +SNMPv3 authentication algorithm (1) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (1) : +SNMPv3 privacy algorithm (1) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (2) : +SNMPv3 user name (2) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (2) : +SNMPv3 authentication algorithm (2) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (2) : +SNMPv3 privacy algorithm (2) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (3) : +SNMPv3 user name (3) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (3) : +SNMPv3 authentication algorithm (3) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (3) : +SNMPv3 privacy algorithm (3) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (4) : +SNMPv3 user name (4) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (4) : +SNMPv3 authentication algorithm (4) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (4) : +SNMPv3 privacy algorithm (4) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (5) : +SNMPv3 user name (5) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (5) : +SNMPv3 authentication algorithm (5) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (5) : +SNMPv3 privacy algorithm (5) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Splunk API Settings +166551 +Splunk API Settings[entry]:Username : +Username : +entry + + + +Splunk API Settings +166551 +Splunk API Settings[password]:Password : +Password : +password + + + +Splunk API Settings +166551 +Splunk API Settings[entry]:Port : +Port : +entry +8089 +8089 + +Splunk API Settings +166551 +Splunk API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Splunk API Settings +166551 +Splunk API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +SSL Certificate Expiry +15901 +SSL Certificate Expiry[entry]:Identify certificates that expire within x days +Identify certificates that expire within x days +entry +60 +60 + +SSH settings +14273 +SSH settings[entry]:SSH user name : +SSH user name : +entry +root +root + +SSH settings +14273 +SSH settings[password]:SSH password (unsafe!) : +SSH password (unsafe!) : +password + + + +SSH settings +14273 +SSH settings[file]:SSH public key to use : +SSH public key to use : +file + + + +SSH settings +14273 +SSH settings[file]:SSH private key to use : +SSH private key to use : +file + + + +SSH settings +14273 +SSH settings[password]:Passphrase for SSH key : +Passphrase for SSH key : +password + + + +SSH settings +14273 +SSH settings[radio]:Elevate privileges with : +Elevate privileges with : +radio +Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' +Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' + +SSH settings +14273 +SSH settings[entry]:Privilege elevation binary path (directory) : +Privilege elevation binary path (directory) : +entry + + + +SSH settings +14273 +SSH settings[entry]:su login : +su login : +entry + + + +SSH settings +14273 +SSH settings[entry]:Escalation account : +Escalation account : +entry +root +root + +SSH settings +14273 +SSH settings[password]:Escalation password : +Escalation password : +password + + + +SSH settings +14273 +SSH settings[file]:SSH known_hosts file : +SSH known_hosts file : +file + + + +SSH settings +14273 +SSH settings[entry]:Preferred SSH port : +Preferred SSH port : +entry +22 +22 + +SSH settings +14273 +SSH settings[entry]:Client version : +Client version : +entry +OpenSSH_5.0 +OpenSSH_5.0 + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (1) : +Additional SSH user name (1) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (1) : +Additional SSH password (1) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (2) : +Additional SSH user name (2) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (2) : +Additional SSH password (2) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (3) : +Additional SSH user name (3) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (3) : +Additional SSH password (3) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (4) : +Additional SSH user name (4) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (4) : +Additional SSH password (4) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (5) : +Additional SSH user name (5) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (5) : +Additional SSH password (5) : +password + + + +SMB Registry : Start the Registry Service during the scan +35703 +SMB Registry : Start the Registry Service during the scan[checkbox]:Start the registry service during the scan +Start the registry service during the scan +checkbox +no +yes + +SMB Registry : Start the Registry Service during the scan +35703 +SMB Registry : Start the Registry Service during the scan[checkbox]:Enable administrative shares during the scan +Enable administrative shares during the scan +checkbox +no +yes + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Server : +Symantec Altiris Database Server : +entry + + + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Port : +Symantec Altiris Database Port : +entry +5690 +5690 + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Name : +Symantec Altiris Database Name : +entry +Symantec_CMDB +Symantec_CMDB + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[checkbox]:Symantec Altiris Use Windows Credentials : +Symantec Altiris Use Windows Credentials : +checkbox +no +no + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Username : +Symantec Altiris Database Username : +entry + + + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[password]:Symantec Altiris Database Password : +Symantec Altiris Database Password : +password + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[radio]:Docker Scan Scope : +Docker Scan Scope : +radio +all +all + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:VMware user name : +VMware user name : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:VMware password : +VMware password : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Ignore SSL Certificate : +Ignore SSL Certificate : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (1) : +Additional VMware user name (1) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (1) : +Additional VMware password (1) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (1) : +Additional Ignore SSL Certificate (1) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (2) : +Additional VMware user name (2) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (2) : +Additional VMware password (2) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (2) : +Additional Ignore SSL Certificate (2) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (3) : +Additional VMware user name (3) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (3) : +Additional VMware password (3) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (3) : +Additional Ignore SSL Certificate (3) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (4) : +Additional VMware user name (4) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (4) : +Additional VMware password (4) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (4) : +Additional Ignore SSL Certificate (4) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (5) : +Additional VMware user name (5) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (5) : +Additional VMware password (5) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (5) : +Additional Ignore SSL Certificate (5) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:VMware vCenter host : +VMware vCenter host : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:VMware vCenter port : +VMware vCenter port : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:VMware vCenter user name : +VMware vCenter user name : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:VMware vCenter password : +VMware vCenter password : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Auto Discover Managed ESXi Hosts : +Auto Discover Managed ESXi Hosts : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Auto Discover Managed Virtual Machines : +Auto Discover Managed Virtual Machines : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (1) : +Additional VMware vCenter host (1) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (1) : +Additional VMware vCenter port (1) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (1) : +Additional VMware vCenter user name (1) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (1) : +Additional VMware vCenter password (1) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (1) : +Additional SSL (1) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (1) : +Additional Verify SSL Certificate (1) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Auto Discover Managed ESXi Hosts : +Additional Auto Discover Managed ESXi Hosts : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Auto Discover Managed Virtual Machines : +Additional Auto Discover Managed Virtual Machines : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (2) : +Additional VMware vCenter host (2) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (2) : +Additional VMware vCenter port (2) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (2) : +Additional VMware vCenter user name (2) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (2) : +Additional VMware vCenter password (2) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (2) : +Additional SSL (2) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (2) : +Additional Verify SSL Certificate (2) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (3) : +Additional VMware vCenter host (3) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (3) : +Additional VMware vCenter port (3) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (3) : +Additional VMware vCenter user name (3) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (3) : +Additional VMware vCenter password (3) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (3) : +Additional SSL (3) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (3) : +Additional Verify SSL Certificate (3) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (4) : +Additional VMware vCenter host (4) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (4) : +Additional VMware vCenter port (4) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (4) : +Additional VMware vCenter user name (4) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (4) : +Additional VMware vCenter password (4) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (4) : +Additional SSL (4) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (4) : +Additional Verify SSL Certificate (4) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (5) : +Additional VMware vCenter host (5) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (5) : +Additional VMware vCenter port (5) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (5) : +Additional VMware vCenter user name (5) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (5) : +Additional VMware vCenter password (5) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (5) : +Additional SSL (5) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (5) : +Additional Verify SSL Certificate (5) : +checkbox +no +no + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:Enable web applications tests +Enable web applications tests +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[entry]:Maximum run time (min) : +Maximum run time (min) : +entry +60 +60 + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:Try all HTTP methods +Try all HTTP methods +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[radio]:Combinations of arguments values +Combinations of arguments values +radio +one value;some pairs;all pairs (slower but efficient);some combinations;all combinations (extremely slow) +one value;some pairs;all pairs (slower but efficient);some combinations;all combinations (extremely slow) + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:HTTP Parameter Pollution +HTTP Parameter Pollution +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[radio]:Stop at first flaw +Stop at first flaw +radio +per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) +per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:Test embedded web servers +Test embedded web servers +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[entry]:URL for Remote File Inclusion : +URL for Remote File Inclusion : +entry +http://rfi.nessus.org/rfi.txt +http://rfi.nessus.org/rfi.txt + +Web mirroring +10662 +Web mirroring[entry]:Number of pages to mirror : +Number of pages to mirror : +entry +1000 +1000 + +Web mirroring +10662 +Web mirroring[entry]:Maximum depth : +Maximum depth : +entry +6 +6 + +Web mirroring +10662 +Web mirroring[entry]:Start page : +Start page : +entry +/ +/ + +Web mirroring +10662 +Web mirroring[entry]:Excluded items regex : +Excluded items regex : +entry +/server_privileges\.php|logout +/server_privileges\.php|logout + +Web mirroring +10662 +Web mirroring[checkbox]:Follow dynamic pages : +Follow dynamic pages : +checkbox +no +no + +Malicious Process Detection +59275 +Malicious Process Detection[file]:Additional MD5 hashes (optional) : +Additional MD5 hashes (optional) : +file + + + +Malicious Process Detection +59275 +Malicious Process Detection[file]:Known good MD5 hashes (optional) : +Known good MD5 hashes (optional) : +file + + + +Malicious Process Detection +59275 +Malicious Process Detection[file]:Yara rules file : +Yara rules file : +file + + + +Malicious Process Detection +59275 +Malicious Process Detection[checkbox]:disable_dns_resolution +disable_dns_resolution +checkbox +no +no + +Malicious Process Detection +59275 +Malicious Process Detection[checkbox]:enable_malware_scanning +enable_malware_scanning +checkbox +no +no + +Wake-on-LAN +52616 +Wake-on-LAN[file]:List of MAC addresses for Wake-on-LAN: +List of MAC addresses for Wake-on-LAN: +file + + + +Wake-on-LAN +52616 +Wake-on-LAN[entry]:Time to wait (in minutes) for the systems to boot: +Time to wait (in minutes) for the systems to boot: +entry +5 +5 + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[entry]:Workspace ONE Environment API URL : +Workspace ONE Environment API URL : +entry + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[entry]:Workspace ONE port : +Workspace ONE port : +entry + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[entry]:Workspace ONE username : +Workspace ONE username : +entry + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[password]:Workspace ONE password : +Workspace ONE password : +password + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Workspace ONE Collect All Device Data : +Workspace ONE Collect All Device Data : +checkbox + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Workspace ONE Collect Device Applications : +Workspace ONE Collect Device Applications : +checkbox + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Workspace ONE Collect Device Profiles : +Workspace ONE Collect Device Profiles : +checkbox + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[password]:Workspace ONE API key : +Workspace ONE API key : +password + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Verify SSL certificate : +Verify SSL certificate : +checkbox +no +no + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[entry]:WSUS Server : +WSUS Server : +entry + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[entry]:WSUS Port : +WSUS Port : +entry + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[entry]:WSUS Username : +WSUS Username : +entry + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[password]:WSUS Password : +WSUS Password : +password + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[checkbox]:SSL : +SSL : +checkbox +no +no + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Zoom Settings +163518 +Zoom Settings[entry]:Client ID +Client ID +entry + + + +Zoom Settings +163518 +Zoom Settings[entry]:Account ID +Account ID +entry + + + +Zoom Settings +163518 +Zoom Settings[password]:Client Secret +Client Secret +password + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + + + +MacOS X Local Security Checks +enabled + +MarinerOS Local Security Checks +enabled + +F5 Networks Local Security Checks +enabled + +DNS +disabled + +Gain a shell remotely +disabled + +Solaris Local Security Checks +enabled + +Port scanners +mixed + +Web Servers +disabled + +SMTP problems +disabled + +Service detection +disabled + +Brute force attacks +disabled + +CGI abuses : XSS +disabled + +Databases +enabled + +Mandriva Local Security Checks +enabled + +Debian Local Security Checks +enabled + +Default Unix Accounts +disabled + +Denial of Service +disabled + +Settings +mixed + +Palo Alto Local Security Checks +enabled + +HP-UX Local Security Checks +enabled + +Backdoors +disabled + +VMware ESX Local Security Checks +enabled + +NewStart CGSL Local Security Checks +enabled + +SCADA +disabled + +General +mixed + +PhotonOS Local Security Checks +enabled + +Oracle Linux Local Security Checks +enabled + +Red Hat Local Security Checks +enabled + +FreeBSD Local Security Checks +enabled + +CGI abuses +disabled + +Rocky Linux Local Security Checks +enabled + +Windows : User management +enabled + +Tenable.ot +disabled + +Netware +disabled + +Amazon Linux Local Security Checks +enabled + +Peer-To-Peer File Sharing +disabled + +Slackware Local Security Checks +enabled + +SNMP +disabled + +Gentoo Local Security Checks +enabled + +Huawei Local Security Checks +enabled + +Fedora Local Security Checks +enabled + +Ubuntu Local Security Checks +enabled + +Misc. +mixed + +Alma Linux Local Security Checks +enabled + +Virtuozzo Local Security Checks +enabled + +FTP +disabled + +Firewalls +disabled + +Windows : Microsoft Bulletins +enabled + +Junos Local Security Checks +enabled + +Mobile Devices +disabled + +Policy Compliance +disabled + +Windows +enabled + +SuSE Local Security Checks +enabled + +RPC +disabled + +OracleVM Local Security Checks +enabled + +CentOS Local Security Checks +enabled + +CISCO +enabled + +Scientific Linux Local Security Checks +enabled + +AIX Local Security Checks +enabled + + +97993 +OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library) +Misc. +enabled + +34220 +Netstat Portscanner (WMI) +Port scanners +enabled + +21745 +OS Security Patch Assessment Failed +Settings +enabled + +24786 +Nessus Windows Scan Not Performed with Admin Privileges +Settings +enabled + +12634 +Authenticated Check : OS Name and Installed Package Enumeration +Settings +enabled + +14274 +Nessus SNMP Scanner +Port scanners +enabled + +14272 +Netstat Portscanner (SSH) +Port scanners +enabled + +10180 +Ping the remote host +Port scanners +enabled + +19506 +Nessus Scan Information +Settings +enabled + +76795 +Huawei Versatile Routing Platform Version Detection +Misc. +enabled + +76796 +Huawei Quidway Switches DoS (HWPSIRT-2014-0301) +Huawei Local Security Checks +enabled + +11219 +Nessus SYN scanner +Port scanners +enabled + +33850 +Unix Operating System Unsupported Version Detection +General +enabled + +76797 +Huawei eSap Platform DoS (HWPSIRT-2014-0111) +Huawei Local Security Checks +enabled + +87413 +Host Tagging +Settings +enabled + +66334 +Patch Report +General +enabled + + + + + +CVE-2023-28303 +1 +Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse): Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later. +CVE-2023-36773, CVE-2023-36772, CVE-2023-36771, CVE-2023-36770, CVE-2023-23390, CVE-2023-23377 +6 +Microsoft 3D Viewer app Multiple Remote Code Execution Vulnerabilities (September 2023): Update to the latest Microsoft 3D Viewer app via the Windows App Store. +1706649340 +Tue Jan 30 13:15:40 2024 +191 +CVE-2024-0814, CVE-2024-0813, CVE-2024-0812, CVE-2024-0811, CVE-2024-0810, CVE-2024-0809, CVE-2024-0808, CVE-2024-0807, CVE-2024-0806, CVE-2024-0805, CVE-2024-0804, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996 +40 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities: Upgrade to Google Chrome version 121.0.6167.85 or later. +CVE-2023-44372, CVE-2023-44371, CVE-2023-44367, CVE-2023-44366, CVE-2023-44365, CVE-2023-44361, CVE-2023-44360, CVE-2023-44359, CVE-2023-44358, CVE-2023-44357, CVE-2023-44356, CVE-2023-44348, CVE-2023-44340, CVE-2023-44339, CVE-2023-44338, CVE-2023-44337, CVE-2023-44336 +17 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54): Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +KB5033372,KB5031356,KB5032189 +3 +Install KB5034122 +1706649334 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"WKS3-Soteria","sources":["get_host_fqdn()"]}] +42:A9:20:52:41:53 +56:BA:20:52:41:53 +62:AF:20:52:41:53 +E0:D0:45:67:CB:CB +00:0C:29:E1:AD:9D +5033372 +5032189 +5034122 +general-purpose +Microsoft Windows 10 Enterprise Build 19045 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-01-30","Signature version":"1.403.2952.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +7caede5aa2b0481b927e60cdb7ee1b3e +SOTERIA +WKS3-SOTERIA +27DC4D56-16E8-7AC8-5805-A65EFAE1AD9D +WKS3-SOTERIA +[{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 6},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 1}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190704_7_p=49675 +WKS3-Soteria +true +192.168.40.251\degthat +smb +192.168.40.251 +1706647555 +Tue Jan 30 12:45:55 2024 + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 5 actions : + ++ Install the following Microsoft patch : + +- KB5034122 (3 vulnerabilities) + +[ Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) (185553) ] + ++ Action to take : Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. + ++Impact : Taking this action will resolve 17 different vulnerabilities (CVEs). + + + +[ Google Chrome < 121.0.6167.85 Multiple Vulnerabilities (189460) ] + ++ Action to take : Upgrade to Google Chrome version 121.0.6167.85 or later. + ++Impact : Taking this action will resolve 40 different vulnerabilities (CVEs). + + + +[ Microsoft 3D Viewer app Multiple Remote Code Execution Vulnerabilities (September 2023) (181297) ] + ++ Action to take : Update to the latest Microsoft 3D Viewer app via the Windows App Store. + ++Impact : Taking this action will resolve 6 different vulnerabilities (CVEs). + + + +[ Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse) (177217) ] + ++ Action to take : Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later. + + + + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202401301519 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria WKS scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.212 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 73.915 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.251\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/1/30 12:46 Pacific Standard Time +Scan duration : 1761 sec +Scan for malware : no + + + +cpe:/o:microsoft:windows +This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool. + +Note the results of missing patches also include superseded patches. + +Review the summary and apply any missing updates in order to be up to date. +smb_missing_msft_patches.nasl +2019/06/13 +Microsoft Windows Summary of Missing Patches +2009/04/24 +local +None +1.18 +Run Windows Update on the remote host or use a patch management solution. +The remote host is missing several Microsoft security patches. +The patches for the following bulletins or KBs are missing on the remote host : + + - KB5032189 ( https://support.microsoft.com/en-us/help/5032189 ) + - KB5033372 ( https://support.microsoft.com/en-us/help/5033372 ) + - KB5034122 ( https://support.microsoft.com/en-us/help/5034122 ) + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : SMBv2 is enabled. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : SMBv1 is enabled. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : is enabled with Secure Boot. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : is disabled. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : is disabled. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. +AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-1536193852-1370433935-2390261316-1002 + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\WINDOWS\system32\mshtml.dll + Version : 11.0.19041.3570 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +30 - 60 days +cpe:/o:microsoft:windows +CVE-2023-20588 +CVE-2023-21740 +CVE-2023-35628 +CVE-2023-35630 +CVE-2023-35632 +CVE-2023-35639 +CVE-2023-35641 +CVE-2023-35642 +CVE-2023-35644 +CVE-2023-36003 +CVE-2023-36004 +CVE-2023-36005 +CVE-2023-36006 +CVE-2023-36011 +CVE-2023-36696 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-36006 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The remote Windows host is missing security update 5033372. It is, therefore, affected by multiple vulnerabilities + + - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) + + - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696) + + - Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +smb_nt_ms23_dec_5033372.nasl +2023-A-0689-S +2023-A-0690-S +MS23-5033372 +5033372 +2023/12/12 +2024/01/15 +KB5033372: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (December 2023) +2023/12/12 +local +Very High +Critical +1.4 +https://support.microsoft.com/help/5033372 +Apply Security Update 5033372 +I +The remote Windows host is affected by multiple vulnerabilities. +High +7 to 30 days +Social Media +8.4 +2023/08/08 +MSKB:5033372 +MSFT:MS23-5033372 +IAVA:2023-A-0689-S +IAVA:2023-A-0690-S + +The remote host is missing one of the following rollup KBs : + - 5033372 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3803 + + + + +60 - 180 days +CEA-2023-0052 +2023/12/05 +cpe:/o:microsoft:windows +CVE-2023-24023 +CVE-2023-36017 +CVE-2023-36025 +CVE-2023-36028 +CVE-2023-36033 +CVE-2023-36036 +CVE-2023-36047 +CVE-2023-36393 +CVE-2023-36394 +CVE-2023-36397 +CVE-2023-36398 +CVE-2023-36400 +CVE-2023-36401 +CVE-2023-36402 +CVE-2023-36403 +CVE-2023-36404 +CVE-2023-36405 +CVE-2023-36408 +CVE-2023-36423 +CVE-2023-36424 +CVE-2023-36425 +CVE-2023-36427 +CVE-2023-36428 +CVE-2023-36705 +CVE-2023-36719 +CVE-2023-38039 +CVE-2023-38545 +9.8 +9.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-38545 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The remote Windows host is missing security update 5032189. It is, therefore, affected by multiple vulnerabilities + + - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402) + + - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397) + + - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +smb_nt_ms23_nov_5032189.nasl +2023-A-0638-S +2023-A-0636-S +MS23-5032189 +5032189 +2023/11/14 +2024/01/19 +KB5032189: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (November 2023) +2023/11/14 +local +Very High +Critical +1.7 +https://support.microsoft.com/help/5032189 +Apply Security Update 5032189 +I +The remote Windows host is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media; Security Research +9.5 +2023/11/14 +MSKB:5032189 +MSFT:MS23-5032189 +CISA-KNOWN-EXPLOITED:2023/12/05 +CEA-ID:CEA-2023-0052 +IAVA:2023-A-0638-S +IAVA:2023-A-0636-S + +The remote host is missing one of the following rollup KBs : + - 5032189 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3693 + + + + +7 - 30 days +cpe:/o:microsoft:windows +CVE-2022-35737 +CVE-2024-20652 +CVE-2024-20653 +CVE-2024-20654 +CVE-2024-20657 +CVE-2024-20658 +CVE-2024-20660 +CVE-2024-20661 +CVE-2024-20663 +CVE-2024-20664 +CVE-2024-20666 +CVE-2024-20674 +CVE-2024-20680 +CVE-2024-20681 +CVE-2024-20682 +CVE-2024-20683 +CVE-2024-20687 +CVE-2024-20690 +CVE-2024-20691 +CVE-2024-20692 +CVE-2024-20694 +CVE-2024-20696 +CVE-2024-20698 +CVE-2024-20699 +CVE-2024-20700 +CVE-2024-21305 +CVE-2024-21306 +CVE-2024-21307 +CVE-2024-21310 +CVE-2024-21311 +CVE-2024-21313 +CVE-2024-21314 +CVE-2024-21316 +CVE-2024-21320 +8.1 +CVE-2024-20652 +7.3 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +9.0 +CVE-2024-20654 +7.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C +The remote Windows host is missing security update 5034122. It is, therefore, affected by multiple vulnerabilities + + - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) + + - BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666) + + - Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms24_jan_5034122.nasl +2024-A-0016 +2024-A-0015 +MS24-5034122 +5034122 +2024/01/09 +2024/01/17 +KB5034122: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (January 2024) +2024/01/09 +local +Very High +High +1.3 +https://support.microsoft.com/help/5034122 +Apply Security Update 5034122 +I +The remote Windows host is affected by multiple vulnerabilities. +Medium +7 to 30 days +Social Media +8.4 +2022/08/03 +MSKB:5034122 +MSFT:MS24-5034122 +IAVA:2024-A-0016 +IAVA:2024-A-0015 + +The remote host is missing one of the following rollup KBs : + - 5034122 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3930 + + + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-01-30T15:24:30-05:00 (20240130152430.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv1 + SMBv2 + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.2952.0 + Antispyware signature version : 1.403.2952.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows 10 22H2 + Vendor : Microsoft + Product : Windows + Release : 10 22H2 + Edition : Enterprise + Version : 10.0.19045.3570 + Extended Support : Version and Edition + Role : client + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_10_22h2:10.0.19045.3570:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3570:-:any:*:enterprise:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Jan. 30, 2024 at 11:12:00 GMT + Malware Signature Version : 1.403.2952.0 + Signatures Last Updated : Jan. 30, 2024 at 20:35:31 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + AdobeARMservice startup parameters : + Display name : Adobe Acrobat Update Service + Service name : AdobeARMservice + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DusmSvc startup parameters : + Display name : Data Usage + Service name : DusmSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/fileinfo/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\sppsvc.exe + Dependencies : RpcSs/ + + stisvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : stisvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + uhssvc startup parameters : + Display name : Microsoft Update Health Service + Service name : uhssvc + Log on as : LocalSystem + Executable path : "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" + Dependencies : EventLog/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vm3dservice.exe + + wscsvc startup parameters : + Display name : Security Center + Service name : wscsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AssignedAccessManagerSvc startup parameters : + Display name : AssignedAccessManager Service + Service name : AssignedAccessManagerSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AssignedAccessManagerSvc + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + BDESVC startup parameters : + Display name : BitLocker Drive Encryption Service + Service name : BDESVC + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + BTAGService startup parameters : + Display name : Bluetooth Audio Gateway Service + Service name : BTAGService + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : rpcss/ + + Browser startup parameters : + Display name : Computer Browser + Service name : Browser + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : LanmanWorkstation/LanmanServer/ + + BthAvctpSvc startup parameters : + Display name : AVCTP service + Service name : BthAvctpSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DisplayEnhancementService startup parameters : + Display name : Display Enhancement Service + Service name : DisplayEnhancementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\lsass.exe + Dependencies : RPCSS/ + + Eaphost startup parameters : + Display name : Extensible Authentication Protocol + Service name : Eaphost + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + Fax startup parameters : + Display name : Fax + Service name : Fax + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\fxssvc.exe + Dependencies : TapiSrv/RpcSs/Spooler/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.106\elevation_service.exe" + Dependencies : RPCSS/ + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + IpxlatCfgSvc startup parameters : + Display name : IP Translation Configuration Service + Service name : IpxlatCfgSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nsi/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + LxpSvc startup parameters : + Display name : Language Experience Service + Service name : LxpSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\elevation_service.exe" + Dependencies : RPCSS/ + + MixedRealityOpenXRSvc startup parameters : + Display name : Windows Mixed Reality OpenXR Service + Service name : MixedRealityOpenXRSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + NaturalAuthentication startup parameters : + Display name : Natural Authentication + Service name : NaturalAuthentication + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/Schedule/ + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NcdAutoSetup startup parameters : + Display name : Network Connected Devices Auto-Setup + Service name : NcdAutoSetup + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : netprofm/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PNRPAutoReg startup parameters : + Display name : PNRP Machine Name Publication Service + Service name : PNRPAutoReg + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : pnrpsvc/ + + PNRPsvc startup parameters : + Display name : Peer Name Resolution Protocol + Service name : PNRPsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PeerDistSvc startup parameters : + Display name : BranchCache + Service name : PeerDistSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k PeerDist + Dependencies : http/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PhoneSvc startup parameters : + Display name : Phone Service + Service name : PhoneSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RetailDemo startup parameters : + Display name : Retail Demo Service + Service name : RetailDemo + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k rdxgroup + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SDRSVC startup parameters : + Display name : Windows Backup + Service name : SDRSVC + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k SDRSVC + Dependencies : RPCSS/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\snmptrap.exe + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\SensorDataService.exe + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + SharedRealitySvc startup parameters : + Display name : Spatial Data Service + Service name : SharedRealitySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + SmsRouter startup parameters : + Display name : Microsoft Windows SMS Router Service. + Service name : SmsRouter + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TapiSrv startup parameters : + Display name : Telephony + Service name : TapiSrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\WINDOWS\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/ + + TroubleshootingSvc startup parameters : + Display name : Recommended Troubleshooting Service + Service name : TroubleshootingSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\WINDOWS\servicing\TrustedInstaller.exe + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vssvc.exe + Dependencies : RPCSS/ + + VacSvc startup parameters : + Display name : Volumetric Audio Compositor Service + Service name : VacSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : rpcss/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WFDSConMgrSvc startup parameters : + Display name : Wi-Fi Direct Services Connection Manager Service + Service name : WFDSConMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WManSvc startup parameters : + Display name : Windows Management Service + Service name : WManSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k appmodel -p + + WarpJITSvc startup parameters : + Display name : WarpJITSvc + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + WebClient startup parameters : + Display name : WebClient + Service name : WebClient + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : MRxDAV/ + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + WlanSvc startup parameters : + Display name : WLAN AutoConfig + Service name : WlanSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nativewifip/RpcSs/Ndisuio/wcmsvc/ + + WpcMonSvc startup parameters : + Display name : Parental Controls + Service name : WpcMonSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WwanSvc startup parameters : + Display name : WWAN AutoConfig + Service name : WwanSvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/NdisUio/ + + XblAuthManager startup parameters : + Display name : Xbox Live Auth Manager + Service name : XblAuthManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + XblGameSave startup parameters : + Display name : Xbox Live Game Save + Service name : XblGameSave + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/XblAuthManager/ + + XboxGipSvc startup parameters : + Display name : Xbox Accessory Management Service + Service name : XboxGipSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + XboxNetApiSvc startup parameters : + Display name : Xbox Live Networking Service + Service name : XboxNetApiSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/mpssvc/IKEEXT/KeyIso/ + + autotimesvc startup parameters : + Display name : Cellular Time + Service name : autotimesvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k autoTimeSvc + Dependencies : rpcss/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + + cloudidsvc startup parameters : + Display name : Microsoft Cloud Identity Service + Service name : cloudidsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k CloudIdServiceGroup -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + diagsvc startup parameters : + Display name : Diagnostic Execution Service + Service name : diagsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k diagnostics + Dependencies : RpcSs/ + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + fhsvc startup parameters : + Display name : File History Service + Service name : fhsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + icssvc startup parameters : + Display name : Windows Mobile Hotspot Service + Service name : icssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/wcmsvc/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + p2pimsvc startup parameters : + Display name : Peer Networking Identity Manager + Service name : p2pimsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + + p2psvc startup parameters : + Display name : Peer Networking Grouping + Service name : p2psvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/PNRPSvc/ + + perceptionsimulation startup parameters : + Display name : Windows Perception Simulation Service + Service name : perceptionsimulation + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe + Dependencies : rpcss/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + spectrum startup parameters : + Display name : Windows Perception Service + Service name : spectrum + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\spectrum.exe + Dependencies : rpcss/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicrdv startup parameters : + Display name : Hyper-V Remote Desktop Virtualization Service + Service name : vmicrdv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{397016CE-CD4D-4A07-AA59-A6AF3EE3250F} + Dependencies : rpcss/ + + wbengine startup parameters : + Display name : Block Level Backup Engine Service + Service name : wbengine + Log on as : localSystem + Executable path : "C:\WINDOWS\system32\wbengine.exe" + + wcncsvc startup parameters : + Display name : Windows Connect Now - Config Registrar + Service name : wcncsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wlpasvc startup parameters : + Display name : Local Profile Assistant Service + Service name : wlpasvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : WwanSvc/RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\WINDOWS\system32\wbem\WmiApSrv.exe + + workfolderssvc startup parameters : + Display name : Work Folders + Service name : workfolderssvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/wsearch/ + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + DialogBlockingService startup parameters : + Display name : DialogBlockingService + Service name : DialogBlockingService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DialogBlockingService + + MsKeyboardFilter startup parameters : + Display name : Microsoft Keyboard Filter + Service name : MsKeyboardFilter + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AgentService.exe + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + ssh-agent startup parameters : + Display name : OpenSSH Authentication Agent + Service name : ssh-agent + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\OpenSSH\ssh-agent.exe + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\DEGTHAT + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +Adobe Acrobat Update Service [ AdobeARMservice ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +Base Filtering Engine [ BFE ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Computer Browser [ Browser ] +Bluetooth Audio Gateway Service [ BTAGService ] +AVCTP service [ BthAvctpSvc ] +Bluetooth Support Service [ bthserv ] +Connected Devices Platform Service [ CDPSvc ] +Certificate Propagation [ CertPropSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +Device Association Service [ DeviceAssociationService ] +DHCP Client [ Dhcp ] +Connected User Experiences and Telemetry [ DiagTrack ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Delivery Optimization [ DoSvc ] +Diagnostic Policy Service [ DPS ] +Device Setup Manager [ DsmSvc ] +Data Usage [ DusmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Font Cache Service [ FontCache ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +Windows License Manager Service [ LicenseManager ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +Network Connection Broker [ NcbService ] +Network Connected Devices Auto-Setup [ NcdAutoSetup ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Access Connection Manager [ RasMan ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +SSDP Discovery [ SSDPSRV ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +State Repository Service [ StateRepository ] +Windows Image Acquisition (WIA) [ stisvc ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Remote Desktop Services [ TermService ] +Themes [ Themes ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Microsoft Update Health Service [ uhssvc ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +Windows Update Medic Service [ WaaSMedicSvc ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic Service Host [ WdiServiceHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Push Notifications System Service [ WpnService ] +Security Center [ wscsvc ] +Windows Search [ WSearch ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Information [ Appinfo ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +AssignedAccessManager Service [ AssignedAccessManagerSvc ] +Cellular Time [ autotimesvc ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +BitLocker Drive Encryption Service [ BDESVC ] +Background Intelligent Transfer Service [ BITS ] +Capability Access Manager Service [ camsvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Microsoft Cloud Identity Service [ cloudidsvc ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Diagnostic Execution Service [ diagsvc ] +DialogBlockingService [ DialogBlockingService ] +Display Enhancement Service [ DisplayEnhancementService ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Wired AutoConfig [ dot3svc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ Eaphost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Fax [ Fax ] +File History Service [ fhsvc ] +Windows Camera Frame Server [ FrameServer ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +Group Policy Client [ gpsvc ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Windows Mobile Hotspot Service [ icssvc ] +Microsoft Store Install Service [ InstallService ] +IP Translation Configuration Service [ IpxlatCfgSvc ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Language Experience Service [ LxpSvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Windows Mixed Reality OpenXR Service [ MixedRealityOpenXRSvc ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +Microsoft Keyboard Filter [ MsKeyboardFilter ] +Natural Authentication [ NaturalAuthentication ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Peer Networking Identity Manager [ p2pimsvc ] +Peer Networking Grouping [ p2psvc ] +Program Compatibility Assistant Service [ PcaSvc ] +BranchCache [ PeerDistSvc ] +Windows Perception Simulation Service [ perceptionsimulation ] +Performance Counter DLL Host [ PerfHost ] +Phone Service [ PhoneSvc ] +Performance Logs & Alerts [ pla ] +PNRP Machine Name Publication Service [ PNRPAutoReg ] +Peer Name Resolution Protocol [ PNRPsvc ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Routing and Remote Access [ RemoteAccess ] +Retail Demo Service [ RetailDemo ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Windows Backup [ SDRSVC ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Spatial Data Service [ SharedRealitySvc ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +Microsoft Windows SMS Router Service. [ SmsRouter ] +SNMP Trap [ SNMPTRAP ] +Windows Perception Service [ spectrum ] +Software Protection [ sppsvc ] +OpenSSH Authentication Agent [ ssh-agent ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Telephony [ TapiSrv ] +Storage Tiers Management [ TieringEngineService ] +Recommended Troubleshooting Service [ TroubleshootingSvc ] +Windows Modules Installer [ TrustedInstaller ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +UPnP Device Host [ upnphost ] +Volumetric Audio Compositor Service [ VacSvc ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Remote Desktop Virtualization Service [ vmicrdv ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +WalletService [ WalletService ] +WarpJITSvc [ WarpJITSvc ] +Block Level Backup Engine Service [ wbengine ] +Windows Biometric Service [ WbioSrvc ] +Windows Connect Now - Config Registrar [ wcncsvc ] +Diagnostic System Host [ WdiSystemHost ] +WebClient [ WebClient ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Wi-Fi Direct Services Connection Manager Service [ WFDSConMgrSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Insider Service [ wisvc ] +WLAN AutoConfig [ WlanSvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +Local Profile Assistant Service [ wlpasvc ] +Windows Management Service [ WManSvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Work Folders [ workfolderssvc ] +Parental Controls [ WpcMonSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Update [ wuauserv ] +WWAN AutoConfig [ WwanSvc ] +Xbox Live Auth Manager [ XblAuthManager ] +Xbox Live Game Save [ XblGameSave ] +Xbox Accessory Management Service [ XboxGipSvc ] +Xbox Live Networking Service [ XboxNetApiSvc ] + + + +windows +True +By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs). +smb_enum_share_permissions.nasl +2022/08/11 +Microsoft Windows SMB Share Permissions Enumeration +2012/07/25 +local +None +1.9 +https://technet.microsoft.com/en-us/library/bb456988.aspx +https://technet.microsoft.com/en-us/library/cc783530.aspx +n/a +It was possible to enumerate the permissions of remote network shares. + +Share path : \\WKS3-SOTERIA\print$ +Local path : C:\WINDOWS\system32\spool\drivers +Comment : Printer Drivers +[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9 + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: NO + FILE_GENERIC_EXECUTE: YES +[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: YES + FILE_GENERIC_EXECUTE: YES + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + C$ : + + - C:\Windows\System32\MSDRM\MsoIrmProtector.xls + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_827220c1aac4d9c1\MsoIrmProtector.xls + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_8cc6cb13df259bbc\MsoIrmProtector.xls + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + + + + +This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares. + +Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. + +If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA. +smb_accessible_shares_copyrighted_content.nasl +2012/11/29 +Microsoft Windows SMB Share Hosting Possibly Copyrighted Material +2003/06/26 +local +None +$Revision: 1.41 $ +Delete the files infringing copyright. +The remote host may contain material (movies/audio) infringing copyright. + +Here is a list of files which have been found on the remote SMB shares. +Some of these files may contain copyrighted materials, such as commercial +movies or music files. + + + C$ : + +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.104.4001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.55.9001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-GeoSpara-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe\Assets\Sounds\Nudge.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Classic_00_PREVIEW_00.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_BREAK_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_D.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_E.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_F.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_G.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_OUTRO.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_01.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\r\lync_lobbywaiting.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\f\lync_lobbywaiting.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_C.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_B.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_A.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO.wma + + + + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- D$ - (readable,writable) + + Content of this share : +bootTel.dat +JkDefragPortable +Nessus.url +Program Files (x86) +Results +System Volume Information +Tutela-IA-Lockdown-Tool2021.exe + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +bootmgr +BOOTNXT +dave +Documents and Settings +DumpStack.log.tmp +MSOCache +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +Standalone-Windows-STIG-Script-master +swapfile.sys +System Volume Information +Users +Windows + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +addins +appcompat +apppatch +AppReadiness +assembly +bcastdvr +bfsvc.exe +BitLockerDiscoveryVolumeContents +Boot +bootstat.dat +Branding +CbsTemp +comsetup.log +Containers +CSC +Cursors +debug +diagerr.xml +diagnostics +DiagTrack +diagwrn.xml +DigitalLocker +Downloaded Program Files +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +GameBarPresenceWriter +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +IME +ImmersiveControlPanel +INF +InfusedApps +InputMethod +Installer +L2Schemas +LanguageOverlayCache +LiveKernelReports +Logs +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Professional.xml +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +SoftwareDistribution.bak +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 +SystemApps + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - D$ + - IPC$ + - print$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - WKS3-SOTERIA\Administrator (User) + - WKS3-SOTERIA\Cinnabon (User) + - WKS3-SOTERIA\DEGTHAT (User) + - WKS3-SOTERIA\tester (User) + - WKS3-SOTERIA\dbingham (User) + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 10 +Password history len: 24 +Maximum password age (d): 90 +Password must meet complexity requirements: Enabled +Minimum password age (d): 1 +Forced logoff time (s): 0 +Locked account time (s): 900 +Time between failed logon (s): 900 +Number of invalid logon before locked out (s): 3 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user account has been disabled : + + - Administrator + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following user has a password that never expires : + + - Cinnabon + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - Administrator (id S-1-5-21-1536193852-1370433935-500, Built-in account for administering the computer/domain, Administrator account) + - Cinnabon (id S-1-5-21-1536193852-1370433935-1001) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft Shared Fax Driver --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSDRV.DLL + Version : 10.0.19041.3570 + Supported Platform : Windows x64 + +--- TP PS Driver 830A8AA0BE6248f28478A495CCC72E64 --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL + Version : 0.0.0.0 + Supported Platform : Windows x64 + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.19041.3570 + Supported Platform : Windows x64 + + Path : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.19041.3570 + Supported Platform : Windows NT x86 + +--- Brother Laser Type1 Class Driver --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_26942243c5ee90e7\Amd64\mxdwdrv.dll + Version : 10.0.17119.1 + Supported Platform : Windows x64 + +--- Microsoft Print To PDF --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_26942243c5ee90e7\Amd64\mxdwdrv.dll + Version : 10.0.19041.1806 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +cpe:/a:adobe:reader +Adobe Reader is enabled in Internet Explorer. +adobe_reader_enabled_in_browser.nasl +2022/06/01 +Adobe Reader Enabled in Browser (Internet Explorer) +2013/05/20 +local +None +1.3 +Disable Adobe Reader unless it is needed. +The remote host has Adobe Reader enabled for Internet Explorer. +true + +Adobe Reader is enabled for the following SIDs : + S-1-5-21-1536193852-1370433935-2390261316-1002 + +Note that this check may be incomplete as Nessus can only check the +SIDs of logged on users. + + + + +cpe:/a:adobe:acrobat_reader +JavaScript is enabled in Adobe Reader. + +Note that Nessus can only check the SIDs of logged on users, and thus the results may be incomplete. +adobe_reader_javascript_enabled.nasl +2013/05/22 +JavaScript Enabled in Adobe Reader +2013/05/22 +local +None +$Revision: 1.1 $ +http://www.nessus.org/u?f30673d6 +Disable JavaScript in Adobe Reader unless it is needed. +The remote Windows host has JavaScript enabled in Adobe Reader. + +Nessus found JavaScript enabled for the following user and version +of Adobe Reader : + + Version DC for SID S-1-5-21-1536193852-1370433935-2390261316-1002 + + + +60 - 180 days +windows +cpe:/a:adobe:acrobat_reader +CVE-2023-44336 +CVE-2023-44337 +CVE-2023-44338 +CVE-2023-44339 +CVE-2023-44340 +CVE-2023-44348 +CVE-2023-44356 +CVE-2023-44357 +CVE-2023-44358 +CVE-2023-44359 +CVE-2023-44360 +CVE-2023-44361 +CVE-2023-44365 +CVE-2023-44366 +CVE-2023-44367 +CVE-2023-44371 +CVE-2023-44372 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-44372 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +125 +416 +787 +824 +The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30539 or 23.006.20380. It is, therefore, affected by multiple vulnerabilities. + + - Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-44336, CVE-2023-44359, CVE-2023-44367, CVE-2023-44371, CVE-2023-44372) + + - Out-of-bounds Read (CWE-125) potentially leading to Arbitrary code execution (CVE-2023-44337, CVE-2023-44338) + + - Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-44365) + + - Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-44366) + + - Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-44339, CVE-2023-44340, CVE-2023-44348, CVE-2023-44356, CVE-2023-44357, CVE-2023-44358, CVE-2023-44360) + + - Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-44361) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +adobe_reader_apsb23-54.nasl +current +2023-A-0626 +2023/11/14 +2023/11/23 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) +2023/11/14 +local +Medium +High +1.2 +https://helpx.adobe.com/security/products/acrobat/apsb23-54.html +Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +I +The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2023/11/14 +IAVA:2023-A-0626 +CWE:125 +CWE:416 +CWE:787 +CWE:824 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Installed version : 23.6.20360.0 + Fixed version : 23.006.20380 + + + +windows +True +software_enumeration +cpe:/a:adobe:acrobat_reader +Adobe Reader, a PDF file viewer, is installed on the remote host. +adobe_reader_installed.nasl +0001-T-0524 +2022/10/10 +Adobe Reader Detection +2006/02/02 +local +None +1.34 +http://www.adobe.com/products/reader/ +n/a +There is a PDF file viewer installed on the remote Windows host. +IAVT:0001-T-0524 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Version : 23.6.20360.0 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 10_2023 + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + + Latest effective update level : 10_2023 + File checked : C:\WINDOWS\system32\ntoskrnl.exe + File version : 10.0.19041.3570 + Associated KB : 5031356 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Microsoft-OneCore-ApplicationModel-Sync-Desktop-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Installed +Release Type : Language Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Feature Pack +Install Time : 12/7/2019 9:50 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Foundation +Install Time : 12/7/2019 9:18 AM + +Package : Microsoft-Windows-Hello-Face-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/8/2022 5:00 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:54 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-QuickAssist-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9167.9 +State : Superseded +Release Type : Update +Install Time : 10/11/2023 2:44 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9191.1 +State : Superseded +Release Type : Update +Install Time : 11/5/2023 2:11 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9200.1 +State : Superseded +Release Type : Update +Install Time : 11/6/2023 2:55 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9214.4 +State : Installed +Release Type : Update +Install Time : 1/30/2024 2:14 PM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4645.5 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:00 PM + +Package : Package_for_KB5011048~31bf3856ad364e35~amd64~~10.0.9166.1 +State : Installed +Release Type : Update +Install Time : 7/31/2023 7:51 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~19041.1880.1.1 +State : Installed +Release Type : Security Update +Install Time : 7/28/2023 8:59 PM + +Package : Package_for_KB5015684~31bf3856ad364e35~amd64~~19041.1799.1.2 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:50 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0 +State : Installed +Release Type : Security Update +Install Time : 11/5/2023 11:47 PM + +Package : Package_for_ServicingStack_2180~31bf3856ad364e35~amd64~~19041.2180.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:49 PM + +Package : Package_for_ServicingStack_2300~31bf3856ad364e35~amd64~~19041.2300.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 2:22 PM + +Package : Package_for_ServicingStack_3205~31bf3856ad364e35~amd64~~19041.3205.1.1 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:01 PM + +Package : Package_for_ServicingStack_3562~31bf3856ad364e35~amd64~~19041.3562.1.0 +State : Installed +Release Type : Update +Install Time : 11/5/2023 2:15 PM + + + +cpe:/a:google:chrome +Nessus was able to enumerate Chrome browser extensions installed on the remote host. +win_chrome_browser_addons.nbin +0001-T-0511 +2024/01/16 +Chrome Browser Extension Enumeration +2017/01/16 +local +None +1.202 +https://chrome.google.com/webstore/category/extensions +Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies. +One or more Chrome browser extensions are installed on the remote host. +IAVT:0001-T-0511 + +User : Cinnabon +|- Browser : Chrome + |- Add-on information : + + Name : Google Slides + Description : Create and edit presentations + Version : 0.9 + Update Date : Jan. 30, 2024 at 14:50:52 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 + + Name : Google Docs + Description : Create and edit documents + Version : 0.9 + Update Date : Jan. 30, 2024 at 14:50:55 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 + + Name : Google Drive + Description : Google Drive: create, share and keep all your stuff in one place. + Version : 14.1 + Update Date : Jan. 30, 2024 at 14:50:56 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 + + Name : YouTube + Version : 4.2.8 + Update Date : Jan. 30, 2024 at 14:50:57 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 + + Name : Google Sheets + Description : Create and edit spreadsheets + Version : 1.1 + Update Date : Jan. 30, 2024 at 14:50:58 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0 + + Name : Google Docs Offline + Description : Get things done offline with the Google Docs family of products. + Version : 1.4 + Update Date : Jan. 30, 2024 at 14:51:01 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.3 + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0 + + Name : Gmail + Description : Fast, searchable email with less spam. + Version : 8.1 + Update Date : Jan. 30, 2024 at 14:51:07 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 + + Name : Chrome Media Router + Description : Provider for discovery and services for mirroring of Chrome Media Router + Version : 6117.717.0.4 + Update Date : Jan. 30, 2024 at 14:51:34 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6117.717.0.4_0 + +User : DEGTHAT +|- Browser : Chrome + |- Add-on information : + + Name : Adobe Acrobat: PDF edit, convert, sign tools + Description : Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools. + Version : 23.9.1.0 + Update Date : Jan. 30, 2024 at 14:50:10 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\23.9.1.0_0 + + Name : Google Docs Offline + Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access. + Version : 1.65.0 + Update Date : Jan. 30, 2024 at 14:50:14 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.65.0_0 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 14:50:18 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + +User : dbingham +|- Browser : Chrome + |- Add-on information : + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 14:52:00 GMT + Path : C:\Users\dbingham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.123. It is, therefore, affected by a vulnerability as referenced in the 2023_11_stable-channel-update-for-desktop advisory. + + - Use after free in WebAudio. (CVE-2023-5996) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_119_0_6045_123.nasl +current +2023-A-0594-S +2023-A-0608-S +2023/11/07 +2023/11/16 +Google Chrome < 119.0.6045.123 Vulnerability +2023/11/08 +local +Medium +Critical +1.5 +http://www.nessus.org/u?c5d3d619 +https://crbug.com/1497859 +Upgrade to Google Chrome version 119.0.6045.123 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +30 to 120 days +No recorded events +7.4 +2023/11/07 +IAVA:2023-A-0594-S +IAVA:2023-A-0608-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 119.0.6045.123 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5997 +CVE-2023-6112 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.159. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_14 advisory. + + - Use after free in Garbage Collection. (CVE-2023-5997) + + - Use after free in Navigation. (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_119_0_6045_159.nasl +current +2023-A-0641-S +2023/11/14 +2024/01/29 +Google Chrome < 119.0.6045.159 Multiple Vulnerabilities +2023/11/14 +local +Medium +Critical +1.5 +http://www.nessus.org/u?7ed0136b +https://crbug.com/1497997 +https://crbug.com/1499298 +Upgrade to Google Chrome version 119.0.6045.159 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/11/14 +IAVA:2023-A-0641-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 119.0.6045.159 + + + +60 - 180 days +2023/12/21 +cpe:/a:google:chrome +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_28 advisory. + + - Integer overflow in Skia. (CVE-2023-6345) + + - Use after free in WebAudio. (CVE-2023-6346) + + - Use after free in Mojo. (CVE-2023-6347) + + - Type Confusion in Spellcheck. (CVE-2023-6348) + + - Out of bounds memory access in libavif. (CVE-2023-6350) + + - Use after free in libavif. (CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_119_0_6045_199.nasl +current +2023-A-0660-S +2023/11/28 +2023/12/08 +Google Chrome < 119.0.6045.199 Multiple Vulnerabilities +2023/11/28 +local +Medium +Critical +1.5 +http://www.nessus.org/u?be59469a +https://crbug.com/1491459 +https://crbug.com/1494461 +https://crbug.com/1500856 +https://crbug.com/1501766 +https://crbug.com/1501770 +https://crbug.com/1505053 +Upgrade to Google Chrome version 119.0.6045.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 +IAVA:2023-A-0660-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 119.0.6045.199 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_109.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.109 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.109 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.109 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.110. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_110.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.110 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.110 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.110 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.200. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_200.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.200 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.200 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.200 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_199.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.199 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.199 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.130. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_130.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.130 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.130 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.130 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.129. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_129.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.129 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.129 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.129 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.216. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_216.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.216 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.216 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.216 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.217. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_217.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.217 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.217 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.217 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop advisory. + + - Use after free in Media Stream. (CVE-2023-6508) + + - Use after free in Side Panel Search. (CVE-2023-6509) + + - Use after free in Media Capture. (CVE-2023-6510) + + - Inappropriate implementation in Autofill. (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI. (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_62.nasl +current +2023-A-0669-S +2023/12/05 +2023/12/15 +Google Chrome < 120.0.6099.62 Multiple Vulnerabilities +2023/12/05 +local +Medium +Critical +1.3 +http://www.nessus.org/u?3d175be7 +https://crbug.com/1497984 +https://crbug.com/1494565 +https://crbug.com/1480152 +https://crbug.com/1478613 +https://crbug.com/1457702 +Upgrade to Google Chrome version 120.0.6099.62 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/12/05 +IAVA:2023-A-0669-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.62 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.224. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_224.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.224 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.224 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.224 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.225. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_225.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.225 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.225 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.225 + + + +0 - 7 days +cpe:/a:google:chrome +CVE-2024-0804 +CVE-2024-0805 +CVE-2024-0806 +CVE-2024-0807 +CVE-2024-0808 +CVE-2024-0809 +CVE-2024-0810 +CVE-2024-0811 +CVE-2024-0812 +CVE-2024-0813 +CVE-2024-0814 +9.8 +CVE-2024-0808 +8.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0813 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 121.0.6167.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_23 advisory. + + - Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0807) + + - Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2024-0812) + + - Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) (CVE-2024-0808) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2024-0810) + + - Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0814) + + - Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. + (Chromium security severity: Medium) (CVE-2024-0813) + + - Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2024-0806) + + - Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2024-0805) + + - Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0804) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2024-0811) + + - Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-0809) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_121_0_6167_85.nasl +current +2024-A-0052 +2024/01/23 +2024/01/30 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities +2024/01/24 +local +Low +Critical +1.2 +http://www.nessus.org/u?682ca867 +https://crbug.com/1505080 +https://crbug.com/1484394 +https://crbug.com/1504936 +https://crbug.com/1496250 +https://crbug.com/1463935 +https://crbug.com/1477151 +https://crbug.com/1505176 +https://crbug.com/1514925 +https://crbug.com/1515137 +https://crbug.com/1494490 +https://crbug.com/1497985 +Upgrade to Google Chrome version 121.0.6167.85 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +6.7 +2024/01/23 +IAVA:2024-A-0052 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 121.0.6167.85 + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Version : 119.0.6045.106 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +windows +True +x-cpe:/a:microsoft:applocker +Windows AppLocker, a tool for managing user access to applications, is installed on the remote Windows host. +microsoft_applocker_installed.nbin +2024/01/16 +Windows AppLocker Installed +2013/03/22 +local +None +1.264 +https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759117(v=ws.11) +n/a +The remote host has an application installed for managing software access. + +Nessus enumerated the following Windows AppLocker configuration : + Exe Rules + Mode : Audit + Rule name : Prevent administrators from easily running the Opera web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Firefox web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Internet Explorer web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWSŽ INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow everyone to execute all files located in the Program Files folder + Description : Allows members of the Everyone group to run applications that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Prevent administrators from easily running the Outlook email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow administrators to execute all files + Description : Allows members of the local Administrators group to run all applications. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to execute all files located in the Windows folder + Description : Allows members of the Everyone group to run applications that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Prevent administrators from easily running the Chrome web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Safari web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Thunderbird email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + + Dll Rules + Mode : Audit + Rule name : Allow everyone to execute all DLLs located in the Windows folder + Description : Allows members of the Everyone group to load DLLs located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Allow everyone to execute all DLLs located in the Program Files folder + Description : Allows members of the Everyone group to load DLLs that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allows administrators to execute all DLLs + Description : Allows members of the local Administrators group to load all DLLs. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + + Script Rules + Mode : Audit + Rule name : All scripts + Description : Allows members of the local Administrators group to run all scripts. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all scripts located in the Program Files folder + Description : Allows members of the Everyone group to run scripts that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allow everyone to run all scripts located in the Windows folder + Description : Allows members of the Everyone group to run scripts that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + + Msi Rules + Mode : Audit + Rule name : Allow administrators to run all Windows Installer files + Description : Allows members of the local Administrators group to run all Windows Installer files. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all Windows Installer files located in the Windows\Installer folder. + Description : Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\Installer\*" + + + Appx Rules + Mode : Audit + Rule name : (Default Rule) All signed packaged apps + Description : Allows members of the Everyone group to run packaged apps that are signed. + Rule type : FilePublisherRule + User/Group SID : S-1-1-0 + Condition : PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*" + + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 121.0.2277.83 + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.9214.0 + .NET Version : 4.8.1 + Associated KB : 5033918 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Full + Release : 533325 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Client + Release : 533325 + + + +windows +cpe:/a:microsoft:office +Nessus was able to collect Office macro configuration information for active accounts on the remote Windows host and generate a report as a CSV attachment. +microsoft_office_macros_config.nasl +2018/05/16 +Microsoft Office Macros Configuration +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report Office macro configuration data for active accounts on the remote host. +Office macros information attached. +0ed297383c07304eeabcde60a8121487 +569c4054039c36255e136e06f84c0db0 + + +windows +True +software_enumeration +cpe:/a:microsoft:onedrive +Microsoft OneDrive, a file hosting service, is installed on the remote host. +microsoft_onedrive_installed.nbin +2024/01/16 +Microsoft OneDrive Installed +2020/07/17 +local +None +1.110 +http://www.nessus.org/u?23c14184 +n/a +A file hosting application is installed on the remote host. + +Nessus detected 3 installs of Microsoft OneDrive: + + Path : C:\Users\Cinnabon\AppData\Local\Microsoft\OneDrive\ + Version : 17.3.6998.830 + + Path : C:\Users\dbingham\AppData\Local\Microsoft\OneDrive\ + Version : 19.2.107.5 + + Path : C:\Users\tester\AppData\Local\Microsoft\OneDrive\ + Version : 19.232.1124.12 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.11 : 00-0c-29-13-cb-e7 +192.168.40.32 : 00-0c-29-5c-7e-f8 +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.104 : 00-0c-29-71-3a-6d +192.168.40.121 : f8-ff-c2-37-57-48 +192.168.40.153 : 00-00-c0-3c-08-4b +192.168.40.173 : 90-09-d0-00-6a-23 +192.168.40.174 : 90-09-d0-00-6a-24 +192.168.40.212 : f8-ff-c2-37-57-48 +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +239.255.255.250 : 01-00-5e-7f-ff-fa +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +897ac4cede713e3ceaf47a4c45688f8d + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect AppLocker configuration information on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_applocker_config.nasl +2020/06/12 +Microsoft Windows AppLocker Configuration +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report AppLocker's configuration on the remote host. +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_dns_cache.nbin +2024/01/16 +Microsoft Windows DNS Cache +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report DNS cache information from the remote host. +true + array501.prod.do.dsp.mp.microsoft.com + array503.prod.do.dsp.mp.microsoft.com + array518.prod.do.dsp.mp.microsoft.com + +DNS cache information attached. + +f925b376f6284a493e3bcf6c550c878c + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + os : Windows_NT + username : SYSTEM + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\PROGRA~1\CONDUS~1\DISKEE~1\ + tmp : %SystemRoot%\TEMP + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ + windir : %SystemRoot% + +Active User Environment Variables + - S-1-5-21-1536193852-1370433935-2390261316-1002 + onedrive : C:\Users\DEGTHAT\OneDrive + temp : %USERPROFILE%\AppData\Local\Temp + path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; + tmp : %USERPROFILE%\AppData\Local\Temp + +6c34d0f66fb5c5a93718673564abdb8b +c54971abe1ff6167faec49a3c9f77f59 + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.251,WKS3-SOTERIA,<00>,UNIQUE,Registered,00:0C:29:E1:AD:9D +192.168.40.251,SOTERIA,<00>,GROUP,Registered,00:0C:29:E1:AD:9D +192.168.40.251,WKS3-SOTERIA,<20>,UNIQUE,Registered,00:0C:29:E1:AD:9D +192.168.40.251,SOTERIA,<1E>,GROUP,Registered,00:0C:29:E1:AD:9D +192.168.40.251,SOTERIA,<1D>,UNIQUE,Registered,00:0C:29:E1:AD:9D +192.168.40.251,..__MSBROWSE__.,<01>,GROUP,Registered,00:0C:29:E1:AD:9D + + + +281b6515e8418a85bc9f18ba9c88d78a + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +4fe470cad3c85fe7ab3a766dadfaf5cd + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\WINDOWS\\System32\\mstsc.exe + Version : 10.0.19041.3570 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\z: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed4-f250-11e8-9bec-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_PNY&Prod_USB_2.0_FD&Rev_1100#ACB1HD090000078&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0050004e0059002600500072006f0064005f005500530042005f0032002e0030005f004600440026005200650076005f00310031003000300023004100430042003100480044003000390030003000300030003000370038002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{af59e96d-7f80-11ec-9c30-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_&Prod_USB_DISK_3.0&Rev_PMAP#07000483D8E95720&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f002600500072006f0064005f005500530042005f004400490053004b005f0033002e00300026005200650076005f0050004d0041005000230030003700300030003000340038003300440038004500390035003700320030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{d8bf433e-d7c4-11ec-9c45-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_SMI&Prod_USB_3.0&Rev_1100#201302IP0002SERDCNGY&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0053004d0049002600500072006f0064005f005500530042005f0033002e00300026005200650076005f0031003100300030002300320030003100330030003200490050003000300030003200530045005200440043004e00470059002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\g: + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \??\volume{2a78a76f-f18e-11e8-9beb-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_000A#07087A9E311C2839&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f003000300030004100230030003700300038003700410039004500330031003100430032003800330039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{6dd8d9c6-2fc8-11ee-9c55-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_General&Prod_UDisk&Rev_5.00#7&3a3d7270&0&_&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e006500720061006c002600500072006f0064005f0055004400690073006b0026005200650076005f0035002e0030003000230037002600330061003300640037003200370030002600300026005f002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\e: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \??\volume{e4ff008d-9a17-11e7-9bcc-60f81dd2b949} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_1.00#1100300000000161&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f0031002e0030003000230031003100300030003300300030003000300030003000300030003100360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed5-f250-11e8-9bec-f018981982bc} + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{b7aea069-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#058F84688461&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f005300440023004d004d00430026005200650076005f0031002e003000300023003000350038004600380034003600380038003400360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea06a-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_Micro_SD#M2&Rev_1.08#058F84688461&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f004d006900630072006f005f005300440023004d00320026005200650076005f0031002e003000380023003000350038004600380034003600380038003400360031002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea083-ed45-11e8-9be7-f018981982bc} + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \dosdevices\f: + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{e4b0bc0c-9414-11e7-9bc2-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\d: + Data : m + Raw data : 6d207ff20000100000000000 + + Name : \dosdevices\c: + Data : foP + Raw data : 66df6fbd0000501f00000000 + + + + +windows +True +cpe:/o:microsoft:windows +Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past. +smb_enum_historic_usb_device_usage.nasl +2022/06/01 +Microsoft Windows USB Device Usage Report +2009/02/24 +local +None +1.15 +http://www.forensicswiki.org/wiki/USB_History_Viewing +Make sure that the use of USB drives is in accordance with your organization's security policy. +It was possible to get a list of USB devices that may have been connected to the remote system in the past. +true + +The following is a list of USB devices that have been connected +to remote system at least once in the past : + + +Device Name : USB DISK 3.0 USB Device +Last Inserted Time : Nov. 5, 2023 at 16:48:51 GMT + +First used : unknown + +Device Name : General UDisk USB Device +Last Inserted Time : unknown + +First used : unknown + +Device Name : Samsung Portable SSD T5 USB Device +Last Inserted Time : Nov. 6, 2023 at 17:34:49 GMT + +First used : unknown + +(Note that for a complete listing of 'First used' times you should +run this test with the option 'thorough_tests' enabled.) + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.17.10.8 + + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : Dave-512 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_3.0&REV_PMAP#07000483D8E95720&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEGTHAT256 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_CORSAIR&PROD_SURVIVOR_3.0&REV_000A#07087A9E311C2839&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FIRM + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERAL&PROD_UDISK&REV_5.00#7&3A3D7270&0&_&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MICRO_SD#M2&REV_1.08#058F84688461&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : C:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F84688461&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FAT-PRT + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_PNY&PROD_USB_2.0_FD&REV_1100#ACB1HD090000078&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEG-TOOLS + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_SMI&PROD_USB_3.0&REV_1100#201302IP0002SERDCNGY&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : Daves-Stuff + Device : SWD#WPDBUSENUM#{37D3844A-9E3B-11E7-9BD2-60F81DD2B949}#0000000000100000 + + Friendly name : STUFF + Device : SWD#WPDBUSENUM#{47E535CC-E60C-11E8-9BE6-806E6F6E6963}#0000000000100000 + + Friendly name : My Passport + Device : SWD#WPDBUSENUM#{677D3D2E-146F-11E8-9BDC-C8E0EB160FF2}#0000000000100000 + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#{93C0EED1-F250-11E8-9BEC-F018981982BC}#000000079E9F0600 + + Friendly name : Daves-Data + Device : SWD#WPDBUSENUM#{ABBA9390-146E-11E8-9BDB-C8E0EB160FF2}#0000000000100000 + + Friendly name : DEGTD + Device : SWD#WPDBUSENUM#{B7AEA082-ED45-11E8-9BE7-F018981982BC}#0000000000100000 + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{DA58CC9B-7CB2-11EE-9C6C-E0D04567CBCB}#0000000000100000 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5011048, Installed on: 2023/07/31 +KB5012170, Installed on: 2023/07/28 +KB5015684, Installed on: 2022/12/08 +KB5018506, Installed on: 2022/12/08 +KB5020372, Installed on: 2022/12/08 +KB5028849, Installed on: 2023/10/11 +KB5028853, Installed on: 2023/07/28 +KB5030649, Installed on: 2023/11/05 +KB5031816, Installed on: 2023/11/06 +KB5033918, Installed on: 2024/01/30 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Google Chrome + Best Confidence Version : 119.0.6045.106 + Version Confidence Level : 3 + All Possible Versions : 119.0.6045.106 + Other Version Data + [InstallDate] : + Raw Value : 2023/11/06 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe + Parsed File Version : 119.0.6045.106 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.106\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.106\Installer\setup.exe + Parsed File Version : 119.0.6045.106 + [VersionMinor] : + Raw Value : 106 + [Version] : + Raw Value : 119.0.6045.106 + [VersionMajor] : + Raw Value : 6045 + [DisplayVersion] : + Raw Value : 119.0.6045.106 + [DisplayName] : + Raw Value : Google Chrome + + - Microsoft Edge WebView2 Runtime + Best Confidence Version : 120.0.2210.144 + Version Confidence Level : 3 + All Possible Versions : 120.0.2210.144 + Other Version Data + [InstallDate] : + Raw Value : 2024/01/30 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe + Parsed File Version : 120.0.2210.144 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\Installer\setup.exe" --uninstall --msedgewebview --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\Installer\setup.exe + Parsed File Version : 120.0.2210.144 + [VersionMinor] : + Raw Value : 144 + [Version] : + Raw Value : 120.0.2210.144 + [VersionMajor] : + Raw Value : 2210 + [DisplayVersion] : + Raw Value : 120.0.2210.144 + [DisplayName] : + Raw Value : Microsoft Edge WebView2 Runtime + + - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.5.22544099 + Version Confidence Level : 2 + All Possible Versions : 12.3.5.22544099 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523205 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{27B78D8E-F8B9-4AF5-BF9C-8DDD583EAB6B} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 12.3.5.22544099 + [VersionMinor] : + Raw Value : 3 + + - Google Update Helper + Best Confidence Version : 1.3.35.451 + Version Confidence Level : 2 + All Possible Versions : 22.151.14425, 1.3.35.451 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 16973859 + Parsed Version : 22.151.14425 + [DisplayName] : + Raw Value : Google Update Helper + [UninstallString] : + Raw Value : MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} + [InstallDate] : + Raw Value : 2020/04/10 + [DisplayVersion] : + Raw Value : 1.3.35.451 + [VersionMinor] : + Raw Value : 3 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.181.5 + Version Confidence Level : 2 + All Possible Versions : 1.3.181.5 + Other Version Data + [Version] : + Raw Value : 1.3.181.5 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.181.5 + + - Adobe Refresh Manager + Best Confidence Version : 1.8.0 + Version Confidence Level : 2 + All Possible Versions : 23.48.5380, 1.8.0 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 17301504 + Parsed Version : 23.48.5380 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ + [DisplayName] : + Raw Value : Adobe Refresh Manager + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-0804-1033-1959-018244601053} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 1.8.0 + [VersionMinor] : + Raw Value : 8 + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - Microsoft Edge + Best Confidence Version : 121.0.2277.83 + Version Confidence Level : 3 + All Possible Versions : 121.0.2277.83 + Other Version Data + [InstallDate] : + Raw Value : 2024/01/30 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 121.0.2277.83 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\Installer\setup.exe" --uninstall --msedge --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\Installer\setup.exe + Parsed File Version : 121.0.2277.83 + [VersionMinor] : + Raw Value : 83 + [Version] : + Raw Value : 121.0.2277.83 + [VersionMajor] : + Raw Value : 2277 + [DisplayVersion] : + Raw Value : 121.0.2277.83 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Update Health Tools + Best Confidence Version : 3.74.0.0 + Version Confidence Level : 2 + All Possible Versions : 85.24.4882, 3.74.0.0 + Other Version Data + [VersionMajor] : + Raw Value : 3 + [Version] : + Raw Value : 55181312 + Parsed Version : 85.24.4882 + [DisplayName] : + Raw Value : Microsoft Update Health Tools + [UninstallString] : + Raw Value : MsiExec.exe /X{1FC1A6C2-576E-489A-9B4A-92D21F542136} + [InstallDate] : + Raw Value : 2023/11/06 + [DisplayVersion] : + Raw Value : 3.74.0.0 + [VersionMinor] : + Raw Value : 74 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + - Adobe Acrobat Reader + Best Confidence Version : 23.006.20360 + Version Confidence Level : 2 + All Possible Versions : 23.006.20360 + Other Version Data + [VersionMajor] : + Raw Value : 23 + [Version] : + Raw Value : 386289544 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Adobe\Acrobat Reader DC\ + [DisplayName] : + Raw Value : Adobe Acrobat Reader + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 23.006.20360 + [VersionMinor] : + Raw Value : 6 + + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 119.0.6045.106] [installed on 2023/11/06] +Microsoft Edge [version 121.0.2277.83] [installed on 2024/01/30] +Microsoft Edge Update [version 1.3.181.5] +Microsoft Edge WebView2 Runtime [version 120.0.2210.144] [installed on 2024/01/30] +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Update Health Tools [version 3.74.0.0] [installed on 2023/11/06] +VMware Tools [version 12.3.5.22544099] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Google Update Helper [version 1.3.35.451] [installed on 2020/04/10] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Adobe Refresh Manager [version 1.8.0] [installed on 2023/11/05] +Adobe Acrobat Reader [version 23.006.20360] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +cpe:/a:microsoft:ie +The remote host has Enhanced Protection Mode (EPM) enabled for the Microsoft Internet Explorer web browser. + +Enhanced Protection Mode (EPM) is an added layer of protection first added in Microsoft Internet Explorer version 10 that provides a security feature set that includes : + + - individual browser tabs can be run in 64-bit mode, increasing the effectiveness of Address Space Layout Randomization (ASLR) + + - better access protection for files via a broker process + + - untrusted web pages cannot access domain credentials + +Note that Microsoft Internet Explorer running in 'Metro style' uses Enhanced Protected Mode by default. +smb_explorer_epm_enabled.nasl +2022/02/01 +Microsoft Internet Explorer Enhanced Protection Mode (EPM) Detection +2014/06/13 +local +None +1.4 +http://www.nessus.org/u?792794bd +n/a +The remote host has Enhanced Protection Mode (EPM) for Microsoft Internet Explorer enabled. + +Enhanced Protected Mode for IE has been enabled via Group Policy configuration. + - 64-bit processes for Enhanced Protected Mode is enabled + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/1/30 12:46 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2023/02/28 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.46 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : + +1-5-21-1536193852-1370433935-2390261316 + +The value of 'RestrictAnonymous' setting is : 1 + + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry +Logged on users : + - S-1-5-21-1536193852-1370433935-2390261316-1002 + Domain : + Username : + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\WINDOWS\system32\MRT.exe + Version : 5.118.23100.1 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +cpe:/o:microsoft:windows +The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues. +smb_v1_enabled.nasl +true +2020/06/12 +Server Message Block (SMB) Protocol Version 1 Enabled +2017/02/09 +local +None +1.8 +https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ +https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and +http://www.nessus.org/u?8dcab5e4 +http://www.nessus.org/u?234f8ef8 +http://www.nessus.org/u?4c7e0cf3 +Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices. +The remote Windows host supports the SMBv1 protocol. + + SMBv1 server is enabled : + - HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : 1 + SMB1protocol feature is enabled based on the following key : + - HKLM\SYSTEM\CurrentControlSet\Services\srv + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.5.46049 + + + +Nessus was able to retrieve and display the contents of the Windows prefetch folder (%systemroot%\prefetch\*). This information shows programs that have run with the prefetch and superfetch mechanisms enabled. +windows_prefetch.nasl +2018/11/15 +Windows Prefetch Folder +2014/09/12 +local +None +1.2 +http://www.nessus.org/u?8242d04f +http://www.nessus.org/u?d6b15983 +http://www.forensicswiki.org/wiki/Prefetch +n/a +Nessus was able to retrieve the Windows prefetch folder file list. ++ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters +rootdirpath : +enableprefetcher : 3 + ++ Prefetch file list : + - \WINDOWS\prefetch\119.0.6045.106_119.0.6045.105-9DD3C9FF.pf + - \WINDOWS\prefetch\AM_BASE_PATCH1.EXE-FC84E7C0.pf + - \WINDOWS\prefetch\AM_DELTA.EXE-B7261F63.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.401.151.0.EX-B3F7F584.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.401.178.0.EX-E83E84D1.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.401.185.0.EX-3BE4A99F.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.403.2943.0.E-DB0A6FF5.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.403.2949.0.E-E107CB33.pf + - \WINDOWS\prefetch\AM_ENGINE_PATCH_1.1.23100.200-8708AE36.pf + - \WINDOWS\prefetch\APPLICATIONFRAMEHOST.EXE-CCEEF759.pf + - \WINDOWS\prefetch\ARP.EXE-2BC38967.pf + - \WINDOWS\prefetch\AUDIODG.EXE-BDFD3029.pf + - \WINDOWS\prefetch\AUDITPOL.EXE-FE8D42C2.pf + - \WINDOWS\prefetch\AUTORUN.EXE-3954485B.pf + - \WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-353E93DD.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BA.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BB.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1C2.pf + - \WINDOWS\prefetch\CMD.EXE-4A81B364.pf + - \WINDOWS\prefetch\CMD.EXE-AC113AA8.pf + - \WINDOWS\prefetch\COMPATTELRUNNER.EXE-DB97728F.pf + - \WINDOWS\prefetch\COMPPKGSRV.EXE-21DBED9C.pf + - \WINDOWS\prefetch\CONHOST.EXE-1F3E9D7E.pf + - \WINDOWS\prefetch\CONSENT.EXE-531BD9EA.pf + - \WINDOWS\prefetch\CSC.EXE-67679278.pf + - \WINDOWS\prefetch\CSCC-REMOTE.EXE-7C27D0A9.pf + - \WINDOWS\prefetch\CSCC64-REMOTE.EXE-9740F674.pf + - \WINDOWS\prefetch\CSRSS.EXE-3FE41F7E.pf + - \WINDOWS\prefetch\CTFMON.EXE-9450846B.pf + - \WINDOWS\prefetch\CVTRES.EXE-F2B7602E.pf + - \WINDOWS\prefetch\DEFRAG.EXE-588F90AD.pf + - \WINDOWS\prefetch\DISM.EXE-DE199F71.pf + - \WINDOWS\prefetch\DISMHOST.EXE-369F8D28.pf + - \WINDOWS\prefetch\DISMHOST.EXE-7265EE62.pf + - \WINDOWS\prefetch\DISMHOST.EXE-825D7DBB.pf + - \WINDOWS\prefetch\DISMHOST.EXE-8DABA6EF.pf + - \WINDOWS\prefetch\DISMHOST.EXE-C33273CF.pf + - \WINDOWS\prefetch\DISMHOST.EXE-C7E51022.pf + - \WINDOWS\prefetch\DISMHOST.EXE-EE672375.pf + - \WINDOWS\prefetch\DLLHOST.EXE-0AD6AC16.pf + - \WINDOWS\prefetch\DLLHOST.EXE-1EA744B6.pf + - \WINDOWS\prefetch\DLLHOST.EXE-2E884D3E.pf + - \WINDOWS\prefetch\DLLHOST.EXE-5A984E5F.pf + - \WINDOWS\prefetch\DLLHOST.EXE-823CA4DA.pf + - \WINDOWS\prefetch\DLLHOST.EXE-9037274D.pf + - \WINDOWS\prefetch\DLLHOST.EXE-9C376A75.pf + - \WINDOWS\prefetch\DLLHOST.EXE-EA533AAF.pf + - \WINDOWS\prefetch\DRVINST.EXE-4CB4314A.pf + - \WINDOWS\prefetch\DWM.EXE-6FFD3DA8.pf + - \WINDOWS\prefetch\ELEVATE64.EXE-75D706B4.pf + - \WINDOWS\prefetch\EXPAND.EXE-05AD1090.pf + - \WINDOWS\prefetch\EXPLORER.EXE-A80E4F97.pf + - \WINDOWS\prefetch\FONTDRVHOST.EXE-31E45F6D.pf + - \WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-9C89DCB6.pf + - \WINDOWS\prefetch\GOOGLECRASHHANDLER64.EXE-EBE48838.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-97084C14.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-B95715F5.pf + - \WINDOWS\prefetch\GPSCRIPT.EXE-CCD32D94.pf + - \WINDOWS\prefetch\IEXPLORE.EXE-908C99F8.pf + - \WINDOWS\prefetch\IMPORTREGPOL.EXE-0F205B23.pf + - \WINDOWS\prefetch\IMPORTREGPOL.EXE-ED59D338.pf + - \WINDOWS\prefetch\IPCONFIG.EXE-912F3D5B.pf + - \WINDOWS\prefetch\JKDEFRAG64.EXE-1DD0F723.pf + - \WINDOWS\prefetch\JKDEFRAGGUI.EXE-7401E0FA.pf + - \WINDOWS\prefetch\JKDEFRAGPORTABLE.EXE-8AC1990B.pf + - \WINDOWS\prefetch\LGPO.EXE-12896114.pf + - \WINDOWS\prefetch\LGPO.EXE-9B6B69D6.pf + - \WINDOWS\prefetch\LOCKAPP.EXE-5A9FA247.pf + - \WINDOWS\prefetch\LOGONUI.EXE-09140401.pf + - \WINDOWS\prefetch\MAKECAB.EXE-0F1704A4.pf + - \WINDOWS\prefetch\MANAGE-BDE.EXE-37A0B125.pf + - \WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-C4317749.pf + - \WINDOWS\prefetch\MICROSOFTEDGE_X64_120.0.2210.-567156D2.pf + - \WINDOWS\prefetch\MICROSOFTEDGE_X64_121.0.2277.-5803383E.pf + - \WINDOWS\prefetch\MMC.EXE-381384EF.pf + - \WINDOWS\prefetch\MMC.EXE-7FBB0956.pf + - \WINDOWS\prefetch\MMC.EXE-EA3BC57E.pf + - \WINDOWS\prefetch\MOBSYNC.EXE-C5E2284F.pf + - \WINDOWS\prefetch\MOFCOMP.EXE-8FE3D558.pf + - \WINDOWS\prefetch\MOUSOCOREWORKER.EXE-681A8FEE.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-68BB20D0.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-7D4AA24B.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-B6117D0E.pf + - \WINDOWS\prefetch\MPRECOVERY.EXE-DDADD581.pf + - \WINDOWS\prefetch\MPRECOVERY.EXE-FFD06E71.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-5E95E876.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-6CB27A06.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-A40D77CB.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-DBCD8A3B.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-57D17DAF.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-C3C515BD.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B85.pf + - \WINDOWS\prefetch\MSIEXEC.EXE-A2D55CB6.pf + - \WINDOWS\prefetch\MSIEXEC.EXE-E09A077A.pf + - \WINDOWS\prefetch\MSMPENG.EXE-0D196553.pf + - \WINDOWS\prefetch\MSMPENG.EXE-3870F3D8.pf + - \WINDOWS\prefetch\MSMPENG.EXE-E476D4E5.pf + - \WINDOWS\prefetch\MSTSC.EXE-76A46E8A.pf + - \WINDOWS\prefetch\NBTSTAT.EXE-84461EB8.pf + - \WINDOWS\prefetch\NET.EXE-DF44F913.pf + - \WINDOWS\prefetch\NET1.EXE-849DA590.pf + - \WINDOWS\prefetch\NETSH.EXE-F1B6DA12.pf + - \WINDOWS\prefetch\NETSTAT.EXE-5A5A908F.pf + - \WINDOWS\prefetch\NGEN.EXE-AE594A6B.pf + - \WINDOWS\prefetch\NGEN.EXE-EC3F9239.pf + - \WINDOWS\prefetch\NGENTASK.EXE-4F8BD802.pf + - \WINDOWS\prefetch\NGENTASK.EXE-BB7F7010.pf + - \WINDOWS\prefetch\NISSRV.EXE-4B61B196.pf + - \WINDOWS\prefetch\NISSRV.EXE-B8EE4089.pf + - \WINDOWS\prefetch\NISSRV.EXE-F8AAD06B.pf + - \WINDOWS\prefetch\NOTEPAD.EXE-D8414F97.pf + - \WINDOWS\prefetch\NPFINSTALL.EXE-82E7040F.pf + - \WINDOWS\prefetch\Op-SEARCHAPP.EXE-0F10B1A6-00000001.pf + - \WINDOWS\prefetch\OPENWITH.EXE-5C93E816.pf + - \WINDOWS\prefetch\POWERSHELL.EXE-920BBA2A.pf + - \WINDOWS\prefetch\REG.EXE-E7E8BD26.pf + - \WINDOWS\prefetch\REGEDIT.EXE-90FEEA06.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-081B5A6F.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-467448AC.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-F9283CB8.pf + - \WINDOWS\prefetch\RUNONCE.EXE-0E293DD6.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-07E5777E.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-196943E5.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-1BA55E56.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-72C0C855.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-98F22970.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-C0023C99.pf + - \WINDOWS\prefetch\SATISMO-LOCKDOWN-TOOL.EXE-F5B19B48.pf + - \WINDOWS\prefetch\SC.EXE-945D79AE.pf + - \WINDOWS\prefetch\SCHTASKS.EXE-5CA45734.pf + - \WINDOWS\prefetch\SCRNSAVE.SCR-51176AA7.pf + - \WINDOWS\prefetch\SDIAGNHOST.EXE-8D72177C.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-0A9AB385.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-8CDCFFB0.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-AEF051F3.pf + - \WINDOWS\prefetch\SEARCHFILTERHOST.EXE-77482212.pf + - \WINDOWS\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf + - \WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf + - \WINDOWS\prefetch\SECEDIT.EXE-CB2BC3E5.pf + - \WINDOWS\prefetch\SECHEALTHUI.EXE-D6B58CEB.pf + - \WINDOWS\prefetch\SECURITYHEALTHHOST.EXE-A928C304.pf + - \WINDOWS\prefetch\SECURITYHEALTHSERVICE.EXE-EE3BC4CB.pf + - \WINDOWS\prefetch\SECURITYHEALTHSYSTRAY.EXE-41AD6DE1.pf + - \WINDOWS\prefetch\SETUP.EXE-3A7C48C1.pf + - \WINDOWS\prefetch\SETUP.EXE-3A7C48C8.pf + - \WINDOWS\prefetch\SETUP.EXE-4B64D63B.pf + - \WINDOWS\prefetch\SETUP.EXE-4B64D63F.pf + - \WINDOWS\prefetch\SETUP.EXE-916A2EBE.pf + - \WINDOWS\prefetch\SETUP.EXE-916A2EC2.pf + - \WINDOWS\prefetch\SETUP.EXE-A680C563.pf + - \WINDOWS\prefetch\SETUP.EXE-A680C56A.pf + - \WINDOWS\prefetch\SETUP64.EXE-6C6157AB.pf + - \WINDOWS\prefetch\SGRMBROKER.EXE-0CA31CC6.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-23D7A593.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-EF3EE583.pf + - \WINDOWS\prefetch\SIHCLIENT.EXE-A872A8BF.pf + - \WINDOWS\prefetch\SIHOST.EXE-2C4C53BA.pf + - \WINDOWS\prefetch\SLUI.EXE-724E99D9.pf + - \WINDOWS\prefetch\SMARTSCREEN.EXE-9B5E4173.pf + - \WINDOWS\prefetch\SMSS.EXE-E9C28FC6.pf + - \WINDOWS\prefetch\SPPEXTCOMOBJ.EXE-BB03B3D6.pf + - \WINDOWS\prefetch\SPPSVC.EXE-B0F8131B.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-58859201.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-D80E778C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-08BC2356.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0C2D202C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0D126A9F.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0E4FE292.pf + - \WINDOWS\prefetch\SVCHOST.EXE-272EF09B.pf + - \WINDOWS\prefetch\SVCHOST.EXE-2C8F9E34.pf + - \WINDOWS\prefetch\SVCHOST.EXE-2FA0E8A6.pf + - \WINDOWS\prefetch\SVCHOST.EXE-3905CA11.pf + - \WINDOWS\prefetch\SVCHOST.EXE-4278A5C0.pf + - \WINDOWS\prefetch\SVCHOST.EXE-483ECC41.pf + - \WINDOWS\prefetch\SVCHOST.EXE-579B147A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5E731DE3.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5EAAEC8A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5F9C92CC.pf + - \WINDOWS\prefetch\SVCHOST.EXE-62975899.pf + - \WINDOWS\prefetch\SVCHOST.EXE-6579E144.pf + - \WINDOWS\prefetch\SVCHOST.EXE-6C525542.pf + - \WINDOWS\prefetch\SVCHOST.EXE-776D4801.pf + - \WINDOWS\prefetch\SVCHOST.EXE-7B41F868.pf + - \WINDOWS\prefetch\SVCHOST.EXE-7D248B6A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-84ADBFA7.pf + - \WINDOWS\prefetch\SVCHOST.EXE-868216AE.pf + - \WINDOWS\prefetch\SVCHOST.EXE-86AA6B35.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8929E8DF.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8A9E6608.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8D87DCC8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-97CD69B8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-98090C0A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-A1E3F14E.pf + - \WINDOWS\prefetch\SVCHOST.EXE-A8007E45.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AD0331FB.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AFDE613F.pf + - \WINDOWS\prefetch\SVCHOST.EXE-BA748B25.pf + - \WINDOWS\prefetch\SVCHOST.EXE-BC4C6158.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D5B495F2.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D6693F60.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D7909332.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D8FFFCDA.pf + - \WINDOWS\prefetch\SVCHOST.EXE-EBA34E64.pf + - \WINDOWS\prefetch\SVCHOST.EXE-ECA65C63.pf + - \WINDOWS\prefetch\SVCHOST.EXE-F0CB7C91.pf + - \WINDOWS\prefetch\SVCHOST.EXE-FE99AE69.pf + - \WINDOWS\prefetch\SYSTEMSETTINGS.EXE-01D72268.pf + - \WINDOWS\prefetch\SYSTEMSETTINGSADMINFLOWS.EXE-389031F2.pf + - \WINDOWS\prefetch\TASKHOSTW.EXE-3E0B74C8.pf + - \WINDOWS\prefetch\TASKKILL.EXE-8F5B2253.pf + - \WINDOWS\prefetch\TASKLIST.EXE-C6CEE193.pf + - \WINDOWS\prefetch\TASKMGR.EXE-5F5F473D.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-1557F467.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-6DC31D2B.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-95832A05.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-A6B545E0.pf + - \WINDOWS\prefetch\TIWORKER.EXE-5883C58B.pf + - \WINDOWS\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf + - \WINDOWS\prefetch\TUTELA-IA-LOCKDOWN-TOOL2021.E-5163B368.pf + - \WINDOWS\prefetch\UHSSVC.EXE-EC246342.pf + - \WINDOWS\prefetch\UNIFIEDINSTALLER.EXE-2D37BA61.pf + - \WINDOWS\prefetch\UNINST.EXE-850DA63F.pf + - \WINDOWS\prefetch\UNINSTALL.EXE-386FC2DB.pf + - \WINDOWS\prefetch\UN_A.EXE-B491018D.pf + - \WINDOWS\prefetch\USOCLIENT.EXE-5A8A3A5E.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-982E0EED.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-D32DE9DB.pf + - \WINDOWS\prefetch\VCREDIST_X86.EXE-41F3B186.pf + - \WINDOWS\prefetch\VCREDIST_X86.EXE-D059F512.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-5C67D71D.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-B9F44A1F.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-C05C0B94.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-C55F8EAF.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-0F76B730.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-91430499.pf + - \WINDOWS\prefetch\VMTOOLSD.EXE-CD82EC13.pf + - \WINDOWS\prefetch\VMWARE-TOOLS-12.3.5-22544099--5DDD6B5C.pf + - \WINDOWS\prefetch\VMWARERESOLUTIONSET.EXE-79C811DD.pf + - \WINDOWS\prefetch\VMWARETOOLBOXCMD.EXE-C33722D4.pf + - \WINDOWS\prefetch\VSSADMIN.EXE-9FF2C6A1.pf + - \WINDOWS\prefetch\VSSVC.EXE-B8AFC319.pf + - \WINDOWS\prefetch\WAASMEDICAGENT.EXE-ED0D7511.pf + - \WINDOWS\prefetch\WEVTUTIL.EXE-EF5861C4.pf + - \WINDOWS\prefetch\WHOAMI.EXE-B8288E39.pf + - \WINDOWS\prefetch\WINLOGON.EXE-B020DC41.pf + - \WINDOWS\prefetch\WINSAT.EXE-DE36CB46.pf + - \WINDOWS\prefetch\WLRMDR.EXE-C2B47318.pf + - \WINDOWS\prefetch\WMIADAP.EXE-F8DFDFA2.pf + - \WINDOWS\prefetch\WMIAPSRV.EXE-29F35ED0.pf + - \WINDOWS\prefetch\WMIC.EXE-A7D06383.pf + - \WINDOWS\prefetch\WMIPRVSE.EXE-1628051C.pf + - \WINDOWS\prefetch\WORDPAD.EXE-D7FD7414.pf + - \WINDOWS\prefetch\WUAUCLT.EXE-70318591.pf + - \WINDOWS\prefetch\WUDFHOST.EXE-AFFEF87C.pf + - \WINDOWS\prefetch\WWAHOST.EXE-3FD45057.pf + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information available on the remote host via WMI. +wmi_enum_encryptable_volumes.nbin +2024/01/16 +WMI Encryptable Volume Enumeration +2010/12/15 +local +None +1.210 +http://www.nessus.org/u?8aa7973e +n/a +The remote Windows host has encryptable volumes available. + +Here is a list of encryptable volumes available on the remote system : + ++ DriveLetter C: + + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{bd6fdf66-0000-0000-0000-501f00000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 58.68 GB + ++ DriveLetter D: + + - Automatic Unlock : Disabled + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{f27f206d-0000-0000-0000-100000000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 50.00 GB + + + +730 days + +CEA-2020-0101 +cpe:/o:microsoft:windows +CVE-2020-1574 +7.3 +6.4 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H +3.6 +6.9 +CVE-2020-1574 +5.1 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C +The Windows 'WebP Image Extension' or 'WebP from Device Manufacturer' app installed on the remote host is affected by a remote code execution vulnerability. +An unauthenticated, remote attacker can exploit this vulnerability via an specially crafted image to execute code and gain control of the system. +Unproven +No known exploits are available +smb_nt_ms20_aug_webp_rce.nasl +2020-A-0361-S +2020/08/14 +2022/12/05 +Microsoft Windows WebP Image Extension RCE (August 2020) +2020/09/15 +local +Low +Medium +1.6 +http://www.nessus.org/u?f2638e5b +Upgrade to app version 1.0.31251.0 or later via the Microsoft Store. +I +The Windows app installed on the remote host is affected by a Remote Code Execution Vulnerability. +Very Low +No recorded events +No recorded events +4.4 +2020/08/14 +IAVA:2020-A-0361-S +CEA-ID:CEA-2020-0101 + + Path : C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.30634.0_x64__8wekyb3d8bbwe + Installed version : 1.0.30634.0 + Fixed version : 1.0.31251.0 + + + +730 days + +CEA-2020-0126 +cpe:/o:microsoft:windows +CVE-2020-16918 +CVE-2020-17003 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +9.3 +CVE-2020-16918 +6.9 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The Microsoft 3D Viewer app installed on the remote host is affected by a code execution vulnerability when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. +Unproven +No known exploits are available +smb_nt_ms20_oct_3d_viewer.nasl +2020/10/13 +2022/12/05 +Microsoft 3D Viewer Base3D Code Execution (October 2020) +2020/10/13 +local +Low +High +1.5 +http://www.nessus.org/u?4a0fa39f +http://www.nessus.org/u?baf22b1a +https://www.zerodayinitiative.com/advisories/ZDI-20-1246/ +Upgrade to app version 7.2009.29132.0 or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a code execution vulnerability. +Very Low +No recorded events +No recorded events +5.9 +2020/10/13 +ZDI:ZDI-20-1246 +CEA-ID:CEA-2020-0126 +ZDI-20-1246 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : 7.2009.29132.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-43905 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-43905 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Microsoft 365 (Office)' app installed on the remote host is affected by a code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms21_dec_officehub_app.nasl +2021-A-0584-S +2021/12/14 +2023/07/19 +Microsoft 365 (Office) App Code Execution (December 2021) +2023/07/18 +local +Low +Medium +1.1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905 +Upgrade to app version 18.2110.13110.0, or later via the Microsoft Store. +I +The Windows app installed on the remote host is affected by a code execution vulnerability. +Very Low +No recorded events +No recorded events +8.1 +2021/12/14 +IAVA:2021-A-0584-S + + Installed version : 17.10314.31700.1000 + Fixed version : 18.2110.13110.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-31942 +CVE-2021-31943 +CVE-2021-31944 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-31943 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows '3D Viewer' app installed on the remote host is affected by multiple vulnerabilities. + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-31942, CVE-2021-31943) + - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-31944) +true +Functional +Exploits are available +smb_nt_ms21_june_3dviewer.nasl +2021/06/08 +2023/12/27 +Microsoft 3D Viewer Multiple Vulnerabilities (June 2021) +2021/06/08 +local +Low +Medium +1.3 +http://www.nessus.org/u?e914ff80 +http://www.nessus.org/u?5257edc0 +http://www.nessus.org/u?bdd18cf9 +Upgrade to app version 7.2105.4012.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by multiple vulnerabilties. +Very Low +No recorded events +No recorded events +7.4 +2021/06/08 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : 7.2105.4012.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-31945 +CVE-2021-31946 +CVE-2021-31983 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-31983 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. +true +Unproven +Exploits are available +smb_nt_ms21_june_mspaint3d.nasl +2021/06/08 +2023/12/27 +Microsoft Paint 3D Multiple Vulnerabilities (June 2021) +2021/06/08 +local +Low +Medium +1.4 +http://www.nessus.org/u?941966fe +http://www.nessus.org/u?a40919a7 +http://www.nessus.org/u?99b641c8 +Upgrade to app version 6.2105.4017.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/06/08 + + Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Installed version : 6.1907.18017.0 + Fixed version : 6.2105.4017.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-28465 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-28465 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Web Media Extensions' app installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. (CVE-2021-28465) +true +Unproven +Exploits are available +smb_nt_ms21_may_web_media.nasl +2021/05/11 +2024/01/02 +Microsoft Windows Web Media Extensions Library RCE (May 2021) +2021/05/11 +local +Low +Medium +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28465 +Upgrade to app version 1.0.40831.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2021/05/11 + + Path : C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe + Installed version : 1.0.20875.0 + Fixed version : 1.0.40831.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-43208 +CVE-2021-43209 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-43209 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of the Microsoft 3D Viewer app installed on the remote host is prior to 7.2107.7012.0. It is, therefore, affected by multiple remote code execution vulnerabilities. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms21_november_3dviewer.nasl +2021/11/09 +2023/11/24 +Microsoft 3D Viewer Multiple Vulnerabilities (November 2021) +2021/11/09 +local +Low +Medium +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43208 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43209 +Upgrade to app version 7.2107.7012.0., or later via the Microsoft Store. +The Windows app installed on the remote host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/11/09 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : 7.2107.7012.0 + + + +365 - 730 days +cpe:/o:microsoft:windows +CVE-2022-24457 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-24457 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows HEIF Image Extension app installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. +Unproven +No known exploits are available +smb_nt_ms22_mar_heif.nasl +2022/03/08 +2022/03/09 +Microsoft Windows HEIF Image Extensions RCE (March 2022) +2022/03/08 +local +Low +Medium +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24457 +Upgrade to app version 1.0.43012.0 or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2022/03/08 + + Path : C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.30722.0_x64__8wekyb3d8bbwe + Installed version : 1.0.30722.0 + Fixed version : 1.0.43012.0 + + + +365 - 730 days +cpe:/o:microsoft:windows +CVE-2022-23282 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-23282 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Paint 3D' app installed on the remote host is affected by a code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. +Unproven +No known exploits are available +smb_nt_ms22_mar_mspaint3d.nasl +2022/03/08 +2022/03/09 +Microsoft Paint 3D Code Execution (March 2022) +2022/03/08 +local +Low +Medium +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23282 +Upgrade to app version 6.2105.4017.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a code execution vulnerability.. +Very Low +No recorded events +No recorded events +6.7 +2022/03/08 + + Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Installed version : 6.1907.18017.0 + Fixed version : 6.2105.4017.0 + + + +180 - 365 days +cpe:/o:microsoft:windows +cpe:/a:microsoft:3d_builder +CVE-2023-23377 +CVE-2023-23390 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-23390 +6.0 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Builder app installed on the remote Windows host is prior to 20.0.3.0. It is, therefore, affected by multiple unspecified remote code execution vulnerabilities. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms23_feb_3d_builder.nasl +2023-A-0094-S +2023/02/14 +2023/09/15 +Microsoft 3D Builder app Multiple Remote Code Execution Vulnerabilities (February 2023) +2023/02/16 +local +Low +High +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23377 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23390 +Update to the latest Microsoft 3D Builder app via the Windows App Store. +I +The Microsoft 3D Builder app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/14 +IAVA:2023-A-0094-S + + Path : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Installed version : 18.0.1931.0 + Fixed version : Update to the latest Microsoft 3D Builder app via the Microsoft Store. + + + +365 - 730 days +cpe:/o:microsoft:windows +CVE-2023-21780 +CVE-2023-21781 +CVE-2023-21782 +CVE-2023-21783 +CVE-2023-21784 +CVE-2023-21785 +CVE-2023-21786 +CVE-2023-21787 +CVE-2023-21788 +CVE-2023-21789 +CVE-2023-21790 +CVE-2023-21791 +CVE-2023-21792 +CVE-2023-21793 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-21793 +6.0 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Builder app installed on the remote Windows host is prior or equal to 18.0.1931.0. It is, therefore, affected by multiple unspecified remote code execution vulnerabilities. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms23_jan_3d_builder.nasl +2023/01/10 +2023/09/08 +Microsoft 3D Builder app Multiple Remote Code Execution Vulnerabilities (January 2023) +2023/01/10 +local +Low +High +1.3 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21780 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21781 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21782 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21783 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21784 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21785 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21786 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21787 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21788 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21789 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21790 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21791 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21792 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21793 +Update to the latest Microsoft 3D Builder app via the Windows App Store once updates are available. +The Microsoft 3D Builder app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2023/01/10 + + Path : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Installed version : 18.0.1931.0 + Fixed version : Update to the latest Microsoft 3D Builder app via the Microsoft Store once updates are available. + + + +180 - 365 days +cpe:/o:microsoft:windows +CVE-2023-32047 +CVE-2023-35374 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-35374 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The Windows 'Paint 3D' app installed on the remote host is affected by multiple code execution vulnerabilities. An attacker who successfully exploited one of the vulnerabilities could execute arbitrary code. Exploitation of the vulnerabilities requires that a program process a specially crafted file. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms23_jul_mspaint3d.nasl +2023/07/11 +2023/07/14 +Microsoft Paint 3D Code Execution (July 2023) +2023/07/13 +local +Low +High +1.1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32047 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35374 +Upgrade to app version 6.2305.16087.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/11 + + Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Installed version : 6.1907.18017.0 + Fixed version : 6.2305.16087.0 + + + +60 - 180 days +cpe:/o:microsoft:windows +cpe:/a:microsoft:3d_builder +CVE-2023-36770 +CVE-2023-36771 +CVE-2023-36772 +CVE-2023-36773 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-36773 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Builder app installed on the remote Windows host is prior to 20.0.4.0. It is, therefore, affected by multiple remote code execution vulnerabilities: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36770, CVE-2023-36771, CVE-2023-36772, CVE-2023-36773) +false +Unproven +No known exploits are available +smb_nt_ms23_sep_3d_builder.nasl +2023-A-0484 +2023/02/14 +2023/10/27 +Microsoft 3D Builder app Multiple Remote Code Execution Vulnerabilities (September 2023) +2023/09/12 +local +Low +High +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773 +Update to the latest Microsoft 3D Builder app via the Windows App Store. +I +The Microsoft 3D Builder app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/14 +IAVA:2023-A-0484 + + Path : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Installed version : 18.0.1931.0 + Fixed version : Update to the latest Microsoft 3D Builder app via the Microsoft Store. + + + +60 - 180 days +cpe:/o:microsoft:windows +cpe:/a:microsoft:3d_builder +CVE-2022-41303 +CVE-2023-36739 +CVE-2023-36740 +CVE-2023-36760 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-36760 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Viewer app installed on the remote Windows host is prior to 20.0.3.0. It is, therefore, affected by multiple unspecified remote code execution vulnerabilities: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36739, CVE-2023-36740, CVE-2023-36760) +Unproven +No known exploits are available +smb_nt_ms23_sep_3d_viewer.nasl +2023/09/11 +2023/10/23 +Microsoft 3D Viewer app Multiple Remote Code Execution Vulnerabilities (September 2023) +2023/09/12 +local +Low +High +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760 +Update to the latest Microsoft 3D Viewer app via the Windows App Store. +The Microsoft 3D Viewer app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/09/11 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : Update to the latest Microsoft 3D Viewer app via the Microsoft Store. + + + +180 - 365 days +cpe:/a:microsoft:snip_and_sketch +CVE-2023-28303 +3.3 +2.9 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N +1.4 +2.1 +CVE-2023-28303 +1.6 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N +An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11) where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the cropped image file. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +windows_acropalypse_cve-2023-28303.nasl +2023/03/24 +2023/06/14 +Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse) +2023/06/13 +remote +Low +Low +1.1 +http://www.nessus.org/u?ad297874 +Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later. +The remote web server hosts an application that is affected by an information disclosure vulnerability. +Very Low +No recorded events +No recorded events +1.4 +2023/03/24 + + Path : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe + Installed version : 10.1907.2471.0 + Fixed version : 10.2008.3001.0 + + + +True +software_enumeration +cpe:/o:microsoft:windows +This plugin connects to the remote Windows host with the supplied credentials and uses WMI and Powershell to enumerate applications installed on the host from the Windows Store. +wmi_enum_windows_app_store.nbin +2024/01/16 +Windows Store Application Enumeration +2015/09/02 +local +None +1.232 +https://www.microsoft.com/en-us/store/apps +n/a +It is possible to obtain the list of applications installed from the Windows Store. + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.15063.608 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -CortanaListenUIApp + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -DesktopLearning + Version : 1000.15063.0.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -DesktopView + Version : 1000.15063.0.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.15063.608 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -EnvironmentsApp + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.15063.608 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.PPIProjection + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.HolographicFirstRun + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.ContactSupport + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.PrintDialog + Version : 6.2.0.0 + InstallLocation : C:\Windows\PrintDialog + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Appconnector + Version : 1.3.3.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.24903.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.24903.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.6 + Version : 1.6.24903.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.6 + Version : 1.6.24903.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.25426.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.25426.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingFinance + Version : 4.26.12334.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.25531.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftOfficeHub + Version : 17.10314.31700.1000 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.25531.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftSolitaireCollection + Version : 4.2.8172.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingSports + Version : 4.25.11802.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingSports_4.25.11802.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsPhone + Version : 10.1802.311.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxSpeechToTextOverlay + Version : 1.21.13002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Office.OneNote + Version : 16001.11001.20079.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.HolographicFirstRun + Version : 10.0.17134.1 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -windows.immersivecontrolpanel + Version : 10.0.2.1000 + InstallLocation : C:\Windows\ImmersiveControlPanel + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.0 + Version : 2.1810.18004.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.19011.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.19011.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.0 + Version : 2.1810.18004.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.27328.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.27328.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.6_1.6.27413.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27405.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.6_1.6.27413.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27405.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27323.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.19011.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.19011.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27323.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27629.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27629.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Advertising.Xaml + Version : 10.1811.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Advertising.Xaml + Version : 10.1811.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxApp + Version : 48.55.9001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxApp_48.55.9001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingWeather + Version : 4.31.11905.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.1 + Version : 2.11906.6001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.1 + Version : 2.11906.6001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsAlarms + Version : 10.1903.1006.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1903.1006.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.SkypeApp + Version : 14.48.51.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c + Architecture : X64 + Publisher : CN=Skype Software Sarl, O=Microsoft Corporation, L=Luxembourg, S=Luxembourg, C=LU + + -microsoft.windowscommunicationsapps + Version : 16005.11629.20316.0 + InstallLocation : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Messaging + Version : 4.1901.10241.1000 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.OneConnect + Version : 5.1906.1791.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxIdentityProvider + Version : 12.54.26001.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsSoundRecorder + Version : 10.1902.633.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1902.633.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameOverlay + Version : 1.43.12001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.43.12001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsFeedbackHub + Version : 1.1903.1582.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1903.1582.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingNews + Version : 4.31.11905.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.PrintDialog + Version : 6.2.1.0 + InstallLocation : C:\Windows\PrintDialog + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Advertising.Xaml + Version : 10.1808.3.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Getstarted + Version : 7.3.20251.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Getstarted_7.3.20251.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftStickyNotes + Version : 3.1.53.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.53.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.25531.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.25531.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.26706.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.26706.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Wallet + Version : 2.4.18324.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MSPaint + Version : 6.1907.18017.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.3DBuilder + Version : 18.0.1931.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WebMediaExtensions + Version : 1.0.20875.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Cortana + Version : 1.13.0.18362 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27810.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27810.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27912.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27912.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ScreenSketch + Version : 10.1907.2471.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Microsoft3DViewer + Version : 7.1908.9012.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.People + Version : 10.1909.2812.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.People_10.1909.2812.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27810.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27810.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AAD.BrokerPlugin + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge + Version : 44.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.PPIProjection + Version : 10.0.18362.449 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CallingShellApp + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CloudExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ContentDeliveryManager + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ShellExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -InputApp + Version : 1000.18362.449.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AsyncTextService + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ECApp + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdgeDevToolsClient + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Win32WebViewHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CapturePicker + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.NarratorQuickStart + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PeopleExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PinningConfirmationDialog + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.StartMenuExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.XGpuEjectDialog + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.CBSPreview + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsMaps + Version : 5.1909.2813.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1909.2813.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ZuneMusic + Version : 10.19101.10711.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ZuneVideo + Version : 10.19101.10711.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.28604.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.28604.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.27422.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.27422.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.2 + Version : 2.21909.17002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.2 + Version : 2.21909.17002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.DesktopAppInstaller + Version : 1.0.32912.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.32912.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsCalculator + Version : 10.1910.0.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsCamera + Version : 2019.926.30.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2019.926.30.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WebpImageExtension + Version : 1.0.30634.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.30634.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.HEIFImageExtension + Version : 1.0.30722.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.30722.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsStore + Version : 12004.1001.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Photos + Version : 2020.19111.24110.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.StorePurchaseApp + Version : 12004.1001.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12004.1001.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -InputApp + Version : 1000.18362.1593.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AAD.BrokerPlugin + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AsyncTextService + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ECApp + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdgeDevToolsClient + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge + Version : 44.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.PPIProjection + Version : 10.0.18362.1593 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CallingShellApp + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CapturePicker + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CloudExperienceHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ContentDeliveryManager + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Cortana + Version : 1.13.2.18362 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PinningConfirmationDialog + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ShellExperienceHost + Version : 10.0.18362.1916 + InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Win32WebViewHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.NarratorQuickStart + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PeopleExperienceHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.StartMenuExperienceHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.XGpuEjectDialog + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.CBSPreview + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.4 + Version : 2.42007.9001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.4 + Version : 2.42007.9001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.29512.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.29512.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.3 + Version : 2.32002.13001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.3 + Version : 2.32002.13001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.7 + Version : 7.2208.15002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.7 + Version : 7.2208.15002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Search + Version : 1.14.10.19041 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -AdobeAcrobatReaderCoreApp + Version : 23.0.0.0 + InstallLocation : C:\Program Files\WindowsApps\AdobeAcrobatReaderCoreApp_23.0.0.0_x64__pc75e8sa7ep4e + Architecture : X64 + Publisher : CN=Adobe Inc., OU=Adobe Inc., O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US + + -Microsoft.549981C3F5F10 + Version : 4.2308.1005.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsAppRuntime.1.3 + Version : 3000.934.1904.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AAD.BrokerPlugin + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AsyncTextService + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ECApp + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdgeDevToolsClient + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge + Version : 44.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Win32WebViewHost + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CallingShellApp + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CapturePicker + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CloudExperienceHost + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ContentDeliveryManager + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.NarratorQuickStart + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PeopleExperienceHost + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PinningConfirmationDialog + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ShellExperienceHost + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.StartMenuExperienceHost + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.XGpuEjectDialog + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -MicrosoftWindows.Client.CBS + Version : 1000.19052.1000.0 + InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy + Architecture : X64 + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -MicrosoftWindows.UndockedDevKit + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -NcsiUwpApp + Version : 1000.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.CBSPreview + Version : 10.0.19041.3570 + InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge.Stable + Version : 121.0.2277.83 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_121.0.2277.83_neutral__8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameOverlay + Version : 1.54.4001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33321.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingFinance + Version : 4.53.51973.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingFinance_4.53.51973.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33321.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.8 + Version : 8.2310.30001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingSports + Version : 4.54.31792.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingSports_4.54.31792.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingNews + Version : 4.55.62231.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingNews_4.55.62231.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.8 + Version : 8.2310.30001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33321.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33321.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxApp + Version : 48.104.4001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxApp_48.104.4001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.3DBuilder + Version : 20.0.4.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.3DBuilder_20.0.4.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingWeather + Version : 4.53.52331.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.52331.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.People + Version : 10.2202.33.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.People_10.2202.33.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ZuneVideo + Version : 10.22091.10051.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsMaps + Version : 11.2311.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsMaps_11.2311.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Office.OneNote + Version : 16001.14326.21738.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.21738.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.OneConnect + Version : 5.2308.2294.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.OneConnect_5.2308.2294.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.DesktopAppInstaller + Version : 1.21.3482.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.3482.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftStickyNotes + Version : 6.0.2.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.0.2.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftOfficeHub + Version : 18.2306.1061.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2306.1061.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WebMediaExtensions + Version : 1.0.62931.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.62931.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsStore + Version : 22312.1401.5.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsStore_22312.1401.5.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Getstarted + Version : 10.2312.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2312.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsCamera + Version : 2023.2312.3.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2023.2312.3.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsFeedbackHub + Version : 1.2309.12711.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2309.12711.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MSPaint + Version : 6.2310.24037.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2310.24037.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.23012.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.23012.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.23012.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.23012.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.StorePurchaseApp + Version : 22312.1401.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22312.1401.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsAppRuntime.1.3 + Version : 3000.934.1904.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ScreenSketch + Version : 10.2008.3001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.3001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxIdentityProvider + Version : 12.95.3001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.95.3001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Microsoft3DViewer + Version : 7.2311.30032.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.2311.30032.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ZuneMusic + Version : 11.2312.7.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2312.7.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.SkypeApp + Version : 15.111.3607.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c + Architecture : X64 + Publisher : CN=Skype Software Sarl, O=Microsoft Corporation, L=Luxembourg, S=Luxembourg, C=LU + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_WKS3-Soteria.csv : lists the loaded modules for each process. + +47f12f10b411c587c9a96718fe2199a8 + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- Memory Compression (2216) + 0 : |- smss.exe (336) + 0 : csrss.exe (444) + 0 : GoogleCrashHandler.exe (4620) + 0 : wininit.exe (520) + 0 : |- services.exe (660) + 0 : |- svchost.exe (1040) + 0 : |- svchost.exe (1048) + 0 : |- svchost.exe (1076) + 0 : |- svchost.exe (1100) + 0 : |- svchost.exe (1108) + 0 : |- svchost.exe (1116) + 0 : |- svchost.exe (1180) + 0 : |- svchost.exe (1192) + 0 : |- svchost.exe (1448) + 0 : |- svchost.exe (1456) + 0 : |- svchost.exe (1464) + 0 : |- svchost.exe (1488) + 0 : |- svchost.exe (1548) + 0 : |- svchost.exe (1580) + 0 : |- svchost.exe (1616) + 0 : |- svchost.exe (1664) + 0 : |- svchost.exe (1692) + 0 : |- svchost.exe (1732) + 0 : |- dasHost.exe (1956) + 0 : |- svchost.exe (1772) + 0 : |- svchost.exe (1836) + 0 : |- svchost.exe (1892) + 0 : |- svchost.exe (1912) + 0 : |- svchost.exe (1928) + 0 : |- svchost.exe (2016) + 0 : |- svchost.exe (2060) + 0 : |- svchost.exe (2072) + 0 : |- SearchIndexer.exe (2080) + 0 : |- WUDFHost.exe (2116) + 0 : |- svchost.exe (2124) + 0 : |- svchost.exe (2148) + 0 : |- svchost.exe (2232) + 0 : |- svchost.exe (2252) + 0 : |- svchost.exe (2308) + 0 : |- svchost.exe (2324) + 0 : |- svchost.exe (2360) + 0 : |- svchost.exe (2420) + 0 : |- svchost.exe (2488) + 0 : |- svchost.exe (2500) + 0 : |- svchost.exe (2544) + 0 : |- svchost.exe (2552) + 0 : |- svchost.exe (2688) + 0 : |- svchost.exe (2696) + 0 : |- spoolsv.exe (2784) + 0 : |- svchost.exe (2856) + 0 : |- svchost.exe (2936) + 0 : |- svchost.exe (2964) + 0 : |- svchost.exe (2972) + 0 : |- svchost.exe (3136) + 0 : |- armsvc.exe (3408) + 0 : |- svchost.exe (3416) + 0 : |- svchost.exe (3424) + 0 : |- svchost.exe (3448) + 0 : |- svchost.exe (3476) + 0 : |- svchost.exe (3508) + 0 : |- svchost.exe (3596) + 0 : |- svchost.exe (3624) + 0 : |- svchost.exe (3664) + 0 : |- VGAuthService.exe (3680) + 0 : |- vm3dservice.exe (3688) + 1 : |- vm3dservice.exe (4008) + 0 : |- vmtoolsd.exe (3708) + 0 : |- msdtc.exe (3736) + 0 : |- MsMpEng.exe (3740) + 0 : |- svchost.exe (3752) + 0 : |- svchost.exe (3796) + 0 : |- svchost.exe (4040) + 0 : |- svchost.exe (4164) + 0 : |- svchost.exe (428) + 0 : |- dllhost.exe (4592) + 0 : |- svchost.exe (4704) + 0 : |- svchost.exe (4828) + 0 : |- svchost.exe (4856) + 0 : |- svchost.exe (5004) + 0 : |- svchost.exe (5256) + 0 : |- SgrmBroker.exe (5820) + 0 : |- svchost.exe (5920) + 0 : |- NisSrv.exe (6028) + 0 : |- svchost.exe (6108) + 0 : |- svchost.exe (700) + 0 : |- svchost.exe (764) + 0 : |- svchost.exe (776) + 0 : |- WmiPrvSE.exe (1952) + 0 : |- WmiPrvSE.exe (2344) + 0 : |- WmiPrvSE.exe (4468) + 0 : |- svchost.exe (896) + 0 : |- svchost.exe (956) + 0 : |- uhssvc.exe (964) + 0 : |- lsass.exe (676) + 0 : |- fontdrvhost.exe (792) + 1 : csrss.exe (528) + 0 : GoogleCrashHandler64.exe (5876) + 1 : winlogon.exe (608) + 1 : |- dwm.exe (1016) + 1 : |- LogonUI.exe (64) + 1 : |- fontdrvhost.exe (784) + 0 : Registry (92) + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : Phoenix Technologies LTD + Version : 6.00 + Release date : 20201112000000.000000+000 + UUID : 27DC4D56-16E8-7AC8-5805-A65EFAE1AD9D + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +55969ce0c5f966fcf930be10a0d65fa7 + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +fcb243509ee927681e7e82eac4ed0b04 + + +windows +cpe:/a:microsoft:office +Nessus was able to gather evidence of files that were opened using any Microsoft Office application. The report was extracted from Office MRU (Most Recently Used) registry keys. +microsoft_windows_office_recent.nasl +2018/11/15 +Microsoft Office File History +2016/07/19 +local +None +1.6 +https://products.office.com/en-US/ +https://www.taksati.org/mru/ +n/a +Nessus was able to enumerate files opened in Microsoft Office on the remote host. +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK + +User AppData recent used file report attached + +00f2207cede5535886fae679bd7e7d23 + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\pmcsnap.dll,-710 : Manages local printers and remote print servers. +@%commonprogramfiles%\microsoft shared\ink\mip.exe,-292 : Math Input Panel +@c:\windows\system32\snippingtool.exe,-15051 : Snipping Tool +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@iphlpsvc.dll,-503 : Core Networking - Teredo (ICMPv6-Out) +@c:\windows\system32\taskmgr.exe,-32420 : Task Manager +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\odbcint.dll,-1312 : Maintains ODBC data sources and drivers. +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\comres.dll,-3411 : Manage COM+ applications, COM and DCOM system configuration, and the Distributed Transaction Coordinator. +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\ncdautosetup.dll,-100 : Network Connected Devices Auto-Setup +@c:\windows\system32\mdsched.exe,-4001 : Windows Memory Diagnostic +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@c:\windows\regedit.exe,-309 : Registration Entries +@c:\program files\common files\system\wab32res.dll,-10100 : Contacts +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@c:\windows\system32\msxml3r.dll,-1 : XML Document +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@c:\windows\system32\wshext.dll,-4802 : VBScript Script File +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@c:\windows\system32\msinfo32.exe,-100 : System Information +@c:\windows\system32\acppage.dll,-6002 : Windows Batch File +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\wdc.dll,-10031 : Monitor the usage and performance of the following resources in real time: CPU, Disk, Network and Memory. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@c:\windows\immersivecontrolpanel\systemsettings.exe,-650 : Settings +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@c:\windows\system32\wsecedit.dll,-718 : Local Security Policy +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@c:\windows\system32\wdc.dll,-10021 : Performance Monitor +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\psr.exe,-1702 : Capture steps with screenshots to save or share. +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@c:\windows\system32\iscsicpl.dll,-5001 : iSCSI Initiator +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@c:\program files\common files\microsoft shared\ink\mip.exe,-291 : Math Input Panel +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\dfrgui.exe,-172 : Optimizes files and fragments on your volumes so that your computer runs faster and more efficiently. +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@c:\windows\system32\ieframe.dll,-10046 : Internet Shortcut +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%windir%\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@c:\windows\system32\wshext.dll,-4804 : JavaScript File +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\filemgmt.dll,-602 : Starts, stops, and configures Windows services. +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@c:\windows\system32\xpsrchvw.exe,-102 : XPS Viewer +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-102 : Windows PowerShell ISE (x86) +@windows.storage.dll,-21824 : Camera Roll +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@c:\windows\system32\recoverydrive.exe,-500 : Recovery Drive +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%windir%\system32\fxsresm.dll,-115 : Send and receive faxes or scan pictures and documents. +@windows.storage.dll,-34583 : Saved Pictures +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\msconfig.exe,-6001 : Perform advanced troubleshooting and system configuration +@c:\windows\system32\authfwgp.dll,-20 : Windows Defender Firewall with Advanced Security +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@firewallapi.dll,-50323 : SNMP Trap +@""c:\windows\system32\windowspowershell\v1.0\powershell.exe"",-103 : n/a +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\fhsvc.dll,-101 : File History Service +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\authfwgp.dll,-21 : Configure policies that provide enhanced network security for Windows computers. +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@c:\windows\system32\pmcsnap.dll,-700 : Print Management +@%windir%\system32\mstsc.exe,-4001 : Use your computer to connect to a computer that is located elsewhere and run programs or access files. +@%systemroot%\system32\snippingtool.exe,-15052 : Capture a portion of your screen so you can save, annotate, or share the image. +@c:\windows\system32\psr.exe,-1701 : Steps Recorder +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%windir%\system32\mdsched.exe,-4002 : Check your computer for memory problems. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@c:\windows\system32\msconfig.exe,-5006 : System Configuration +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@c:\windows\system32\miguiresource.dll,-101 : Event Viewer +@c:\windows\system32\ieframe.dll,-912 : HTML Document +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@c:\windows\system32\unregmp2.exe,-9902 : Movie Clip +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@searchfolder.dll,-32822 : Everywhere +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@c:\windows\system32\dfrgui.exe,-103 : Defragment and Optimize Drives +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@c:\windows\system32\filemgmt.dll,-2204 : Services +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%windir%\system32\speech\speechux\sapi.cpl,-5556 : Dictate text and control your computer by voice. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%windir%\system32\miguiresource.dll,-202 : Schedule computer tasks to run automatically. +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@windows.storage.dll,-21825 : 3D Objects +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\browser.dll,-100 : Computer Browser +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@c:\windows\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\wdc.dll,-10025 : Diagnose performance issues and collect performance data. +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@c:\windows\system32\setupapi.dll,-2000 : Setup Information +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@c:\windows\system32\windows.storage.dll,-10152 : File folder +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-113 : Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-101 : Windows PowerShell ISE +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@c:\windows\system32\acppage.dll,-6003 : Windows Command Script +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\quickassist.exe,-807 : Connect to another user's computer to help troubleshoot problems +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%windir%\system32\miguiresource.dll,-102 : View monitoring and troubleshooting messages from windows and other programs. +@""c:\windows\system32\wusa.exe"",-102 : n/a +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@c:\windows\system32\quickassist.exe,-806 : Quick Assist +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@c:\windows\system32\wdc.dll,-10030 : Resource Monitor +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\xpsrchvw.exe,-103 : View, digitally sign, and set permissions for XPS documents +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@c:\windows\system32\notepad.exe,-469 : Text Document +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@c:\windows\system32\mstsc.exe,-4004 : Remote Desktop Connection +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@c:\windows\system32\ieframe.dll,-12385 : Favorites Bar +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@iphlpsvc.dll,-502 : Core Networking - Teredo (ICMPv6-In) +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@comres.dll,-2450 : COM+ Event System +@c:\windows\system32\msimsg.dll,-35 : Windows Installer Patch +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@c:\windows\system32\fxsresm.dll,-114 : Windows Fax and Scan +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%windir%\immersivecontrolpanel\systemsettings.exe,-651 : Change settings and customize the functionality of your computer +@searchfolder.dll,-32820 : Indexed Locations +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\mycomput.dll,-112 : Manages disks and provides access to other tools to manage local and remote computers. +@c:\windows\system32\cabview.dll,-20 : Cabinet File +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\taskmgr.exe,-33551 : Manage running apps and view system performance +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@c:\program files\windows nt\accessories\wordpad.exe,-300 : Office Open XML Document +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\srvsvc.dll,-100 : Server +@c:\windows\system32\msimsg.dll,-34 : Windows Installer Package +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%windir%\system32\iscsicpl.dll,-5002 : Connect to remote iSCSI targets and configure connection settings. +@%systemroot%\system32\recoverydrive.exe,-600 : Create a recovery drive +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@c:\windows\system32\windows.ui.immersive.dll,-38304 : Public Account Pictures +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\msinfo32.exe,-130 : Display detailed information about your computer. +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@c:\windows\system32\speech\speechux\sapi.cpl,-5555 : Windows Speech Recognition +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@c:\windows\system32\zipfldr.dll,-10195 : Compressed (zipped) Folder +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@c:\windows\system32\searchfolder.dll,-9023 : Saved Search +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@c:\windows\system32\mycomput.dll,-300 : Computer Management +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@c:\windows\system32\odbcint.dll,-1694 : ODBC Data Sources (64-bit) +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@c:\windows\system32\comres.dll,-3410 : Component Services +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@c:\windows\system32\miguiresource.dll,-201 : Task Scheduler +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\pmcsnap.dll,-710 : Manages local printers and remote print servers. +@%commonprogramfiles%\microsoft shared\ink\mip.exe,-292 : Math Input Panel +@c:\windows\system32\snippingtool.exe,-15051 : Snipping Tool +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@iphlpsvc.dll,-503 : Core Networking - Teredo (ICMPv6-Out) +@c:\windows\system32\taskmgr.exe,-32420 : Task Manager +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\odbcint.dll,-1312 : Maintains ODBC data sources and drivers. +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\comres.dll,-3411 : Manage COM+ applications, COM and DCOM system configuration, and the Distributed Transaction Coordinator. +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\ncdautosetup.dll,-100 : Network Connected Devices Auto-Setup +@c:\windows\system32\mdsched.exe,-4001 : Windows Memory Diagnostic +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@c:\windows\regedit.exe,-309 : Registration Entries +@c:\program files\common files\system\wab32res.dll,-10100 : Contacts +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@c:\windows\system32\msxml3r.dll,-1 : XML Document +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@c:\windows\system32\wshext.dll,-4802 : VBScript Script File +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@c:\windows\system32\msinfo32.exe,-100 : System Information +@c:\windows\system32\acppage.dll,-6002 : Windows Batch File +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\wdc.dll,-10031 : Monitor the usage and performance of the following resources in real time: CPU, Disk, Network and Memory. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@c:\windows\immersivecontrolpanel\systemsettings.exe,-650 : Settings +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@c:\windows\system32\wsecedit.dll,-718 : Local Security Policy +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@c:\windows\system32\wdc.dll,-10021 : Performance Monitor +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\psr.exe,-1702 : Capture steps with screenshots to save or share. +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@c:\windows\system32\iscsicpl.dll,-5001 : iSCSI Initiator +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@c:\program files\common files\microsoft shared\ink\mip.exe,-291 : Math Input Panel +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\dfrgui.exe,-172 : Optimizes files and fragments on your volumes so that your computer runs faster and more efficiently. +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@c:\windows\system32\ieframe.dll,-10046 : Internet Shortcut +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%windir%\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@c:\windows\system32\wshext.dll,-4804 : JavaScript File +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\filemgmt.dll,-602 : Starts, stops, and configures Windows services. +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@c:\windows\system32\xpsrchvw.exe,-102 : XPS Viewer +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-102 : Windows PowerShell ISE (x86) +@windows.storage.dll,-21824 : Camera Roll +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@c:\windows\system32\recoverydrive.exe,-500 : Recovery Drive +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%windir%\system32\fxsresm.dll,-115 : Send and receive faxes or scan pictures and documents. +@windows.storage.dll,-34583 : Saved Pictures +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\msconfig.exe,-6001 : Perform advanced troubleshooting and system configuration +@c:\windows\system32\authfwgp.dll,-20 : Windows Defender Firewall with Advanced Security +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@firewallapi.dll,-50323 : SNMP Trap +@""c:\windows\system32\windowspowershell\v1.0\powershell.exe"",-103 : n/a +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\fhsvc.dll,-101 : File History Service +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\authfwgp.dll,-21 : Configure policies that provide enhanced network security for Windows computers. +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@c:\windows\system32\pmcsnap.dll,-700 : Print Management +@%windir%\system32\mstsc.exe,-4001 : Use your computer to connect to a computer that is located elsewhere and run programs or access files. +@%systemroot%\system32\snippingtool.exe,-15052 : Capture a portion of your screen so you can save, annotate, or share the image. +@c:\windows\system32\psr.exe,-1701 : Steps Recorder +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%windir%\system32\mdsched.exe,-4002 : Check your computer for memory problems. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@c:\windows\system32\msconfig.exe,-5006 : System Configuration +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@c:\windows\system32\miguiresource.dll,-101 : Event Viewer +@c:\windows\system32\ieframe.dll,-912 : HTML Document +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@c:\windows\system32\unregmp2.exe,-9902 : Movie Clip +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@searchfolder.dll,-32822 : Everywhere +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@c:\windows\system32\dfrgui.exe,-103 : Defragment and Optimize Drives +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@c:\windows\system32\filemgmt.dll,-2204 : Services +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%windir%\system32\speech\speechux\sapi.cpl,-5556 : Dictate text and control your computer by voice. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%windir%\system32\miguiresource.dll,-202 : Schedule computer tasks to run automatically. +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@windows.storage.dll,-21825 : 3D Objects +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\browser.dll,-100 : Computer Browser +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@c:\windows\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\wdc.dll,-10025 : Diagnose performance issues and collect performance data. +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@c:\windows\system32\setupapi.dll,-2000 : Setup Information +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@c:\windows\system32\windows.storage.dll,-10152 : File folder +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-113 : Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-101 : Windows PowerShell ISE +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@c:\windows\system32\acppage.dll,-6003 : Windows Command Script +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\quickassist.exe,-807 : Connect to another user's computer to help troubleshoot problems +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%windir%\system32\miguiresource.dll,-102 : View monitoring and troubleshooting messages from windows and other programs. +@""c:\windows\system32\wusa.exe"",-102 : n/a +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@c:\windows\system32\quickassist.exe,-806 : Quick Assist +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@c:\windows\system32\wdc.dll,-10030 : Resource Monitor +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\xpsrchvw.exe,-103 : View, digitally sign, and set permissions for XPS documents +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@c:\windows\system32\notepad.exe,-469 : Text Document +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@c:\windows\system32\mstsc.exe,-4004 : Remote Desktop Connection +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@c:\windows\system32\ieframe.dll,-12385 : Favorites Bar +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@iphlpsvc.dll,-502 : Core Networking - Teredo (ICMPv6-In) +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@comres.dll,-2450 : COM+ Event System +@c:\windows\system32\msimsg.dll,-35 : Windows Installer Patch +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@c:\windows\system32\fxsresm.dll,-114 : Windows Fax and Scan +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%windir%\immersivecontrolpanel\systemsettings.exe,-651 : Change settings and customize the functionality of your computer +@searchfolder.dll,-32820 : Indexed Locations +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\mycomput.dll,-112 : Manages disks and provides access to other tools to manage local and remote computers. +@c:\windows\system32\cabview.dll,-20 : Cabinet File +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\taskmgr.exe,-33551 : Manage running apps and view system performance +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@c:\program files\windows nt\accessories\wordpad.exe,-300 : Office Open XML Document +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\srvsvc.dll,-100 : Server +@c:\windows\system32\msimsg.dll,-34 : Windows Installer Package +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%windir%\system32\iscsicpl.dll,-5002 : Connect to remote iSCSI targets and configure connection settings. +@%systemroot%\system32\recoverydrive.exe,-600 : Create a recovery drive +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@c:\windows\system32\windows.ui.immersive.dll,-38304 : Public Account Pictures +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\msinfo32.exe,-130 : Display detailed information about your computer. +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@c:\windows\system32\speech\speechux\sapi.cpl,-5555 : Windows Speech Recognition +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@c:\windows\system32\zipfldr.dll,-10195 : Compressed (zipped) Folder +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@c:\windows\system32\searchfolder.dll,-9023 : Saved Search +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@c:\windows\system32\mycomput.dll,-300 : Computer Management +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@c:\windows\system32\odbcint.dll,-1694 : ODBC Data Sources (64-bit) +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@c:\windows\system32\comres.dll,-3410 : Component Services +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@c:\windows\system32\miguiresource.dll,-201 : Task Scheduler +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search + +MUICache report attached. + +fc79a6426bb154bc0df02420463d5679 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer. +microsoft_windows_opensavemru.nasl +2018/05/23 +OpenSaveMRU History +2016/07/19 +local +None +1.5 +http://www.nessus.org/u?ac4dd3fb +n/a +Nessus was able to enumerate opened and saved files on the remote host. +Open / Save report attached. + +620b84e703fb3f1c0853874961708ef0 + + +windows +cpe:/o:microsoft:windows +Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings. +microsoft_windows_mru_exe_registry.nasl +2019/08/15 +Windows Explorer Recently Executed Programs +2016/07/19 +local +None +1.6 +http://www.forensicswiki.org/wiki/LastVisitedMRU +http://www.nessus.org/u?7e00b191 +http://www.nessus.org/u?ac4dd3fb +http://www.nessus.org/u?c409cb41 +n/a +Nessus was able to enumerate recently executed programs on the remote host. +NOTEPAD.EXEPO :i+00.9#K&]B_b1W NESSUS~1J V[W .<Nessus-ScansV1VNoutputs@ VKWZ .Uoutputs +chrome.exePO :i+00.9#K&]B_b1W NESSUS~1J V[eW.<Nessus-ScansN1eW2023: eWeW.S!2023 +NOTEPAD.EXE;6' +chrome.exe 1\r + + MRU programs details in attached report. + +e6e3f712a049a631a87da0f4fdf316bf + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence of files opened by file type from the remote host. +microsoft_windows_recent_files.nasl +2018/11/15 +Recent File History +2016/07/19 +local +None +1.7 +https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html +n/a +Nessus was able to enumerate recently opened files on the remote host. +C:\\Users\tester\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini + +Recent files found in registry and appdata attached. + +35bdcbe7a62952830197bd12b18657d1 +c171de89610ad298bb0b88faeac8be1a + + +windows +cpe:/o:microsoft:windows +Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user. +microsoft_windows_regedit_lastkey.nasl +2018/11/15 +Registry Editor Last Accessed +2016/07/19 +local +None +1.6 +https://support.microsoft.com/en-us/help/244004 +n/a +Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host. +S-1-5-21-1536193852-1370433935-2390261316-1002 + - Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-18 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004 +C:\\$Recycle.Bin\\S-1-5-18\. +C:\\$Recycle.Bin\\S-1-5-18\.. +C:\\$Recycle.Bin\\S-1-5-18\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below : + + - Administrative Tools + - AppData + - Cache + - CD Burning + - Cookies + - Desktop + - Favorites + - Fonts + - History + - Local AppData + - My Music + - My Pictures + - My Video + - NetHood + - Personal + - PrintHood + - Programs + - Recent + - SendTo + - Start Menu + - Startup + - Templates +microsoft_windows_shellfolder_settings.nasl +2018/05/16 +User Shell Folders Settings +2016/07/19 +local +None +1.5 +https://technet.microsoft.com/en-us/library/cc962613.aspx +n/a +Nessus was able to find the folder paths for user folders on the remote host. +S-1-5-21-1536193852-1370433935-2390261316-1002 + - {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\DEGTHAT\Searches + - {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Libraries + - {374de290-123f-4565-9164-39c4925e467b} : C:\Users\DEGTHAT\Downloads + - recent : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Recent + - my video : C:\Users\DEGTHAT\Videos + - my music : C:\Users\DEGTHAT\Music + - {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\DEGTHAT\Contacts + - {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\DEGTHAT\Links + - {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\DEGTHAT\AppData\LocalLow + - sendto : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\SendTo + - start menu : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu + - cookies : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\INetCookies + - personal : C:\Users\DEGTHAT\Documents + - administrative tools : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools + - startup : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup + - nethood : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Network Shortcuts + - history : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\History + - {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\DEGTHAT\Saved Games + - {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\RoamingTiles + - !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead + - local appdata : C:\Users\DEGTHAT\AppData\Local + - my pictures : C:\Users\DEGTHAT\Pictures + - templates : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Templates + - printhood : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Printer Shortcuts + - cache : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\INetCache + - desktop : C:\Users\DEGTHAT\Desktop + - programs : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs + - fonts : C:\WINDOWS\Fonts + - cd burning : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\Burn\Burn + - favorites : C:\Users\DEGTHAT\Favorites + - appdata : C:\Users\DEGTHAT\AppData\Roaming + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.0.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.1.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\BKD-7369089468.pdf +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Crypto-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Encoding-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-ODBC-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Socket-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-SQLite3-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\NET462Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\setup.log +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2012U4Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2015SP3Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\Wow64Bundle.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Serials.txt +C:\\Users\Cinnabon\Downloads\ChromeSetup.exe +C:\\Users\Cinnabon\Downloads\desktop.ini +C:\\Users\Cinnabon\Downloads\VSE\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._DAT Files +C:\\Users\Cinnabon\Downloads\VSE\._Icon +C:\\Users\Cinnabon\Downloads\VSE\._VSE-Patch6 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8-Patch7 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8P8 +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._Icon +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\CM-217339-avvepo8502dat.zip +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\Icon +C:\\Users\Cinnabon\Downloads\VSE\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203111-VSE880LMLRP6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203112-VSE880P6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._VSE-Patch 8 HF +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\epo45_help_vse_880.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\ePOPolicyMigration.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\example.sms +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\FramePkg_UPD.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\mcavscv.scv +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\msistrings.bin +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_DE.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_EN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ES.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_FR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_IT.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_JA.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_KO.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_NL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PT_BR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_RU.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_SV.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_CN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_TW.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SetupVSE.Exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SignLic.Txt +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInstX64.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCAN8800(448).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCANREPORTS120(272).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880.msi +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Install.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\WindowsInstaller-KB893803-v2-x86.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205723-VSE880P7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\deferred.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\immediate.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Patch8.msp +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCAN8800(511).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCANREPORTS120(311).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\Icon +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\autorun.inf +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\Autologon.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\DownloadLinks.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.cpp +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\unzip.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\builddate.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CleanupRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CreateUpdateAdminAndEnableAutoLogon.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\FinalizationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\InitializationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\SetUpdatesPerStage.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DeleteUpdateAdmin.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineFileVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineRegVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineSystemProperties.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineTempAdminSID.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DoUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallListedUpdates.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOfficeUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOSUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListInstalledUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListMissingUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdateFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdatesToInstall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareShowLogFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\RecallStub.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SafeRmDir.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SetTargetEnvVars.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\Sleep.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\TouchMSITree.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-DEU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-ENU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\ExcludeList.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\HideList-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-cpp.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-w100-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-win-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-wsus.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-Q.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-qn.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\software\custom\InstallCustomSoftware.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateFiles-modified.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie10-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie9-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k10.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k13.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k16.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k7.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-rdc-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd1.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd2.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w62.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w63.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\Update.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.ini +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_bb12a14ec3891ec0a9e24edb529632263783d389.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_f4fc9775baa98c176f43e87c40088231a884122b.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_d95e56e499e2c281a1f59585221dc891253414c7.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_e3da65fe753d24a1759cdd029028cde743a62a23.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173428-x64_52fa3686737353fae20ab55fa9c924bd90558a31.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3181403-x64_6d9c9524471412a0ed566f739a403cd9a35649ed.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4022405-x64_cb1286f2547dd21a06f1ec5b9a55769a7227b371.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4023834-x64_1f2af418b6f9dafb593f5ce89b4e0783057102b2.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038781-x64_9adb5d5773dadc9f7c59b6a431824308fc1f9ae9.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038782-x64_a8dac961b659c8c7c8b95418f6c7864dcca8637d.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038783-x64_0c20869770acf7590a72ded6e894f29818707539.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038788-x64_93253f3a31f18f4aee3a8774646770827037cf15.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_1acfe2e753a7b7baae92aa85fa77ab72aac6cc4f.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_25a23a36a094d81d15adc2979fdae0c9053d6444.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_45b3c4f2a262fd1846527738b455d318cde392e0.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_a3bae1ebb5c8403c913a3264933f17398ee4eee1.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\wsus\wsusscn2.cab +C:\\Users\dbingham\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\ChromeSetup (07282023).exe +C:\\Users\DEGTHAT\Downloads\ChromeSetup.exe +C:\\Users\DEGTHAT\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\Nessus-10.0.2-x64.msi +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\2023\Soteria-Test-2023-11-5.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audit_warehouse.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA-asr_audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\nessus-bug-report-20230731T202523Z.txt +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\SCAP scan_timing_yygqya.csv +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\Sign_Audit-Windows-1.0.0.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\SCAP scan_hyvoh9.html +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\win2022.xccdf.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\SCAP-Windows2022.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Firewall_V2R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2016_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2019_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-2 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-3 Patchscan.nessus +C:\\Users\Public\Downloads\desktop.ini +C:\\Users\tester\Downloads\desktop.ini + +Download folder content report attached. + +d6f7dce04dda650320417eca8df27716 + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. +microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb} +chromium.nolzcl6qw5qprtb6ygy44a.1dkbhcmc.l5j.default +c:\users\degthat\desktop\microsoft edge.lnk +chromium.nolzcl6qw5qprtb6ygy44a.q0w22a0g.j3i.default +c:\users\public\desktop\autoplay media studio 8.lnk +chromium.nolzcl6qw5qprtb6ygy44a.3jbhbkga.qbg.default +c:\users\degthat\downloads\readerdc_en_xa_cra_install.exe +microsoft.windowsmaps_8wekyb3d8bbwe!app +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk +{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe +c:\users\degthat\desktop\netsparker\netsparkersetup.exe +microsoft.internetexplorer.default +{6d809377-6af0-444b-8957-a3773f02200e}\condusiv technologies\diskeeper\diskeeper.exe +chromium.nolzcl6qw5qprtb6ygy44a.xvmab0mj.5dk.default +chromium.nolzcl6qw5qprtb6ygy44a.bwah0n4d.r5b.default +chromium.nolzcl6qw5qprtb6ygy44a.frgymbqh.wcb.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk +{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\clicktorun\officeclicktorun.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\mcafee\common framework\x86\updaterui.exe +chromium.nolzcl6qw5qprtb6ygy44a.3buwyv01.ltr.default +chromium.nolzcl6qw5qprtb6ygy44a.ylrddgms.mv2.default +microsoft.zunevideo_8wekyb3d8bbwe!microsoft.zunevideo +chromium.nolzcl6qw5qprtb6ygy44a.f32kmenv.gtw.default +msedge +c:\users\degthat\desktop\vmware-tools-12.3.5-22544099-x86_64.exe +chromium.nolzcl6qw5qprtb6ygy44a.eknu2mla.klx.default +c:\users\degthat\downloads\p9\cm-221593-vse880p9\setup.exe +chromium.nolzcl6qw5qprtb6ygy44a.vv52dyj2.mvp.default +chromium.nolzcl6qw5qprtb6ygy44a.blxu333e.j4n.default +chromium.nolzcl6qw5qprtb6ygy44a.qkyvqczv.gkv.default +microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy!app +d:\pcatv.3.2.7.4\pcatv.3.2.7.4\.backend\portpython2761\app\python.exe +chromium.nolzcl6qw5qprtb6ygy44a.q0iu2wki.1sc.default +d:\jkdefragportable\jkdefragportable.exe +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.0.2\scc.exe +microsoft.windowsfeedbackhub_8wekyb3d8bbwe!app +c:\users\degthat\downloads\cm-221594-vse880mlrp9\setupvse.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk +c:\users\degthat\desktop\tutela-ia-lockdown-tool.exe +chromium.nolzcl6qw5qprtb6ygy44a.rpmwp5uy.ltj.default +chromium.nolzcl6qw5qprtb6ygy44a.b5uovm4k.5hq.default +microsoft.microsoftstickynotes_8wekyb3d8bbwe!app +ueme_ctlsession +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\netsparker\netsparker.exe +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe +microsoft.people_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x +microsoft.getstarted_8wekyb3d8bbwe!app +chromium.nolzcl6qw5qprtb6ygy44a.w4hspt4a.0sm.default +chromium.nolzcl6qw5qprtb6ygy44a.atxn3f5a.4jg.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\musnotificationux.exe +{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemtemp\gumd0c.tmp\googleupdate.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe +chromium.nolzcl6qw5qprtb6ygy44a.gckd5jx1.pbk.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\pcaui.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe +c:\users\degthat\appdata\local\microsoft\onedrive\19.192.0926.0012\onedrivesetup.exe +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk +chromium.nolzcl6qw5qprtb6ygy44a.2il0v11x.cev.default +chromium.nolzcl6qw5qprtb6ygy44a.md0yxahi.kn5.default +c:\dave\satismo-lockdown-tool.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\common files\adobe\arm\1.0\adobearm.exe +c:\users\degthat\appdata\local\microsoft\onedrive\18.172.0826.0010\onedrivesetup.exe +e:\wsusoffline12-ce\updateinstaller.exe +chromium.nolzcl6qw5qprtb6ygy44a.1tfwjbd2.o1v.default +chromium.nolzcl6qw5qprtb6ygy44a.uvja0ypf.yvu.default +e:\updateinstaller.exe +d:\jkdefragportable\app\jkdefrag\jkdefraggui.exe +chromium.nolzcl6qw5qprtb6ygy44a.z4uer2ix.jl3.default +c:\users\degthat\desktop\scap workbench.lnk +chromium.nolzcl6qw5qprtb6ygy44a.userdata.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk +chromium.nolzcl6qw5qprtb6ygy44a.pc4geyw0.d5p.default +chromium.nolzcl6qw5qprtb6ygy44a.sbd5jpib.4du.default +c:\users\public\desktop\invicti standard.lnk +chromium.nolzcl6qw5qprtb6ygy44a.3hpo3xzg.i4h.default +c:\users\degthat\appdata\local\temp\ir_ext_temp_1\autorun.exe +chromium.nolzcl6qw5qprtb6ygy44a.fkvg1cox.gtk.default +microsoft.office.excel.exe.15 +c:\users\degthat\desktop\diskeeper\v18\diskeeper professional edition\autorun.exe +chromium.nolzcl6qw5qprtb6ygy44a.treejf2a.ysc.default +chromium.nolzcl6qw5qprtb6ygy44a.4sifuxko.hfl.default +microsoft.windows.sechealthui_cw5n1h2txyewy!sechealthui +d:\program files (x86)\netsparker\netsparker.exe +chromium.nolzcl6qw5qprtb6ygy44a.pbgrl2qg.yeo.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe +chromium.nolzcl6qw5qprtb6ygy44a.vgnb5055.xr4.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe +c:\users\degthat\appdata\local\temp\ir_ext_temp_0\autorun.exe +chromium.nolzcl6qw5qprtb6ygy44a.qrmtnr5w.nfj.default +c:\users\degthat\downloads\setup.x64.en-us_o365proplusretail_098946f0-81ee-43c8-b302-1980ec82d259_tx_pr_b_64_.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cleanmgr.exe +chromium.nolzcl6qw5qprtb6ygy44a.nmbbe4ba.vyn.default +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.4.2\lib64\scc64.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gum9883.tmp\googleupdate.exe +microsoft.windowscalculator_8wekyb3d8bbwe!app +chromium.nolzcl6qw5qprtb6ygy44a.5pzaq2bs.2ai.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\registry editor.lnk +c:\users\degthat\downloads\scc-5.4.2_windows_bundle\scc_5.4.2_windows\scc_5.4.2_windows_setup.exe +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.0.2\scc64.exe +chromium.nolzcl6qw5qprtb6ygy44a.ojtambga.zkf.default +d:\jkdefragportable\app\jkdefrag\jkdefrag64.exe +microsoft.windows.remotedesktop +d:\program files (x86)\netsparker\netsparkerupdater.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk +chromium.nolzcl6qw5qprtb6ygy44a.5xt10swv.ibs.default +chromium.nolzcl6qw5qprtb6ygy44a.heuygovk.5cm.default +actiprosoftwarellc.562882feeb491_24pqs290vpjk0!app +c:\users\degthat\downloads\jkdefragportable_3.36_rev_2.paf.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe +c:\users\degthat\desktop\tutela-ia-lockdown-tool2021.exe +chromium.nolzcl6qw5qprtb6ygy44a.zav2jwqb.poj.default +microsoft.windows.cortana_cw5n1h2txyewy!cortanaui +microsoft.windows.search_cw5n1h2txyewy!cortanaui +\\vmware-host\shared folders\documents\tools\dod-stig-tool\scap-tool\scc-5.0.1_windows_bundle\scc-5.0.1_windows\scc_5.0.1_windows_setup.exe +c:\users\degthat\wc\d\selfupdate\base\netsparkerupdater.exe +c:\users\degthat\desktop\my-lockdown-tool\ia-lockdown-non_dod.exe +{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe +chromium.nolzcl6qw5qprtb6ygy44a.o2i1w3fb.mtj.default +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk +d:\program files (x86)\netsparker\uninstall.exe +chromium.nolzcl6qw5qprtb6ygy44a.ticsmdte.n5b.default +microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5} +chromium.nolzcl6qw5qprtb6ygy44a.emxbjvob.svx.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\excel.lnk +c:\users\degthat\appdata\local\temp\~nsua.tmp\un_a.exe +c:\users\degthat\desktop\invictisetup.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\netsparker\uninstall.exe +microsoft.microsoftedge_8wekyb3d8bbwe!contentprocess +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\autoplay media studio 8\autoplaydesign.exe +d:\autoplaymenu8.5\ams8cm-8.5.2.0.exe +chromium.nolzcl6qw5qprtb6ygy44a.hsb3etsk.jwk.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk +{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\mcafee\virusscan console.lnk +microsoft.xboxgamingoverlay_8wekyb3d8bbwe!app +chromium.nolzcl6qw5qprtb6ygy44a.dkgsu5zs.n5o.default +chromium.nolzcl6qw5qprtb6ygy44a.52q4lvo5.24v.default +chromium.nolzcl6qw5qprtb6ygy44a.wet342nn.wea.default +microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app +chromium.nolzcl6qw5qprtb6ygy44a.mznd5yxc.exa.default +{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk +c:\users\degthat\appdata\local\temp\_ir_sf_temp_0\irsetup.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dfrgui.exe +{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\windowspowershell\v1.0\powershell.exe +c:\users\degthat\downloads\7z1805-x64.exe +chromium.nolzcl6qw5qprtb6ygy44a.30scbjhg.vtr.default +chromium.nolzcl6qw5qprtb6ygy44a.y2pazxmd.bfq.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\word.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe +c:\users\degthat\appdata\local\temp\~nsua.tmp\au_.exe +{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe +microsoft.office.winword.exe.15 +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.4.2\scc.exe +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.4.2\unins000.exe +microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456} +microsoft.windows.explorer +microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8} +microsoft.windows.windowsinstaller +microsoft.microsoftedge_8wekyb3d8bbwe!microsoftedge +e:\ia-lockdown-non_dod.exe +\\vmware-host\shared folders\documents\tools\dod-stig-tool\scap-tool\scc-5.0.2_windows_bundle\scc-5.0.2_windows\scc_5.0.2_windows_setup.exe +chromium.nolzcl6qw5qprtb6ygy44a.i3xkfj50.vef.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk +chromium.nolzcl6qw5qprtb6ygy44a.up0vd2ig.gaw.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\scap compliance checker 5.4.2\scap compliance checker (scc) 5.4.2.lnk +d:\program files (x86)\netsparker\.local-chromium\win64-706915\chrome-win\chrome.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\disk cleanup.lnk +chromium.nolzcl6qw5qprtb6ygy44a.fqotyabz.uzk.default +chromium.nolzcl6qw5qprtb6ygy44a.4rybrmlq.ewz.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell_ise.exe +chromium.nolzcl6qw5qprtb6ygy44a.gc0aixkg.wge.default +chromium.nolzcl6qw5qprtb6ygy44a.0ccetamd.t0l.default +z:\setup64.exe +chromium.nolzcl6qw5qprtb6ygy44a.0vs2rmao.0nj.default +{6d809377-6af0-444b-8957-a3773f02200e}\vmware\vmware tools\vmtoolsd.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe +c:\users\degthat\desktop\word 2016.lnk +chromium.nolzcl6qw5qprtb6ygy44a.5wpbnh4e.vaz.default +chromium.nolzcl6qw5qprtb6ygy44a.jpowfxue.a0a.default +chromium.nolzcl6qw5qprtb6ygy44a.gvencs2e.ywh.default +microsoft.windows.controlpanel +chromium.nolzcl6qw5qprtb6ygy44a.i3b3xi5d.tih.default +microsoft.windows.cloudexperiencehost_cw5n1h2txyewy!app +c:\users\public\desktop\netsparker.lnk +c:\users\degthat\desktop\mcafee-av-ent\cm-229717-vse880lmlrp11\setupvse.exe +{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\office16\office setup controller\setup.exe +chromium.nolzcl6qw5qprtb6ygy44a.4h2hbxkp.4ma.default +chromium.nolzcl6qw5qprtb6ygy44a.yh2eitm4.a2y.default +c:\users\public\desktop\acrobat reader dc.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\word 2016.lnk +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.0.2\unins000.exe +c:\users\degthat\downloads\jkdefragportable\jkdefragportable.exe +c:\users\degthat\downloads\fullwithp8\cm-212866-vse880lmlrp8\setupvse.exe +chromium.nolzcl6qw5qprtb6ygy44a.ixk0dkin.oja.default +{6d809377-6af0-444b-8957-a3773f02200e}\npcap\uninstall.exe +chromium.nolzcl6qw5qprtb6ygy44a.z5lf0ccy.mav.default +chromium.nolzcl6qw5qprtb6ygy44a.zjjzhtck.jnv.default +c:\users\public\desktop\google chrome.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\indigo rose corporation\autoplay media studio 8\autoplay media studio 8.lnk +chromium.nolzcl6qw5qprtb6ygy44a.o2cz2w53.elx.default +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell (x86).lnk +c:\users\public\desktop\scap compliance checker.lnk +microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app +chrome +chromium.nolzcl6qw5qprtb6ygy44a.dcegkquw.jc3.default +chromium.nolzcl6qw5qprtb6ygy44a.a5mzsalm.yu4.default +chromium.nolzcl6qw5qprtb6ygy44a.smgf4y2d.3wq.default +{6d809377-6af0-444b-8957-a3773f02200e}\microsoft office\office16\winword.exe +c:\users\degthat\downloads\jkdefragportable\app\jkdefrag\jkdefraggui.exe +c:\users\degthat\downloads\jkdefragportable\app\jkdefrag\jkdefrag64.exe +ueme_ctlcuacount:ctor +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe +z:\vmwaretoolsupgrader.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\autoplay media studio 8\uninstall\uninstall.exe +{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\clicktorun\officec2rclient.exe +chromium.nolzcl6qw5qprtb6ygy44a.szc5fhsw.132.default +c:\$windows.~bt\sources\setuphost.exe +microsoft.lockapp_cw5n1h2txyewy!windowsdefaultlockscreen +chromium.nolzcl6qw5qprtb6ygy44a.lzl3svc5.fcq.default +chromium.nolzcl6qw5qprtb6ygy44a.jw0xg4y2.pbq.default +windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel +chromium.nolzcl6qw5qprtb6ygy44a.fz1g0dnu.wm5.default +chromium.nolzcl6qw5qprtb6ygy44a.l0xm1yni.x1p.default +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\mcafee\virusscan enterprise\mcconsol.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\scap-workbench\scap-workbench.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\adobe\acrobat reader dc\reader\acrord32.exe +chromium.nolzcl6qw5qprtb6ygy44a.45mji2yt.kxd.default + +Extended userassist report attached. + +15a08f6ebec1b4cb731aa9971ee4d431 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of files opened in WordPad on the remote host. +microsoft_windows_wordpad_mru.nasl +2018/05/23 +WordPad History +2016/07/19 +local +None +1.5 +https://en.wikipedia.org/wiki/WordPad +n/a +Nessus was able to gather WordPad opened file history on the remote host. +C:\Users\DEGTHAT\Downloads\Corian (COR) - Self-Assessment-converted.docx +C:\Users\DEGTHAT\Desktop\NetSparker\License.rtf +D:\Nessus\Nessus Professional License Information.docx +C:\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit +D:\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml +E:\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml + +WordPad report attached. + +b6b875aa3f27e67c581b0b0377e5fe41 + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware Virtual Platform + Computer SerialNumber : VMware-56 4d dc 27 e8 16 c8 7a-58 05 a6 5e fa e1 ad 9d + Computer Type : Other + + Computer Physical CPU's : 1 + Computer Logical CPU's : 2 + + Computer Memory : 8191 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 8192 MB + + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-544 +Members : + Name : Administrator + Domain : WKS3-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Name : Cinnabon + Domain : WKS3-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Name : DEGTHAT + Domain : WKS3-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Name : tester + Domain : WKS3-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Name : dbingham + Domain : WKS3-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + +Group Name : Backup Operators +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-551 +Members : + +Group Name : Cryptographic Operators +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-569 +Members : + +Group Name : Distributed COM Users +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-546 +Members : + Name : Visitor + Domain : WKS3-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + +Group Name : Hyper-V Administrators +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-568 +Members : + Name : IUSR + Domain : WKS3-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-17 + +Group Name : Network Configuration Operators +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-558 +Members : + +Group Name : Power Users +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-547 +Members : + +Group Name : Remote Desktop Users +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-552 +Members : + +Group Name : System Managed Accounts Group +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : WKS3-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + +Group Name : Users +Host Name : WKS3-SOTERIA +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : WKS3-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : WKS3-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-11 + + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin uses WMI to enumerate Bluetooth network adapters that are enabled on the remote host. +wmi_enum_bluetooth_network_adapters.nbin +2024/01/16 +WMI Bluetooth Network Adapter Enumeration +2010/01/08 +local +None +1.204 +https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-networkadapter +n/a +The remote Windows host has a Bluetooth network adapter enabled. + +Here is the list of Bluetooth network adapters enabled on the remote +system : + ++ [00000002] Bluetooth Device (Personal Area Network) + + - System Name : WKS3-SOTERIA + - Service Name : BthPan + - Product Name : Bluetooth Device (Personal Area Network) + - Name : Bluetooth Device (Personal Area Network) + - Manufacturer : Microsoft + - MAC Address : E0:D0:45:67:CB:CB + + + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d dc 27 e8 16 c8 7a-58 05 a6 5e fa e1 ad 9d + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware Virtual Platform + - UUID : 27DC4D56-16E8-7AC8-5805-A65EFAE1AD9D + - Version : None + + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.5 + Driver Date : 08/25/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-WTYPF + +Note that all but the final portion of the key has been obfuscated. + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - Internet-Explorer-Optional-amd64 + - MSRDC-Infrastructure + - MediaPlayback + - NetFx4-AdvSrvs + - Printing-Foundation-Features + - Printing-Foundation-InternetPrinting-Client + - Printing-PrintToPDFServices-Features + - SMB1Protocol + - SMB1Protocol-Client + - SMB1Protocol-Deprecation + - SMB1Protocol-Server + - SearchEngine-Client-Package + - WCF-Services45 + - WCF-TCP-PortSharing45 + - WindowsMediaPlayer + - WorkFolders-Client + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 520). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 4856). + +This process 'svchost.exe' (pid 4856) is hosting the following Windows services : +PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3476). + +This process 'svchost.exe' (pid 3476) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2252). + +This process 'svchost.exe' (pid 2252) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1956). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2784). + +This process 'spoolsv.exe' (pid 2784) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2488). + +This process 'svchost.exe' (pid 2488) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1448). + +This process 'svchost.exe' (pid 1448) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 700). + +This process 'svchost.exe' (pid 700) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3136). + +This process 'svchost.exe' (pid 3136) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1664). + +This process 'svchost.exe' (pid 1664) is hosting the following Windows services : +SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2124). + +This process 'svchost.exe' (pid 2124) is hosting the following Windows services : +FDResPub (@%systemroot%\system32\fdrespub.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1488). + +This process 'svchost.exe' (pid 1488) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 896). + +This process 'svchost.exe' (pid 896) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2488). + +This process 'svchost.exe' (pid 2488) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2552). + +This process 'svchost.exe' (pid 2552) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 676). + +This process 'lsass.exe' (pid 676) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3796). + +This process 'svchost.exe' (pid 3796) is hosting the following Windows services : +DoSvc (@%systemroot%\system32\dosvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 700). + +This process 'svchost.exe' (pid 700) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2252). + +This process 'svchost.exe' (pid 2252) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1464). + +This process 'svchost.exe' (pid 1464) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1956). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 660). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3476). + +This process 'svchost.exe' (pid 3476) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1956). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2552). + +This process 'svchost.exe' (pid 2552) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.3570.19041.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.19045 +Architecture = x64 +Build lab extended = 19041.1.amd64fre.vb_release.191206-1406 + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: tester + SID: S-1-5-21-1536193852-1370433935-2390261316-1003 + DisableCMD: Unset + +Username: DEGTHAT + SID: S-1-5-21-1536193852-1370433935-2390261316-1002 + DisableCMD: Unset + +Username: DefaultAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-503 + DisableCMD: Unset + +Username: Cinnabon + SID: S-1-5-21-1536193852-1370433935-2390261316-1001 + DisableCMD: Unset + +Username: dbingham + SID: S-1-5-21-1536193852-1370433935-2390261316-1004 + DisableCMD: Unset + +Username: Administrator + SID: S-1-5-21-1536193852-1370433935-2390261316-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-504 + DisableCMD: Unset + +Username: Visitor + SID: S-1-5-21-1536193852-1370433935-2390261316-501 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : Administrator + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : Cinnabon + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : dbingham + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : DefaultAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : DEGTHAT + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : tester + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Visitor + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 8 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 34 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 58589/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 1900/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 65154/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 60831/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 59192/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5050/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3702/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49760/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49675/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49673/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 7680/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5357/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5040/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:0C:29:E1:AD:9D + - IPAddress/IPSubnet = 192.168.40.251/255.255.255.0 + - IPAddress/IPSubnet = fe80::9607:ecd5:c865:4d6d/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.251 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows 10 Enterprise + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** +- NULL sessions may be enabled on the remote host. + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +The remote Operating System is : Windows 10 Enterprise 19045 +The remote native LAN manager is : Windows 10 Enterprise 6.3 +The remote SMB Domain Name is : WKS3-SOTERIA + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 6 NetBIOS names have been gathered : + + WKS3-SOTERIA = Computer name + SOTERIA = Workgroup / Domain name + WKS3-SOTERIA = File Server Service + SOTERIA = Browser Service Elections + SOTERIA = Master Browser + __MSBROWSE__ = Master Browser + +The remote host has the following MAC address on its adapter : + + 00:0c:29:e1:ad:9d + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49675 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Remote RPC service +TCP Port : 49675 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49673 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49673 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.251 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.251 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Remote RPC service +Named pipe : \PIPE\ROUTER +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \pipe\SessEnvPublicRpc +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS3-SOTERIA + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS3-SOTERIA + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS3-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS3-SOTERIA + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : OLE13131400FA09E009787ED099744F + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : LRPC-3d40c2af484db9369a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7a20fcec-dec4-4c59-be57-212e8f65d3de, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-042fac198440510a3d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0 +Description : Unknown RPC service +Annotation : LicenseManager +Type : Local RPC service +Named pipe : LicenseServiceEndpoint + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e7337bba7d832eccbe + +Object UUID : f9b56f16-5179-4138-b0a5-9d855df5cf46 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-0ae1a87a7220a3e84d + +Object UUID : cd5e38b1-acd8-4771-9cf6-b577e4d4f648 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-0ae1a87a7220a3e84d + +Object UUID : ec56371f-1213-4628-b85e-f55edd69879f +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-0ae1a87a7220a3e84d + +Object UUID : 9b9b7d34-9b1d-4342-818c-694f8bf1afa3 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLE8A5954CA20A923B5A1D772B982A7 + +Object UUID : 9b9b7d34-9b1d-4342-818c-694f8bf1afa3 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-f9cf207bc5f320dd20 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c27f3c08-92ba-478c-b446-b419c4cef0e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-4bdb3c1774b87ed650 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : be6293d3-2827-4dda-8057-8588240124c9, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e8a3715333581095ff + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e8a3715333581095ff + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : RasmanLrpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : VpnikeRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : LRPC-20e918ad03ea742689 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e612d05663d92575da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e612d05663d92575da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e612d05663d92575da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e612d05663d92575da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e612d05663d92575da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e612d05663d92575da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e612d05663d92575da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-700782b224ad2e7228 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-066fb05ac3548a9a45 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-066fb05ac3548a9a45 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-ef6bf9193a6cc93ff0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-ef6bf9193a6cc93ff0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-ef6bf9193a6cc93ff0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-ef6bf9193a6cc93ff0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLE4A44F44D1C1646048E950646A57F + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC4AF43C40B5E670E485F73460D35 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-137c7803c7b9a02c57 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC4AF43C40B5E670E485F73460D35 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-137c7803c7b9a02c57 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC4AF43C40B5E670E485F73460D35 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-137c7803c7b9a02c57 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC4AF43C40B5E670E485F73460D35 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-137c7803c7b9a02c57 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC4AF43C40B5E670E485F73460D35 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-137c7803c7b9a02c57 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC4AF43C40B5E670E485F73460D35 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-137c7803c7b9a02c57 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-4e98b94da775bc5ca2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-4e98b94da775bc5ca2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-dc201d826747b472b6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-4e98b94da775bc5ca2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-dc201d826747b472b6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-5e3c4dd52f50688759 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-4e98b94da775bc5ca2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-dc201d826747b472b6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-5e3c4dd52f50688759 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-01db38289fd3dd5271 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-a70d6fda08a676ec1e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : 1e4fa686-d71f-49f8-a98a-67e6dca6fda1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0 +Description : SSDP service +Windows process : unknow +Type : Local RPC service +Named pipe : LRPC-fe91058808f8fc5860 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-3adf18f57e85254ef8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3adf18f57e85254ef8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3adf18f57e85254ef8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3adf18f57e85254ef8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3adf18f57e85254ef8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-41f161e8388f0a1efc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-522ea019d6bca7f9f8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaplg + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaapi + +Object UUID : 73736573-6f69-656e-6e76-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-ce4565e2a02da60942 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ce4565e2a02da60942 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : SessEnvPrivateRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEABE37365DB781C9501A41CFAFABE + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-fd3b2c0bbfeb79860e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEABE37365DB781C9501A41CFAFABE + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-fd3b2c0bbfeb79860e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-eed209ed51f80eed05 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-eed209ed51f80eed05 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-eed209ed51f80eed05 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5dd806985ba6621297 + +Object UUID : 49541cea-a719-4e75-8d58-a3a7bfff960e +UUID : 850cee52-3038-4277-b9b4-e05db8b2c35c, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Association RPC Interface +Type : Local RPC service +Named pipe : LRPC-81aab848fd68350c1a + +Object UUID : 80b4038a-1d09-4c05-b1b6-249a4c2e0736 +UUID : a1d4eae7-39f8-4bca-8e72-832767f5082a, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Inbound RPC Interface +Type : Local RPC service +Named pipe : LRPC-81aab848fd68350c1a + +Object UUID : 145857ef-d848-4a7e-b544-c1984d26cf05 +UUID : 2e7d4935-59d2-4312-a2c8-41900aa5495f, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Challenge RPC Interface +Type : Local RPC service +Named pipe : LRPC-81aab848fd68350c1a + +Object UUID : 289e5e0f-414a-4de9-8d17-244507fffc07 +UUID : bd84cd86-9825-4376-813d-334c543f89b1, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Query RPC Interface +Type : Local RPC service +Named pipe : LRPC-81aab848fd68350c1a + +Object UUID : 1475c123-1193-4379-81ac-302c4383421d +UUID : 5b665b9a-a086-4e26-ae24-96ab050b0ec3, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework AEP Store Access RPC Interface +Type : Local RPC service +Named pipe : LRPC-81aab848fd68350c1a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-10e977c61513b46492 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA620EEA02F562C7F50DD0268BA24 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e240034f04fb83793c + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4E98AFF50706661D002109482BFB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45bcf6e7c97607c778 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4E98AFF50706661D002109482BFB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45bcf6e7c97607c778 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-26e05ea2d3023fbb9d + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4E98AFF50706661D002109482BFB + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45bcf6e7c97607c778 + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-26e05ea2d3023fbb9d + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b82fd66db6804b2fe3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4E98AFF50706661D002109482BFB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45bcf6e7c97607c778 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-26e05ea2d3023fbb9d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b82fd66db6804b2fe3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-85299c3df0f093d347 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-42fedc163b3aa78386 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-42fedc163b3aa78386 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-42fedc163b3aa78386 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-42fedc163b3aa78386 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e7915a07a495015f3f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-42fedc163b3aa78386 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e7915a07a495015f3f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-42fedc163b3aa78386 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e7915a07a495015f3f + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27c75d252103d6b644 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cd9ffc23e0b979b096 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-27c75d252103d6b644 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLE390CC65F60057A46C541F383B44D + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-d2d1e4d73b3f14427e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8de326d4ae6232295f + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-668386224adfc5f6dc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-668386224adfc5f6dc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6b6b9e2b7249681cdc + +Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001 +UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a78698008d2514174a + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0C0CD1 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-5060a72b2c7f746338 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e55734b3b8bc0e4526 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e55734b3b8bc0e4526 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2dd9f902ccdcfa7a22 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e55734b3b8bc0e4526 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2dd9f902ccdcfa7a22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e55734b3b8bc0e4526 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2dd9f902ccdcfa7a22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c639e0ef92a00445c4 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ba7114ac4682bf4540 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED585C192028B4D50C8DB997F1636 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f3e844284edf2bef28 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e55734b3b8bc0e4526 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2dd9f902ccdcfa7a22 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c639e0ef92a00445c4 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BDAF0 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BDAF0 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + +CVE-2024-21337, CVE-2024-20721, CVE-2024-20709, CVE-2024-20675, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996, CVE-2023-38174, CVE-2023-36880, CVE-2023-36878, CVE-2023-36026, CVE-2023-36024, CVE-2023-36014, CVE-2023-36008, CVE-2023-35618 +41 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21336): Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +1706649301 +Tue Jan 30 13:15:01 2024 +191 +CVE-2024-0814, CVE-2024-0813, CVE-2024-0812, CVE-2024-0811, CVE-2024-0810, CVE-2024-0809, CVE-2024-0808, CVE-2024-0807, CVE-2024-0806, CVE-2024-0805, CVE-2024-0804, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996 +40 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities: Upgrade to Google Chrome version 121.0.6167.85 or later. +CVE-2023-44372, CVE-2023-44371, CVE-2023-44367, CVE-2023-44366, CVE-2023-44365, CVE-2023-44361, CVE-2023-44360, CVE-2023-44359, CVE-2023-44358, CVE-2023-44357, CVE-2023-44356, CVE-2023-44348, CVE-2023-44340, CVE-2023-44339, CVE-2023-44338, CVE-2023-44337, CVE-2023-44336 +17 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54): Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +KB5033372,KB5031356,KB5032189 +3 +Install KB5034122 +1706649296 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"WKS4-Soteria","sources":["get_host_fqdn()"]}] +50:C2:20:52:41:53 +6A:05:20:52:41:53 +7E:13:20:52:41:53 +E0:D0:45:67:CB:CB +00:0C:29:71:3A:6D +5033372 +5032189 +5034122 +general-purpose +Microsoft Windows 10 Enterprise Build 19045 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-01-30","Signature version":"1.403.2952.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +7caede5aa2b0481b927e60cdb7ee1b3e +WKS4-SOTERIA +E0474D56-29D3-12F5-0E00-213623713A6D +WKS4-SOTERIA +[{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 6},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 1}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190704_7_p=49671 +WKS4-Soteria +true +192.168.40.104\degthat +smb +192.168.40.104 +1706647544 +Tue Jan 30 12:45:44 2024 + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 4 actions : + ++ Install the following Microsoft patch : + +- KB5034122 (3 vulnerabilities) + +[ Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) (185553) ] + ++ Action to take : Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. + ++Impact : Taking this action will resolve 17 different vulnerabilities (CVEs). + + + +[ Google Chrome < 121.0.6167.85 Multiple Vulnerabilities (189460) ] + ++ Action to take : Upgrade to Google Chrome version 121.0.6167.85 or later. + ++Impact : Taking this action will resolve 40 different vulnerabilities (CVEs). + + + +[ Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21336) (189605) ] + ++ Action to take : Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. + ++Impact : Taking this action will resolve 41 different vulnerabilities (CVEs). + + + + + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202401301519 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria WKS scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.212 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 3.947 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.104\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/1/30 12:46 Pacific Standard Time +Scan duration : 1732 sec +Scan for malware : no + + + +cpe:/o:microsoft:windows +This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool. + +Note the results of missing patches also include superseded patches. + +Review the summary and apply any missing updates in order to be up to date. +smb_missing_msft_patches.nasl +2019/06/13 +Microsoft Windows Summary of Missing Patches +2009/04/24 +local +None +1.18 +Run Windows Update on the remote host or use a patch management solution. +The remote host is missing several Microsoft security patches. +The patches for the following bulletins or KBs are missing on the remote host : + + - KB5032189 ( https://support.microsoft.com/en-us/help/5032189 ) + - KB5033372 ( https://support.microsoft.com/en-us/help/5033372 ) + - KB5034122 ( https://support.microsoft.com/en-us/help/5034122 ) + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : SMBv2 is enabled. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : SMBv1 is enabled. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : is enabled with Secure Boot. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : is disabled. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : is disabled. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\WINDOWS\system32\mshtml.dll + Version : 11.0.19041.3570 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +30 - 60 days +cpe:/o:microsoft:windows +CVE-2023-20588 +CVE-2023-21740 +CVE-2023-35628 +CVE-2023-35630 +CVE-2023-35632 +CVE-2023-35639 +CVE-2023-35641 +CVE-2023-35642 +CVE-2023-35644 +CVE-2023-36003 +CVE-2023-36004 +CVE-2023-36005 +CVE-2023-36006 +CVE-2023-36011 +CVE-2023-36696 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-36006 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The remote Windows host is missing security update 5033372. It is, therefore, affected by multiple vulnerabilities + + - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) + + - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696) + + - Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +smb_nt_ms23_dec_5033372.nasl +2023-A-0689-S +2023-A-0690-S +MS23-5033372 +5033372 +2023/12/12 +2024/01/15 +KB5033372: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (December 2023) +2023/12/12 +local +Very High +Critical +1.4 +https://support.microsoft.com/help/5033372 +Apply Security Update 5033372 +I +The remote Windows host is affected by multiple vulnerabilities. +High +7 to 30 days +Social Media +8.4 +2023/08/08 +MSKB:5033372 +MSFT:MS23-5033372 +IAVA:2023-A-0689-S +IAVA:2023-A-0690-S + +The remote host is missing one of the following rollup KBs : + - 5033372 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3803 + + + + +60 - 180 days +CEA-2023-0052 +2023/12/05 +cpe:/o:microsoft:windows +CVE-2023-24023 +CVE-2023-36017 +CVE-2023-36025 +CVE-2023-36028 +CVE-2023-36033 +CVE-2023-36036 +CVE-2023-36047 +CVE-2023-36393 +CVE-2023-36394 +CVE-2023-36397 +CVE-2023-36398 +CVE-2023-36400 +CVE-2023-36401 +CVE-2023-36402 +CVE-2023-36403 +CVE-2023-36404 +CVE-2023-36405 +CVE-2023-36408 +CVE-2023-36423 +CVE-2023-36424 +CVE-2023-36425 +CVE-2023-36427 +CVE-2023-36428 +CVE-2023-36705 +CVE-2023-36719 +CVE-2023-38039 +CVE-2023-38545 +9.8 +9.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-38545 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The remote Windows host is missing security update 5032189. It is, therefore, affected by multiple vulnerabilities + + - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402) + + - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397) + + - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +smb_nt_ms23_nov_5032189.nasl +2023-A-0638-S +2023-A-0636-S +MS23-5032189 +5032189 +2023/11/14 +2024/01/19 +KB5032189: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (November 2023) +2023/11/14 +local +Very High +Critical +1.7 +https://support.microsoft.com/help/5032189 +Apply Security Update 5032189 +I +The remote Windows host is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media; Security Research +9.5 +2023/11/14 +MSKB:5032189 +MSFT:MS23-5032189 +CISA-KNOWN-EXPLOITED:2023/12/05 +CEA-ID:CEA-2023-0052 +IAVA:2023-A-0638-S +IAVA:2023-A-0636-S + +The remote host is missing one of the following rollup KBs : + - 5032189 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3693 + + + + +7 - 30 days +cpe:/o:microsoft:windows +CVE-2022-35737 +CVE-2024-20652 +CVE-2024-20653 +CVE-2024-20654 +CVE-2024-20657 +CVE-2024-20658 +CVE-2024-20660 +CVE-2024-20661 +CVE-2024-20663 +CVE-2024-20664 +CVE-2024-20666 +CVE-2024-20674 +CVE-2024-20680 +CVE-2024-20681 +CVE-2024-20682 +CVE-2024-20683 +CVE-2024-20687 +CVE-2024-20690 +CVE-2024-20691 +CVE-2024-20692 +CVE-2024-20694 +CVE-2024-20696 +CVE-2024-20698 +CVE-2024-20699 +CVE-2024-20700 +CVE-2024-21305 +CVE-2024-21306 +CVE-2024-21307 +CVE-2024-21310 +CVE-2024-21311 +CVE-2024-21313 +CVE-2024-21314 +CVE-2024-21316 +CVE-2024-21320 +8.1 +CVE-2024-20652 +7.3 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +9.0 +CVE-2024-20654 +7.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C +The remote Windows host is missing security update 5034122. It is, therefore, affected by multiple vulnerabilities + + - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) + + - BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666) + + - Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms24_jan_5034122.nasl +2024-A-0016 +2024-A-0015 +MS24-5034122 +5034122 +2024/01/09 +2024/01/17 +KB5034122: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (January 2024) +2024/01/09 +local +Very High +High +1.3 +https://support.microsoft.com/help/5034122 +Apply Security Update 5034122 +I +The remote Windows host is affected by multiple vulnerabilities. +Medium +7 to 30 days +Social Media +8.4 +2022/08/03 +MSKB:5034122 +MSFT:MS24-5034122 +IAVA:2024-A-0016 +IAVA:2024-A-0015 + +The remote host is missing one of the following rollup KBs : + - 5034122 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3930 + + + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-01-30T15:25:27-05:00 (20240130152527.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv1 + SMBv2 + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.2952.0 + Antispyware signature version : 1.403.2952.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows 10 22H2 + Vendor : Microsoft + Product : Windows + Release : 10 22H2 + Edition : Enterprise + Version : 10.0.19045.3570 + Extended Support : Version and Edition + Role : client + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_10_22h2:10.0.19045.3570:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3570:-:any:*:enterprise:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Jan. 30, 2024 at 11:12:00 GMT + Malware Signature Version : 1.403.2952.0 + Signatures Last Updated : Jan. 30, 2024 at 20:36:32 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + AdobeARMservice startup parameters : + Display name : Adobe Acrobat Update Service + Service name : AdobeARMservice + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DusmSvc startup parameters : + Display name : Data Usage + Service name : DusmSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/fileinfo/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\sppsvc.exe + Dependencies : RpcSs/ + + stisvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : stisvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + uhssvc startup parameters : + Display name : Microsoft Update Health Service + Service name : uhssvc + Log on as : LocalSystem + Executable path : "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" + Dependencies : EventLog/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vm3dservice.exe + + wscsvc startup parameters : + Display name : Security Center + Service name : wscsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AssignedAccessManagerSvc startup parameters : + Display name : AssignedAccessManager Service + Service name : AssignedAccessManagerSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AssignedAccessManagerSvc + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + BDESVC startup parameters : + Display name : BitLocker Drive Encryption Service + Service name : BDESVC + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + BTAGService startup parameters : + Display name : Bluetooth Audio Gateway Service + Service name : BTAGService + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : rpcss/ + + Browser startup parameters : + Display name : Computer Browser + Service name : Browser + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : LanmanWorkstation/LanmanServer/ + + BthAvctpSvc startup parameters : + Display name : AVCTP service + Service name : BthAvctpSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DisplayEnhancementService startup parameters : + Display name : Display Enhancement Service + Service name : DisplayEnhancementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\lsass.exe + Dependencies : RPCSS/ + + Eaphost startup parameters : + Display name : Extensible Authentication Protocol + Service name : Eaphost + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + Fax startup parameters : + Display name : Fax + Service name : Fax + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\fxssvc.exe + Dependencies : TapiSrv/RpcSs/Spooler/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.105\elevation_service.exe" + Dependencies : RPCSS/ + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + IpxlatCfgSvc startup parameters : + Display name : IP Translation Configuration Service + Service name : IpxlatCfgSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nsi/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + LxpSvc startup parameters : + Display name : Language Experience Service + Service name : LxpSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.44\elevation_service.exe" + Dependencies : RPCSS/ + + MixedRealityOpenXRSvc startup parameters : + Display name : Windows Mixed Reality OpenXR Service + Service name : MixedRealityOpenXRSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + NaturalAuthentication startup parameters : + Display name : Natural Authentication + Service name : NaturalAuthentication + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/Schedule/ + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NcdAutoSetup startup parameters : + Display name : Network Connected Devices Auto-Setup + Service name : NcdAutoSetup + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : netprofm/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PNRPAutoReg startup parameters : + Display name : PNRP Machine Name Publication Service + Service name : PNRPAutoReg + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : pnrpsvc/ + + PNRPsvc startup parameters : + Display name : Peer Name Resolution Protocol + Service name : PNRPsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PeerDistSvc startup parameters : + Display name : BranchCache + Service name : PeerDistSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k PeerDist + Dependencies : http/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PhoneSvc startup parameters : + Display name : Phone Service + Service name : PhoneSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RetailDemo startup parameters : + Display name : Retail Demo Service + Service name : RetailDemo + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k rdxgroup + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SDRSVC startup parameters : + Display name : Windows Backup + Service name : SDRSVC + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k SDRSVC + Dependencies : RPCSS/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\snmptrap.exe + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\SensorDataService.exe + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + SharedRealitySvc startup parameters : + Display name : Spatial Data Service + Service name : SharedRealitySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + SmsRouter startup parameters : + Display name : Microsoft Windows SMS Router Service. + Service name : SmsRouter + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TapiSrv startup parameters : + Display name : Telephony + Service name : TapiSrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\WINDOWS\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/ + + TroubleshootingSvc startup parameters : + Display name : Recommended Troubleshooting Service + Service name : TroubleshootingSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\WINDOWS\servicing\TrustedInstaller.exe + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vssvc.exe + Dependencies : RPCSS/ + + VacSvc startup parameters : + Display name : Volumetric Audio Compositor Service + Service name : VacSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : rpcss/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WFDSConMgrSvc startup parameters : + Display name : Wi-Fi Direct Services Connection Manager Service + Service name : WFDSConMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WManSvc startup parameters : + Display name : Windows Management Service + Service name : WManSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k appmodel -p + + WarpJITSvc startup parameters : + Display name : WarpJITSvc + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + WebClient startup parameters : + Display name : WebClient + Service name : WebClient + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : MRxDAV/ + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + WlanSvc startup parameters : + Display name : WLAN AutoConfig + Service name : WlanSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nativewifip/RpcSs/Ndisuio/wcmsvc/ + + WpcMonSvc startup parameters : + Display name : Parental Controls + Service name : WpcMonSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WwanSvc startup parameters : + Display name : WWAN AutoConfig + Service name : WwanSvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/NdisUio/ + + XblAuthManager startup parameters : + Display name : Xbox Live Auth Manager + Service name : XblAuthManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + XblGameSave startup parameters : + Display name : Xbox Live Game Save + Service name : XblGameSave + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/XblAuthManager/ + + XboxGipSvc startup parameters : + Display name : Xbox Accessory Management Service + Service name : XboxGipSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + XboxNetApiSvc startup parameters : + Display name : Xbox Live Networking Service + Service name : XboxNetApiSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/mpssvc/IKEEXT/KeyIso/ + + autotimesvc startup parameters : + Display name : Cellular Time + Service name : autotimesvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k autoTimeSvc + Dependencies : rpcss/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + + cloudidsvc startup parameters : + Display name : Microsoft Cloud Identity Service + Service name : cloudidsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k CloudIdServiceGroup -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + diagsvc startup parameters : + Display name : Diagnostic Execution Service + Service name : diagsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k diagnostics + Dependencies : RpcSs/ + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + fhsvc startup parameters : + Display name : File History Service + Service name : fhsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + icssvc startup parameters : + Display name : Windows Mobile Hotspot Service + Service name : icssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/wcmsvc/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + p2pimsvc startup parameters : + Display name : Peer Networking Identity Manager + Service name : p2pimsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + + p2psvc startup parameters : + Display name : Peer Networking Grouping + Service name : p2psvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/PNRPSvc/ + + perceptionsimulation startup parameters : + Display name : Windows Perception Simulation Service + Service name : perceptionsimulation + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe + Dependencies : rpcss/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + spectrum startup parameters : + Display name : Windows Perception Service + Service name : spectrum + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\spectrum.exe + Dependencies : rpcss/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicrdv startup parameters : + Display name : Hyper-V Remote Desktop Virtualization Service + Service name : vmicrdv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{C0E456E7-2DDC-45D3-9D79-81EEFDB2D0C1} + Dependencies : rpcss/ + + wbengine startup parameters : + Display name : Block Level Backup Engine Service + Service name : wbengine + Log on as : localSystem + Executable path : "C:\WINDOWS\system32\wbengine.exe" + + wcncsvc startup parameters : + Display name : Windows Connect Now - Config Registrar + Service name : wcncsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wlpasvc startup parameters : + Display name : Local Profile Assistant Service + Service name : wlpasvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : WwanSvc/RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\WINDOWS\system32\wbem\WmiApSrv.exe + + workfolderssvc startup parameters : + Display name : Work Folders + Service name : workfolderssvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/wsearch/ + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DialogBlockingService startup parameters : + Display name : DialogBlockingService + Service name : DialogBlockingService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DialogBlockingService + + MsKeyboardFilter startup parameters : + Display name : Microsoft Keyboard Filter + Service name : MsKeyboardFilter + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AgentService.exe + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + ssh-agent startup parameters : + Display name : OpenSSH Authentication Agent + Service name : ssh-agent + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\OpenSSH\ssh-agent.exe + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\DEGTHAT + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +Adobe Acrobat Update Service [ AdobeARMservice ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +Base Filtering Engine [ BFE ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Computer Browser [ Browser ] +Bluetooth Audio Gateway Service [ BTAGService ] +AVCTP service [ BthAvctpSvc ] +Bluetooth Support Service [ bthserv ] +Connected Devices Platform Service [ CDPSvc ] +Certificate Propagation [ CertPropSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +Device Association Service [ DeviceAssociationService ] +DHCP Client [ Dhcp ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Delivery Optimization [ DoSvc ] +Diagnostic Policy Service [ DPS ] +Data Usage [ DusmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Font Cache Service [ FontCache ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +Windows License Manager Service [ LicenseManager ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +Network Connection Broker [ NcbService ] +Network Connected Devices Auto-Setup [ NcdAutoSetup ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Access Connection Manager [ RasMan ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +SSDP Discovery [ SSDPSRV ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +State Repository Service [ StateRepository ] +Windows Image Acquisition (WIA) [ stisvc ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Remote Desktop Services [ TermService ] +Themes [ Themes ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Microsoft Update Health Service [ uhssvc ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic Service Host [ WdiServiceHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Push Notifications System Service [ WpnService ] +Security Center [ wscsvc ] +Windows Search [ WSearch ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Information [ Appinfo ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +AssignedAccessManager Service [ AssignedAccessManagerSvc ] +Cellular Time [ autotimesvc ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +BitLocker Drive Encryption Service [ BDESVC ] +Background Intelligent Transfer Service [ BITS ] +Capability Access Manager Service [ camsvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Microsoft Cloud Identity Service [ cloudidsvc ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Diagnostic Execution Service [ diagsvc ] +Connected User Experiences and Telemetry [ DiagTrack ] +DialogBlockingService [ DialogBlockingService ] +Display Enhancement Service [ DisplayEnhancementService ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Wired AutoConfig [ dot3svc ] +Device Setup Manager [ DsmSvc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ Eaphost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Fax [ Fax ] +File History Service [ fhsvc ] +Windows Camera Frame Server [ FrameServer ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +Group Policy Client [ gpsvc ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Windows Mobile Hotspot Service [ icssvc ] +Microsoft Store Install Service [ InstallService ] +IP Translation Configuration Service [ IpxlatCfgSvc ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Language Experience Service [ LxpSvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Windows Mixed Reality OpenXR Service [ MixedRealityOpenXRSvc ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +Microsoft Keyboard Filter [ MsKeyboardFilter ] +Natural Authentication [ NaturalAuthentication ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Peer Networking Identity Manager [ p2pimsvc ] +Peer Networking Grouping [ p2psvc ] +Program Compatibility Assistant Service [ PcaSvc ] +BranchCache [ PeerDistSvc ] +Windows Perception Simulation Service [ perceptionsimulation ] +Performance Counter DLL Host [ PerfHost ] +Phone Service [ PhoneSvc ] +Performance Logs & Alerts [ pla ] +PNRP Machine Name Publication Service [ PNRPAutoReg ] +Peer Name Resolution Protocol [ PNRPsvc ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Routing and Remote Access [ RemoteAccess ] +Retail Demo Service [ RetailDemo ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Windows Backup [ SDRSVC ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Spatial Data Service [ SharedRealitySvc ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +Microsoft Windows SMS Router Service. [ SmsRouter ] +SNMP Trap [ SNMPTRAP ] +Windows Perception Service [ spectrum ] +Software Protection [ sppsvc ] +OpenSSH Authentication Agent [ ssh-agent ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Telephony [ TapiSrv ] +Storage Tiers Management [ TieringEngineService ] +Recommended Troubleshooting Service [ TroubleshootingSvc ] +Windows Modules Installer [ TrustedInstaller ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +UPnP Device Host [ upnphost ] +Volumetric Audio Compositor Service [ VacSvc ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Remote Desktop Virtualization Service [ vmicrdv ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +Windows Update Medic Service [ WaaSMedicSvc ] +WalletService [ WalletService ] +WarpJITSvc [ WarpJITSvc ] +Block Level Backup Engine Service [ wbengine ] +Windows Biometric Service [ WbioSrvc ] +Windows Connect Now - Config Registrar [ wcncsvc ] +Diagnostic System Host [ WdiSystemHost ] +WebClient [ WebClient ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Wi-Fi Direct Services Connection Manager Service [ WFDSConMgrSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Insider Service [ wisvc ] +WLAN AutoConfig [ WlanSvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +Local Profile Assistant Service [ wlpasvc ] +Windows Management Service [ WManSvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Work Folders [ workfolderssvc ] +Parental Controls [ WpcMonSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Update [ wuauserv ] +WWAN AutoConfig [ WwanSvc ] +Xbox Live Auth Manager [ XblAuthManager ] +Xbox Live Game Save [ XblGameSave ] +Xbox Accessory Management Service [ XboxGipSvc ] +Xbox Live Networking Service [ XboxNetApiSvc ] + + + +windows +True +By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs). +smb_enum_share_permissions.nasl +2022/08/11 +Microsoft Windows SMB Share Permissions Enumeration +2012/07/25 +local +None +1.9 +https://technet.microsoft.com/en-us/library/bb456988.aspx +https://technet.microsoft.com/en-us/library/cc783530.aspx +n/a +It was possible to enumerate the permissions of remote network shares. + +Share path : \\WKS4-SOTERIA\print$ +Local path : C:\WINDOWS\system32\spool\drivers +Comment : Printer Drivers +[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9 + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: NO + FILE_GENERIC_EXECUTE: YES +[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: YES + FILE_GENERIC_EXECUTE: YES + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + D$ : + + - \Nessus\Nessus Professional License Information.docx + + + C$ : + + - C:\Windows\System32\MSDRM\MsoIrmProtector.xls + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_827220c1aac4d9c1\MsoIrmProtector.xls + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_8cc6cb13df259bbc\MsoIrmProtector.xls + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + + + + +This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares. + +Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. + +If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA. +smb_accessible_shares_copyrighted_content.nasl +2012/11/29 +Microsoft Windows SMB Share Hosting Possibly Copyrighted Material +2003/06/26 +local +None +$Revision: 1.41 $ +Delete the files infringing copyright. +The remote host may contain material (movies/audio) infringing copyright. + +Here is a list of files which have been found on the remote SMB shares. +Some of these files may contain copyrighted materials, such as commercial +movies or music files. + + + C$ : + +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.104.4001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.55.9001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-GeoSpara-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe\Assets\Sounds\Nudge.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Classic_00_PREVIEW_00.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_BREAK_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_D.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_E.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_F.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_G.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_OUTRO.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_01.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\r\lync_lobbywaiting.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\f\lync_lobbywaiting.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_C.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_B.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_A.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO.wma + + + + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- D$ - (readable,writable) + + Content of this share : +bootTel.dat +JkDefragPortable +Nessus +Netsparker-Info +Program Files (x86) +Results +scc-5.4.2_Windows_bundle +System Volume Information +Tutela-IA-Lockdown-Tool2021.exe +U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +bootmgr +BOOTNXT +Documents and Settings +DumpStack.log.tmp +MSOCache +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +Standalone-Windows-STIG-Script-master +swapfile.sys +System Volume Information +Users +Windows + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +addins +appcompat +apppatch +AppReadiness +assembly +bcastdvr +bfsvc.exe +BitLockerDiscoveryVolumeContents +Boot +bootstat.dat +Branding +CbsTemp +comsetup.log +Containers +CSC +Cursors +debug +diagerr.xml +diagnostics +DiagTrack +diagwrn.xml +DigitalLocker +Downloaded Program Files +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +GameBarPresenceWriter +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +IME +ImmersiveControlPanel +INF +InfusedApps +InputMethod +Installer +L2Schemas +LanguageOverlayCache +LiveKernelReports +Logs +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Professional.xml +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +SoftwareDistribution.bak +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 +SystemApps + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - D$ + - IPC$ + - print$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - WKS4-SOTERIA\Administrator (User) + - WKS4-SOTERIA\Cinnabon (User) + - WKS4-SOTERIA\DEGTHAT (User) + - WKS4-SOTERIA\tester (User) + - WKS4-SOTERIA\dbingham (User) + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 10 +Password history len: 24 +Maximum password age (d): 90 +Password must meet complexity requirements: Enabled +Minimum password age (d): 1 +Forced logoff time (s): 0 +Locked account time (s): 900 +Time between failed logon (s): 900 +Number of invalid logon before locked out (s): 3 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user account has been disabled : + + - Administrator + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following user has a password that never expires : + + - Cinnabon + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - Administrator (id 500, Built-in account for administering the computer/domain, Administrator account) + - Cinnabon (id 1001) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft Shared Fax Driver --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSDRV.DLL + Version : 10.0.19041.3570 + Supported Platform : Windows x64 + +--- TP PS Driver 830A8AA0BE6248f28478A495CCC72E64 --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL + Version : 0.0.0.0 + Supported Platform : Windows x64 + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.19041.3570 + Supported Platform : Windows x64 + + Path : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.19041.3570 + Supported Platform : Windows NT x86 + +--- Brother Laser Type1 Class Driver --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_26942243c5ee90e7\Amd64\mxdwdrv.dll + Version : 10.0.17119.1 + Supported Platform : Windows x64 + +--- Microsoft Print To PDF --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_26942243c5ee90e7\Amd64\mxdwdrv.dll + Version : 10.0.19041.1806 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +60 - 180 days +windows +cpe:/a:adobe:acrobat_reader +CVE-2023-44336 +CVE-2023-44337 +CVE-2023-44338 +CVE-2023-44339 +CVE-2023-44340 +CVE-2023-44348 +CVE-2023-44356 +CVE-2023-44357 +CVE-2023-44358 +CVE-2023-44359 +CVE-2023-44360 +CVE-2023-44361 +CVE-2023-44365 +CVE-2023-44366 +CVE-2023-44367 +CVE-2023-44371 +CVE-2023-44372 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-44372 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +125 +416 +787 +824 +The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30539 or 23.006.20380. It is, therefore, affected by multiple vulnerabilities. + + - Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-44336, CVE-2023-44359, CVE-2023-44367, CVE-2023-44371, CVE-2023-44372) + + - Out-of-bounds Read (CWE-125) potentially leading to Arbitrary code execution (CVE-2023-44337, CVE-2023-44338) + + - Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-44365) + + - Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-44366) + + - Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-44339, CVE-2023-44340, CVE-2023-44348, CVE-2023-44356, CVE-2023-44357, CVE-2023-44358, CVE-2023-44360) + + - Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-44361) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +adobe_reader_apsb23-54.nasl +current +2023-A-0626 +2023/11/14 +2023/11/23 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) +2023/11/14 +local +Medium +High +1.2 +https://helpx.adobe.com/security/products/acrobat/apsb23-54.html +Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +I +The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2023/11/14 +IAVA:2023-A-0626 +CWE:125 +CWE:416 +CWE:787 +CWE:824 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Installed version : 23.6.20360.0 + Fixed version : 23.006.20380 + + + +windows +True +software_enumeration +cpe:/a:adobe:acrobat_reader +Adobe Reader, a PDF file viewer, is installed on the remote host. +adobe_reader_installed.nasl +0001-T-0524 +2022/10/10 +Adobe Reader Detection +2006/02/02 +local +None +1.34 +http://www.adobe.com/products/reader/ +n/a +There is a PDF file viewer installed on the remote Windows host. +IAVT:0001-T-0524 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Version : 23.6.20360.0 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 10_2023 [KB5031356] + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + + Latest effective update level : 10_2023 + File checked : C:\WINDOWS\system32\ntoskrnl.exe + File version : 10.0.19041.3570 + Associated KB : 5031356 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Microsoft-OneCore-ApplicationModel-Sync-Desktop-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Installed +Release Type : Language Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Feature Pack +Install Time : 12/7/2019 9:50 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Foundation +Install Time : 12/7/2019 9:18 AM + +Package : Microsoft-Windows-Hello-Face-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/8/2022 5:00 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:54 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-QuickAssist-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 10:56 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9167.9 +State : Superseded +Release Type : Update +Install Time : 10/11/2023 2:44 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9191.1 +State : Superseded +Release Type : Update +Install Time : 11/5/2023 2:11 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9200.1 +State : Superseded +Release Type : Update +Install Time : 11/6/2023 2:55 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9214.4 +State : Installed +Release Type : Update +Install Time : 1/30/2024 4:00 PM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4645.5 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:00 PM + +Package : Package_for_KB5011048~31bf3856ad364e35~amd64~~10.0.9166.1 +State : Installed +Release Type : Update +Install Time : 7/31/2023 7:51 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~19041.1880.1.1 +State : Installed +Release Type : Security Update +Install Time : 7/28/2023 8:59 PM + +Package : Package_for_KB5015684~31bf3856ad364e35~amd64~~19041.1799.1.2 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:50 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0 +State : Installed +Release Type : Security Update +Install Time : 11/5/2023 10:56 PM + +Package : Package_for_ServicingStack_2180~31bf3856ad364e35~amd64~~19041.2180.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:49 PM + +Package : Package_for_ServicingStack_2300~31bf3856ad364e35~amd64~~19041.2300.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 2:22 PM + +Package : Package_for_ServicingStack_3205~31bf3856ad364e35~amd64~~19041.3205.1.1 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:01 PM + +Package : Package_for_ServicingStack_3562~31bf3856ad364e35~amd64~~19041.3562.1.0 +State : Installed +Release Type : Update +Install Time : 11/5/2023 2:15 PM + + + +cpe:/a:google:chrome +Nessus was able to enumerate Chrome browser extensions installed on the remote host. +win_chrome_browser_addons.nbin +0001-T-0511 +2024/01/16 +Chrome Browser Extension Enumeration +2017/01/16 +local +None +1.202 +https://chrome.google.com/webstore/category/extensions +Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies. +One or more Chrome browser extensions are installed on the remote host. +IAVT:0001-T-0511 + +User : Cinnabon +|- Browser : Chrome + |- Add-on information : + + Name : Google Slides + Description : Create and edit presentations + Version : 0.9 + Update Date : Jan. 30, 2024 at 16:28:22 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 + + Name : Google Docs + Description : Create and edit documents + Version : 0.9 + Update Date : Jan. 30, 2024 at 16:28:24 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 + + Name : Google Drive + Description : Google Drive: create, share and keep all your stuff in one place. + Version : 14.1 + Update Date : Jan. 30, 2024 at 16:28:24 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 + + Name : YouTube + Version : 4.2.8 + Update Date : Jan. 30, 2024 at 16:28:25 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 + + Name : Google Sheets + Description : Create and edit spreadsheets + Version : 1.1 + Update Date : Jan. 30, 2024 at 16:28:28 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0 + + Name : Google Docs Offline + Description : Get things done offline with the Google Docs family of products. + Version : 1.4 + Update Date : Jan. 30, 2024 at 16:28:30 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.3 + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0 + + Name : Gmail + Description : Fast, searchable email with less spam. + Version : 8.1 + Update Date : Jan. 30, 2024 at 16:28:31 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 + + Name : Chrome Media Router + Description : Provider for discovery and services for mirroring of Chrome Media Router + Version : 6117.717.0.4 + Update Date : Jan. 30, 2024 at 16:28:34 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6117.717.0.4_0 + +User : DEGTHAT +|- Browser : Chrome + |- Add-on information : + + Name : Adobe Acrobat: PDF edit, convert, sign tools + Description : Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools. + Version : 23.9.1.0 + Update Date : Jan. 30, 2024 at 16:28:16 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\23.9.1.0_0 + + Name : Google Docs Offline + Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access. + Version : 1.65.0 + Update Date : Jan. 30, 2024 at 16:28:17 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.65.0_0 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 16:28:17 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + +User : dbingham +|- Browser : Chrome + |- Add-on information : + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 16:28:40 GMT + Path : C:\Users\dbingham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.123. It is, therefore, affected by a vulnerability as referenced in the 2023_11_stable-channel-update-for-desktop advisory. + + - Use after free in WebAudio. (CVE-2023-5996) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_119_0_6045_123.nasl +current +2023-A-0594-S +2023-A-0608-S +2023/11/07 +2023/11/16 +Google Chrome < 119.0.6045.123 Vulnerability +2023/11/08 +local +Medium +Critical +1.5 +http://www.nessus.org/u?c5d3d619 +https://crbug.com/1497859 +Upgrade to Google Chrome version 119.0.6045.123 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +30 to 120 days +No recorded events +7.4 +2023/11/07 +IAVA:2023-A-0594-S +IAVA:2023-A-0608-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 119.0.6045.123 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5997 +CVE-2023-6112 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.159. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_14 advisory. + + - Use after free in Garbage Collection. (CVE-2023-5997) + + - Use after free in Navigation. (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_119_0_6045_159.nasl +current +2023-A-0641-S +2023/11/14 +2024/01/29 +Google Chrome < 119.0.6045.159 Multiple Vulnerabilities +2023/11/14 +local +Medium +Critical +1.5 +http://www.nessus.org/u?7ed0136b +https://crbug.com/1497997 +https://crbug.com/1499298 +Upgrade to Google Chrome version 119.0.6045.159 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/11/14 +IAVA:2023-A-0641-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 119.0.6045.159 + + + +60 - 180 days +2023/12/21 +cpe:/a:google:chrome +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_28 advisory. + + - Integer overflow in Skia. (CVE-2023-6345) + + - Use after free in WebAudio. (CVE-2023-6346) + + - Use after free in Mojo. (CVE-2023-6347) + + - Type Confusion in Spellcheck. (CVE-2023-6348) + + - Out of bounds memory access in libavif. (CVE-2023-6350) + + - Use after free in libavif. (CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_119_0_6045_199.nasl +current +2023-A-0660-S +2023/11/28 +2023/12/08 +Google Chrome < 119.0.6045.199 Multiple Vulnerabilities +2023/11/28 +local +Medium +Critical +1.5 +http://www.nessus.org/u?be59469a +https://crbug.com/1491459 +https://crbug.com/1494461 +https://crbug.com/1500856 +https://crbug.com/1501766 +https://crbug.com/1501770 +https://crbug.com/1505053 +Upgrade to Google Chrome version 119.0.6045.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 +IAVA:2023-A-0660-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 119.0.6045.199 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_109.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.109 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.109 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.109 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.110. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_110.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.110 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.110 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.110 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.200. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_200.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.200 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.200 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.200 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_199.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.199 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.199 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.130. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_130.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.130 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.130 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.130 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.129. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_129.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.129 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.129 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.129 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.216. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_216.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.216 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.216 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.216 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.217. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_217.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.217 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.217 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.217 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop advisory. + + - Use after free in Media Stream. (CVE-2023-6508) + + - Use after free in Side Panel Search. (CVE-2023-6509) + + - Use after free in Media Capture. (CVE-2023-6510) + + - Inappropriate implementation in Autofill. (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI. (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_62.nasl +current +2023-A-0669-S +2023/12/05 +2023/12/15 +Google Chrome < 120.0.6099.62 Multiple Vulnerabilities +2023/12/05 +local +Medium +Critical +1.3 +http://www.nessus.org/u?3d175be7 +https://crbug.com/1497984 +https://crbug.com/1494565 +https://crbug.com/1480152 +https://crbug.com/1478613 +https://crbug.com/1457702 +Upgrade to Google Chrome version 120.0.6099.62 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/12/05 +IAVA:2023-A-0669-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.62 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.224. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_224.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.224 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.224 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.224 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.225. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_225.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.225 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.225 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.225 + + + +0 - 7 days +cpe:/a:google:chrome +CVE-2024-0804 +CVE-2024-0805 +CVE-2024-0806 +CVE-2024-0807 +CVE-2024-0808 +CVE-2024-0809 +CVE-2024-0810 +CVE-2024-0811 +CVE-2024-0812 +CVE-2024-0813 +CVE-2024-0814 +9.8 +CVE-2024-0808 +8.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0813 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 121.0.6167.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_23 advisory. + + - Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0807) + + - Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2024-0812) + + - Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) (CVE-2024-0808) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2024-0810) + + - Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0814) + + - Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. + (Chromium security severity: Medium) (CVE-2024-0813) + + - Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2024-0806) + + - Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2024-0805) + + - Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0804) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2024-0811) + + - Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-0809) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_121_0_6167_85.nasl +current +2024-A-0052 +2024/01/23 +2024/01/30 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities +2024/01/24 +local +Low +Critical +1.2 +http://www.nessus.org/u?682ca867 +https://crbug.com/1505080 +https://crbug.com/1484394 +https://crbug.com/1504936 +https://crbug.com/1496250 +https://crbug.com/1463935 +https://crbug.com/1477151 +https://crbug.com/1505176 +https://crbug.com/1514925 +https://crbug.com/1515137 +https://crbug.com/1494490 +https://crbug.com/1497985 +Upgrade to Google Chrome version 121.0.6167.85 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +6.7 +2024/01/23 +IAVA:2024-A-0052 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 121.0.6167.85 + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Version : 119.0.6045.105 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +windows +True +x-cpe:/a:microsoft:applocker +Windows AppLocker, a tool for managing user access to applications, is installed on the remote Windows host. +microsoft_applocker_installed.nbin +2024/01/16 +Windows AppLocker Installed +2013/03/22 +local +None +1.264 +https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759117(v=ws.11) +n/a +The remote host has an application installed for managing software access. + +Nessus enumerated the following Windows AppLocker configuration : + Exe Rules + Mode : Audit + Rule name : Prevent administrators from easily running the Opera web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Firefox web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Internet Explorer web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWSŽ INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow everyone to execute all files located in the Program Files folder + Description : Allows members of the Everyone group to run applications that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Prevent administrators from easily running the Outlook email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow administrators to execute all files + Description : Allows members of the local Administrators group to run all applications. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to execute all files located in the Windows folder + Description : Allows members of the Everyone group to run applications that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Prevent administrators from easily running the Chrome web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Safari web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Thunderbird email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + + Dll Rules + Mode : Audit + Rule name : Allow everyone to execute all DLLs located in the Windows folder + Description : Allows members of the Everyone group to load DLLs located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Allow everyone to execute all DLLs located in the Program Files folder + Description : Allows members of the Everyone group to load DLLs that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allows administrators to execute all DLLs + Description : Allows members of the local Administrators group to load all DLLs. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + + Script Rules + Mode : Audit + Rule name : All scripts + Description : Allows members of the local Administrators group to run all scripts. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all scripts located in the Program Files folder + Description : Allows members of the Everyone group to run scripts that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allow everyone to run all scripts located in the Windows folder + Description : Allows members of the Everyone group to run scripts that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + + Msi Rules + Mode : Audit + Rule name : Allow administrators to run all Windows Installer files + Description : Allows members of the local Administrators group to run all Windows Installer files. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all Windows Installer files located in the Windows\Installer folder. + Description : Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\Installer\*" + + + Appx Rules + Mode : Audit + Rule name : (Default Rule) All signed packaged apps + Description : Allows members of the Everyone group to run packaged apps that are signed. + Rule type : FilePublisherRule + User/Group SID : S-1-1-0 + Condition : PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*" + + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory. + + - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0222) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0223) + + - Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0224) + + - Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_121.nasl +current +2024-A-0009-S +2024/01/05 +2024/01/18 +Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities +2024/01/05 +local +Low +Critical +1.3 +http://www.nessus.org/u?4aae3ac8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0225 +Upgrade to Microsoft Edge version 120.0.2210.121 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0009-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 120.0.2210.121 + + + +60 - 180 days +2023/12/21 +cpe:/a:microsoft:edge +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.122 / 119.0.2151.97. It is, therefore, affected by multiple vulnerabilities as referenced in the November 29, 2023 advisory. + + - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) (CVE-2023-6345) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6346) + + - Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6347) + + - Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6348) + + - Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) (CVE-2023-6350, CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_119_0_2151_97.nasl +current +2023/11/29 +2023/12/06 +Microsoft Edge (Chromium) < 118.0.2088.122 / 119.0.2151.97 Multiple Vulnerabilities +2023/11/29 +local +Medium +Critical +1.3 +http://www.nessus.org/u?88d07bbe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6345 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6346 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6347 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6348 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6351 +Upgrade to Microsoft Edge version 118.0.2088.122 / 119.0.2151.97 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 119.0.2151.97 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0333 +CVE-2024-20675 +CVE-2024-20709 +CVE-2024-20721 +CVE-2024-21337 +6.3 +5.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L +3.7 +7.5 +CVE-2024-20675 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.133. It is, therefore, affected by multiple vulnerabilities as referenced in the January 11, 2024 advisory. + + - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0333) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675) + + - Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20709, CVE-2024-20721) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_133.nasl +current +2024-A-0040 +2024/01/11 +2024/01/19 +Microsoft Edge (Chromium) < 120.0.2210.133 Multiple Vulnerabilities +2024/01/18 +local +Low +High +1.1 +http://www.nessus.org/u?3844aad0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337 +Upgrade to Microsoft Edge version 120.0.2210.133 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +4.9 +2024/01/09 +IAVA:2024-A-0040 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 120.0.2210.133 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5997 +CVE-2023-6112 +CVE-2023-36008 +CVE-2023-36026 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.109 / 119.0.2151.72. It is, therefore, affected by multiple vulnerabilities as referenced in the November 16, 2023 advisory. + + - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997) + + - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_119_0_2151_72.nasl +current +2023-A-0649-S +2023/11/16 +2024/01/29 +Microsoft Edge (Chromium) < 118.0.2088.109 / 119.0.2151.72 Multiple Vulnerabilities +2023/11/16 +local +Medium +Critical +1.4 +http://www.nessus.org/u?7feca339 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36026 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6112 +Upgrade to Microsoft Edge version 118.0.2088.109 / 119.0.2151.72 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2023/11/14 +IAVA:2023-A-0649-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 119.0.2151.72 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-36014 +CVE-2023-36024 +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.102 / 119.0.2151.58. It is, therefore, affected by multiple vulnerabilities as referenced in the November 9, 2023 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36014) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36024) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_58.nasl +current +2023-A-0610-S +2023/11/09 +2024/01/26 +Microsoft Edge (Chromium) < 118.0.2088.102 / 119.0.2151.58 Multiple Vulnerabilities +2023/11/09 +local +Medium +Critical +1.6 +http://www.nessus.org/u?683f1aad +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5996 +Upgrade to Microsoft Edge version 118.0.2088.102 / 119.0.2151.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +7.4 +2023/11/07 +IAVA:2023-A-0610-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 119.0.2151.58 + + + +30 - 60 days +2024/01/23 +cpe:/a:microsoft:edge +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.91. It is, therefore, affected by a vulnerability as referenced in the December 21, 2023 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_120_0_2210_91.nasl +current +2023/12/21 +2024/01/02 +Microsoft Edge (Chromium) < 120.0.2210.91 (CVE-2023-7024) +2023/12/21 +local +Medium +Critical +1.3 +http://www.nessus.org/u?eaceba1a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-7024 +Upgrade to Microsoft Edge version 120.0.2210.91 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 120.0.2210.91 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +CVE-2023-36878 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.77. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-36878) + + - Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-6706) + + - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-6707) + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_77.nasl +current +2023-A-0696-S +2023/12/14 +2024/01/12 +Microsoft Edge (Chromium) < 120.0.2210.77 Multiple Vulnerabilities +2023/12/15 +local +Medium +Critical +1.3 +http://www.nessus.org/u?11cef5be +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6706 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6707 +Upgrade to Microsoft Edge version 120.0.2210.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0696-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 120.0.2210.77 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +CVE-2023-35618 +CVE-2023-36880 +CVE-2023-38174 +9.6 +CVE-2023-35618 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-35618) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-36880, CVE-2023-38174) + + - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6508) + + - Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) (CVE-2023-6509) + + - Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2023-6510) + + - Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_61.nasl +current +2023-A-0677-S +2023/12/07 +2023/12/22 +Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities +2023/12/07 +local +Medium +Critical +1.3 +http://www.nessus.org/u?7f2952a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36880 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6512 +Upgrade to Microsoft Edge version 120.0.2210.61 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2023/12/05 +IAVA:2023-A-0677-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 120.0.2210.61 + + + +7 - 30 days +2024/02/07 +cpe:/a:microsoft:edge +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.144. It is, therefore, affected by multiple vulnerabilities as referenced in the January 17, 2024 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0517) + + - Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0518) + + - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_120_0_2210_144.nasl +current +2024-A-0040 +2024/01/17 +2024/01/23 +Microsoft Edge (Chromium) < 120.0.2210.144 Multiple Vulnerabilities +2024/01/17 +local +Low +Critical +1.2 +http://www.nessus.org/u?baa12a23 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519 +Upgrade to Microsoft Edge version 120.0.2210.144 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0040 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 120.0.2210.144 + + + +0 - 7 days +cpe:/a:microsoft:edge +CVE-2024-21336 +2.5 +2.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N +1.4 +1.2 +CVE-2024-21336 +0.9 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by a vulnerability as referenced in the January 26, 2024 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-21336) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_121_0_2277_83.nasl +current +2024/01/25 +2024/01/26 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21336) +2024/01/25 +local +Low +Low +1.1 +http://www.nessus.org/u?5d9abc0d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21336 +Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +2.9 +2024/01/23 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 119.0.2151.44 + Fixed version : 121.0.2277.83 + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 119.0.2151.44 + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.9214.0 + .NET Version : 4.8.1 + Associated KB : 5033918 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Full + Release : 533325 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Client + Release : 533325 + + + +windows +True +software_enumeration +cpe:/a:microsoft:onedrive +Microsoft OneDrive, a file hosting service, is installed on the remote host. +microsoft_onedrive_installed.nbin +2024/01/16 +Microsoft OneDrive Installed +2020/07/17 +local +None +1.110 +http://www.nessus.org/u?23c14184 +n/a +A file hosting application is installed on the remote host. + +Nessus detected 3 installs of Microsoft OneDrive: + + Path : C:\Users\Cinnabon\AppData\Local\Microsoft\OneDrive\ + Version : 17.3.6998.830 + + Path : C:\Users\dbingham\AppData\Local\Microsoft\OneDrive\ + Version : 19.2.107.5 + + Path : C:\Users\tester\AppData\Local\Microsoft\OneDrive\ + Version : 19.232.1124.12 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.11 : 00-0c-29-13-cb-e7 +192.168.40.32 : 00-0c-29-5c-7e-f8 +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.153 : 00-00-c0-3c-08-4b +192.168.40.173 : 90-09-d0-00-6a-23 +192.168.40.174 : 90-09-d0-00-6a-24 +192.168.40.212 : f8-ff-c2-37-57-48 +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +239.255.255.250 : 01-00-5e-7f-ff-fa +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +a0e9d2e6bcdca2aac552343f74ff8bc2 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect AppLocker configuration information on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_applocker_config.nasl +2020/06/12 +Microsoft Windows AppLocker Configuration +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report AppLocker's configuration on the remote host. +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_dns_cache.nbin +2024/01/16 +Microsoft Windows DNS Cache +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report DNS cache information from the remote host. +true + array501.prod.do.dsp.mp.microsoft.com + array518.prod.do.dsp.mp.microsoft.com + +DNS cache information attached. + +58d639708080597a6aba64ec52087eea + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + os : Windows_NT + username : SYSTEM + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\PROGRA~1\CONDUS~1\DISKEE~1\ + tmp : %SystemRoot%\TEMP + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ + windir : %SystemRoot% + +Active User Environment Variables + +6c34d0f66fb5c5a93718673564abdb8b + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.104,WKS4-SOTERIA,<00>,UNIQUE,Registered,00:0C:29:71:3A:6D +192.168.40.104,SOTERIA,<00>,GROUP,Registered,00:0C:29:71:3A:6D +192.168.40.104,WKS4-SOTERIA,<20>,UNIQUE,Registered,00:0C:29:71:3A:6D +192.168.40.104,SOTERIA,<1E>,GROUP,Registered,00:0C:29:71:3A:6D + + + +2af4657c14604853ac8fd5294ddd9251 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +4fe470cad3c85fe7ab3a766dadfaf5cd + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\WINDOWS\\System32\\mstsc.exe + Version : 10.0.19041.3570 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\z: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed4-f250-11e8-9bec-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_PNY&Prod_USB_2.0_FD&Rev_1100#ACB1HD090000078&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0050004e0059002600500072006f0064005f005500530042005f0032002e0030005f004600440026005200650076005f00310031003000300023004100430042003100480044003000390030003000300030003000370038002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{af59e96d-7f80-11ec-9c30-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_&Prod_USB_DISK_3.0&Rev_PMAP#07000483D8E95720&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f002600500072006f0064005f005500530042005f004400490053004b005f0033002e00300026005200650076005f0050004d0041005000230030003700300030003000340038003300440038004500390035003700320030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{d8bf433e-d7c4-11ec-9c45-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_SMI&Prod_USB_3.0&Rev_1100#201302IP0002SERDCNGY&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0053004d0049002600500072006f0064005f005500530042005f0033002e00300026005200650076005f0031003100300030002300320030003100330030003200490050003000300030003200530045005200440043004e00470059002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\g: + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \??\volume{2a78a76f-f18e-11e8-9beb-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_000A#07087A9E311C2839&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f003000300030004100230030003700300038003700410039004500330031003100430032003800330039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{6dd8d9c6-2fc8-11ee-9c55-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_General&Prod_UDisk&Rev_5.00#7&3a3d7270&0&_&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e006500720061006c002600500072006f0064005f0055004400690073006b0026005200650076005f0035002e0030003000230037002600330061003300640037003200370030002600300026005f002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\e: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \??\volume{e4ff008d-9a17-11e7-9bcc-60f81dd2b949} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_1.00#1100300000000161&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f0031002e0030003000230031003100300030003300300030003000300030003000300030003100360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed5-f250-11e8-9bec-f018981982bc} + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{b7aea069-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#058F84688461&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f005300440023004d004d00430026005200650076005f0031002e003000300023003000350038004600380034003600380038003400360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea06a-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_Micro_SD#M2&Rev_1.08#058F84688461&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f004d006900630072006f005f005300440023004d00320026005200650076005f0031002e003000380023003000350038004600380034003600380038003400360031002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea083-ed45-11e8-9be7-f018981982bc} + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \dosdevices\f: + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{e4b0bc0c-9414-11e7-9bc2-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\d: + Data : m + Raw data : 6d207ff20000100000000000 + + Name : \dosdevices\c: + Data : foP + Raw data : 66df6fbd0000501f00000000 + + + + +windows +True +cpe:/o:microsoft:windows +Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past. +smb_enum_historic_usb_device_usage.nasl +2022/06/01 +Microsoft Windows USB Device Usage Report +2009/02/24 +local +None +1.15 +http://www.forensicswiki.org/wiki/USB_History_Viewing +Make sure that the use of USB drives is in accordance with your organization's security policy. +It was possible to get a list of USB devices that may have been connected to the remote system in the past. +true + +The following is a list of USB devices that have been connected +to remote system at least once in the past : + + +Device Name : USB DISK 3.0 USB Device +Last Inserted Time : Nov. 5, 2023 at 16:48:51 GMT + +First used : unknown + +Device Name : General UDisk USB Device +Last Inserted Time : unknown + +First used : unknown + +Device Name : Samsung Portable SSD T5 USB Device +Last Inserted Time : Nov. 6, 2023 at 19:16:14 GMT + +First used : unknown + +(Note that for a complete listing of 'First used' times you should +run this test with the option 'thorough_tests' enabled.) + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.17.10.8 + + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : Dave-512 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_3.0&REV_PMAP#07000483D8E95720&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEGTHAT256 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_CORSAIR&PROD_SURVIVOR_3.0&REV_000A#07087A9E311C2839&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FIRM + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERAL&PROD_UDISK&REV_5.00#7&3A3D7270&0&_&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MICRO_SD#M2&REV_1.08#058F84688461&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : C:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F84688461&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FAT-PRT + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_PNY&PROD_USB_2.0_FD&REV_1100#ACB1HD090000078&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEG-TOOLS + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_SMI&PROD_USB_3.0&REV_1100#201302IP0002SERDCNGY&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : Daves-Stuff + Device : SWD#WPDBUSENUM#{37D3844A-9E3B-11E7-9BD2-60F81DD2B949}#0000000000100000 + + Friendly name : STUFF + Device : SWD#WPDBUSENUM#{47E535CC-E60C-11E8-9BE6-806E6F6E6963}#0000000000100000 + + Friendly name : My Passport + Device : SWD#WPDBUSENUM#{677D3D2E-146F-11E8-9BDC-C8E0EB160FF2}#0000000000100000 + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#{93C0EED1-F250-11E8-9BEC-F018981982BC}#000000079E9F0600 + + Friendly name : Daves-Data + Device : SWD#WPDBUSENUM#{ABBA9390-146E-11E8-9BDB-C8E0EB160FF2}#0000000000100000 + + Friendly name : DEGTD + Device : SWD#WPDBUSENUM#{B7AEA082-ED45-11E8-9BE7-F018981982BC}#0000000000100000 + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{EB57D52A-7CB2-11EE-9C6B-E0D04567CBCB}#0000000000100000 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5011048, Installed on: 2023/07/31 +KB5012170, Installed on: 2023/07/28 +KB5015684, Installed on: 2022/12/08 +KB5018506, Installed on: 2022/12/08 +KB5020372, Installed on: 2022/12/08 +KB5028849, Installed on: 2023/10/11 +KB5028853, Installed on: 2023/07/28 +KB5030649, Installed on: 2023/11/05 +KB5031816, Installed on: 2023/11/06 +KB5033918, Installed on: 2024/01/30 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Google Chrome + Best Confidence Version : 119.0.6045.105 + Version Confidence Level : 3 + All Possible Versions : 119.0.6045.105 + Other Version Data + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe + Parsed File Version : 119.0.6045.105 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.105\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.105\Installer\setup.exe + Parsed File Version : 119.0.6045.105 + [VersionMinor] : + Raw Value : 105 + [Version] : + Raw Value : 119.0.6045.105 + [VersionMajor] : + Raw Value : 6045 + [DisplayVersion] : + Raw Value : 119.0.6045.105 + [DisplayName] : + Raw Value : Google Chrome + + - Microsoft Edge WebView2 Runtime + Best Confidence Version : 119.0.2151.44 + Version Confidence Level : 3 + All Possible Versions : 119.0.2151.44 + Other Version Data + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.44\msedgewebview2.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.44\msedgewebview2.exe + Parsed File Version : 119.0.2151.44 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.44\Installer\setup.exe" --uninstall --msedgewebview --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.44\Installer\setup.exe + Parsed File Version : 119.0.2151.44 + [VersionMinor] : + Raw Value : 44 + [Version] : + Raw Value : 119.0.2151.44 + [VersionMajor] : + Raw Value : 2151 + [DisplayVersion] : + Raw Value : 119.0.2151.44 + [DisplayName] : + Raw Value : Microsoft Edge WebView2 Runtime + + - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.5.22544099 + Version Confidence Level : 2 + All Possible Versions : 12.3.5.22544099 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523205 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{27B78D8E-F8B9-4AF5-BF9C-8DDD583EAB6B} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 12.3.5.22544099 + [VersionMinor] : + Raw Value : 3 + + - Google Update Helper + Best Confidence Version : 1.3.35.451 + Version Confidence Level : 2 + All Possible Versions : 22.151.14425, 1.3.35.451 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 16973859 + Parsed Version : 22.151.14425 + [DisplayName] : + Raw Value : Google Update Helper + [UninstallString] : + Raw Value : MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} + [InstallDate] : + Raw Value : 2020/04/10 + [DisplayVersion] : + Raw Value : 1.3.35.451 + [VersionMinor] : + Raw Value : 3 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.181.5 + Version Confidence Level : 2 + All Possible Versions : 1.3.181.5 + Other Version Data + [Version] : + Raw Value : 1.3.181.5 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.181.5 + + - Adobe Refresh Manager + Best Confidence Version : 1.8.0 + Version Confidence Level : 2 + All Possible Versions : 23.48.5380, 1.8.0 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 17301504 + Parsed Version : 23.48.5380 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ + [DisplayName] : + Raw Value : Adobe Refresh Manager + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-0804-1033-1959-018244601053} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 1.8.0 + [VersionMinor] : + Raw Value : 8 + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - Microsoft Edge + Best Confidence Version : 119.0.2151.44 + Version Confidence Level : 3 + All Possible Versions : 119.0.2151.44 + Other Version Data + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 119.0.2151.44 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.44\Installer\setup.exe" --uninstall --msedge --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.44\Installer\setup.exe + Parsed File Version : 119.0.2151.44 + [VersionMinor] : + Raw Value : 44 + [Version] : + Raw Value : 119.0.2151.44 + [VersionMajor] : + Raw Value : 2151 + [DisplayVersion] : + Raw Value : 119.0.2151.44 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Update Health Tools + Best Confidence Version : 3.74.0.0 + Version Confidence Level : 2 + All Possible Versions : 85.24.4882, 3.74.0.0 + Other Version Data + [VersionMajor] : + Raw Value : 3 + [Version] : + Raw Value : 55181312 + Parsed Version : 85.24.4882 + [DisplayName] : + Raw Value : Microsoft Update Health Tools + [UninstallString] : + Raw Value : MsiExec.exe /X{1FC1A6C2-576E-489A-9B4A-92D21F542136} + [InstallDate] : + Raw Value : 2024/01/30 + [DisplayVersion] : + Raw Value : 3.74.0.0 + [VersionMinor] : + Raw Value : 74 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + - Adobe Acrobat Reader + Best Confidence Version : 23.006.20360 + Version Confidence Level : 2 + All Possible Versions : 23.006.20360 + Other Version Data + [VersionMajor] : + Raw Value : 23 + [Version] : + Raw Value : 386289544 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Adobe\Acrobat Reader DC\ + [DisplayName] : + Raw Value : Adobe Acrobat Reader + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 23.006.20360 + [VersionMinor] : + Raw Value : 6 + + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 119.0.6045.105] [installed on 2023/11/05] +Microsoft Edge [version 119.0.2151.44] [installed on 2023/11/05] +Microsoft Edge Update [version 1.3.181.5] +Microsoft Edge WebView2 Runtime [version 119.0.2151.44] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Update Health Tools [version 3.74.0.0] [installed on 2024/01/30] +VMware Tools [version 12.3.5.22544099] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Google Update Helper [version 1.3.35.451] [installed on 2020/04/10] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Adobe Refresh Manager [version 1.8.0] [installed on 2023/11/05] +Adobe Acrobat Reader [version 23.006.20360] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +cpe:/a:microsoft:ie +The remote host has Enhanced Protection Mode (EPM) enabled for the Microsoft Internet Explorer web browser. + +Enhanced Protection Mode (EPM) is an added layer of protection first added in Microsoft Internet Explorer version 10 that provides a security feature set that includes : + + - individual browser tabs can be run in 64-bit mode, increasing the effectiveness of Address Space Layout Randomization (ASLR) + + - better access protection for files via a broker process + + - untrusted web pages cannot access domain credentials + +Note that Microsoft Internet Explorer running in 'Metro style' uses Enhanced Protected Mode by default. +smb_explorer_epm_enabled.nasl +2022/02/01 +Microsoft Internet Explorer Enhanced Protection Mode (EPM) Detection +2014/06/13 +local +None +1.4 +http://www.nessus.org/u?792794bd +n/a +The remote host has Enhanced Protection Mode (EPM) for Microsoft Internet Explorer enabled. + +Enhanced Protected Mode for IE has been enabled via Group Policy configuration. + - 64-bit processes for Enhanced Protected Mode is enabled + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/1/30 12:46 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2023/02/28 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.46 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : + +1-5-21-1536193852-1370433935-2390261316 + +The value of 'RestrictAnonymous' setting is : 1 + + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\WINDOWS\system32\MRT.exe + Version : 5.120.24010.1001 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +cpe:/o:microsoft:windows +The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues. +smb_v1_enabled.nasl +true +2020/06/12 +Server Message Block (SMB) Protocol Version 1 Enabled +2017/02/09 +local +None +1.8 +https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ +https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and +http://www.nessus.org/u?8dcab5e4 +http://www.nessus.org/u?234f8ef8 +http://www.nessus.org/u?4c7e0cf3 +Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices. +The remote Windows host supports the SMBv1 protocol. + + SMBv1 server is enabled : + - HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : 1 + SMB1protocol feature is enabled based on the following key : + - HKLM\SYSTEM\CurrentControlSet\Services\srv + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.5.46049 + + + +Nessus was able to retrieve and display the contents of the Windows prefetch folder (%systemroot%\prefetch\*). This information shows programs that have run with the prefetch and superfetch mechanisms enabled. +windows_prefetch.nasl +2018/11/15 +Windows Prefetch Folder +2014/09/12 +local +None +1.2 +http://www.nessus.org/u?8242d04f +http://www.nessus.org/u?d6b15983 +http://www.forensicswiki.org/wiki/Prefetch +n/a +Nessus was able to retrieve the Windows prefetch folder file list. ++ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters +rootdirpath : +enableprefetcher : 3 + ++ Prefetch file list : + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.403.2949.0.E-E107CB33.pf + - \WINDOWS\prefetch\APPLICATIONFRAMEHOST.EXE-CCEEF759.pf + - \WINDOWS\prefetch\ARP.EXE-2BC38967.pf + - \WINDOWS\prefetch\AUTORUN.EXE-3954485B.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BA.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1C2.pf + - \WINDOWS\prefetch\CMD.EXE-4A81B364.pf + - \WINDOWS\prefetch\COMPATTELRUNNER.EXE-DB97728F.pf + - \WINDOWS\prefetch\CONHOST.EXE-1F3E9D7E.pf + - \WINDOWS\prefetch\CSC.EXE-67679278.pf + - \WINDOWS\prefetch\CSCC-REMOTE.EXE-7C27D0A9.pf + - \WINDOWS\prefetch\CSCC64-REMOTE.EXE-9740F674.pf + - \WINDOWS\prefetch\CSRSS.EXE-3FE41F7E.pf + - \WINDOWS\prefetch\CVTRES.EXE-F2B7602E.pf + - \WINDOWS\prefetch\DISM.EXE-DE199F71.pf + - \WINDOWS\prefetch\DISMHOST.EXE-26D24BAA.pf + - \WINDOWS\prefetch\DISMHOST.EXE-5208E07E.pf + - \WINDOWS\prefetch\DLLHOST.EXE-823CA4DA.pf + - \WINDOWS\prefetch\DLLHOST.EXE-EA533AAF.pf + - \WINDOWS\prefetch\DWM.EXE-6FFD3DA8.pf + - \WINDOWS\prefetch\EXPAND.EXE-05AD1090.pf + - \WINDOWS\prefetch\EXPLORER.EXE-A80E4F97.pf + - \WINDOWS\prefetch\FONTDRVHOST.EXE-31E45F6D.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-97084C14.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-B95715F5.pf + - \WINDOWS\prefetch\GOOGLEUPDATECOMREGISTERSHELL6-33E72014.pf + - \WINDOWS\prefetch\GPSCRIPT.EXE-CCD32D94.pf + - \WINDOWS\prefetch\IEXPLORE.EXE-908C99F8.pf + - \WINDOWS\prefetch\IPCONFIG.EXE-912F3D5B.pf + - \WINDOWS\prefetch\LOCKAPP.EXE-5A9FA247.pf + - \WINDOWS\prefetch\LOGONUI.EXE-09140401.pf + - \WINDOWS\prefetch\MANAGE-BDE.EXE-37A0B125.pf + - \WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-C4317749.pf + - \WINDOWS\prefetch\MMC.EXE-381384EF.pf + - \WINDOWS\prefetch\MMC.EXE-7FBB0956.pf + - \WINDOWS\prefetch\MMC.EXE-EA3BC57E.pf + - \WINDOWS\prefetch\MOFCOMP.EXE-8FE3D558.pf + - \WINDOWS\prefetch\MOUSOCOREWORKER.EXE-681A8FEE.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-68BB20D0.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-7D4AA24B.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-6CB27A06.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-57D17DAF.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-C3C515BD.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B85.pf + - \WINDOWS\prefetch\MSIEXEC.EXE-A2D55CB6.pf + - \WINDOWS\prefetch\MSMPENG.EXE-3870F3D8.pf + - \WINDOWS\prefetch\MSTSC.EXE-76A46E8A.pf + - \WINDOWS\prefetch\NBTSTAT.EXE-84461EB8.pf + - \WINDOWS\prefetch\NET.EXE-DF44F913.pf + - \WINDOWS\prefetch\NET1.EXE-849DA590.pf + - \WINDOWS\prefetch\NETSH.EXE-F1B6DA12.pf + - \WINDOWS\prefetch\NETSTAT.EXE-5A5A908F.pf + - \WINDOWS\prefetch\NGEN.EXE-AE594A6B.pf + - \WINDOWS\prefetch\NGEN.EXE-EC3F9239.pf + - \WINDOWS\prefetch\NGENTASK.EXE-4F8BD802.pf + - \WINDOWS\prefetch\NGENTASK.EXE-BB7F7010.pf + - \WINDOWS\prefetch\NISSRV.EXE-4B61B196.pf + - \WINDOWS\prefetch\NOTEPAD.EXE-D8414F97.pf + - \WINDOWS\prefetch\NPFINSTALL.EXE-82E7040F.pf + - \WINDOWS\prefetch\OOSU10.EXE-749C9497.pf + - \WINDOWS\prefetch\Op-SEARCHAPP.EXE-0F10B1A6-00000001.pf + - \WINDOWS\prefetch\Op-SEARCHAPP.EXE-0F10B1A6-00000002.pf + - \WINDOWS\prefetch\OPENWITH.EXE-5C93E816.pf + - \WINDOWS\prefetch\POWERSHELL.EXE-920BBA2A.pf + - \WINDOWS\prefetch\REGEDIT.EXE-90FEEA06.pf + - \WINDOWS\prefetch\REVOUN.EXE-478A449A.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-F9283CB8.pf + - \WINDOWS\prefetch\SC.EXE-945D79AE.pf + - \WINDOWS\prefetch\SCHTASKS.EXE-5CA45734.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-0A9AB385.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-8CDCFFB0.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-AEF051F3.pf + - \WINDOWS\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf + - \WINDOWS\prefetch\SECEDIT.EXE-CB2BC3E5.pf + - \WINDOWS\prefetch\SECHEALTHUI.EXE-D6B58CEB.pf + - \WINDOWS\prefetch\SETUP64.EXE-6C6157AB.pf + - \WINDOWS\prefetch\SGRMBROKER.EXE-0CA31CC6.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-23D7A593.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-EF3EE583.pf + - \WINDOWS\prefetch\SIHOST.EXE-2C4C53BA.pf + - \WINDOWS\prefetch\SLUI.EXE-724E99D9.pf + - \WINDOWS\prefetch\SMSS.EXE-E9C28FC6.pf + - \WINDOWS\prefetch\SPPEXTCOMOBJ.EXE-BB03B3D6.pf + - \WINDOWS\prefetch\SPPSVC.EXE-B0F8131B.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-58859201.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-D80E778C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0C2D202C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0E4FE292.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0F2113E4.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0F42DE94.pf + - \WINDOWS\prefetch\SVCHOST.EXE-2C8F9E34.pf + - \WINDOWS\prefetch\SVCHOST.EXE-579B147A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5E731DE3.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5F9C92CC.pf + - \WINDOWS\prefetch\SVCHOST.EXE-6C525542.pf + - \WINDOWS\prefetch\SVCHOST.EXE-776D4801.pf + - \WINDOWS\prefetch\SVCHOST.EXE-7B41F868.pf + - \WINDOWS\prefetch\SVCHOST.EXE-84ADBFA7.pf + - \WINDOWS\prefetch\SVCHOST.EXE-868216AE.pf + - \WINDOWS\prefetch\SVCHOST.EXE-86AA6B35.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8929E8DF.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8A9E6608.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8D87DCC8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-97CD69B8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-98090C0A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AD0331FB.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AFDE613F.pf + - \WINDOWS\prefetch\SVCHOST.EXE-C9CCCC35.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D5B495F2.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D6396F4E.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D7909332.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D8FFFCDA.pf + - \WINDOWS\prefetch\SVCHOST.EXE-EBA34E64.pf + - \WINDOWS\prefetch\SVCHOST.EXE-ECA65C63.pf + - \WINDOWS\prefetch\SVCHOST.EXE-F0CB7C91.pf + - \WINDOWS\prefetch\SVCHOST.EXE-F8A746B7.pf + - \WINDOWS\prefetch\SVCHOST.EXE-FE99AE69.pf + - \WINDOWS\prefetch\SYSTEMSETTINGS.EXE-01D72268.pf + - \WINDOWS\prefetch\SYSTEMSETTINGSADMINFLOWS.EXE-389031F2.pf + - \WINDOWS\prefetch\TASKHOSTW.EXE-3E0B74C8.pf + - \WINDOWS\prefetch\TASKKILL.EXE-8F5B2253.pf + - \WINDOWS\prefetch\TASKLIST.EXE-C6CEE193.pf + - \WINDOWS\prefetch\TASKMGR.EXE-5F5F473D.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-1557F467.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-6DC31D2B.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-95832A05.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-A6B545E0.pf + - \WINDOWS\prefetch\TIWORKER.EXE-5883C58B.pf + - \WINDOWS\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf + - \WINDOWS\prefetch\UHSSVC.EXE-EC246342.pf + - \WINDOWS\prefetch\UN_A.EXE-B491018D.pf + - \WINDOWS\prefetch\UPDATEPLATFORM.AMD64FRE.EXE-CB3DAA0B.pf + - \WINDOWS\prefetch\USERINIT.EXE-2257A3E7.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-B763B251.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-BCF096D7.pf + - \WINDOWS\prefetch\VCREDIST_X86.EXE-38D61D0A.pf + - \WINDOWS\prefetch\VCREDIST_X86.EXE-C96C56AF.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-22932973.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-6ECECB6C.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-AF3B35AF.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-C05C0B94.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-45E7BCF7.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-84DBA4EF.pf + - \WINDOWS\prefetch\VMTOOLSD.EXE-CD82EC13.pf + - \WINDOWS\prefetch\VMWARE-TOOLS-12.3.5-22544099--5DDD6B5C.pf + - \WINDOWS\prefetch\VMWARETOOLBOXCMD.EXE-C33722D4.pf + - \WINDOWS\prefetch\VSSADMIN.EXE-9FF2C6A1.pf + - \WINDOWS\prefetch\VSSVC.EXE-B8AFC319.pf + - \WINDOWS\prefetch\WAASMEDICAGENT.EXE-ED0D7511.pf + - \WINDOWS\prefetch\WEVTUTIL.EXE-EF5861C4.pf + - \WINDOWS\prefetch\WINLOGON.EXE-B020DC41.pf + - \WINDOWS\prefetch\WINSAT.EXE-DE36CB46.pf + - \WINDOWS\prefetch\WLRMDR.EXE-C2B47318.pf + - \WINDOWS\prefetch\WMIADAP.EXE-F8DFDFA2.pf + - \WINDOWS\prefetch\WMIC.EXE-A7D06383.pf + - \WINDOWS\prefetch\WMIPRVSE.EXE-1628051C.pf + - \WINDOWS\prefetch\WORDPAD.EXE-D7FD7414.pf + - \WINDOWS\prefetch\WUAUCLT.EXE-70318591.pf + - \WINDOWS\prefetch\WUDFHOST.EXE-AFFEF87C.pf + - \WINDOWS\prefetch\WWAHOST.EXE-3FD45057.pf + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information available on the remote host via WMI. +wmi_enum_encryptable_volumes.nbin +2024/01/16 +WMI Encryptable Volume Enumeration +2010/12/15 +local +None +1.210 +http://www.nessus.org/u?8aa7973e +n/a +The remote Windows host has encryptable volumes available. + +Here is a list of encryptable volumes available on the remote system : + ++ DriveLetter C: + + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{bd6fdf66-0000-0000-0000-501f00000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 58.68 GB + ++ DriveLetter D: + + - Automatic Unlock : Disabled + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{f27f206d-0000-0000-0000-100000000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 50.00 GB + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-WTYPF + +Note that all but the final portion of the key has been obfuscated. + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_WKS4-Soteria.csv : lists the loaded modules for each process. + +d4e7967441954daeaeab3152ff2408de + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- Memory Compression (2128) + 0 : |- smss.exe (364) + 0 : GoogleCrashHandler64.exe (4136) + 0 : csrss.exe (452) + 0 : wininit.exe (544) + 0 : |- services.exe (680) + 0 : |- svchost.exe (1032) + 0 : |- svchost.exe (1060) + 0 : |- svchost.exe (1068) + 0 : |- svchost.exe (1076) + 0 : |- svchost.exe (1124) + 0 : |- svchost.exe (1144) + 0 : |- svchost.exe (1332) + 0 : |- svchost.exe (1340) + 0 : |- svchost.exe (1384) + 0 : |- svchost.exe (1440) + 0 : |- svchost.exe (1516) + 0 : |- svchost.exe (1540) + 0 : |- svchost.exe (1572) + 0 : |- svchost.exe (1584) + 0 : |- dasHost.exe (1780) + 0 : |- svchost.exe (1612) + 0 : |- WUDFHost.exe (1728) + 0 : |- svchost.exe (1760) + 0 : |- svchost.exe (1776) + 0 : |- svchost.exe (1872) + 0 : |- svchost.exe (1964) + 0 : |- SearchIndexer.exe (1976) + 0 : |- svchost.exe (2020) + 0 : |- svchost.exe (2028) + 0 : |- svchost.exe (2036) + 0 : |- svchost.exe (2044) + 0 : |- svchost.exe (2172) + 0 : |- svchost.exe (2228) + 0 : |- svchost.exe (2236) + 0 : |- svchost.exe (2276) + 0 : |- svchost.exe (2284) + 0 : |- svchost.exe (2316) + 0 : |- svchost.exe (2496) + 0 : |- svchost.exe (2568) + 0 : |- svchost.exe (2580) + 0 : |- svchost.exe (2604) + 0 : |- svchost.exe (2728) + 0 : |- svchost.exe (2748) + 0 : |- svchost.exe (276) + 0 : |- svchost.exe (2828) + 0 : |- spoolsv.exe (2892) + 0 : |- svchost.exe (2960) + 0 : |- svchost.exe (2988) + 0 : |- svchost.exe (3016) + 0 : |- svchost.exe (3124) + 0 : |- svchost.exe (3164) + 0 : |- armsvc.exe (3312) + 0 : |- svchost.exe (3324) + 0 : |- svchost.exe (3356) + 0 : |- svchost.exe (3368) + 0 : |- svchost.exe (3388) + 0 : |- svchost.exe (3456) + 0 : |- svchost.exe (3504) + 0 : |- svchost.exe (3524) + 0 : |- VGAuthService.exe (3548) + 0 : |- vmtoolsd.exe (3576) + 0 : |- vm3dservice.exe (3584) + 1 : |- vm3dservice.exe (3868) + 0 : |- MsMpEng.exe (3608) + 0 : |- svchost.exe (3636) + 0 : |- svchost.exe (3796) + 0 : |- svchost.exe (3820) + 0 : |- svchost.exe (3852) + 0 : |- svchost.exe (3972) + 0 : |- svchost.exe (400) + 0 : |- dllhost.exe (4436) + 0 : |- svchost.exe (4696) + 0 : |- msdtc.exe (4708) + 0 : |- svchost.exe (4840) + 0 : |- svchost.exe (4860) + 0 : |- svchost.exe (5048) + 0 : |- uhssvc.exe (5148) + 0 : |- SgrmBroker.exe (5528) + 0 : |- svchost.exe (5588) + 0 : |- svchost.exe (5660) + 0 : |- NisSrv.exe (5780) + 0 : |- svchost.exe (800) + 0 : |- WmiPrvSE.exe (4384) + 0 : |- WmiPrvSE.exe (4952) + 0 : |- WmiPrvSE.exe (5272) + 0 : |- svchost.exe (812) + 0 : |- svchost.exe (856) + 0 : |- svchost.exe (888) + 0 : |- svchost.exe (936) + 0 : |- lsass.exe (700) + 0 : |- fontdrvhost.exe (824) + 1 : csrss.exe (560) + 0 : GoogleCrashHandler.exe (6100) + 1 : winlogon.exe (644) + 1 : |- dwm.exe (404) + 1 : |- LogonUI.exe (412) + 1 : |- fontdrvhost.exe (988) + 0 : Registry (92) + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : Phoenix Technologies LTD + Version : 6.00 + Release date : 20201112000000.000000+000 + UUID : E0474D56-29D3-12F5-0E00-213623713A6D + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +55969ce0c5f966fcf930be10a0d65fa7 + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +b39004912f2a03f580369cb6c6545aa2 + + +windows +cpe:/a:microsoft:office +Nessus was able to gather evidence of files that were opened using any Microsoft Office application. The report was extracted from Office MRU (Most Recently Used) registry keys. +microsoft_windows_office_recent.nasl +2018/11/15 +Microsoft Office File History +2016/07/19 +local +None +1.6 +https://products.office.com/en-US/ +https://www.taksati.org/mru/ +n/a +Nessus was able to enumerate files opened in Microsoft Office on the remote host. +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK + +User AppData recent used file report attached + +00f2207cede5535886fae679bd7e7d23 + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\browser.dll,-100 : Computer Browser +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\browser.dll,-100 : Computer Browser +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search + +MUICache report attached. + +d3194ccaa87c1f9566037a0b59e757b9 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-18 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004 +C:\\$Recycle.Bin\\S-1-5-18\. +C:\\$Recycle.Bin\\S-1-5-18\.. +C:\\$Recycle.Bin\\S-1-5-18\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.0.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.1.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\BKD-7369089468.pdf +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Crypto-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Encoding-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-ODBC-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Socket-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-SQLite3-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\NET462Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\setup.log +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2012U4Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2015SP3Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\Wow64Bundle.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Serials.txt +C:\\Users\Cinnabon\Downloads\ChromeSetup.exe +C:\\Users\Cinnabon\Downloads\desktop.ini +C:\\Users\Cinnabon\Downloads\VSE\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._DAT Files +C:\\Users\Cinnabon\Downloads\VSE\._Icon +C:\\Users\Cinnabon\Downloads\VSE\._VSE-Patch6 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8-Patch7 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8P8 +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._Icon +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\CM-217339-avvepo8502dat.zip +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\Icon +C:\\Users\Cinnabon\Downloads\VSE\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203111-VSE880LMLRP6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203112-VSE880P6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._VSE-Patch 8 HF +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\epo45_help_vse_880.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\ePOPolicyMigration.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\example.sms +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\FramePkg_UPD.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\mcavscv.scv +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\msistrings.bin +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_DE.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_EN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ES.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_FR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_IT.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_JA.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_KO.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_NL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PT_BR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_RU.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_SV.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_CN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_TW.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SetupVSE.Exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SignLic.Txt +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInstX64.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCAN8800(448).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCANREPORTS120(272).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880.msi +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Install.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\WindowsInstaller-KB893803-v2-x86.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205723-VSE880P7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\deferred.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\immediate.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Patch8.msp +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCAN8800(511).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCANREPORTS120(311).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\Icon +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\autorun.inf +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\Autologon.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\DownloadLinks.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.cpp +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\unzip.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\builddate.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CleanupRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CreateUpdateAdminAndEnableAutoLogon.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\FinalizationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\InitializationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\SetUpdatesPerStage.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DeleteUpdateAdmin.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineFileVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineRegVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineSystemProperties.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineTempAdminSID.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DoUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallListedUpdates.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOfficeUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOSUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListInstalledUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListMissingUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdateFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdatesToInstall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareShowLogFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\RecallStub.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SafeRmDir.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SetTargetEnvVars.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\Sleep.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\TouchMSITree.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-DEU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-ENU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\ExcludeList.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\HideList-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-cpp.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-w100-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-win-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-wsus.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-Q.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-qn.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\software\custom\InstallCustomSoftware.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateFiles-modified.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie10-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie9-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k10.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k13.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k16.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k7.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-rdc-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd1.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd2.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w62.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w63.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\Update.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.ini +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_bb12a14ec3891ec0a9e24edb529632263783d389.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_f4fc9775baa98c176f43e87c40088231a884122b.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_d95e56e499e2c281a1f59585221dc891253414c7.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_e3da65fe753d24a1759cdd029028cde743a62a23.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173428-x64_52fa3686737353fae20ab55fa9c924bd90558a31.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3181403-x64_6d9c9524471412a0ed566f739a403cd9a35649ed.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4022405-x64_cb1286f2547dd21a06f1ec5b9a55769a7227b371.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4023834-x64_1f2af418b6f9dafb593f5ce89b4e0783057102b2.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038781-x64_9adb5d5773dadc9f7c59b6a431824308fc1f9ae9.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038782-x64_a8dac961b659c8c7c8b95418f6c7864dcca8637d.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038783-x64_0c20869770acf7590a72ded6e894f29818707539.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038788-x64_93253f3a31f18f4aee3a8774646770827037cf15.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_1acfe2e753a7b7baae92aa85fa77ab72aac6cc4f.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_25a23a36a094d81d15adc2979fdae0c9053d6444.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_45b3c4f2a262fd1846527738b455d318cde392e0.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_a3bae1ebb5c8403c913a3264933f17398ee4eee1.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\wsus\wsusscn2.cab +C:\\Users\dbingham\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\ChromeSetup (07282023).exe +C:\\Users\DEGTHAT\Downloads\ChromeSetup.exe +C:\\Users\DEGTHAT\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\Nessus-10.0.2-x64.msi +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\2023\Soteria-Test-2023-11-5.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audit_warehouse.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA-asr_audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\nessus-bug-report-20230731T202523Z.txt +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\SCAP scan_timing_yygqya.csv +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\Sign_Audit-Windows-1.0.0.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\SCAP scan_hyvoh9.html +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\win2022.xccdf.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\SCAP-Windows2022.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Firewall_V2R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2016_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2019_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-2 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-3 Patchscan.nessus +C:\\Users\Public\Downloads\desktop.ini +C:\\Users\tester\Downloads\desktop.ini + +Download folder content report attached. + +d6f7dce04dda650320417eca8df27716 + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. + +Extended userassist report attached. + +129e3791c945e7d34ad712369a5b0c69 + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware Virtual Platform + Computer SerialNumber : VMware-56 4d 47 e0 d3 29 f5 12-0e 00 21 36 23 71 3a 6d + Computer Type : Other + + Computer Physical CPU's : 1 + Computer Logical CPU's : 2 + CPU0 + Architecture : x64 + Physical Cores: 2 + Logical Cores : 2 + + Computer Memory : 8191 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 8192 MB + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin uses WMI to enumerate Bluetooth network adapters that are enabled on the remote host. +wmi_enum_bluetooth_network_adapters.nbin +2024/01/16 +WMI Bluetooth Network Adapter Enumeration +2010/01/08 +local +None +1.204 +https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-networkadapter +n/a +The remote Windows host has a Bluetooth network adapter enabled. + +Here is the list of Bluetooth network adapters enabled on the remote +system : + ++ [00000002] Bluetooth Device (Personal Area Network) + + - System Name : WKS4-SOTERIA + - Service Name : BthPan + - Product Name : Bluetooth Device (Personal Area Network) + - Name : Bluetooth Device (Personal Area Network) + - Manufacturer : Microsoft + - MAC Address : E0:D0:45:67:CB:CB + + + + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-544 +Members : + Name : Administrator + Domain : WKS4-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Name : Cinnabon + Domain : WKS4-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Name : DEGTHAT + Domain : WKS4-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Name : tester + Domain : WKS4-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Name : dbingham + Domain : WKS4-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + +Group Name : Backup Operators +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-551 +Members : + +Group Name : Cryptographic Operators +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-569 +Members : + +Group Name : Distributed COM Users +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-546 +Members : + Name : Visitor + Domain : WKS4-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + +Group Name : Hyper-V Administrators +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-568 +Members : + Name : IUSR + Domain : WKS4-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-17 + +Group Name : Network Configuration Operators +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-558 +Members : + +Group Name : Power Users +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-547 +Members : + +Group Name : Remote Desktop Users +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-552 +Members : + +Group Name : System Managed Accounts Group +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : WKS4-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + +Group Name : Users +Host Name : WKS4-SOTERIA +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : WKS4-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : WKS4-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-11 + + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d 47 e0 d3 29 f5 12-0e 00 21 36 23 71 3a 6d + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware Virtual Platform + - UUID : E0474D56-29D3-12F5-0E00-213623713A6D + - Version : None + + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.5 + Driver Date : 08/25/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +windows +True +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI. +wmi_enum_qfes.nbin +2024/01/16 +WMI QuickFixEngineering (QFE) Enumeration +2011/02/16 +local +None +1.220 +http://www.nessus.org/u?0c4ec249 +n/a +The remote Windows host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + ++ KB5033918 + - Description : Update + - InstalledOn : 1/30/2024 + ++ KB5028853 + - Description : Update + - InstalledOn : 7/28/2023 + ++ KB5011048 + - Description : Update + - InstalledOn : 7/31/2023 + ++ KB5012170 + - Description : Security Update + - InstalledOn : 7/28/2023 + ++ KB5015684 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5031356 + - Description : Security Update + - InstalledOn : 11/5/2023 + ++ KB5018506 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5020372 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5028318 + - Description : Update + - InstalledOn : 7/28/2023 + ++ KB5031539 + - Description : Update + - InstalledOn : 11/5/2023 + +Note that for detailed information on installed QFE's such as InstalledBy, Caption, +and so on, please run the scan with 'Report Verbosity' set to 'verbose'. + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - Internet-Explorer-Optional-amd64 + - MSRDC-Infrastructure + - MediaPlayback + - NetFx4-AdvSrvs + - Printing-Foundation-Features + - Printing-Foundation-InternetPrinting-Client + - Printing-PrintToPDFServices-Features + - SMB1Protocol + - SMB1Protocol-Client + - SMB1Protocol-Deprecation + - SMB1Protocol-Server + - SearchEngine-Client-Package + - WCF-Services45 + - WCF-TCP-PortSharing45 + - WindowsMediaPlayer + - WorkFolders-Client + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.3570.19041.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.19045 +Architecture = x64 +Build lab extended = 19041.1.amd64fre.vb_release.191206-1406 + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 544). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3368). + +This process 'svchost.exe' (pid 3368) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 5048). + +This process 'svchost.exe' (pid 5048) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2892). + +This process 'spoolsv.exe' (pid 2892) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2568). + +This process 'svchost.exe' (pid 2568) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1332). + +This process 'svchost.exe' (pid 1332) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 400). + +This process 'svchost.exe' (pid 400) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1780). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3124). + +This process 'svchost.exe' (pid 3124) is hosting the following Windows services : +FDResPub (@%systemroot%\system32\fdrespub.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2228). + +This process 'svchost.exe' (pid 2228) is hosting the following Windows services : +SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1780). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 856). + +This process 'svchost.exe' (pid 856) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 888). + +This process 'svchost.exe' (pid 888) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2568). + +This process 'svchost.exe' (pid 2568) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2276). + +This process 'svchost.exe' (pid 2276) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 700). + +This process 'lsass.exe' (pid 700) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3820). + +This process 'svchost.exe' (pid 3820) is hosting the following Windows services : +DoSvc (@%systemroot%\system32\dosvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3164). + +This process 'svchost.exe' (pid 3164) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 400). + +This process 'svchost.exe' (pid 400) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 5048). + +This process 'svchost.exe' (pid 5048) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 680). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1440). + +This process 'svchost.exe' (pid 1440) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1780). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 4860). + +This process 'svchost.exe' (pid 4860) is hosting the following Windows services : +PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3368). + +This process 'svchost.exe' (pid 3368) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2276). + +This process 'svchost.exe' (pid 2276) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: tester + SID: S-1-5-21-1536193852-1370433935-2390261316-1003 + DisableCMD: Unset + +Username: DEGTHAT + SID: S-1-5-21-1536193852-1370433935-2390261316-1002 + DisableCMD: Unset + +Username: DefaultAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-503 + DisableCMD: Unset + +Username: Cinnabon + SID: S-1-5-21-1536193852-1370433935-2390261316-1001 + DisableCMD: Unset + +Username: dbingham + SID: S-1-5-21-1536193852-1370433935-2390261316-1004 + DisableCMD: Unset + +Username: Administrator + SID: S-1-5-21-1536193852-1370433935-2390261316-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-504 + DisableCMD: Unset + +Username: Visitor + SID: S-1-5-21-1536193852-1370433935-2390261316-501 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : Administrator + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : Cinnabon + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : dbingham + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : DefaultAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : DEGTHAT + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : tester + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Visitor + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 8 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 34 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 1900/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 65458/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 58073/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49407/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5050/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3702/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49739/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49673/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49671/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 7680/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5357/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5040/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:0C:29:71:3A:6D + - IPAddress/IPSubnet = 192.168.40.104/255.255.255.0 + - IPAddress/IPSubnet = fe80::88a5:9048:978a:a91d/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.104 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows 10 Enterprise + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** +- NULL sessions may be enabled on the remote host. + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +The remote Operating System is : Windows 10 Enterprise 19045 +The remote native LAN manager is : Windows 10 Enterprise 6.3 +The remote SMB Domain Name is : WKS4-SOTERIA + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 4 NetBIOS names have been gathered : + + WKS4-SOTERIA = Computer name + SOTERIA = Workgroup / Domain name + WKS4-SOTERIA = File Server Service + SOTERIA = Browser Service Elections + +The remote host has the following MAC address on its adapter : + + 00:0c:29:71:3a:6d + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49673 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Remote RPC service +TCP Port : 49673 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49671 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49671 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.104 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.104 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Remote RPC service +Named pipe : \PIPE\ROUTER +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \pipe\SessEnvPublicRpc +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS4-SOTERIA + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS4-SOTERIA + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS4-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS4-SOTERIA + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : OLEE86C23A26EF74473D9C3742C61EF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : LRPC-b54d8aab6798f42b1a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7a20fcec-dec4-4c59-be57-212e8f65d3de, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-114f9ba0a4e4bfb0db + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0 +Description : Unknown RPC service +Annotation : LicenseManager +Type : Local RPC service +Named pipe : LicenseServiceEndpoint + +Object UUID : f9b56f16-5179-4138-b0a5-9d855df5cf46 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-f92dcbc71b9daec523 + +Object UUID : cd5e38b1-acd8-4771-9cf6-b577e4d4f648 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-f92dcbc71b9daec523 + +Object UUID : ec56371f-1213-4628-b85e-f55edd69879f +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-f92dcbc71b9daec523 + +Object UUID : 5f2a9709-0c62-4a1d-a1bb-a442a783580a +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLECB8B03A70C49B07B872C4F05C555 + +Object UUID : 5f2a9709-0c62-4a1d-a1bb-a442a783580a +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-69b2a7cc7c81e6b166 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c27f3c08-92ba-478c-b446-b419c4cef0e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fbc41545aa64e56a36 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5bc7eaaed07e26b68a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : be6293d3-2827-4dda-8057-8588240124c9, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-878d8da5e0feb921ca + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-878d8da5e0feb921ca + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : RasmanLrpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : VpnikeRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : LRPC-d1490faf9950af0bbc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-3a9072420d113a033a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-190336de16202b67c8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-190336de16202b67c8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-2e63966629fd0a4ca5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-2e63966629fd0a4ca5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-2e63966629fd0a4ca5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-2e63966629fd0a4ca5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLE93902D910253F3F2381917551811 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-437906101e9e613758 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-437906101e9e613758 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-491737eb0c5eae8aa3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-437906101e9e613758 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-491737eb0c5eae8aa3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-0cc672e0374a08b6bf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-437906101e9e613758 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-491737eb0c5eae8aa3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-0cc672e0374a08b6bf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-a4c763456530c9bf4f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DCF92C4CF56222FF6CB8381B07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22556d86180c986bb5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DCF92C4CF56222FF6CB8381B07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22556d86180c986bb5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DCF92C4CF56222FF6CB8381B07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22556d86180c986bb5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DCF92C4CF56222FF6CB8381B07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22556d86180c986bb5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DCF92C4CF56222FF6CB8381B07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22556d86180c986bb5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DCF92C4CF56222FF6CB8381B07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22556d86180c986bb5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-4e0f781d92cc43ed2d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : ca6e10e7-1388-4bcb-9889-c5b84879cd6b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-9ea96eb3d50e6ce55d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9ea96eb3d50e6ce55d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9ea96eb3d50e6ce55d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9ea96eb3d50e6ce55d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9ea96eb3d50e6ce55d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-b751f7a271f088ffd6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0 +Description : SSDP service +Windows process : unknow +Type : Local RPC service +Named pipe : LRPC-05d90fdc7484c06dee + +Object UUID : 73736573-6f69-656e-6e76-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-800f8ad79287422bd9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-800f8ad79287422bd9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : SessEnvPrivateRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaplg + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaapi + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-d662671a12b384b3f6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-abcd5768b5eca44f22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-abcd5768b5eca44f22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-abcd5768b5eca44f22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f422f0b3af6954ec25 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLE38C4C340AB09154B2A489818D65A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-0f7c0d5497bb5ab2ea + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLE38C4C340AB09154B2A489818D65A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-0f7c0d5497bb5ab2ea + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE5A4641E3D59ABBE6A97EEF397245 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-4d3f688de84ca448b7 + +Object UUID : 49541cea-a719-4e75-8d58-a3a7bfff960e +UUID : 850cee52-3038-4277-b9b4-e05db8b2c35c, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Association RPC Interface +Type : Local RPC service +Named pipe : LRPC-34c4a737df6042a05b + +Object UUID : 80b4038a-1d09-4c05-b1b6-249a4c2e0736 +UUID : a1d4eae7-39f8-4bca-8e72-832767f5082a, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Inbound RPC Interface +Type : Local RPC service +Named pipe : LRPC-34c4a737df6042a05b + +Object UUID : 145857ef-d848-4a7e-b544-c1984d26cf05 +UUID : 2e7d4935-59d2-4312-a2c8-41900aa5495f, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Challenge RPC Interface +Type : Local RPC service +Named pipe : LRPC-34c4a737df6042a05b + +Object UUID : 289e5e0f-414a-4de9-8d17-244507fffc07 +UUID : bd84cd86-9825-4376-813d-334c543f89b1, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Query RPC Interface +Type : Local RPC service +Named pipe : LRPC-34c4a737df6042a05b + +Object UUID : 1475c123-1193-4379-81ac-302c4383421d +UUID : 5b665b9a-a086-4e26-ae24-96ab050b0ec3, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework AEP Store Access RPC Interface +Type : Local RPC service +Named pipe : LRPC-34c4a737df6042a05b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-20244a63e173b3a79b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE229FEA0512B84DEDBB28A4600971 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c2206057075536d608 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE229FEA0512B84DEDBB28A4600971 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c2206057075536d608 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5302407660f7fd041e + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE229FEA0512B84DEDBB28A4600971 + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c2206057075536d608 + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5302407660f7fd041e + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ca05bce8523b0848c7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE229FEA0512B84DEDBB28A4600971 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c2206057075536d608 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5302407660f7fd041e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ca05bce8523b0848c7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fd87140b102f1f5441 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-dcc51f5fcb646be968 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-dcc51f5fcb646be968 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-dcc51f5fcb646be968 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dcc51f5fcb646be968 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-56b0413b5986c15425 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dcc51f5fcb646be968 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-56b0413b5986c15425 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dcc51f5fcb646be968 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-56b0413b5986c15425 + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-432fb13e79cae0d3db + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-432fb13e79cae0d3db + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6d06d96ae8d18e7ad4 + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8cd197409e87a96c1e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-86e62025708908a2fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-8cd197409e87a96c1e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLEA946A71448C9F33E2B30ECF2DFA1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-607ef59443d852cbe9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-0003ff39110d4a40c9 + +Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001 +UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ff74643a7a2552f484 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BFC21 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-cb46e94f78566a9b86 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a60ce64513f7859ff4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a60ce64513f7859ff4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-00a56ff8e9c7569d6f + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a60ce64513f7859ff4 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-00a56ff8e9c7569d6f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a60ce64513f7859ff4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-00a56ff8e9c7569d6f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5ef206dfc93180d682 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7a0202d5777f451487 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF20A4184A4CB8930CCEC3B152153 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af8482e7ce55527d99 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a60ce64513f7859ff4 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-00a56ff8e9c7569d6f + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5ef206dfc93180d682 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BCFB0 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BCFB0 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + +1706649293 +Tue Jan 30 13:14:53 2024 +149 +CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996 +29 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities: Upgrade to Google Chrome version 121.0.6167.85 or later. +CVE-2023-44372, CVE-2023-44371, CVE-2023-44367, CVE-2023-44366, CVE-2023-44365, CVE-2023-44361, CVE-2023-44360, CVE-2023-44359, CVE-2023-44358, CVE-2023-44357, CVE-2023-44356, CVE-2023-44348, CVE-2023-44340, CVE-2023-44339, CVE-2023-44338, CVE-2023-44337, CVE-2023-44336 +17 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54): Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +KB5033372,KB5031356,KB5032189 +3 +Install KB5034122 +1706649288 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"WKS2-Soteria","sources":["get_host_fqdn()"]}] +0A:0B:20:52:41:53 +CC:14:20:52:41:53 +E0:D0:45:67:CB:CB +E4:E2:20:52:41:53 +00:0C:29:5C:7E:F8 +5033372 +5032189 +5034122 +general-purpose +Microsoft Windows 10 Enterprise Build 19045 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-01-30","Signature version":"1.403.2952.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +7caede5aa2b0481b927e60cdb7ee1b3e +WKS2-SOTERIA +16084D56-DD6F-C4F4-EF6C-97CC2B5C7EF8 +WKS2-SOTERIA +[{"predicted-os": "Microsoft Windows 10", "confidence": 2},{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 2},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 4}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190704_7_p=49666 +WKS2-Soteria +true +192.168.40.32\degthat +smb +192.168.40.32 +1706647533 +Tue Jan 30 12:45:33 2024 + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 3 actions : + ++ Install the following Microsoft patch : + +- KB5034122 (3 vulnerabilities) + +[ Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) (185553) ] + ++ Action to take : Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. + ++Impact : Taking this action will resolve 17 different vulnerabilities (CVEs). + + + +[ Google Chrome < 121.0.6167.85 Multiple Vulnerabilities (189460) ] + ++ Action to take : Upgrade to Google Chrome version 121.0.6167.85 or later. + ++Impact : Taking this action will resolve 29 different vulnerabilities (CVEs). + + + + + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202401301519 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria WKS scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.212 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 4.992 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.32\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/1/30 12:45 Pacific Standard Time +Scan duration : 1734 sec +Scan for malware : no + + + +cpe:/o:microsoft:windows +This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool. + +Note the results of missing patches also include superseded patches. + +Review the summary and apply any missing updates in order to be up to date. +smb_missing_msft_patches.nasl +2019/06/13 +Microsoft Windows Summary of Missing Patches +2009/04/24 +local +None +1.18 +Run Windows Update on the remote host or use a patch management solution. +The remote host is missing several Microsoft security patches. +The patches for the following bulletins or KBs are missing on the remote host : + + - KB5032189 ( https://support.microsoft.com/en-us/help/5032189 ) + - KB5033372 ( https://support.microsoft.com/en-us/help/5033372 ) + - KB5034122 ( https://support.microsoft.com/en-us/help/5034122 ) + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : SMBv2 is enabled. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : SMBv1 is enabled. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : is enabled with Secure Boot. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : is disabled. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : is disabled. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\WINDOWS\system32\mshtml.dll + Version : 11.0.19041.3570 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +30 - 60 days +cpe:/o:microsoft:windows +CVE-2023-20588 +CVE-2023-21740 +CVE-2023-35628 +CVE-2023-35630 +CVE-2023-35632 +CVE-2023-35639 +CVE-2023-35641 +CVE-2023-35642 +CVE-2023-35644 +CVE-2023-36003 +CVE-2023-36004 +CVE-2023-36005 +CVE-2023-36006 +CVE-2023-36011 +CVE-2023-36696 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-36006 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The remote Windows host is missing security update 5033372. It is, therefore, affected by multiple vulnerabilities + + - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) + + - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696) + + - Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +smb_nt_ms23_dec_5033372.nasl +2023-A-0689-S +2023-A-0690-S +MS23-5033372 +5033372 +2023/12/12 +2024/01/15 +KB5033372: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (December 2023) +2023/12/12 +local +Very High +Critical +1.4 +https://support.microsoft.com/help/5033372 +Apply Security Update 5033372 +I +The remote Windows host is affected by multiple vulnerabilities. +High +7 to 30 days +Social Media +8.4 +2023/08/08 +MSKB:5033372 +MSFT:MS23-5033372 +IAVA:2023-A-0689-S +IAVA:2023-A-0690-S + +The remote host is missing one of the following rollup KBs : + - 5033372 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3803 + + + + +60 - 180 days +CEA-2023-0052 +2023/12/05 +cpe:/o:microsoft:windows +CVE-2023-24023 +CVE-2023-36017 +CVE-2023-36025 +CVE-2023-36028 +CVE-2023-36033 +CVE-2023-36036 +CVE-2023-36047 +CVE-2023-36393 +CVE-2023-36394 +CVE-2023-36397 +CVE-2023-36398 +CVE-2023-36400 +CVE-2023-36401 +CVE-2023-36402 +CVE-2023-36403 +CVE-2023-36404 +CVE-2023-36405 +CVE-2023-36408 +CVE-2023-36423 +CVE-2023-36424 +CVE-2023-36425 +CVE-2023-36427 +CVE-2023-36428 +CVE-2023-36705 +CVE-2023-36719 +CVE-2023-38039 +CVE-2023-38545 +9.8 +9.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-38545 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The remote Windows host is missing security update 5032189. It is, therefore, affected by multiple vulnerabilities + + - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402) + + - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397) + + - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +smb_nt_ms23_nov_5032189.nasl +2023-A-0638-S +2023-A-0636-S +MS23-5032189 +5032189 +2023/11/14 +2024/01/19 +KB5032189: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (November 2023) +2023/11/14 +local +Very High +Critical +1.7 +https://support.microsoft.com/help/5032189 +Apply Security Update 5032189 +I +The remote Windows host is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media; Security Research +9.5 +2023/11/14 +MSKB:5032189 +MSFT:MS23-5032189 +CISA-KNOWN-EXPLOITED:2023/12/05 +CEA-ID:CEA-2023-0052 +IAVA:2023-A-0638-S +IAVA:2023-A-0636-S + +The remote host is missing one of the following rollup KBs : + - 5032189 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3693 + + + + +7 - 30 days +cpe:/o:microsoft:windows +CVE-2022-35737 +CVE-2024-20652 +CVE-2024-20653 +CVE-2024-20654 +CVE-2024-20657 +CVE-2024-20658 +CVE-2024-20660 +CVE-2024-20661 +CVE-2024-20663 +CVE-2024-20664 +CVE-2024-20666 +CVE-2024-20674 +CVE-2024-20680 +CVE-2024-20681 +CVE-2024-20682 +CVE-2024-20683 +CVE-2024-20687 +CVE-2024-20690 +CVE-2024-20691 +CVE-2024-20692 +CVE-2024-20694 +CVE-2024-20696 +CVE-2024-20698 +CVE-2024-20699 +CVE-2024-20700 +CVE-2024-21305 +CVE-2024-21306 +CVE-2024-21307 +CVE-2024-21310 +CVE-2024-21311 +CVE-2024-21313 +CVE-2024-21314 +CVE-2024-21316 +CVE-2024-21320 +8.1 +CVE-2024-20652 +7.3 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +9.0 +CVE-2024-20654 +7.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C +The remote Windows host is missing security update 5034122. It is, therefore, affected by multiple vulnerabilities + + - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) + + - BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666) + + - Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms24_jan_5034122.nasl +2024-A-0016 +2024-A-0015 +MS24-5034122 +5034122 +2024/01/09 +2024/01/17 +KB5034122: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (January 2024) +2024/01/09 +local +Very High +High +1.3 +https://support.microsoft.com/help/5034122 +Apply Security Update 5034122 +I +The remote Windows host is affected by multiple vulnerabilities. +Medium +7 to 30 days +Social Media +8.4 +2022/08/03 +MSKB:5034122 +MSFT:MS24-5034122 +IAVA:2024-A-0016 +IAVA:2024-A-0015 + +The remote host is missing one of the following rollup KBs : + - 5034122 + + - C:\WINDOWS\system32\ntoskrnl.exe has not been patched. + Remote version : 10.0.19041.3570 + Should be : 10.0.19041.3930 + + + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-01-30T15:27:21-05:00 (20240130152721.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv1 + SMBv2 + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.2952.0 + Antispyware signature version : 1.403.2952.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows 10 22H2 + Vendor : Microsoft + Product : Windows + Release : 10 22H2 + Edition : Enterprise + Version : 10.0.19045.3570 + Extended Support : Version and Edition + Role : client + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_10_22h2:10.0.19045.3570:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3570:-:any:*:enterprise:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Jan. 30, 2024 at 11:12:00 GMT + Malware Signature Version : 1.403.2952.0 + Signatures Last Updated : Jan. 30, 2024 at 20:38:27 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + AdobeARMservice startup parameters : + Display name : Adobe Acrobat Update Service + Service name : AdobeARMservice + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DusmSvc startup parameters : + Display name : Data Usage + Service name : DusmSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/fileinfo/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\sppsvc.exe + Dependencies : RpcSs/ + + stisvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : stisvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + uhssvc startup parameters : + Display name : Microsoft Update Health Service + Service name : uhssvc + Log on as : LocalSystem + Executable path : "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" + Dependencies : EventLog/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vm3dservice.exe + + wscsvc startup parameters : + Display name : Security Center + Service name : wscsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AssignedAccessManagerSvc startup parameters : + Display name : AssignedAccessManager Service + Service name : AssignedAccessManagerSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AssignedAccessManagerSvc + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + BDESVC startup parameters : + Display name : BitLocker Drive Encryption Service + Service name : BDESVC + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + BTAGService startup parameters : + Display name : Bluetooth Audio Gateway Service + Service name : BTAGService + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : rpcss/ + + Browser startup parameters : + Display name : Computer Browser + Service name : Browser + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : LanmanWorkstation/LanmanServer/ + + BthAvctpSvc startup parameters : + Display name : AVCTP service + Service name : BthAvctpSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DisplayEnhancementService startup parameters : + Display name : Display Enhancement Service + Service name : DisplayEnhancementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\lsass.exe + Dependencies : RPCSS/ + + Eaphost startup parameters : + Display name : Extensible Authentication Protocol + Service name : Eaphost + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + Fax startup parameters : + Display name : Fax + Service name : Fax + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\fxssvc.exe + Dependencies : TapiSrv/RpcSs/Spooler/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.106\elevation_service.exe" + Dependencies : RPCSS/ + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + IpxlatCfgSvc startup parameters : + Display name : IP Translation Configuration Service + Service name : IpxlatCfgSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nsi/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + LxpSvc startup parameters : + Display name : Language Experience Service + Service name : LxpSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\elevation_service.exe" + Dependencies : RPCSS/ + + MixedRealityOpenXRSvc startup parameters : + Display name : Windows Mixed Reality OpenXR Service + Service name : MixedRealityOpenXRSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + NaturalAuthentication startup parameters : + Display name : Natural Authentication + Service name : NaturalAuthentication + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/Schedule/ + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NcdAutoSetup startup parameters : + Display name : Network Connected Devices Auto-Setup + Service name : NcdAutoSetup + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : netprofm/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PNRPAutoReg startup parameters : + Display name : PNRP Machine Name Publication Service + Service name : PNRPAutoReg + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : pnrpsvc/ + + PNRPsvc startup parameters : + Display name : Peer Name Resolution Protocol + Service name : PNRPsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PeerDistSvc startup parameters : + Display name : BranchCache + Service name : PeerDistSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k PeerDist + Dependencies : http/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PhoneSvc startup parameters : + Display name : Phone Service + Service name : PhoneSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RetailDemo startup parameters : + Display name : Retail Demo Service + Service name : RetailDemo + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k rdxgroup + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SDRSVC startup parameters : + Display name : Windows Backup + Service name : SDRSVC + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k SDRSVC + Dependencies : RPCSS/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\snmptrap.exe + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\SensorDataService.exe + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + SharedRealitySvc startup parameters : + Display name : Spatial Data Service + Service name : SharedRealitySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + SmsRouter startup parameters : + Display name : Microsoft Windows SMS Router Service. + Service name : SmsRouter + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TapiSrv startup parameters : + Display name : Telephony + Service name : TapiSrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\WINDOWS\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/ + + TroubleshootingSvc startup parameters : + Display name : Recommended Troubleshooting Service + Service name : TroubleshootingSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\WINDOWS\servicing\TrustedInstaller.exe + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vssvc.exe + Dependencies : RPCSS/ + + VacSvc startup parameters : + Display name : Volumetric Audio Compositor Service + Service name : VacSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : rpcss/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WFDSConMgrSvc startup parameters : + Display name : Wi-Fi Direct Services Connection Manager Service + Service name : WFDSConMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WManSvc startup parameters : + Display name : Windows Management Service + Service name : WManSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k appmodel -p + + WarpJITSvc startup parameters : + Display name : WarpJITSvc + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + WebClient startup parameters : + Display name : WebClient + Service name : WebClient + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : MRxDAV/ + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + WlanSvc startup parameters : + Display name : WLAN AutoConfig + Service name : WlanSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nativewifip/RpcSs/Ndisuio/wcmsvc/ + + WpcMonSvc startup parameters : + Display name : Parental Controls + Service name : WpcMonSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WwanSvc startup parameters : + Display name : WWAN AutoConfig + Service name : WwanSvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/NdisUio/ + + XblAuthManager startup parameters : + Display name : Xbox Live Auth Manager + Service name : XblAuthManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + XblGameSave startup parameters : + Display name : Xbox Live Game Save + Service name : XblGameSave + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/XblAuthManager/ + + XboxGipSvc startup parameters : + Display name : Xbox Accessory Management Service + Service name : XboxGipSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + XboxNetApiSvc startup parameters : + Display name : Xbox Live Networking Service + Service name : XboxNetApiSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/mpssvc/IKEEXT/KeyIso/ + + autotimesvc startup parameters : + Display name : Cellular Time + Service name : autotimesvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k autoTimeSvc + Dependencies : rpcss/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + + cloudidsvc startup parameters : + Display name : Microsoft Cloud Identity Service + Service name : cloudidsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k CloudIdServiceGroup -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + diagsvc startup parameters : + Display name : Diagnostic Execution Service + Service name : diagsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k diagnostics + Dependencies : RpcSs/ + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + fhsvc startup parameters : + Display name : File History Service + Service name : fhsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + icssvc startup parameters : + Display name : Windows Mobile Hotspot Service + Service name : icssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/wcmsvc/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + p2pimsvc startup parameters : + Display name : Peer Networking Identity Manager + Service name : p2pimsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + + p2psvc startup parameters : + Display name : Peer Networking Grouping + Service name : p2psvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/PNRPSvc/ + + perceptionsimulation startup parameters : + Display name : Windows Perception Simulation Service + Service name : perceptionsimulation + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe + Dependencies : rpcss/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + spectrum startup parameters : + Display name : Windows Perception Service + Service name : spectrum + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\spectrum.exe + Dependencies : rpcss/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicrdv startup parameters : + Display name : Hyper-V Remote Desktop Virtualization Service + Service name : vmicrdv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{397016CE-CD4D-4A07-AA59-A6AF3EE3250F} + Dependencies : rpcss/ + + wbengine startup parameters : + Display name : Block Level Backup Engine Service + Service name : wbengine + Log on as : localSystem + Executable path : "C:\WINDOWS\system32\wbengine.exe" + + wcncsvc startup parameters : + Display name : Windows Connect Now - Config Registrar + Service name : wcncsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wlpasvc startup parameters : + Display name : Local Profile Assistant Service + Service name : wlpasvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : WwanSvc/RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\WINDOWS\system32\wbem\WmiApSrv.exe + + workfolderssvc startup parameters : + Display name : Work Folders + Service name : workfolderssvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/wsearch/ + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + DialogBlockingService startup parameters : + Display name : DialogBlockingService + Service name : DialogBlockingService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DialogBlockingService + + MsKeyboardFilter startup parameters : + Display name : Microsoft Keyboard Filter + Service name : MsKeyboardFilter + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AgentService.exe + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + ssh-agent startup parameters : + Display name : OpenSSH Authentication Agent + Service name : ssh-agent + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\OpenSSH\ssh-agent.exe + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\DEGTHAT + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +Adobe Acrobat Update Service [ AdobeARMservice ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +Base Filtering Engine [ BFE ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Computer Browser [ Browser ] +Bluetooth Audio Gateway Service [ BTAGService ] +AVCTP service [ BthAvctpSvc ] +Bluetooth Support Service [ bthserv ] +Connected Devices Platform Service [ CDPSvc ] +Certificate Propagation [ CertPropSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +Device Association Service [ DeviceAssociationService ] +DHCP Client [ Dhcp ] +Connected User Experiences and Telemetry [ DiagTrack ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Delivery Optimization [ DoSvc ] +Diagnostic Policy Service [ DPS ] +Data Usage [ DusmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Font Cache Service [ FontCache ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +Windows License Manager Service [ LicenseManager ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +Network Connection Broker [ NcbService ] +Network Connected Devices Auto-Setup [ NcdAutoSetup ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Access Connection Manager [ RasMan ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +SSDP Discovery [ SSDPSRV ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +State Repository Service [ StateRepository ] +Windows Image Acquisition (WIA) [ stisvc ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Remote Desktop Services [ TermService ] +Themes [ Themes ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Microsoft Update Health Service [ uhssvc ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +Windows Update Medic Service [ WaaSMedicSvc ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic Service Host [ WdiServiceHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Push Notifications System Service [ WpnService ] +Security Center [ wscsvc ] +Windows Search [ WSearch ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Information [ Appinfo ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +AssignedAccessManager Service [ AssignedAccessManagerSvc ] +Cellular Time [ autotimesvc ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +BitLocker Drive Encryption Service [ BDESVC ] +Background Intelligent Transfer Service [ BITS ] +Capability Access Manager Service [ camsvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Microsoft Cloud Identity Service [ cloudidsvc ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Diagnostic Execution Service [ diagsvc ] +DialogBlockingService [ DialogBlockingService ] +Display Enhancement Service [ DisplayEnhancementService ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Wired AutoConfig [ dot3svc ] +Device Setup Manager [ DsmSvc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ Eaphost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Fax [ Fax ] +File History Service [ fhsvc ] +Windows Camera Frame Server [ FrameServer ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +Group Policy Client [ gpsvc ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Windows Mobile Hotspot Service [ icssvc ] +Microsoft Store Install Service [ InstallService ] +IP Translation Configuration Service [ IpxlatCfgSvc ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Language Experience Service [ LxpSvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Windows Mixed Reality OpenXR Service [ MixedRealityOpenXRSvc ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +Microsoft Keyboard Filter [ MsKeyboardFilter ] +Natural Authentication [ NaturalAuthentication ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Peer Networking Identity Manager [ p2pimsvc ] +Peer Networking Grouping [ p2psvc ] +Program Compatibility Assistant Service [ PcaSvc ] +BranchCache [ PeerDistSvc ] +Windows Perception Simulation Service [ perceptionsimulation ] +Performance Counter DLL Host [ PerfHost ] +Phone Service [ PhoneSvc ] +Performance Logs & Alerts [ pla ] +PNRP Machine Name Publication Service [ PNRPAutoReg ] +Peer Name Resolution Protocol [ PNRPsvc ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Routing and Remote Access [ RemoteAccess ] +Retail Demo Service [ RetailDemo ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Windows Backup [ SDRSVC ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Spatial Data Service [ SharedRealitySvc ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +Microsoft Windows SMS Router Service. [ SmsRouter ] +SNMP Trap [ SNMPTRAP ] +Windows Perception Service [ spectrum ] +Software Protection [ sppsvc ] +OpenSSH Authentication Agent [ ssh-agent ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Telephony [ TapiSrv ] +Storage Tiers Management [ TieringEngineService ] +Recommended Troubleshooting Service [ TroubleshootingSvc ] +Windows Modules Installer [ TrustedInstaller ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +UPnP Device Host [ upnphost ] +Volumetric Audio Compositor Service [ VacSvc ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Remote Desktop Virtualization Service [ vmicrdv ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +WalletService [ WalletService ] +WarpJITSvc [ WarpJITSvc ] +Block Level Backup Engine Service [ wbengine ] +Windows Biometric Service [ WbioSrvc ] +Windows Connect Now - Config Registrar [ wcncsvc ] +Diagnostic System Host [ WdiSystemHost ] +WebClient [ WebClient ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Wi-Fi Direct Services Connection Manager Service [ WFDSConMgrSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Insider Service [ wisvc ] +WLAN AutoConfig [ WlanSvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +Local Profile Assistant Service [ wlpasvc ] +Windows Management Service [ WManSvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Work Folders [ workfolderssvc ] +Parental Controls [ WpcMonSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Update [ wuauserv ] +WWAN AutoConfig [ WwanSvc ] +Xbox Live Auth Manager [ XblAuthManager ] +Xbox Live Game Save [ XblGameSave ] +Xbox Accessory Management Service [ XboxGipSvc ] +Xbox Live Networking Service [ XboxNetApiSvc ] + + + +windows +True +By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs). +smb_enum_share_permissions.nasl +2022/08/11 +Microsoft Windows SMB Share Permissions Enumeration +2012/07/25 +local +None +1.9 +https://technet.microsoft.com/en-us/library/bb456988.aspx +https://technet.microsoft.com/en-us/library/cc783530.aspx +n/a +It was possible to enumerate the permissions of remote network shares. + +Share path : \\WKS2-SOTERIA\print$ +Local path : C:\WINDOWS\system32\spool\drivers +Comment : Printer Drivers +[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9 + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: NO + FILE_GENERIC_EXECUTE: YES +[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: YES + FILE_GENERIC_EXECUTE: YES + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + C$ : + + - C:\Windows\System32\MSDRM\MsoIrmProtector.doc + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_827220c1aac4d9c1\MsoIrmProtector.doc + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_8cc6cb13df259bbc\MsoIrmProtector.doc + - C:\Windows\System32\MSDRM\MsoIrmProtector.xls + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_827220c1aac4d9c1\MsoIrmProtector.xls + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.3570_none_8cc6cb13df259bbc\MsoIrmProtector.xls + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - C:\Users\DEGTHAT\Desktop\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + + + + +This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares. + +Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. + +If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA. +smb_accessible_shares_copyrighted_content.nasl +2012/11/29 +Microsoft Windows SMB Share Hosting Possibly Copyrighted Material +2003/06/26 +local +None +$Revision: 1.41 $ +Delete the files infringing copyright. +The remote host may contain material (movies/audio) infringing copyright. + +Here is a list of files which have been found on the remote SMB shares. +Some of these files may contain copyrighted materials, such as commercial +movies or music files. + + + C$ : + +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.104.4001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.55.9001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-GeoSpara-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe\Assets\Sounds\Nudge.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Classic_00_PREVIEW_00.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_BREAK_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_D.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_E.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_F.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_G.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_OUTRO.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_01.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\r\lync_lobbywaiting.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\f\lync_lobbywaiting.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_C.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_B.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_A.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO.wma + + + + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- D$ - (readable,writable) + + Content of this share : +bootTel.dat +JkDefragPortable +Nessus.url +Program Files (x86) +Results +System Volume Information +Tutela-IA-Lockdown-Tool2021.exe + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +bootmgr +BOOTNXT +dave +Documents and Settings +DumpStack.log.tmp +MSOCache +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +Standalone-Windows-STIG-Script-master +swapfile.sys +System Volume Information +Users +Windows + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +addins +appcompat +apppatch +AppReadiness +assembly +bcastdvr +bfsvc.exe +BitLockerDiscoveryVolumeContents +Boot +bootstat.dat +Branding +CbsTemp +comsetup.log +Containers +CSC +Cursors +debug +diagerr.xml +diagnostics +DiagTrack +diagwrn.xml +DigitalLocker +Downloaded Program Files +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +GameBarPresenceWriter +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +IME +ImmersiveControlPanel +INF +InfusedApps +InputMethod +Installer +L2Schemas +LanguageOverlayCache +LiveKernelReports +Logs +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Professional.xml +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +SoftwareDistribution.bak +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 +SystemApps + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - D$ + - IPC$ + - print$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - WKS2-SOTERIA\Administrator (User) + - WKS2-SOTERIA\Cinnabon (User) + - WKS2-SOTERIA\DEGTHAT (User) + - WKS2-SOTERIA\tester (User) + - WKS2-SOTERIA\dbingham (User) + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 10 +Password history len: 24 +Maximum password age (d): 90 +Password must meet complexity requirements: Enabled +Minimum password age (d): 1 +Forced logoff time (s): 0 +Locked account time (s): 900 +Time between failed logon (s): 900 +Number of invalid logon before locked out (s): 3 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user account has been disabled : + + - Administrator + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following user has a password that never expires : + + - Cinnabon + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - Administrator (id 500, Built-in account for administering the computer/domain, Administrator account) + - Cinnabon (id 1001) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft Shared Fax Driver --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSDRV.DLL + Version : 10.0.19041.3570 + Supported Platform : Windows x64 + +--- TP PS Driver 830A8AA0BE6248f28478A495CCC72E64 --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL + Version : 0.0.0.0 + Supported Platform : Windows x64 + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.19041.3570 + Supported Platform : Windows x64 + + Path : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.19041.3570 + Supported Platform : Windows NT x86 + +--- Brother Laser Type1 Class Driver --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_26942243c5ee90e7\Amd64\mxdwdrv.dll + Version : 10.0.17119.1 + Supported Platform : Windows x64 + +--- Microsoft Print To PDF --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_26942243c5ee90e7\Amd64\mxdwdrv.dll + Version : 10.0.19041.1806 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +60 - 180 days +windows +cpe:/a:adobe:acrobat_reader +CVE-2023-44336 +CVE-2023-44337 +CVE-2023-44338 +CVE-2023-44339 +CVE-2023-44340 +CVE-2023-44348 +CVE-2023-44356 +CVE-2023-44357 +CVE-2023-44358 +CVE-2023-44359 +CVE-2023-44360 +CVE-2023-44361 +CVE-2023-44365 +CVE-2023-44366 +CVE-2023-44367 +CVE-2023-44371 +CVE-2023-44372 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-44372 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +125 +416 +787 +824 +The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30539 or 23.006.20380. It is, therefore, affected by multiple vulnerabilities. + + - Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-44336, CVE-2023-44359, CVE-2023-44367, CVE-2023-44371, CVE-2023-44372) + + - Out-of-bounds Read (CWE-125) potentially leading to Arbitrary code execution (CVE-2023-44337, CVE-2023-44338) + + - Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-44365) + + - Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-44366) + + - Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-44339, CVE-2023-44340, CVE-2023-44348, CVE-2023-44356, CVE-2023-44357, CVE-2023-44358, CVE-2023-44360) + + - Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-44361) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +adobe_reader_apsb23-54.nasl +current +2023-A-0626 +2023/11/14 +2023/11/23 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) +2023/11/14 +local +Medium +High +1.2 +https://helpx.adobe.com/security/products/acrobat/apsb23-54.html +Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +I +The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2023/11/14 +IAVA:2023-A-0626 +CWE:125 +CWE:416 +CWE:787 +CWE:824 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Installed version : 23.6.20360.0 + Fixed version : 23.006.20380 + + + +windows +True +software_enumeration +cpe:/a:adobe:acrobat_reader +Adobe Reader, a PDF file viewer, is installed on the remote host. +adobe_reader_installed.nasl +0001-T-0524 +2022/10/10 +Adobe Reader Detection +2006/02/02 +local +None +1.34 +http://www.adobe.com/products/reader/ +n/a +There is a PDF file viewer installed on the remote Windows host. +IAVT:0001-T-0524 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Version : 23.6.20360.0 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 10_2023 [KB5031356] + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + + Latest effective update level : 10_2023 + File checked : C:\WINDOWS\system32\ntoskrnl.exe + File version : 10.0.19041.3570 + Associated KB : 5031356 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Microsoft-OneCore-ApplicationModel-Sync-Desktop-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Installed +Release Type : Language Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Feature Pack +Install Time : 12/7/2019 9:50 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Foundation +Install Time : 12/7/2019 9:18 AM + +Package : Microsoft-Windows-Hello-Face-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/8/2022 5:00 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:54 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-QuickAssist-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Installed +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9167.9 +State : Superseded +Release Type : Update +Install Time : 10/11/2023 2:44 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9191.1 +State : Superseded +Release Type : Update +Install Time : 11/5/2023 2:11 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9200.1 +State : Superseded +Release Type : Update +Install Time : 11/6/2023 2:55 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9214.4 +State : Installed +Release Type : Update +Install Time : 1/30/2024 2:14 PM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4645.5 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:00 PM + +Package : Package_for_KB5011048~31bf3856ad364e35~amd64~~10.0.9166.1 +State : Installed +Release Type : Update +Install Time : 7/31/2023 7:51 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~19041.1880.1.1 +State : Installed +Release Type : Security Update +Install Time : 7/28/2023 8:59 PM + +Package : Package_for_KB5015684~31bf3856ad364e35~amd64~~19041.1799.1.2 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:50 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0 +State : Installed +Release Type : Security Update +Install Time : 11/5/2023 11:47 PM + +Package : Package_for_ServicingStack_2180~31bf3856ad364e35~amd64~~19041.2180.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:49 PM + +Package : Package_for_ServicingStack_2300~31bf3856ad364e35~amd64~~19041.2300.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 2:22 PM + +Package : Package_for_ServicingStack_3205~31bf3856ad364e35~amd64~~19041.3205.1.1 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:01 PM + +Package : Package_for_ServicingStack_3562~31bf3856ad364e35~amd64~~19041.3562.1.0 +State : Installed +Release Type : Update +Install Time : 11/5/2023 2:15 PM + + + +cpe:/a:google:chrome +Nessus was able to enumerate Chrome browser extensions installed on the remote host. +win_chrome_browser_addons.nbin +0001-T-0511 +2024/01/16 +Chrome Browser Extension Enumeration +2017/01/16 +local +None +1.202 +https://chrome.google.com/webstore/category/extensions +Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies. +One or more Chrome browser extensions are installed on the remote host. +IAVT:0001-T-0511 + +User : Cinnabon +|- Browser : Chrome + |- Add-on information : + + Name : Google Slides + Description : Create and edit presentations + Version : 0.9 + Update Date : Jan. 30, 2024 at 14:50:52 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 + + Name : Google Docs + Description : Create and edit documents + Version : 0.9 + Update Date : Jan. 30, 2024 at 14:50:55 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 + + Name : Google Drive + Description : Google Drive: create, share and keep all your stuff in one place. + Version : 14.1 + Update Date : Jan. 30, 2024 at 14:50:56 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 + + Name : YouTube + Version : 4.2.8 + Update Date : Jan. 30, 2024 at 14:50:57 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 + + Name : Google Sheets + Description : Create and edit spreadsheets + Version : 1.1 + Update Date : Jan. 30, 2024 at 14:50:58 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0 + + Name : Google Docs Offline + Description : Get things done offline with the Google Docs family of products. + Version : 1.4 + Update Date : Jan. 30, 2024 at 14:51:01 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.3 + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0 + + Name : Gmail + Description : Fast, searchable email with less spam. + Version : 8.1 + Update Date : Jan. 30, 2024 at 14:51:07 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 + + Name : Chrome Media Router + Description : Provider for discovery and services for mirroring of Chrome Media Router + Version : 6117.717.0.4 + Update Date : Jan. 30, 2024 at 14:51:34 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6117.717.0.4_0 + +User : DEGTHAT +|- Browser : Chrome + |- Add-on information : + + Name : Adobe Acrobat: PDF edit, convert, sign tools + Description : Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools. + Version : 23.9.1.0 + Update Date : Jan. 30, 2024 at 14:50:10 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\23.9.1.0_0 + + Name : Google Docs Offline + Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access. + Version : 1.65.0 + Update Date : Jan. 30, 2024 at 14:50:14 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.65.0_0 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 14:50:18 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + +User : dbingham +|- Browser : Chrome + |- Add-on information : + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 14:52:00 GMT + Path : C:\Users\dbingham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.123. It is, therefore, affected by a vulnerability as referenced in the 2023_11_stable-channel-update-for-desktop advisory. + + - Use after free in WebAudio. (CVE-2023-5996) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_119_0_6045_123.nasl +current +2023-A-0594-S +2023-A-0608-S +2023/11/07 +2023/11/16 +Google Chrome < 119.0.6045.123 Vulnerability +2023/11/08 +local +Medium +Critical +1.5 +http://www.nessus.org/u?c5d3d619 +https://crbug.com/1497859 +Upgrade to Google Chrome version 119.0.6045.123 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +30 to 120 days +No recorded events +7.4 +2023/11/07 +IAVA:2023-A-0594-S +IAVA:2023-A-0608-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 119.0.6045.123 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5997 +CVE-2023-6112 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.159. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_14 advisory. + + - Use after free in Garbage Collection. (CVE-2023-5997) + + - Use after free in Navigation. (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_119_0_6045_159.nasl +current +2023-A-0641-S +2023/11/14 +2024/01/29 +Google Chrome < 119.0.6045.159 Multiple Vulnerabilities +2023/11/14 +local +Medium +Critical +1.5 +http://www.nessus.org/u?7ed0136b +https://crbug.com/1497997 +https://crbug.com/1499298 +Upgrade to Google Chrome version 119.0.6045.159 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/11/14 +IAVA:2023-A-0641-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 119.0.6045.159 + + + +60 - 180 days +2023/12/21 +cpe:/a:google:chrome +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_28 advisory. + + - Integer overflow in Skia. (CVE-2023-6345) + + - Use after free in WebAudio. (CVE-2023-6346) + + - Use after free in Mojo. (CVE-2023-6347) + + - Type Confusion in Spellcheck. (CVE-2023-6348) + + - Out of bounds memory access in libavif. (CVE-2023-6350) + + - Use after free in libavif. (CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_119_0_6045_199.nasl +current +2023-A-0660-S +2023/11/28 +2023/12/08 +Google Chrome < 119.0.6045.199 Multiple Vulnerabilities +2023/11/28 +local +Medium +Critical +1.5 +http://www.nessus.org/u?be59469a +https://crbug.com/1491459 +https://crbug.com/1494461 +https://crbug.com/1500856 +https://crbug.com/1501766 +https://crbug.com/1501770 +https://crbug.com/1505053 +Upgrade to Google Chrome version 119.0.6045.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 +IAVA:2023-A-0660-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 119.0.6045.199 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_109.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.109 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.109 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.109 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.110. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_110.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.110 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.110 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.110 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.200. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_200.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.200 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.200 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.200 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_199.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.199 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.199 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.130. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_130.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.130 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.130 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.130 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.129. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_129.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.129 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.129 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.129 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.216. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_216.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.216 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.216 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.216 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.217. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_217.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.217 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.217 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.217 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop advisory. + + - Use after free in Media Stream. (CVE-2023-6508) + + - Use after free in Side Panel Search. (CVE-2023-6509) + + - Use after free in Media Capture. (CVE-2023-6510) + + - Inappropriate implementation in Autofill. (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI. (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_62.nasl +current +2023-A-0669-S +2023/12/05 +2023/12/15 +Google Chrome < 120.0.6099.62 Multiple Vulnerabilities +2023/12/05 +local +Medium +Critical +1.3 +http://www.nessus.org/u?3d175be7 +https://crbug.com/1497984 +https://crbug.com/1494565 +https://crbug.com/1480152 +https://crbug.com/1478613 +https://crbug.com/1457702 +Upgrade to Google Chrome version 120.0.6099.62 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/12/05 +IAVA:2023-A-0669-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.62 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.224. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_224.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.224 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.224 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.224 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.225. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_225.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.225 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.225 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 120.0.6099.225 + + + +0 - 7 days +cpe:/a:google:chrome +CVE-2024-0804 +CVE-2024-0805 +CVE-2024-0806 +CVE-2024-0807 +CVE-2024-0808 +CVE-2024-0809 +CVE-2024-0810 +CVE-2024-0811 +CVE-2024-0812 +CVE-2024-0813 +CVE-2024-0814 +9.8 +CVE-2024-0808 +8.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0813 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 121.0.6167.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_23 advisory. + + - Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0807) + + - Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2024-0812) + + - Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) (CVE-2024-0808) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2024-0810) + + - Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0814) + + - Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. + (Chromium security severity: Medium) (CVE-2024-0813) + + - Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2024-0806) + + - Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2024-0805) + + - Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0804) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2024-0811) + + - Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-0809) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_121_0_6167_85.nasl +current +2024-A-0052 +2024/01/23 +2024/01/30 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities +2024/01/24 +local +Low +Critical +1.2 +http://www.nessus.org/u?682ca867 +https://crbug.com/1505080 +https://crbug.com/1484394 +https://crbug.com/1504936 +https://crbug.com/1496250 +https://crbug.com/1463935 +https://crbug.com/1477151 +https://crbug.com/1505176 +https://crbug.com/1514925 +https://crbug.com/1515137 +https://crbug.com/1494490 +https://crbug.com/1497985 +Upgrade to Google Chrome version 121.0.6167.85 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +6.7 +2024/01/23 +IAVA:2024-A-0052 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.106 + Fixed version : 121.0.6167.85 + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Version : 119.0.6045.106 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +windows +True +x-cpe:/a:microsoft:applocker +Windows AppLocker, a tool for managing user access to applications, is installed on the remote Windows host. +microsoft_applocker_installed.nbin +2024/01/16 +Windows AppLocker Installed +2013/03/22 +local +None +1.264 +https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759117(v=ws.11) +n/a +The remote host has an application installed for managing software access. + +Nessus enumerated the following Windows AppLocker configuration : + Exe Rules + Mode : Audit + Rule name : Prevent administrators from easily running the Opera web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Firefox web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Internet Explorer web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWSŽ INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow everyone to execute all files located in the Program Files folder + Description : Allows members of the Everyone group to run applications that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Prevent administrators from easily running the Outlook email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow administrators to execute all files + Description : Allows members of the local Administrators group to run all applications. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to execute all files located in the Windows folder + Description : Allows members of the Everyone group to run applications that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Prevent administrators from easily running the Chrome web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Safari web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Thunderbird email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + + Dll Rules + Mode : Audit + Rule name : Allow everyone to execute all DLLs located in the Windows folder + Description : Allows members of the Everyone group to load DLLs located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Allow everyone to execute all DLLs located in the Program Files folder + Description : Allows members of the Everyone group to load DLLs that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allows administrators to execute all DLLs + Description : Allows members of the local Administrators group to load all DLLs. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + + Script Rules + Mode : Audit + Rule name : All scripts + Description : Allows members of the local Administrators group to run all scripts. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all scripts located in the Program Files folder + Description : Allows members of the Everyone group to run scripts that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allow everyone to run all scripts located in the Windows folder + Description : Allows members of the Everyone group to run scripts that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + + Msi Rules + Mode : Audit + Rule name : Allow administrators to run all Windows Installer files + Description : Allows members of the local Administrators group to run all Windows Installer files. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all Windows Installer files located in the Windows\Installer folder. + Description : Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\Installer\*" + + + Appx Rules + Mode : Audit + Rule name : (Default Rule) All signed packaged apps + Description : Allows members of the Everyone group to run packaged apps that are signed. + Rule type : FilePublisherRule + User/Group SID : S-1-1-0 + Condition : PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*" + + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 121.0.2277.83 + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.9214.0 + .NET Version : 4.8.1 + Associated KB : 5033918 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Full + Release : 533325 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Client + Release : 533325 + + + +windows +True +software_enumeration +cpe:/a:microsoft:onedrive +Microsoft OneDrive, a file hosting service, is installed on the remote host. +microsoft_onedrive_installed.nbin +2024/01/16 +Microsoft OneDrive Installed +2020/07/17 +local +None +1.110 +http://www.nessus.org/u?23c14184 +n/a +A file hosting application is installed on the remote host. + +Nessus detected 3 installs of Microsoft OneDrive: + + Path : C:\Users\Cinnabon\AppData\Local\Microsoft\OneDrive\ + Version : 17.3.6998.830 + + Path : C:\Users\dbingham\AppData\Local\Microsoft\OneDrive\ + Version : 19.2.107.5 + + Path : C:\Users\tester\AppData\Local\Microsoft\OneDrive\ + Version : 19.232.1124.12 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.104 : 00-0c-29-71-3a-6d +192.168.40.153 : 00-00-c0-3c-08-4b +192.168.40.173 : 90-09-d0-00-6a-23 +192.168.40.174 : 90-09-d0-00-6a-24 +192.168.40.212 : f8-ff-c2-37-57-48 +192.168.40.251 : 00-0c-29-e1-ad-9d +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +239.255.255.250 : 01-00-5e-7f-ff-fa +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +c50d9ed2852e177d4dae05af77f045a5 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect AppLocker configuration information on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_applocker_config.nasl +2020/06/12 +Microsoft Windows AppLocker Configuration +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report AppLocker's configuration on the remote host. +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_dns_cache.nbin +2024/01/16 +Microsoft Windows DNS Cache +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report DNS cache information from the remote host. +true + array508.prod.do.dsp.mp.microsoft.com + array518.prod.do.dsp.mp.microsoft.com + +DNS cache information attached. + +b22414d86dc1f344ae4d9243e6edf75b + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + os : Windows_NT + username : SYSTEM + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\PROGRA~1\CONDUS~1\DISKEE~1\ + tmp : %SystemRoot%\TEMP + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ + windir : %SystemRoot% + +Active User Environment Variables + +6c34d0f66fb5c5a93718673564abdb8b + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.32,WKS2-SOTERIA,<00>,UNIQUE,Registered,00:0C:29:5C:7E:F8 +192.168.40.32,SOTERIA,<00>,GROUP,Registered,00:0C:29:5C:7E:F8 +192.168.40.32,WKS2-SOTERIA,<20>,UNIQUE,Registered,00:0C:29:5C:7E:F8 +192.168.40.32,SOTERIA,<1E>,GROUP,Registered,00:0C:29:5C:7E:F8 + + + +7d6f877a06b81573840aaa5af7c4ccc5 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +4fe470cad3c85fe7ab3a766dadfaf5cd + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\WINDOWS\\System32\\mstsc.exe + Version : 10.0.19041.3570 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\z: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed4-f250-11e8-9bec-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_PNY&Prod_USB_2.0_FD&Rev_1100#ACB1HD090000078&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0050004e0059002600500072006f0064005f005500530042005f0032002e0030005f004600440026005200650076005f00310031003000300023004100430042003100480044003000390030003000300030003000370038002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{af59e96d-7f80-11ec-9c30-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_&Prod_USB_DISK_3.0&Rev_PMAP#07000483D8E95720&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f002600500072006f0064005f005500530042005f004400490053004b005f0033002e00300026005200650076005f0050004d0041005000230030003700300030003000340038003300440038004500390035003700320030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{d8bf433e-d7c4-11ec-9c45-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_SMI&Prod_USB_3.0&Rev_1100#201302IP0002SERDCNGY&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0053004d0049002600500072006f0064005f005500530042005f0033002e00300026005200650076005f0031003100300030002300320030003100330030003200490050003000300030003200530045005200440043004e00470059002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\g: + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \??\volume{2a78a76f-f18e-11e8-9beb-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_000A#07087A9E311C2839&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f003000300030004100230030003700300038003700410039004500330031003100430032003800330039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{6dd8d9c6-2fc8-11ee-9c55-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_General&Prod_UDisk&Rev_5.00#7&3a3d7270&0&_&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e006500720061006c002600500072006f0064005f0055004400690073006b0026005200650076005f0035002e0030003000230037002600330061003300640037003200370030002600300026005f002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\e: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \??\volume{e4ff008d-9a17-11e7-9bcc-60f81dd2b949} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_1.00#1100300000000161&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f0031002e0030003000230031003100300030003300300030003000300030003000300030003100360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed5-f250-11e8-9bec-f018981982bc} + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{b7aea069-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#058F84688461&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f005300440023004d004d00430026005200650076005f0031002e003000300023003000350038004600380034003600380038003400360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea06a-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_Micro_SD#M2&Rev_1.08#058F84688461&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f004d006900630072006f005f005300440023004d00320026005200650076005f0031002e003000380023003000350038004600380034003600380038003400360031002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea083-ed45-11e8-9be7-f018981982bc} + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \dosdevices\f: + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{e4b0bc0c-9414-11e7-9bc2-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\d: + Data : m + Raw data : 6d207ff20000100000000000 + + Name : \dosdevices\c: + Data : foP + Raw data : 66df6fbd0000501f00000000 + + + + +windows +True +cpe:/o:microsoft:windows +Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past. +smb_enum_historic_usb_device_usage.nasl +2022/06/01 +Microsoft Windows USB Device Usage Report +2009/02/24 +local +None +1.15 +http://www.forensicswiki.org/wiki/USB_History_Viewing +Make sure that the use of USB drives is in accordance with your organization's security policy. +It was possible to get a list of USB devices that may have been connected to the remote system in the past. +true + +The following is a list of USB devices that have been connected +to remote system at least once in the past : + + +Device Name : USB DISK 3.0 USB Device +Last Inserted Time : Nov. 5, 2023 at 16:48:51 GMT + +First used : unknown + +Device Name : General UDisk USB Device +Last Inserted Time : unknown + +First used : unknown + +Device Name : Samsung Portable SSD T5 USB Device +Last Inserted Time : Nov. 6, 2023 at 17:34:49 GMT + +First used : unknown + +(Note that for a complete listing of 'First used' times you should +run this test with the option 'thorough_tests' enabled.) + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.17.10.8 + + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : Dave-512 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_3.0&REV_PMAP#07000483D8E95720&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEGTHAT256 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_CORSAIR&PROD_SURVIVOR_3.0&REV_000A#07087A9E311C2839&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FIRM + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERAL&PROD_UDISK&REV_5.00#7&3A3D7270&0&_&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MICRO_SD#M2&REV_1.08#058F84688461&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : C:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F84688461&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FAT-PRT + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_PNY&PROD_USB_2.0_FD&REV_1100#ACB1HD090000078&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEG-TOOLS + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_SMI&PROD_USB_3.0&REV_1100#201302IP0002SERDCNGY&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : Daves-Stuff + Device : SWD#WPDBUSENUM#{37D3844A-9E3B-11E7-9BD2-60F81DD2B949}#0000000000100000 + + Friendly name : STUFF + Device : SWD#WPDBUSENUM#{47E535CC-E60C-11E8-9BE6-806E6F6E6963}#0000000000100000 + + Friendly name : My Passport + Device : SWD#WPDBUSENUM#{677D3D2E-146F-11E8-9BDC-C8E0EB160FF2}#0000000000100000 + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#{93C0EED1-F250-11E8-9BEC-F018981982BC}#000000079E9F0600 + + Friendly name : Daves-Data + Device : SWD#WPDBUSENUM#{ABBA9390-146E-11E8-9BDB-C8E0EB160FF2}#0000000000100000 + + Friendly name : DEGTD + Device : SWD#WPDBUSENUM#{B7AEA082-ED45-11E8-9BE7-F018981982BC}#0000000000100000 + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{DA58CC9B-7CB2-11EE-9C6C-E0D04567CBCB}#0000000000100000 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5011048, Installed on: 2023/07/31 +KB5012170, Installed on: 2023/07/28 +KB5015684, Installed on: 2022/12/08 +KB5018506, Installed on: 2022/12/08 +KB5020372, Installed on: 2022/12/08 +KB5028849, Installed on: 2023/10/11 +KB5028853, Installed on: 2023/07/28 +KB5030649, Installed on: 2023/11/05 +KB5031816, Installed on: 2023/11/06 +KB5033918, Installed on: 2024/01/30 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Google Chrome + Best Confidence Version : 119.0.6045.106 + Version Confidence Level : 3 + All Possible Versions : 119.0.6045.106 + Other Version Data + [InstallDate] : + Raw Value : 2023/11/06 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe + Parsed File Version : 119.0.6045.106 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.106\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.106\Installer\setup.exe + Parsed File Version : 119.0.6045.106 + [VersionMinor] : + Raw Value : 106 + [Version] : + Raw Value : 119.0.6045.106 + [VersionMajor] : + Raw Value : 6045 + [DisplayVersion] : + Raw Value : 119.0.6045.106 + [DisplayName] : + Raw Value : Google Chrome + + - Microsoft Edge WebView2 Runtime + Best Confidence Version : 120.0.2210.144 + Version Confidence Level : 3 + All Possible Versions : 120.0.2210.144 + Other Version Data + [InstallDate] : + Raw Value : 2024/01/30 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe + Parsed File Version : 120.0.2210.144 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\Installer\setup.exe" --uninstall --msedgewebview --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\Installer\setup.exe + Parsed File Version : 120.0.2210.144 + [VersionMinor] : + Raw Value : 144 + [Version] : + Raw Value : 120.0.2210.144 + [VersionMajor] : + Raw Value : 2210 + [DisplayVersion] : + Raw Value : 120.0.2210.144 + [DisplayName] : + Raw Value : Microsoft Edge WebView2 Runtime + + - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.5.22544099 + Version Confidence Level : 2 + All Possible Versions : 12.3.5.22544099 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523205 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{27B78D8E-F8B9-4AF5-BF9C-8DDD583EAB6B} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 12.3.5.22544099 + [VersionMinor] : + Raw Value : 3 + + - Google Update Helper + Best Confidence Version : 1.3.35.451 + Version Confidence Level : 2 + All Possible Versions : 22.151.14425, 1.3.35.451 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 16973859 + Parsed Version : 22.151.14425 + [DisplayName] : + Raw Value : Google Update Helper + [UninstallString] : + Raw Value : MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} + [InstallDate] : + Raw Value : 2020/04/10 + [DisplayVersion] : + Raw Value : 1.3.35.451 + [VersionMinor] : + Raw Value : 3 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.181.5 + Version Confidence Level : 2 + All Possible Versions : 1.3.181.5 + Other Version Data + [Version] : + Raw Value : 1.3.181.5 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.181.5 + + - Adobe Refresh Manager + Best Confidence Version : 1.8.0 + Version Confidence Level : 2 + All Possible Versions : 23.48.5380, 1.8.0 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 17301504 + Parsed Version : 23.48.5380 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ + [DisplayName] : + Raw Value : Adobe Refresh Manager + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-0804-1033-1959-018244601053} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 1.8.0 + [VersionMinor] : + Raw Value : 8 + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - Microsoft Edge + Best Confidence Version : 121.0.2277.83 + Version Confidence Level : 3 + All Possible Versions : 121.0.2277.83 + Other Version Data + [InstallDate] : + Raw Value : 2024/01/30 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 121.0.2277.83 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\Installer\setup.exe" --uninstall --msedge --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\Installer\setup.exe + Parsed File Version : 121.0.2277.83 + [VersionMinor] : + Raw Value : 83 + [Version] : + Raw Value : 121.0.2277.83 + [VersionMajor] : + Raw Value : 2277 + [DisplayVersion] : + Raw Value : 121.0.2277.83 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Update Health Tools + Best Confidence Version : 3.74.0.0 + Version Confidence Level : 2 + All Possible Versions : 85.24.4882, 3.74.0.0 + Other Version Data + [VersionMajor] : + Raw Value : 3 + [Version] : + Raw Value : 55181312 + Parsed Version : 85.24.4882 + [DisplayName] : + Raw Value : Microsoft Update Health Tools + [UninstallString] : + Raw Value : MsiExec.exe /X{1FC1A6C2-576E-489A-9B4A-92D21F542136} + [InstallDate] : + Raw Value : 2023/11/06 + [DisplayVersion] : + Raw Value : 3.74.0.0 + [VersionMinor] : + Raw Value : 74 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + - Adobe Acrobat Reader + Best Confidence Version : 23.006.20360 + Version Confidence Level : 2 + All Possible Versions : 23.006.20360 + Other Version Data + [VersionMajor] : + Raw Value : 23 + [Version] : + Raw Value : 386289544 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Adobe\Acrobat Reader DC\ + [DisplayName] : + Raw Value : Adobe Acrobat Reader + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 23.006.20360 + [VersionMinor] : + Raw Value : 6 + + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 119.0.6045.106] [installed on 2023/11/06] +Microsoft Edge [version 121.0.2277.83] [installed on 2024/01/30] +Microsoft Edge Update [version 1.3.181.5] +Microsoft Edge WebView2 Runtime [version 120.0.2210.144] [installed on 2024/01/30] +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Update Health Tools [version 3.74.0.0] [installed on 2023/11/06] +VMware Tools [version 12.3.5.22544099] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Google Update Helper [version 1.3.35.451] [installed on 2020/04/10] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Adobe Refresh Manager [version 1.8.0] [installed on 2023/11/05] +Adobe Acrobat Reader [version 23.006.20360] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +cpe:/a:microsoft:ie +The remote host has Enhanced Protection Mode (EPM) enabled for the Microsoft Internet Explorer web browser. + +Enhanced Protection Mode (EPM) is an added layer of protection first added in Microsoft Internet Explorer version 10 that provides a security feature set that includes : + + - individual browser tabs can be run in 64-bit mode, increasing the effectiveness of Address Space Layout Randomization (ASLR) + + - better access protection for files via a broker process + + - untrusted web pages cannot access domain credentials + +Note that Microsoft Internet Explorer running in 'Metro style' uses Enhanced Protected Mode by default. +smb_explorer_epm_enabled.nasl +2022/02/01 +Microsoft Internet Explorer Enhanced Protection Mode (EPM) Detection +2014/06/13 +local +None +1.4 +http://www.nessus.org/u?792794bd +n/a +The remote host has Enhanced Protection Mode (EPM) for Microsoft Internet Explorer enabled. + +Enhanced Protected Mode for IE has been enabled via Group Policy configuration. + - 64-bit processes for Enhanced Protected Mode is enabled + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/1/30 12:45 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2023/02/28 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.46 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : + +1-5-21-1536193852-1370433935-2390261316 + +The value of 'RestrictAnonymous' setting is : 1 + + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\WINDOWS\system32\MRT.exe + Version : 5.118.23100.1 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +cpe:/o:microsoft:windows +The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues. +smb_v1_enabled.nasl +true +2020/06/12 +Server Message Block (SMB) Protocol Version 1 Enabled +2017/02/09 +local +None +1.8 +https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ +https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and +http://www.nessus.org/u?8dcab5e4 +http://www.nessus.org/u?234f8ef8 +http://www.nessus.org/u?4c7e0cf3 +Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices. +The remote Windows host supports the SMBv1 protocol. + + SMBv1 server is enabled : + - HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : 1 + SMB1protocol feature is enabled based on the following key : + - HKLM\SYSTEM\CurrentControlSet\Services\srv + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.5.46049 + + + +Nessus was able to retrieve and display the contents of the Windows prefetch folder (%systemroot%\prefetch\*). This information shows programs that have run with the prefetch and superfetch mechanisms enabled. +windows_prefetch.nasl +2018/11/15 +Windows Prefetch Folder +2014/09/12 +local +None +1.2 +http://www.nessus.org/u?8242d04f +http://www.nessus.org/u?d6b15983 +http://www.forensicswiki.org/wiki/Prefetch +n/a +Nessus was able to retrieve the Windows prefetch folder file list. ++ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters +rootdirpath : +enableprefetcher : 3 + ++ Prefetch file list : + - \WINDOWS\prefetch\119.0.6045.106_119.0.6045.105-9DD3C9FF.pf + - \WINDOWS\prefetch\AM_BASE_PATCH1.EXE-FC84E7C0.pf + - \WINDOWS\prefetch\AM_DELTA.EXE-B7261F63.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.401.151.0.EX-B3F7F584.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.401.178.0.EX-E83E84D1.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.401.185.0.EX-3BE4A99F.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.403.2943.0.E-DB0A6FF5.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.403.2949.0.E-E107CB33.pf + - \WINDOWS\prefetch\AM_ENGINE_PATCH_1.1.23100.200-8708AE36.pf + - \WINDOWS\prefetch\APPLICATIONFRAMEHOST.EXE-CCEEF759.pf + - \WINDOWS\prefetch\ARP.EXE-2BC38967.pf + - \WINDOWS\prefetch\AUDIODG.EXE-BDFD3029.pf + - \WINDOWS\prefetch\AUDITPOL.EXE-FE8D42C2.pf + - \WINDOWS\prefetch\AUTORUN.EXE-3954485B.pf + - \WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-353E93DD.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BA.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BB.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1C2.pf + - \WINDOWS\prefetch\CMD.EXE-4A81B364.pf + - \WINDOWS\prefetch\CMD.EXE-AC113AA8.pf + - \WINDOWS\prefetch\COMPATTELRUNNER.EXE-DB97728F.pf + - \WINDOWS\prefetch\COMPPKGSRV.EXE-21DBED9C.pf + - \WINDOWS\prefetch\CONHOST.EXE-1F3E9D7E.pf + - \WINDOWS\prefetch\CONSENT.EXE-531BD9EA.pf + - \WINDOWS\prefetch\CSC.EXE-67679278.pf + - \WINDOWS\prefetch\CSCC-REMOTE.EXE-7C27D0A9.pf + - \WINDOWS\prefetch\CSCC64-REMOTE.EXE-9740F674.pf + - \WINDOWS\prefetch\CSRSS.EXE-3FE41F7E.pf + - \WINDOWS\prefetch\CTFMON.EXE-9450846B.pf + - \WINDOWS\prefetch\CVTRES.EXE-F2B7602E.pf + - \WINDOWS\prefetch\DEFRAG.EXE-588F90AD.pf + - \WINDOWS\prefetch\DISM.EXE-DE199F71.pf + - \WINDOWS\prefetch\DISMHOST.EXE-369F8D28.pf + - \WINDOWS\prefetch\DISMHOST.EXE-7265EE62.pf + - \WINDOWS\prefetch\DISMHOST.EXE-825D7DBB.pf + - \WINDOWS\prefetch\DISMHOST.EXE-8DABA6EF.pf + - \WINDOWS\prefetch\DISMHOST.EXE-C33273CF.pf + - \WINDOWS\prefetch\DISMHOST.EXE-C7E51022.pf + - \WINDOWS\prefetch\DISMHOST.EXE-EE672375.pf + - \WINDOWS\prefetch\DLLHOST.EXE-0AD6AC16.pf + - \WINDOWS\prefetch\DLLHOST.EXE-2E884D3E.pf + - \WINDOWS\prefetch\DLLHOST.EXE-5A984E5F.pf + - \WINDOWS\prefetch\DLLHOST.EXE-823CA4DA.pf + - \WINDOWS\prefetch\DLLHOST.EXE-9037274D.pf + - \WINDOWS\prefetch\DLLHOST.EXE-9C376A75.pf + - \WINDOWS\prefetch\DLLHOST.EXE-EA533AAF.pf + - \WINDOWS\prefetch\DRVINST.EXE-4CB4314A.pf + - \WINDOWS\prefetch\DWM.EXE-6FFD3DA8.pf + - \WINDOWS\prefetch\ELEVATE64.EXE-75D706B4.pf + - \WINDOWS\prefetch\EXPAND.EXE-05AD1090.pf + - \WINDOWS\prefetch\EXPLORER.EXE-A80E4F97.pf + - \WINDOWS\prefetch\FONTDRVHOST.EXE-31E45F6D.pf + - \WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-9C89DCB6.pf + - \WINDOWS\prefetch\GOOGLECRASHHANDLER64.EXE-EBE48838.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-97084C14.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-B95715F5.pf + - \WINDOWS\prefetch\GPSCRIPT.EXE-CCD32D94.pf + - \WINDOWS\prefetch\IEXPLORE.EXE-908C99F8.pf + - \WINDOWS\prefetch\IMPORTREGPOL.EXE-0F205B23.pf + - \WINDOWS\prefetch\IMPORTREGPOL.EXE-ED59D338.pf + - \WINDOWS\prefetch\IPCONFIG.EXE-912F3D5B.pf + - \WINDOWS\prefetch\JKDEFRAG64.EXE-1DD0F723.pf + - \WINDOWS\prefetch\JKDEFRAGGUI.EXE-7401E0FA.pf + - \WINDOWS\prefetch\JKDEFRAGPORTABLE.EXE-8AC1990B.pf + - \WINDOWS\prefetch\LGPO.EXE-12896114.pf + - \WINDOWS\prefetch\LGPO.EXE-9B6B69D6.pf + - \WINDOWS\prefetch\LOCKAPP.EXE-5A9FA247.pf + - \WINDOWS\prefetch\LOGONUI.EXE-09140401.pf + - \WINDOWS\prefetch\MAKECAB.EXE-0F1704A4.pf + - \WINDOWS\prefetch\MANAGE-BDE.EXE-37A0B125.pf + - \WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-C4317749.pf + - \WINDOWS\prefetch\MICROSOFTEDGE_X64_120.0.2210.-567156D2.pf + - \WINDOWS\prefetch\MICROSOFTEDGE_X64_121.0.2277.-5803383E.pf + - \WINDOWS\prefetch\MMC.EXE-381384EF.pf + - \WINDOWS\prefetch\MMC.EXE-7FBB0956.pf + - \WINDOWS\prefetch\MMC.EXE-EA3BC57E.pf + - \WINDOWS\prefetch\MOBSYNC.EXE-C5E2284F.pf + - \WINDOWS\prefetch\MOFCOMP.EXE-8FE3D558.pf + - \WINDOWS\prefetch\MOUSOCOREWORKER.EXE-681A8FEE.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-68BB20D0.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-7D4AA24B.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-B6117D0E.pf + - \WINDOWS\prefetch\MPRECOVERY.EXE-DDADD581.pf + - \WINDOWS\prefetch\MPRECOVERY.EXE-FFD06E71.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-5E95E876.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-6CB27A06.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-A40D77CB.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-DBCD8A3B.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-57D17DAF.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-C3C515BD.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B85.pf + - \WINDOWS\prefetch\MSIEXEC.EXE-A2D55CB6.pf + - \WINDOWS\prefetch\MSIEXEC.EXE-E09A077A.pf + - \WINDOWS\prefetch\MSMPENG.EXE-0D196553.pf + - \WINDOWS\prefetch\MSMPENG.EXE-3870F3D8.pf + - \WINDOWS\prefetch\MSMPENG.EXE-E476D4E5.pf + - \WINDOWS\prefetch\MSTSC.EXE-76A46E8A.pf + - \WINDOWS\prefetch\NBTSTAT.EXE-84461EB8.pf + - \WINDOWS\prefetch\NET.EXE-DF44F913.pf + - \WINDOWS\prefetch\NET1.EXE-849DA590.pf + - \WINDOWS\prefetch\NETSH.EXE-F1B6DA12.pf + - \WINDOWS\prefetch\NETSTAT.EXE-5A5A908F.pf + - \WINDOWS\prefetch\NGEN.EXE-AE594A6B.pf + - \WINDOWS\prefetch\NGEN.EXE-EC3F9239.pf + - \WINDOWS\prefetch\NGENTASK.EXE-4F8BD802.pf + - \WINDOWS\prefetch\NGENTASK.EXE-BB7F7010.pf + - \WINDOWS\prefetch\NISSRV.EXE-4B61B196.pf + - \WINDOWS\prefetch\NISSRV.EXE-B8EE4089.pf + - \WINDOWS\prefetch\NISSRV.EXE-F8AAD06B.pf + - \WINDOWS\prefetch\NOTEPAD.EXE-D8414F97.pf + - \WINDOWS\prefetch\NPFINSTALL.EXE-82E7040F.pf + - \WINDOWS\prefetch\Op-SEARCHAPP.EXE-0F10B1A6-00000001.pf + - \WINDOWS\prefetch\OPENWITH.EXE-5C93E816.pf + - \WINDOWS\prefetch\POWERSHELL.EXE-920BBA2A.pf + - \WINDOWS\prefetch\REG.EXE-E7E8BD26.pf + - \WINDOWS\prefetch\REGEDIT.EXE-90FEEA06.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-081B5A6F.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-467448AC.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-F9283CB8.pf + - \WINDOWS\prefetch\RUNONCE.EXE-0E293DD6.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-07E5777E.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-196943E5.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-1BA55E56.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-72C0C855.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-98F22970.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-C0023C99.pf + - \WINDOWS\prefetch\SATISMO-LOCKDOWN-TOOL.EXE-F5B19B48.pf + - \WINDOWS\prefetch\SC.EXE-945D79AE.pf + - \WINDOWS\prefetch\SCHTASKS.EXE-5CA45734.pf + - \WINDOWS\prefetch\SCRNSAVE.SCR-51176AA7.pf + - \WINDOWS\prefetch\SDIAGNHOST.EXE-8D72177C.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-0A9AB385.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-8CDCFFB0.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-AEF051F3.pf + - \WINDOWS\prefetch\SEARCHFILTERHOST.EXE-77482212.pf + - \WINDOWS\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf + - \WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf + - \WINDOWS\prefetch\SECEDIT.EXE-CB2BC3E5.pf + - \WINDOWS\prefetch\SECHEALTHUI.EXE-D6B58CEB.pf + - \WINDOWS\prefetch\SECURITYHEALTHHOST.EXE-A928C304.pf + - \WINDOWS\prefetch\SECURITYHEALTHSERVICE.EXE-EE3BC4CB.pf + - \WINDOWS\prefetch\SECURITYHEALTHSYSTRAY.EXE-41AD6DE1.pf + - \WINDOWS\prefetch\SETUP.EXE-3A7C48C1.pf + - \WINDOWS\prefetch\SETUP.EXE-3A7C48C8.pf + - \WINDOWS\prefetch\SETUP.EXE-4B64D63B.pf + - \WINDOWS\prefetch\SETUP.EXE-4B64D63F.pf + - \WINDOWS\prefetch\SETUP.EXE-916A2EBE.pf + - \WINDOWS\prefetch\SETUP.EXE-916A2EC2.pf + - \WINDOWS\prefetch\SETUP.EXE-A680C563.pf + - \WINDOWS\prefetch\SETUP.EXE-A680C56A.pf + - \WINDOWS\prefetch\SETUP64.EXE-6C6157AB.pf + - \WINDOWS\prefetch\SGRMBROKER.EXE-0CA31CC6.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-23D7A593.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-EF3EE583.pf + - \WINDOWS\prefetch\SIHCLIENT.EXE-A872A8BF.pf + - \WINDOWS\prefetch\SIHOST.EXE-2C4C53BA.pf + - \WINDOWS\prefetch\SLUI.EXE-724E99D9.pf + - \WINDOWS\prefetch\SMARTSCREEN.EXE-9B5E4173.pf + - \WINDOWS\prefetch\SMSS.EXE-E9C28FC6.pf + - \WINDOWS\prefetch\SPPEXTCOMOBJ.EXE-BB03B3D6.pf + - \WINDOWS\prefetch\SPPSVC.EXE-B0F8131B.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-58859201.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-D80E778C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-08BC2356.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0C2D202C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0D126A9F.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0E4FE292.pf + - \WINDOWS\prefetch\SVCHOST.EXE-272EF09B.pf + - \WINDOWS\prefetch\SVCHOST.EXE-2C8F9E34.pf + - \WINDOWS\prefetch\SVCHOST.EXE-2FA0E8A6.pf + - \WINDOWS\prefetch\SVCHOST.EXE-3905CA11.pf + - \WINDOWS\prefetch\SVCHOST.EXE-4278A5C0.pf + - \WINDOWS\prefetch\SVCHOST.EXE-483ECC41.pf + - \WINDOWS\prefetch\SVCHOST.EXE-579B147A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5E731DE3.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5EAAEC8A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5F9C92CC.pf + - \WINDOWS\prefetch\SVCHOST.EXE-62975899.pf + - \WINDOWS\prefetch\SVCHOST.EXE-6579E144.pf + - \WINDOWS\prefetch\SVCHOST.EXE-6C525542.pf + - \WINDOWS\prefetch\SVCHOST.EXE-776D4801.pf + - \WINDOWS\prefetch\SVCHOST.EXE-7B41F868.pf + - \WINDOWS\prefetch\SVCHOST.EXE-7D248B6A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-84ADBFA7.pf + - \WINDOWS\prefetch\SVCHOST.EXE-868216AE.pf + - \WINDOWS\prefetch\SVCHOST.EXE-86AA6B35.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8929E8DF.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8A9E6608.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8D87DCC8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-97CD69B8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-98090C0A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-A1E3F14E.pf + - \WINDOWS\prefetch\SVCHOST.EXE-A8007E45.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AD0331FB.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AFDE613F.pf + - \WINDOWS\prefetch\SVCHOST.EXE-BA748B25.pf + - \WINDOWS\prefetch\SVCHOST.EXE-BC4C6158.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D5B495F2.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D6693F60.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D7909332.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D8FFFCDA.pf + - \WINDOWS\prefetch\SVCHOST.EXE-EBA34E64.pf + - \WINDOWS\prefetch\SVCHOST.EXE-ECA65C63.pf + - \WINDOWS\prefetch\SVCHOST.EXE-F0CB7C91.pf + - \WINDOWS\prefetch\SVCHOST.EXE-FE99AE69.pf + - \WINDOWS\prefetch\SYSTEMSETTINGS.EXE-01D72268.pf + - \WINDOWS\prefetch\SYSTEMSETTINGSADMINFLOWS.EXE-389031F2.pf + - \WINDOWS\prefetch\TASKHOSTW.EXE-3E0B74C8.pf + - \WINDOWS\prefetch\TASKKILL.EXE-8F5B2253.pf + - \WINDOWS\prefetch\TASKLIST.EXE-C6CEE193.pf + - \WINDOWS\prefetch\TASKMGR.EXE-5F5F473D.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-1557F467.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-6DC31D2B.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-95832A05.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-A6B545E0.pf + - \WINDOWS\prefetch\TIWORKER.EXE-5883C58B.pf + - \WINDOWS\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf + - \WINDOWS\prefetch\TUTELA-IA-LOCKDOWN-TOOL2021.E-5163B368.pf + - \WINDOWS\prefetch\UHSSVC.EXE-EC246342.pf + - \WINDOWS\prefetch\UNIFIEDINSTALLER.EXE-2D37BA61.pf + - \WINDOWS\prefetch\UNINST.EXE-850DA63F.pf + - \WINDOWS\prefetch\UNINSTALL.EXE-386FC2DB.pf + - \WINDOWS\prefetch\UN_A.EXE-B491018D.pf + - \WINDOWS\prefetch\USOCLIENT.EXE-5A8A3A5E.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-982E0EED.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-D32DE9DB.pf + - \WINDOWS\prefetch\VCREDIST_X86.EXE-41F3B186.pf + - \WINDOWS\prefetch\VCREDIST_X86.EXE-D059F512.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-5C67D71D.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-B9F44A1F.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-C05C0B94.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-C55F8EAF.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-0F76B730.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-91430499.pf + - \WINDOWS\prefetch\VMTOOLSD.EXE-CD82EC13.pf + - \WINDOWS\prefetch\VMWARE-TOOLS-12.3.5-22544099--5DDD6B5C.pf + - \WINDOWS\prefetch\VMWARERESOLUTIONSET.EXE-79C811DD.pf + - \WINDOWS\prefetch\VMWARETOOLBOXCMD.EXE-C33722D4.pf + - \WINDOWS\prefetch\VSSADMIN.EXE-9FF2C6A1.pf + - \WINDOWS\prefetch\VSSVC.EXE-B8AFC319.pf + - \WINDOWS\prefetch\WAASMEDICAGENT.EXE-ED0D7511.pf + - \WINDOWS\prefetch\WEVTUTIL.EXE-EF5861C4.pf + - \WINDOWS\prefetch\WHOAMI.EXE-B8288E39.pf + - \WINDOWS\prefetch\WINLOGON.EXE-B020DC41.pf + - \WINDOWS\prefetch\WINSAT.EXE-DE36CB46.pf + - \WINDOWS\prefetch\WLRMDR.EXE-C2B47318.pf + - \WINDOWS\prefetch\WMIADAP.EXE-F8DFDFA2.pf + - \WINDOWS\prefetch\WMIAPSRV.EXE-29F35ED0.pf + - \WINDOWS\prefetch\WMIC.EXE-A7D06383.pf + - \WINDOWS\prefetch\WMIPRVSE.EXE-1628051C.pf + - \WINDOWS\prefetch\WORDPAD.EXE-D7FD7414.pf + - \WINDOWS\prefetch\WUAUCLT.EXE-70318591.pf + - \WINDOWS\prefetch\WUDFHOST.EXE-AFFEF87C.pf + - \WINDOWS\prefetch\WWAHOST.EXE-3FD45057.pf + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information available on the remote host via WMI. +wmi_enum_encryptable_volumes.nbin +2024/01/16 +WMI Encryptable Volume Enumeration +2010/12/15 +local +None +1.210 +http://www.nessus.org/u?8aa7973e +n/a +The remote Windows host has encryptable volumes available. + +Here is a list of encryptable volumes available on the remote system : + ++ DriveLetter C: + + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{bd6fdf66-0000-0000-0000-501f00000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 58.68 GB + ++ DriveLetter D: + + - Automatic Unlock : Disabled + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{f27f206d-0000-0000-0000-100000000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 50.00 GB + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_WKS2-Soteria.csv : lists the loaded modules for each process. + +2b2b7a92982809a0495cd43445dffedd + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- Memory Compression (2000) + 0 : |- smss.exe (344) + 0 : csrss.exe (440) + 0 : wininit.exe (516) + 0 : |- services.exe (656) + 0 : |- svchost.exe (1032) + 0 : |- svchost.exe (1040) + 0 : |- svchost.exe (1048) + 0 : |- uhssvc.exe (1064) + 0 : |- svchost.exe (1068) + 0 : |- svchost.exe (1116) + 0 : |- svchost.exe (1120) + 0 : |- svchost.exe (1132) + 0 : |- svchost.exe (1152) + 0 : |- svchost.exe (1180) + 0 : |- svchost.exe (1236) + 0 : |- svchost.exe (1372) + 0 : |- svchost.exe (1416) + 0 : |- svchost.exe (1448) + 0 : |- svchost.exe (1472) + 0 : |- svchost.exe (1556) + 0 : |- svchost.exe (1584) + 0 : |- svchost.exe (1616) + 0 : |- svchost.exe (1628) + 0 : |- svchost.exe (1632) + 0 : |- dasHost.exe (2204) + 0 : |- svchost.exe (1676) + 0 : |- svchost.exe (1752) + 0 : |- svchost.exe (1792) + 0 : |- svchost.exe (1832) + 0 : |- svchost.exe (1860) + 0 : |- WUDFHost.exe (1880) + 0 : |- svchost.exe (2036) + 0 : |- svchost.exe (2060) + 0 : |- svchost.exe (2092) + 0 : |- svchost.exe (2100) + 0 : |- svchost.exe (2124) + 0 : |- svchost.exe (2148) + 0 : |- svchost.exe (2288) + 0 : |- svchost.exe (2324) + 0 : |- svchost.exe (2332) + 0 : |- svchost.exe (2464) + 0 : |- svchost.exe (2476) + 0 : |- svchost.exe (2508) + 0 : |- svchost.exe (2548) + 0 : |- svchost.exe (2596) + 0 : |- svchost.exe (2620) + 0 : |- spoolsv.exe (2708) + 0 : |- svchost.exe (2780) + 0 : |- svchost.exe (2860) + 0 : |- svchost.exe (2956) + 0 : |- svchost.exe (2964) + 0 : |- svchost.exe (3172) + 0 : |- svchost.exe (3224) + 0 : |- armsvc.exe (3260) + 0 : |- svchost.exe (3272) + 0 : |- svchost.exe (3280) + 0 : |- svchost.exe (3304) + 0 : |- svchost.exe (3324) + 0 : |- svchost.exe (3368) + 0 : |- svchost.exe (3416) + 0 : |- svchost.exe (3428) + 0 : |- svchost.exe (3436) + 0 : |- svchost.exe (3504) + 0 : |- vmtoolsd.exe (3512) + 0 : |- vm3dservice.exe (3520) + 1 : |- vm3dservice.exe (3792) + 0 : |- VGAuthService.exe (3528) + 0 : |- MsMpEng.exe (3552) + 0 : |- svchost.exe (3560) + 0 : |- svchost.exe (3708) + 0 : |- svchost.exe (3940) + 0 : |- svchost.exe (4128) + 0 : |- dllhost.exe (4196) + 0 : |- svchost.exe (4208) + 0 : |- svchost.exe (4668) + 0 : |- svchost.exe (4672) + 0 : |- svchost.exe (4684) + 0 : |- svchost.exe (4708) + 0 : |- msdtc.exe (4904) + 0 : |- SgrmBroker.exe (5704) + 0 : |- SearchIndexer.exe (5780) + 0 : |- svchost.exe (5860) + 0 : |- svchost.exe (5948) + 0 : |- svchost.exe (6028) + 0 : |- NisSrv.exe (6140) + 0 : |- svchost.exe (756) + 0 : |- svchost.exe (788) + 0 : |- WmiPrvSE.exe (4152) + 0 : |- WmiPrvSE.exe (4840) + 0 : |- WmiPrvSE.exe (5268) + 0 : |- svchost.exe (904) + 0 : |- svchost.exe (968) + 0 : |- lsass.exe (676) + 0 : |- fontdrvhost.exe (824) + 1 : csrss.exe (536) + 0 : GoogleCrashHandler.exe (5892) + 0 : GoogleCrashHandler64.exe (5896) + 1 : winlogon.exe (612) + 1 : |- LogonUI.exe (324) + 1 : |- dwm.exe (380) + 1 : |- fontdrvhost.exe (816) + 0 : Registry (92) + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-WTYPF + +Note that all but the final portion of the key has been obfuscated. + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : Phoenix Technologies LTD + Version : 6.00 + Release date : 20201112000000.000000+000 + UUID : 16084D56-DD6F-C4F4-EF6C-97CC2B5C7EF8 + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +55969ce0c5f966fcf930be10a0d65fa7 + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +b39004912f2a03f580369cb6c6545aa2 + + +windows +cpe:/a:microsoft:office +Nessus was able to gather evidence of files that were opened using any Microsoft Office application. The report was extracted from Office MRU (Most Recently Used) registry keys. +microsoft_windows_office_recent.nasl +2018/11/15 +Microsoft Office File History +2016/07/19 +local +None +1.6 +https://products.office.com/en-US/ +https://www.taksati.org/mru/ +n/a +Nessus was able to enumerate files opened in Microsoft Office on the remote host. +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK + +User AppData recent used file report attached + +00f2207cede5535886fae679bd7e7d23 + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\pmcsnap.dll,-710 : Manages local printers and remote print servers. +@%commonprogramfiles%\microsoft shared\ink\mip.exe,-292 : Math Input Panel +@c:\windows\system32\snippingtool.exe,-15051 : Snipping Tool +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@iphlpsvc.dll,-503 : Core Networking - Teredo (ICMPv6-Out) +@c:\windows\system32\taskmgr.exe,-32420 : Task Manager +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\odbcint.dll,-1312 : Maintains ODBC data sources and drivers. +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\comres.dll,-3411 : Manage COM+ applications, COM and DCOM system configuration, and the Distributed Transaction Coordinator. +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\ncdautosetup.dll,-100 : Network Connected Devices Auto-Setup +@c:\windows\system32\mdsched.exe,-4001 : Windows Memory Diagnostic +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@c:\windows\regedit.exe,-309 : Registration Entries +@c:\program files\common files\system\wab32res.dll,-10100 : Contacts +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@c:\windows\system32\msxml3r.dll,-1 : XML Document +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@c:\windows\system32\wshext.dll,-4802 : VBScript Script File +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@c:\windows\system32\msinfo32.exe,-100 : System Information +@c:\windows\system32\acppage.dll,-6002 : Windows Batch File +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\wdc.dll,-10031 : Monitor the usage and performance of the following resources in real time: CPU, Disk, Network and Memory. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@c:\windows\immersivecontrolpanel\systemsettings.exe,-650 : Settings +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@c:\windows\system32\wsecedit.dll,-718 : Local Security Policy +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@c:\windows\system32\wdc.dll,-10021 : Performance Monitor +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\psr.exe,-1702 : Capture steps with screenshots to save or share. +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@c:\windows\system32\iscsicpl.dll,-5001 : iSCSI Initiator +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@c:\program files\common files\microsoft shared\ink\mip.exe,-291 : Math Input Panel +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\dfrgui.exe,-172 : Optimizes files and fragments on your volumes so that your computer runs faster and more efficiently. +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@c:\windows\system32\ieframe.dll,-10046 : Internet Shortcut +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%windir%\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@c:\windows\system32\wshext.dll,-4804 : JavaScript File +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\filemgmt.dll,-602 : Starts, stops, and configures Windows services. +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@c:\windows\system32\xpsrchvw.exe,-102 : XPS Viewer +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-102 : Windows PowerShell ISE (x86) +@windows.storage.dll,-21824 : Camera Roll +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@c:\windows\system32\recoverydrive.exe,-500 : Recovery Drive +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%windir%\system32\fxsresm.dll,-115 : Send and receive faxes or scan pictures and documents. +@windows.storage.dll,-34583 : Saved Pictures +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\msconfig.exe,-6001 : Perform advanced troubleshooting and system configuration +@c:\windows\system32\authfwgp.dll,-20 : Windows Defender Firewall with Advanced Security +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@firewallapi.dll,-50323 : SNMP Trap +@""c:\windows\system32\windowspowershell\v1.0\powershell.exe"",-103 : n/a +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\fhsvc.dll,-101 : File History Service +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\authfwgp.dll,-21 : Configure policies that provide enhanced network security for Windows computers. +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@c:\windows\system32\pmcsnap.dll,-700 : Print Management +@%windir%\system32\mstsc.exe,-4001 : Use your computer to connect to a computer that is located elsewhere and run programs or access files. +@%systemroot%\system32\snippingtool.exe,-15052 : Capture a portion of your screen so you can save, annotate, or share the image. +@c:\windows\system32\psr.exe,-1701 : Steps Recorder +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%windir%\system32\mdsched.exe,-4002 : Check your computer for memory problems. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@c:\windows\system32\msconfig.exe,-5006 : System Configuration +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@c:\windows\system32\miguiresource.dll,-101 : Event Viewer +@c:\windows\system32\ieframe.dll,-912 : HTML Document +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@c:\windows\system32\unregmp2.exe,-9902 : Movie Clip +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@searchfolder.dll,-32822 : Everywhere +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@c:\windows\system32\dfrgui.exe,-103 : Defragment and Optimize Drives +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@c:\windows\system32\filemgmt.dll,-2204 : Services +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%windir%\system32\speech\speechux\sapi.cpl,-5556 : Dictate text and control your computer by voice. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%windir%\system32\miguiresource.dll,-202 : Schedule computer tasks to run automatically. +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@windows.storage.dll,-21825 : 3D Objects +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\browser.dll,-100 : Computer Browser +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@c:\windows\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\wdc.dll,-10025 : Diagnose performance issues and collect performance data. +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@c:\windows\system32\setupapi.dll,-2000 : Setup Information +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@c:\windows\system32\windows.storage.dll,-10152 : File folder +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-113 : Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-101 : Windows PowerShell ISE +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@c:\windows\system32\acppage.dll,-6003 : Windows Command Script +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\quickassist.exe,-807 : Connect to another user's computer to help troubleshoot problems +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%windir%\system32\miguiresource.dll,-102 : View monitoring and troubleshooting messages from windows and other programs. +@""c:\windows\system32\wusa.exe"",-102 : n/a +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@c:\windows\system32\quickassist.exe,-806 : Quick Assist +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@c:\windows\system32\wdc.dll,-10030 : Resource Monitor +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\xpsrchvw.exe,-103 : View, digitally sign, and set permissions for XPS documents +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@c:\windows\system32\notepad.exe,-469 : Text Document +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@c:\windows\system32\mstsc.exe,-4004 : Remote Desktop Connection +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@c:\windows\system32\ieframe.dll,-12385 : Favorites Bar +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@iphlpsvc.dll,-502 : Core Networking - Teredo (ICMPv6-In) +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@comres.dll,-2450 : COM+ Event System +@c:\windows\system32\msimsg.dll,-35 : Windows Installer Patch +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@c:\windows\system32\fxsresm.dll,-114 : Windows Fax and Scan +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%windir%\immersivecontrolpanel\systemsettings.exe,-651 : Change settings and customize the functionality of your computer +@searchfolder.dll,-32820 : Indexed Locations +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\mycomput.dll,-112 : Manages disks and provides access to other tools to manage local and remote computers. +@c:\windows\system32\cabview.dll,-20 : Cabinet File +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\taskmgr.exe,-33551 : Manage running apps and view system performance +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@c:\program files\windows nt\accessories\wordpad.exe,-300 : Office Open XML Document +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\srvsvc.dll,-100 : Server +@c:\windows\system32\msimsg.dll,-34 : Windows Installer Package +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%windir%\system32\iscsicpl.dll,-5002 : Connect to remote iSCSI targets and configure connection settings. +@%systemroot%\system32\recoverydrive.exe,-600 : Create a recovery drive +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@c:\windows\system32\windows.ui.immersive.dll,-38304 : Public Account Pictures +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\msinfo32.exe,-130 : Display detailed information about your computer. +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@c:\windows\system32\speech\speechux\sapi.cpl,-5555 : Windows Speech Recognition +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@c:\windows\system32\zipfldr.dll,-10195 : Compressed (zipped) Folder +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@c:\windows\system32\searchfolder.dll,-9023 : Saved Search +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@c:\windows\system32\mycomput.dll,-300 : Computer Management +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@c:\windows\system32\odbcint.dll,-1694 : ODBC Data Sources (64-bit) +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@c:\windows\system32\comres.dll,-3410 : Component Services +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@c:\windows\system32\miguiresource.dll,-201 : Task Scheduler +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\pmcsnap.dll,-710 : Manages local printers and remote print servers. +@%commonprogramfiles%\microsoft shared\ink\mip.exe,-292 : Math Input Panel +@c:\windows\system32\snippingtool.exe,-15051 : Snipping Tool +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@iphlpsvc.dll,-503 : Core Networking - Teredo (ICMPv6-Out) +@c:\windows\system32\taskmgr.exe,-32420 : Task Manager +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\odbcint.dll,-1312 : Maintains ODBC data sources and drivers. +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\comres.dll,-3411 : Manage COM+ applications, COM and DCOM system configuration, and the Distributed Transaction Coordinator. +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\ncdautosetup.dll,-100 : Network Connected Devices Auto-Setup +@c:\windows\system32\mdsched.exe,-4001 : Windows Memory Diagnostic +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@c:\windows\regedit.exe,-309 : Registration Entries +@c:\program files\common files\system\wab32res.dll,-10100 : Contacts +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@c:\windows\system32\msxml3r.dll,-1 : XML Document +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@c:\windows\system32\wshext.dll,-4802 : VBScript Script File +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@c:\windows\system32\msinfo32.exe,-100 : System Information +@c:\windows\system32\acppage.dll,-6002 : Windows Batch File +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\wdc.dll,-10031 : Monitor the usage and performance of the following resources in real time: CPU, Disk, Network and Memory. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@c:\windows\immersivecontrolpanel\systemsettings.exe,-650 : Settings +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@c:\windows\system32\wsecedit.dll,-718 : Local Security Policy +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@c:\windows\system32\wdc.dll,-10021 : Performance Monitor +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\psr.exe,-1702 : Capture steps with screenshots to save or share. +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@c:\windows\system32\iscsicpl.dll,-5001 : iSCSI Initiator +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@c:\program files\common files\microsoft shared\ink\mip.exe,-291 : Math Input Panel +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\dfrgui.exe,-172 : Optimizes files and fragments on your volumes so that your computer runs faster and more efficiently. +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@c:\windows\system32\ieframe.dll,-10046 : Internet Shortcut +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%windir%\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@c:\windows\system32\wshext.dll,-4804 : JavaScript File +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\filemgmt.dll,-602 : Starts, stops, and configures Windows services. +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@c:\windows\system32\xpsrchvw.exe,-102 : XPS Viewer +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-102 : Windows PowerShell ISE (x86) +@windows.storage.dll,-21824 : Camera Roll +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@c:\windows\system32\recoverydrive.exe,-500 : Recovery Drive +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%windir%\system32\fxsresm.dll,-115 : Send and receive faxes or scan pictures and documents. +@windows.storage.dll,-34583 : Saved Pictures +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\msconfig.exe,-6001 : Perform advanced troubleshooting and system configuration +@c:\windows\system32\authfwgp.dll,-20 : Windows Defender Firewall with Advanced Security +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@firewallapi.dll,-50323 : SNMP Trap +@""c:\windows\system32\windowspowershell\v1.0\powershell.exe"",-103 : n/a +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\fhsvc.dll,-101 : File History Service +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\authfwgp.dll,-21 : Configure policies that provide enhanced network security for Windows computers. +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@c:\windows\system32\pmcsnap.dll,-700 : Print Management +@%windir%\system32\mstsc.exe,-4001 : Use your computer to connect to a computer that is located elsewhere and run programs or access files. +@%systemroot%\system32\snippingtool.exe,-15052 : Capture a portion of your screen so you can save, annotate, or share the image. +@c:\windows\system32\psr.exe,-1701 : Steps Recorder +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%windir%\system32\mdsched.exe,-4002 : Check your computer for memory problems. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@c:\windows\system32\msconfig.exe,-5006 : System Configuration +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@c:\windows\system32\miguiresource.dll,-101 : Event Viewer +@c:\windows\system32\ieframe.dll,-912 : HTML Document +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@c:\windows\system32\unregmp2.exe,-9902 : Movie Clip +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@searchfolder.dll,-32822 : Everywhere +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@c:\windows\system32\dfrgui.exe,-103 : Defragment and Optimize Drives +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@c:\windows\system32\filemgmt.dll,-2204 : Services +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%windir%\system32\speech\speechux\sapi.cpl,-5556 : Dictate text and control your computer by voice. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%windir%\system32\miguiresource.dll,-202 : Schedule computer tasks to run automatically. +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@windows.storage.dll,-21825 : 3D Objects +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\browser.dll,-100 : Computer Browser +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@c:\windows\regedit.exe,-16 : Registry Editor +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\wdc.dll,-10025 : Diagnose performance issues and collect performance data. +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@c:\windows\system32\setupapi.dll,-2000 : Setup Information +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@c:\windows\system32\windows.storage.dll,-10152 : File folder +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-113 : Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-101 : Windows PowerShell ISE +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@c:\windows\system32\acppage.dll,-6003 : Windows Command Script +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\quickassist.exe,-807 : Connect to another user's computer to help troubleshoot problems +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%windir%\system32\miguiresource.dll,-102 : View monitoring and troubleshooting messages from windows and other programs. +@""c:\windows\system32\wusa.exe"",-102 : n/a +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@c:\windows\system32\quickassist.exe,-806 : Quick Assist +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@c:\windows\system32\wdc.dll,-10030 : Resource Monitor +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\xpsrchvw.exe,-103 : View, digitally sign, and set permissions for XPS documents +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@c:\windows\system32\notepad.exe,-469 : Text Document +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@c:\windows\system32\mstsc.exe,-4004 : Remote Desktop Connection +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@c:\windows\system32\ieframe.dll,-12385 : Favorites Bar +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@iphlpsvc.dll,-502 : Core Networking - Teredo (ICMPv6-In) +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@comres.dll,-2450 : COM+ Event System +@c:\windows\system32\msimsg.dll,-35 : Windows Installer Patch +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@c:\windows\system32\fxsresm.dll,-114 : Windows Fax and Scan +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%windir%\immersivecontrolpanel\systemsettings.exe,-651 : Change settings and customize the functionality of your computer +@searchfolder.dll,-32820 : Indexed Locations +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\mycomput.dll,-112 : Manages disks and provides access to other tools to manage local and remote computers. +@c:\windows\system32\cabview.dll,-20 : Cabinet File +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\taskmgr.exe,-33551 : Manage running apps and view system performance +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@c:\program files\windows nt\accessories\wordpad.exe,-300 : Office Open XML Document +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\srvsvc.dll,-100 : Server +@c:\windows\system32\msimsg.dll,-34 : Windows Installer Package +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%windir%\system32\iscsicpl.dll,-5002 : Connect to remote iSCSI targets and configure connection settings. +@%systemroot%\system32\recoverydrive.exe,-600 : Create a recovery drive +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@c:\windows\system32\windows.ui.immersive.dll,-38304 : Public Account Pictures +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\msinfo32.exe,-130 : Display detailed information about your computer. +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@c:\windows\system32\speech\speechux\sapi.cpl,-5555 : Windows Speech Recognition +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@c:\windows\system32\zipfldr.dll,-10195 : Compressed (zipped) Folder +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@c:\windows\system32\searchfolder.dll,-9023 : Saved Search +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@c:\windows\system32\mycomput.dll,-300 : Computer Management +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@c:\windows\system32\odbcint.dll,-1694 : ODBC Data Sources (64-bit) +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@c:\windows\system32\comres.dll,-3410 : Component Services +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@c:\windows\system32\miguiresource.dll,-201 : Task Scheduler +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search + +MUICache report attached. + +fc79a6426bb154bc0df02420463d5679 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-18 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004 +C:\\$Recycle.Bin\\S-1-5-18\. +C:\\$Recycle.Bin\\S-1-5-18\.. +C:\\$Recycle.Bin\\S-1-5-18\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.0.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.1.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\BKD-7369089468.pdf +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Crypto-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Encoding-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-ODBC-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Socket-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-SQLite3-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\NET462Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\setup.log +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2012U4Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2015SP3Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\Wow64Bundle.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Serials.txt +C:\\Users\Cinnabon\Downloads\ChromeSetup.exe +C:\\Users\Cinnabon\Downloads\desktop.ini +C:\\Users\Cinnabon\Downloads\VSE\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._DAT Files +C:\\Users\Cinnabon\Downloads\VSE\._Icon +C:\\Users\Cinnabon\Downloads\VSE\._VSE-Patch6 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8-Patch7 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8P8 +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._Icon +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\CM-217339-avvepo8502dat.zip +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\Icon +C:\\Users\Cinnabon\Downloads\VSE\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203111-VSE880LMLRP6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203112-VSE880P6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._VSE-Patch 8 HF +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\epo45_help_vse_880.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\ePOPolicyMigration.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\example.sms +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\FramePkg_UPD.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\mcavscv.scv +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\msistrings.bin +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_DE.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_EN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ES.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_FR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_IT.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_JA.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_KO.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_NL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PT_BR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_RU.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_SV.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_CN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_TW.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SetupVSE.Exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SignLic.Txt +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInstX64.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCAN8800(448).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCANREPORTS120(272).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880.msi +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Install.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\WindowsInstaller-KB893803-v2-x86.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205723-VSE880P7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\deferred.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\immediate.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Patch8.msp +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCAN8800(511).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCANREPORTS120(311).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\Icon +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\autorun.inf +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\Autologon.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\DownloadLinks.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.cpp +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\unzip.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\builddate.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CleanupRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CreateUpdateAdminAndEnableAutoLogon.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\FinalizationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\InitializationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\SetUpdatesPerStage.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DeleteUpdateAdmin.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineFileVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineRegVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineSystemProperties.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineTempAdminSID.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DoUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallListedUpdates.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOfficeUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOSUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListInstalledUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListMissingUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdateFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdatesToInstall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareShowLogFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\RecallStub.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SafeRmDir.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SetTargetEnvVars.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\Sleep.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\TouchMSITree.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-DEU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-ENU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\ExcludeList.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\HideList-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-cpp.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-w100-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-win-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-wsus.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-Q.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-qn.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\software\custom\InstallCustomSoftware.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateFiles-modified.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie10-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie9-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k10.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k13.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k16.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k7.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-rdc-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd1.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd2.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w62.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w63.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\Update.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.ini +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_bb12a14ec3891ec0a9e24edb529632263783d389.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_f4fc9775baa98c176f43e87c40088231a884122b.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_d95e56e499e2c281a1f59585221dc891253414c7.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_e3da65fe753d24a1759cdd029028cde743a62a23.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173428-x64_52fa3686737353fae20ab55fa9c924bd90558a31.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3181403-x64_6d9c9524471412a0ed566f739a403cd9a35649ed.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4022405-x64_cb1286f2547dd21a06f1ec5b9a55769a7227b371.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4023834-x64_1f2af418b6f9dafb593f5ce89b4e0783057102b2.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038781-x64_9adb5d5773dadc9f7c59b6a431824308fc1f9ae9.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038782-x64_a8dac961b659c8c7c8b95418f6c7864dcca8637d.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038783-x64_0c20869770acf7590a72ded6e894f29818707539.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038788-x64_93253f3a31f18f4aee3a8774646770827037cf15.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_1acfe2e753a7b7baae92aa85fa77ab72aac6cc4f.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_25a23a36a094d81d15adc2979fdae0c9053d6444.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_45b3c4f2a262fd1846527738b455d318cde392e0.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_a3bae1ebb5c8403c913a3264933f17398ee4eee1.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\wsus\wsusscn2.cab +C:\\Users\dbingham\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\ChromeSetup (07282023).exe +C:\\Users\DEGTHAT\Downloads\ChromeSetup.exe +C:\\Users\DEGTHAT\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\Nessus-10.0.2-x64.msi +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\2023\Soteria-Test-2023-11-5.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audit_warehouse.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA-asr_audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\nessus-bug-report-20230731T202523Z.txt +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\SCAP scan_timing_yygqya.csv +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\Sign_Audit-Windows-1.0.0.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\SCAP scan_hyvoh9.html +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\win2022.xccdf.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\SCAP-Windows2022.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Firewall_V2R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2016_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2019_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-2 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-3 Patchscan.nessus +C:\\Users\Public\Downloads\desktop.ini +C:\\Users\tester\Downloads\desktop.ini + +Download folder content report attached. + +d6f7dce04dda650320417eca8df27716 + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. + +Extended userassist report attached. + +129e3791c945e7d34ad712369a5b0c69 + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware Virtual Platform + Computer SerialNumber : VMware-56 4d 08 16 6f dd f4 c4-ef 6c 97 cc 2b 5c 7e f8 + Computer Type : Other + + Computer Physical CPU's : 1 + Computer Logical CPU's : 2 + CPU0 + Architecture : x64 + Physical Cores: 2 + Logical Cores : 2 + + Computer Memory : 8191 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 8192 MB + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin uses WMI to enumerate Bluetooth network adapters that are enabled on the remote host. +wmi_enum_bluetooth_network_adapters.nbin +2024/01/16 +WMI Bluetooth Network Adapter Enumeration +2010/01/08 +local +None +1.204 +https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-networkadapter +n/a +The remote Windows host has a Bluetooth network adapter enabled. + +Here is the list of Bluetooth network adapters enabled on the remote +system : + ++ [00000002] Bluetooth Device (Personal Area Network) + + - System Name : WKS2-SOTERIA + - Service Name : BthPan + - Product Name : Bluetooth Device (Personal Area Network) + - Name : Bluetooth Device (Personal Area Network) + - Manufacturer : Microsoft + - MAC Address : E0:D0:45:67:CB:CB + + + + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-544 +Members : + Name : Administrator + Domain : WKS2-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Name : Cinnabon + Domain : WKS2-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Name : DEGTHAT + Domain : WKS2-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Name : tester + Domain : WKS2-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Name : dbingham + Domain : WKS2-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + +Group Name : Backup Operators +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-551 +Members : + +Group Name : Cryptographic Operators +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-569 +Members : + +Group Name : Distributed COM Users +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-546 +Members : + Name : Visitor + Domain : WKS2-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + +Group Name : Hyper-V Administrators +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-568 +Members : + Name : IUSR + Domain : WKS2-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-17 + +Group Name : Network Configuration Operators +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-558 +Members : + +Group Name : Power Users +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-547 +Members : + +Group Name : Remote Desktop Users +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-552 +Members : + +Group Name : System Managed Accounts Group +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : WKS2-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + +Group Name : Users +Host Name : WKS2-SOTERIA +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : WKS2-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : WKS2-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-11 + + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d 08 16 6f dd f4 c4-ef 6c 97 cc 2b 5c 7e f8 + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware Virtual Platform + - UUID : 16084D56-DD6F-C4F4-EF6C-97CC2B5C7EF8 + - Version : None + + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.5 + Driver Date : 08/25/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +windows +True +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI. +wmi_enum_qfes.nbin +2024/01/16 +WMI QuickFixEngineering (QFE) Enumeration +2011/02/16 +local +None +1.220 +http://www.nessus.org/u?0c4ec249 +n/a +The remote Windows host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + ++ KB5033918 + - Description : Update + - InstalledOn : 1/30/2024 + ++ KB5028853 + - Description : Update + - InstalledOn : 7/28/2023 + ++ KB5011048 + - Description : Update + - InstalledOn : 7/31/2023 + ++ KB5012170 + - Description : Security Update + - InstalledOn : 7/28/2023 + ++ KB5015684 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5031356 + - Description : Security Update + - InstalledOn : 11/5/2023 + ++ KB5018506 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5020372 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5028318 + - Description : Update + - InstalledOn : 7/28/2023 + ++ KB5031539 + - Description : Update + - InstalledOn : 11/5/2023 + +Note that for detailed information on installed QFE's such as InstalledBy, Caption, +and so on, please run the scan with 'Report Verbosity' set to 'verbose'. + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - Internet-Explorer-Optional-amd64 + - MSRDC-Infrastructure + - MediaPlayback + - NetFx4-AdvSrvs + - Printing-Foundation-Features + - Printing-Foundation-InternetPrinting-Client + - Printing-PrintToPDFServices-Features + - SMB1Protocol + - SMB1Protocol-Client + - SMB1Protocol-Deprecation + - SMB1Protocol-Server + - SearchEngine-Client-Package + - WCF-Services45 + - WCF-TCP-PortSharing45 + - WindowsMediaPlayer + - WorkFolders-Client + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.3570.19041.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.19045 +Architecture = x64 +Build lab extended = 19041.1.amd64fre.vb_release.191206-1406 + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 516). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3324). + +This process 'svchost.exe' (pid 3324) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 4128). + +This process 'svchost.exe' (pid 4128) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2708). + +This process 'spoolsv.exe' (pid 2708) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2464). + +This process 'svchost.exe' (pid 2464) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1372). + +This process 'svchost.exe' (pid 1372) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 756). + +This process 'svchost.exe' (pid 756) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2324). + +This process 'svchost.exe' (pid 2324) is hosting the following Windows services : +SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1676). + +This process 'svchost.exe' (pid 1676) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 904). + +This process 'svchost.exe' (pid 904) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2464). + +This process 'svchost.exe' (pid 2464) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2620). + +This process 'svchost.exe' (pid 2620) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 676). + +This process 'lsass.exe' (pid 676) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 4208). + +This process 'svchost.exe' (pid 4208) is hosting the following Windows services : +DoSvc (@%systemroot%\system32\dosvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 4684). + +This process 'svchost.exe' (pid 4684) is hosting the following Windows services : +PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3224). + +This process 'svchost.exe' (pid 3224) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 756). + +This process 'svchost.exe' (pid 756) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1628). + +This process 'svchost.exe' (pid 1628) is hosting the following Windows services : +FDResPub (@%systemroot%\system32\fdrespub.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 2204). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 4128). + +This process 'svchost.exe' (pid 4128) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 656). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1472). + +This process 'svchost.exe' (pid 1472) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1628). + +This process 'svchost.exe' (pid 1628) is hosting the following Windows services : +FDResPub (@%systemroot%\system32\fdrespub.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 2204). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3324). + +This process 'svchost.exe' (pid 3324) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2620). + +This process 'svchost.exe' (pid 2620) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: tester + SID: S-1-5-21-1536193852-1370433935-2390261316-1003 + DisableCMD: Unset + +Username: DEGTHAT + SID: S-1-5-21-1536193852-1370433935-2390261316-1002 + DisableCMD: Unset + +Username: DefaultAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-503 + DisableCMD: Unset + +Username: Cinnabon + SID: S-1-5-21-1536193852-1370433935-2390261316-1001 + DisableCMD: Unset + +Username: dbingham + SID: S-1-5-21-1536193852-1370433935-2390261316-1004 + DisableCMD: Unset + +Username: Administrator + SID: S-1-5-21-1536193852-1370433935-2390261316-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-504 + DisableCMD: Unset + +Username: Visitor + SID: S-1-5-21-1536193852-1370433935-2390261316-501 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : Administrator + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : Cinnabon + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : dbingham + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : DefaultAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : DEGTHAT + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : tester + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Visitor + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 8 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 34 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 1900/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 61213/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 54681/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 54679/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5050/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3702/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49739/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49672/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49671/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 7680/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5357/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5040/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:0C:29:5C:7E:F8 + - IPAddress/IPSubnet = 192.168.40.32/255.255.255.0 + - IPAddress/IPSubnet = fe80::8b38:ab48:d081:8877/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.32 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows 10 Enterprise + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** +- NULL sessions may be enabled on the remote host. + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +The remote Operating System is : Windows 10 Enterprise 19045 +The remote native LAN manager is : Windows 10 Enterprise 6.3 +The remote SMB Domain Name is : WKS2-SOTERIA + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 4 NetBIOS names have been gathered : + + WKS2-SOTERIA = Computer name + SOTERIA = Workgroup / Domain name + WKS2-SOTERIA = File Server Service + SOTERIA = Browser Service Elections + +The remote host has the following MAC address on its adapter : + + 00:0c:29:5c:7e:f8 + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49672 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Remote RPC service +TCP Port : 49672 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49671 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49671 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.32 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.32 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Remote RPC service +Named pipe : \PIPE\ROUTER +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \pipe\SessEnvPublicRpc +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS2-SOTERIA + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS2-SOTERIA + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS2-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS2-SOTERIA + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : OLEC08B10D836589360C90EA75889E5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : LRPC-71d9463f74e99a147f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7a20fcec-dec4-4c59-be57-212e8f65d3de, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9341098b836b01db19 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0 +Description : Unknown RPC service +Annotation : LicenseManager +Type : Local RPC service +Named pipe : LicenseServiceEndpoint + +Object UUID : f9b56f16-5179-4138-b0a5-9d855df5cf46 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-06bede88eb71865aec + +Object UUID : cd5e38b1-acd8-4771-9cf6-b577e4d4f648 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-06bede88eb71865aec + +Object UUID : ec56371f-1213-4628-b85e-f55edd69879f +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-06bede88eb71865aec + +Object UUID : b44102f7-8414-41aa-bec8-8d29ffa355c5 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLEE7C4E242ACC8B843FD77B6245F48 + +Object UUID : b44102f7-8414-41aa-bec8-8d29ffa355c5 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-5e9f97856ae91996ba + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : be6293d3-2827-4dda-8057-8588240124c9, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-47c41b8f6caef5ab60 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-47c41b8f6caef5ab60 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : RasmanLrpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : VpnikeRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : LRPC-92e0313442b92f4d5f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e35a8445a244ceeeac + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c27f3c08-92ba-478c-b446-b419c4cef0e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7e62f968ed04002c5b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5159f8b4e71bf447fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5159f8b4e71bf447fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5159f8b4e71bf447fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5159f8b4e71bf447fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5159f8b4e71bf447fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5159f8b4e71bf447fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5159f8b4e71bf447fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-d6ef9a4c67e1aee061 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-d6ef9a4c67e1aee061 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-47c3ff28c93a381a49 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-a1882816f18ef8e20b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-a1882816f18ef8e20b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-a1882816f18ef8e20b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-a1882816f18ef8e20b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLE6E22B3CA843F8D38E8B164186F66 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-ae5833d13243b4c85a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-ae5833d13243b4c85a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-641a8f277b4a67bd09 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-ae5833d13243b4c85a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-641a8f277b4a67bd09 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-9ce9059be09113044d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-ae5833d13243b4c85a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-641a8f277b4a67bd09 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-9ce9059be09113044d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-a97a90009fd9b9c311 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9CBEBF26CD8D062D64D9DD38B7C6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-112e8dd6d56a05436f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9CBEBF26CD8D062D64D9DD38B7C6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-112e8dd6d56a05436f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9CBEBF26CD8D062D64D9DD38B7C6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-112e8dd6d56a05436f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9CBEBF26CD8D062D64D9DD38B7C6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-112e8dd6d56a05436f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9CBEBF26CD8D062D64D9DD38B7C6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-112e8dd6d56a05436f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9CBEBF26CD8D062D64D9DD38B7C6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-112e8dd6d56a05436f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-119c8fee6e4f18b31e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : f39bc43b-6d0f-4122-990c-0e8094af0f57 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0 +Description : SSDP service +Windows process : unknow +Type : Local RPC service +Named pipe : LRPC-74afeaa977b5419ee7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-fa9f061a0e8b676cf8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fa9f061a0e8b676cf8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fa9f061a0e8b676cf8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fa9f061a0e8b676cf8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fa9f061a0e8b676cf8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-c4402cd63e77422c75 + +Object UUID : 73736573-6f69-656e-6e76-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-90b9f02407de50740b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-90b9f02407de50740b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : SessEnvPrivateRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaplg + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaapi + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-cf6d28325d44ff5e2b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-cf6d28325d44ff5e2b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-cf6d28325d44ff5e2b + +Object UUID : 49541cea-a719-4e75-8d58-a3a7bfff960e +UUID : 850cee52-3038-4277-b9b4-e05db8b2c35c, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Association RPC Interface +Type : Local RPC service +Named pipe : LRPC-bc452a6c53b9b8af98 + +Object UUID : 80b4038a-1d09-4c05-b1b6-249a4c2e0736 +UUID : a1d4eae7-39f8-4bca-8e72-832767f5082a, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Inbound RPC Interface +Type : Local RPC service +Named pipe : LRPC-bc452a6c53b9b8af98 + +Object UUID : 145857ef-d848-4a7e-b544-c1984d26cf05 +UUID : 2e7d4935-59d2-4312-a2c8-41900aa5495f, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Challenge RPC Interface +Type : Local RPC service +Named pipe : LRPC-bc452a6c53b9b8af98 + +Object UUID : 289e5e0f-414a-4de9-8d17-244507fffc07 +UUID : bd84cd86-9825-4376-813d-334c543f89b1, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Query RPC Interface +Type : Local RPC service +Named pipe : LRPC-bc452a6c53b9b8af98 + +Object UUID : 1475c123-1193-4379-81ac-302c4383421d +UUID : 5b665b9a-a086-4e26-ae24-96ab050b0ec3, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework AEP Store Access RPC Interface +Type : Local RPC service +Named pipe : LRPC-bc452a6c53b9b8af98 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-82ddb9d67a231eba16 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-729d42e4eebb740a6d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEDD14652934F4493779E0DB0E3535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-bd9cf196714ecbc0e4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEDD14652934F4493779E0DB0E3535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-bd9cf196714ecbc0e4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-afab4f0a867fdff7ef + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA08BFEEF763E4D02FC0076DDE29F + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307e41f9ef3b300ae3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-a54a5819b23d583294 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-a54a5819b23d583294 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-a54a5819b23d583294 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a54a5819b23d583294 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e4b4588bef5b5b0216 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a54a5819b23d583294 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e4b4588bef5b5b0216 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a54a5819b23d583294 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e4b4588bef5b5b0216 + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9E729208655B172C9D6354DB3635 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ab96b894c40030650a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9E729208655B172C9D6354DB3635 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ab96b894c40030650a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22c5a0b664e5044b65 + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9E729208655B172C9D6354DB3635 + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ab96b894c40030650a + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22c5a0b664e5044b65 + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c70ae4270be0b5e7a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9E729208655B172C9D6354DB3635 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ab96b894c40030650a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-22c5a0b664e5044b65 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c70ae4270be0b5e7a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-bfdc2a8b3067bff50b + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c07b664b812d580ae + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1f6abf42f01b1f8328 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-2c07b664b812d580ae + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLE6F5299460193DB93678F7EC6281E + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-4ef4a5d301517bb7ce + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1fc0bf704ff7bd9012 + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-bd094a168ff35e9b7e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-bd094a168ff35e9b7e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-86238e86d7672b1c1c + +Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001 +UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c1e9ce04eaf29defb8 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0C0521 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-ffe8c4db326a416a0c + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-378096999cd3402fad + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-378096999cd3402fad + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ffb2c59e008d70373f + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-378096999cd3402fad + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ffb2c59e008d70373f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-378096999cd3402fad + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ffb2c59e008d70373f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8ad244fa6a68520c4e + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e42f95158bf8899bef + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEA5F811D9697535D3D340062188B0 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f814e7b37af3d1fcc1 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-378096999cd3402fad + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ffb2c59e008d70373f + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8ad244fa6a68520c4e + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BD810 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BD810 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + +CVE-2023-28303 +1 +Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse): Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later. +CVE-2023-36773, CVE-2023-36772, CVE-2023-36771, CVE-2023-36770, CVE-2023-23390, CVE-2023-23377 +6 +Microsoft 3D Viewer app Multiple Remote Code Execution Vulnerabilities (September 2023): Update to the latest Microsoft 3D Viewer app via the Windows App Store. +1706649321 +Tue Jan 30 13:15:21 2024 +115 +CVE-2024-0814, CVE-2024-0813, CVE-2024-0812, CVE-2024-0811, CVE-2024-0810, CVE-2024-0809, CVE-2024-0808, CVE-2024-0807, CVE-2024-0806, CVE-2024-0805, CVE-2024-0804, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996 +40 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities: Upgrade to Google Chrome version 121.0.6167.85 or later. +CVE-2023-44372, CVE-2023-44371, CVE-2023-44367, CVE-2023-44366, CVE-2023-44365, CVE-2023-44361, CVE-2023-44360, CVE-2023-44359, CVE-2023-44358, CVE-2023-44357, CVE-2023-44356, CVE-2023-44348, CVE-2023-44340, CVE-2023-44339, CVE-2023-44338, CVE-2023-44337, CVE-2023-44336 +17 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54): Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +1706649315 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"WKS1-Soteria","sources":["get_host_fqdn()"]}] +3A:1B:20:52:41:53 +4C:2E:20:52:41:53 +5C:E8:20:52:41:53 +E0:D0:45:67:CB:CB +00:0C:29:13:CB:E7 +general-purpose +Microsoft Windows 10 Enterprise Build 19045 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-01-30","Signature version":"1.403.2952.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +7caede5aa2b0481b927e60cdb7ee1b3e +SOTERIA +WKS1-SOTERIA +44C14D56-4BEE-94BE-1A33-9FF47413CBE7 +WKS1-SOTERIA +[{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 5},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 2}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1460: + P3:B11121:F0x04:W0:O0:M0 + P4:190704_7_p=49675 +WKS1-Soteria +true +192.168.40.11\degthat +smb +192.168.40.11 +1706647522 +Tue Jan 30 12:45:22 2024 + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 4 actions : + + +[ Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) (185553) ] + ++ Action to take : Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. + ++Impact : Taking this action will resolve 17 different vulnerabilities (CVEs). + + + +[ Google Chrome < 121.0.6167.85 Multiple Vulnerabilities (189460) ] + ++ Action to take : Upgrade to Google Chrome version 121.0.6167.85 or later. + ++Impact : Taking this action will resolve 40 different vulnerabilities (CVEs). + + + +[ Microsoft 3D Viewer app Multiple Remote Code Execution Vulnerabilities (September 2023) (181297) ] + ++ Action to take : Update to the latest Microsoft 3D Viewer app via the Windows App Store. + ++Impact : Taking this action will resolve 6 different vulnerabilities (CVEs). + + + +[ Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse) (177217) ] + ++ Action to take : Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later. + + + + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202401301519 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria WKS scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.212 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 5.001 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.11\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/1/30 12:45 Pacific Standard Time +Scan duration : 1777 sec +Scan for malware : no + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : SMBv2 is enabled. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : SMBv1 is enabled. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : is enabled with Secure Boot. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : is disabled. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : is disabled. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. +AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-1536193852-1370433935-2390261316-1002 + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\WINDOWS\system32\mshtml.dll + Version : 11.0.19041.3930 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-01-30T15:26:22-05:00 (20240130152622.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv1 + SMBv2 + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.2952.0 + Antispyware signature version : 1.403.2952.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows 10 22H2 + Vendor : Microsoft + Product : Windows + Release : 10 22H2 + Edition : Enterprise + Version : 10.0.19045.3930 + Extended Support : Version and Edition + Role : client + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_10_22h2:10.0.19045.3930:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930:-:any:*:enterprise:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Jan. 30, 2024 at 11:12:00 GMT + Malware Signature Version : 1.403.2952.0 + Signatures Last Updated : Jan. 30, 2024 at 20:37:29 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + AdobeARMservice startup parameters : + Display name : Adobe Acrobat Update Service + Service name : AdobeARMservice + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DusmSvc startup parameters : + Display name : Data Usage + Service name : DusmSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/fileinfo/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\sppsvc.exe + Dependencies : RpcSs/ + + stisvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : stisvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + uhssvc startup parameters : + Display name : Microsoft Update Health Service + Service name : uhssvc + Log on as : LocalSystem + Executable path : "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" + Dependencies : EventLog/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vm3dservice.exe + + wscsvc startup parameters : + Display name : Security Center + Service name : wscsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AssignedAccessManagerSvc startup parameters : + Display name : AssignedAccessManager Service + Service name : AssignedAccessManagerSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AssignedAccessManagerSvc + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + BDESVC startup parameters : + Display name : BitLocker Drive Encryption Service + Service name : BDESVC + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + BTAGService startup parameters : + Display name : Bluetooth Audio Gateway Service + Service name : BTAGService + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : rpcss/ + + Browser startup parameters : + Display name : Computer Browser + Service name : Browser + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : LanmanWorkstation/LanmanServer/ + + BthAvctpSvc startup parameters : + Display name : AVCTP service + Service name : BthAvctpSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + DisplayEnhancementService startup parameters : + Display name : Display Enhancement Service + Service name : DisplayEnhancementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\lsass.exe + Dependencies : RPCSS/ + + Eaphost startup parameters : + Display name : Extensible Authentication Protocol + Service name : Eaphost + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + Fax startup parameters : + Display name : Fax + Service name : Fax + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\fxssvc.exe + Dependencies : TapiSrv/RpcSs/Spooler/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + GameInputSvc startup parameters : + Display name : GameInput Service + Service name : GameInputSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\GameInputSvc.exe + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.105\elevation_service.exe" + Dependencies : RPCSS/ + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + IpxlatCfgSvc startup parameters : + Display name : IP Translation Configuration Service + Service name : IpxlatCfgSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nsi/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + LxpSvc startup parameters : + Display name : Language Experience Service + Service name : LxpSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\elevation_service.exe" + Dependencies : RPCSS/ + + MixedRealityOpenXRSvc startup parameters : + Display name : Windows Mixed Reality OpenXR Service + Service name : MixedRealityOpenXRSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + NaturalAuthentication startup parameters : + Display name : Natural Authentication + Service name : NaturalAuthentication + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/Schedule/ + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NcdAutoSetup startup parameters : + Display name : Network Connected Devices Auto-Setup + Service name : NcdAutoSetup + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : netprofm/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PNRPAutoReg startup parameters : + Display name : PNRP Machine Name Publication Service + Service name : PNRPAutoReg + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : pnrpsvc/ + + PNRPsvc startup parameters : + Display name : Peer Name Resolution Protocol + Service name : PNRPsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PeerDistSvc startup parameters : + Display name : BranchCache + Service name : PeerDistSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k PeerDist + Dependencies : http/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PhoneSvc startup parameters : + Display name : Phone Service + Service name : PhoneSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RetailDemo startup parameters : + Display name : Retail Demo Service + Service name : RetailDemo + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k rdxgroup + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SDRSVC startup parameters : + Display name : Windows Backup + Service name : SDRSVC + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k SDRSVC + Dependencies : RPCSS/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\snmptrap.exe + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\SensorDataService.exe + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + SharedRealitySvc startup parameters : + Display name : Spatial Data Service + Service name : SharedRealitySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + SmsRouter startup parameters : + Display name : Microsoft Windows SMS Router Service. + Service name : SmsRouter + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TapiSrv startup parameters : + Display name : Telephony + Service name : TapiSrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\WINDOWS\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/ + + TroubleshootingSvc startup parameters : + Display name : Recommended Troubleshooting Service + Service name : TroubleshootingSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\WINDOWS\servicing\TrustedInstaller.exe + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\vssvc.exe + Dependencies : RPCSS/ + + VacSvc startup parameters : + Display name : Volumetric Audio Compositor Service + Service name : VacSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\lsass.exe + Dependencies : rpcss/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WFDSConMgrSvc startup parameters : + Display name : Wi-Fi Direct Services Connection Manager Service + Service name : WFDSConMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WManSvc startup parameters : + Display name : Windows Management Service + Service name : WManSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k appmodel -p + + WarpJITSvc startup parameters : + Display name : WarpJITSvc + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + WebClient startup parameters : + Display name : WebClient + Service name : WebClient + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : MRxDAV/ + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + WlanSvc startup parameters : + Display name : WLAN AutoConfig + Service name : WlanSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : nativewifip/RpcSs/Ndisuio/wcmsvc/ + + WpcMonSvc startup parameters : + Display name : Parental Controls + Service name : WpcMonSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService + + WwanSvc startup parameters : + Display name : WWAN AutoConfig + Service name : WwanSvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/NdisUio/ + + XblAuthManager startup parameters : + Display name : Xbox Live Auth Manager + Service name : XblAuthManager + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + XblGameSave startup parameters : + Display name : Xbox Live Game Save + Service name : XblGameSave + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/XblAuthManager/ + + XboxGipSvc startup parameters : + Display name : Xbox Accessory Management Service + Service name : XboxGipSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + XboxNetApiSvc startup parameters : + Display name : Xbox Live Networking Service + Service name : XboxNetApiSvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/mpssvc/IKEEXT/KeyIso/ + + autotimesvc startup parameters : + Display name : Cellular Time + Service name : autotimesvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k autoTimeSvc + Dependencies : rpcss/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k appmodel -p + + cloudidsvc startup parameters : + Display name : Microsoft Cloud Identity Service + Service name : cloudidsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\system32\svchost.exe -k CloudIdServiceGroup -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + diagsvc startup parameters : + Display name : Diagnostic Execution Service + Service name : diagsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k diagnostics + Dependencies : RpcSs/ + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + fhsvc startup parameters : + Display name : File History Service + Service name : fhsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + icssvc startup parameters : + Display name : Windows Mobile Hotspot Service + Service name : icssvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/wcmsvc/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + p2pimsvc startup parameters : + Display name : Peer Networking Identity Manager + Service name : p2pimsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + + p2psvc startup parameters : + Display name : Peer Networking Grouping + Service name : p2psvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet + Dependencies : p2pimsvc/PNRPSvc/ + + perceptionsimulation startup parameters : + Display name : Windows Perception Simulation Service + Service name : perceptionsimulation + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe + Dependencies : rpcss/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\WINDOWS\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + spectrum startup parameters : + Display name : Windows Perception Service + Service name : spectrum + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\spectrum.exe + Dependencies : rpcss/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicrdv startup parameters : + Display name : Hyper-V Remote Desktop Virtualization Service + Service name : vmicrdv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k ICService -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\dllhost.exe /Processid:{DD4428D1-2D73-4BB8-A341-3A0835CFCC07} + Dependencies : rpcss/ + + wbengine startup parameters : + Display name : Block Level Backup Engine Service + Service name : wbengine + Log on as : localSystem + Executable path : "C:\WINDOWS\system32\wbengine.exe" + + wcncsvc startup parameters : + Display name : Windows Connect Now - Config Registrar + Service name : wcncsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wlpasvc startup parameters : + Display name : Local Profile Assistant Service + Service name : wlpasvc + Log on as : NT Authority\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : WwanSvc/RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\WINDOWS\system32\wbem\WmiApSrv.exe + + workfolderssvc startup parameters : + Display name : Work Folders + Service name : workfolderssvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/wsearch/ + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + DialogBlockingService startup parameters : + Display name : DialogBlockingService + Service name : DialogBlockingService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k DialogBlockingService + + MsKeyboardFilter startup parameters : + Display name : Microsoft Keyboard Filter + Service name : MsKeyboardFilter + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\svchost.exe -k netsvcs -p + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\WINDOWS\system32\AgentService.exe + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\WINDOWS\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\WINDOWS\system32\svchost.exe -k LocalService -p + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\DEGTHAT + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +Adobe Acrobat Update Service [ AdobeARMservice ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +Base Filtering Engine [ BFE ] +Background Intelligent Transfer Service [ BITS ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Computer Browser [ Browser ] +Bluetooth Audio Gateway Service [ BTAGService ] +AVCTP service [ BthAvctpSvc ] +Bluetooth Support Service [ bthserv ] +Connected Devices Platform Service [ CDPSvc ] +Certificate Propagation [ CertPropSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +Device Association Service [ DeviceAssociationService ] +DHCP Client [ Dhcp ] +Connected User Experiences and Telemetry [ DiagTrack ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Delivery Optimization [ DoSvc ] +Diagnostic Policy Service [ DPS ] +Device Setup Manager [ DsmSvc ] +Data Usage [ DusmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Font Cache Service [ FontCache ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +Windows License Manager Service [ LicenseManager ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +Network Connection Broker [ NcbService ] +Network Connected Devices Auto-Setup [ NcdAutoSetup ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Access Connection Manager [ RasMan ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +SSDP Discovery [ SSDPSRV ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +State Repository Service [ StateRepository ] +Windows Image Acquisition (WIA) [ stisvc ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Remote Desktop Services [ TermService ] +Themes [ Themes ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Microsoft Update Health Service [ uhssvc ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic Service Host [ WdiServiceHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Push Notifications System Service [ WpnService ] +Security Center [ wscsvc ] +Windows Search [ WSearch ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Information [ Appinfo ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +AssignedAccessManager Service [ AssignedAccessManagerSvc ] +Cellular Time [ autotimesvc ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +BitLocker Drive Encryption Service [ BDESVC ] +Capability Access Manager Service [ camsvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Microsoft Cloud Identity Service [ cloudidsvc ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Diagnostic Execution Service [ diagsvc ] +DialogBlockingService [ DialogBlockingService ] +Display Enhancement Service [ DisplayEnhancementService ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Wired AutoConfig [ dot3svc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ Eaphost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Fax [ Fax ] +File History Service [ fhsvc ] +Windows Camera Frame Server [ FrameServer ] +GameInput Service [ GameInputSvc ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +Group Policy Client [ gpsvc ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Windows Mobile Hotspot Service [ icssvc ] +Microsoft Store Install Service [ InstallService ] +IP Translation Configuration Service [ IpxlatCfgSvc ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Language Experience Service [ LxpSvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Windows Mixed Reality OpenXR Service [ MixedRealityOpenXRSvc ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +Microsoft Keyboard Filter [ MsKeyboardFilter ] +Natural Authentication [ NaturalAuthentication ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Peer Networking Identity Manager [ p2pimsvc ] +Peer Networking Grouping [ p2psvc ] +Program Compatibility Assistant Service [ PcaSvc ] +BranchCache [ PeerDistSvc ] +Windows Perception Simulation Service [ perceptionsimulation ] +Performance Counter DLL Host [ PerfHost ] +Phone Service [ PhoneSvc ] +Performance Logs & Alerts [ pla ] +PNRP Machine Name Publication Service [ PNRPAutoReg ] +Peer Name Resolution Protocol [ PNRPsvc ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Routing and Remote Access [ RemoteAccess ] +Retail Demo Service [ RetailDemo ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Windows Backup [ SDRSVC ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Spatial Data Service [ SharedRealitySvc ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +Microsoft Windows SMS Router Service. [ SmsRouter ] +SNMP Trap [ SNMPTRAP ] +Windows Perception Service [ spectrum ] +Software Protection [ sppsvc ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Telephony [ TapiSrv ] +Storage Tiers Management [ TieringEngineService ] +Recommended Troubleshooting Service [ TroubleshootingSvc ] +Windows Modules Installer [ TrustedInstaller ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +UPnP Device Host [ upnphost ] +Volumetric Audio Compositor Service [ VacSvc ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Remote Desktop Virtualization Service [ vmicrdv ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +Windows Update Medic Service [ WaaSMedicSvc ] +WalletService [ WalletService ] +WarpJITSvc [ WarpJITSvc ] +Block Level Backup Engine Service [ wbengine ] +Windows Biometric Service [ WbioSrvc ] +Windows Connect Now - Config Registrar [ wcncsvc ] +Diagnostic System Host [ WdiSystemHost ] +WebClient [ WebClient ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Wi-Fi Direct Services Connection Manager Service [ WFDSConMgrSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Insider Service [ wisvc ] +WLAN AutoConfig [ WlanSvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +Local Profile Assistant Service [ wlpasvc ] +Windows Management Service [ WManSvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Work Folders [ workfolderssvc ] +Parental Controls [ WpcMonSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Update [ wuauserv ] +WWAN AutoConfig [ WwanSvc ] +Xbox Live Auth Manager [ XblAuthManager ] +Xbox Live Game Save [ XblGameSave ] +Xbox Accessory Management Service [ XboxGipSvc ] +Xbox Live Networking Service [ XboxNetApiSvc ] + + + +windows +True +By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs). +smb_enum_share_permissions.nasl +2022/08/11 +Microsoft Windows SMB Share Permissions Enumeration +2012/07/25 +local +None +1.9 +https://technet.microsoft.com/en-us/library/bb456988.aspx +https://technet.microsoft.com/en-us/library/cc783530.aspx +n/a +It was possible to enumerate the permissions of remote network shares. + +Share path : \\WKS1-SOTERIA\print$ +Local path : C:\WINDOWS\system32\spool\drivers +Comment : Printer Drivers +[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9 + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: NO + FILE_GENERIC_EXECUTE: YES +[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff + FILE_GENERIC_READ: YES + FILE_GENERIC_WRITE: YES + FILE_GENERIC_EXECUTE: YES + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + D$ : + + - \Nessus\Nessus Professional License Information.docx + + + + +This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares. + +Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission. + +If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA. +smb_accessible_shares_copyrighted_content.nasl +2012/11/29 +Microsoft Windows SMB Share Hosting Possibly Copyrighted Material +2003/06/26 +local +None +$Revision: 1.41 $ +Delete the files infringing copyright. +The remote host may contain material (movies/audio) infringing copyright. + +Here is a list of files which have been found on the remote SMB shares. +Some of these files may contain copyrighted materials, such as commercial +movies or music files. + + + C$ : + +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.104.4001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Program Files\WindowsApps\Microsoft.XboxApp_48.55.9001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-GeoSpara-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Users\Cinnabon\Documents\AutoPlay Media Studio 8\Projects\Novetta-OS-LockDown-Tool\CD_Root\AutoPlay\Videos\Magnolia.mpg +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_A.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_B.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_C.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_D.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_E.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\f\lync_lobbywaiting.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3570_none_e6ae959588854f2b\r\lync_lobbywaiting.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3930.1.7\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3636_none_e69f3bd188919f86\f\lync_lobbywaiting.wma +C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3930.1.7\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3636_none_e69f3bd188919f86\r\lync_lobbywaiting.wma +C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_02.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_PRE_OUTRO_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_OUTRO.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_G.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_LOOP_F.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_INTRO.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Neutral_01_BREAK_01.wma +C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\AppCS\Assets\ModularMusic\Classic_00\music_Classic_00_PREVIEW_00.wma +C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe\Assets\Sounds\Nudge.wma + + + + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- D$ - (readable,writable) + + Content of this share : +bootTel.dat +DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit +JkDefragPortable +Nessus +Nessus.url +Netsparker-Info +Program Files (x86) +Results +Satismo-Lockdown-Tool.exe +scc-5.4.2_Windows_bundle +System Volume Information +U_MS_Windows_Firewall_V2R2_STIG_SCAP_1-2_Benchmark.zip +U_MS_Windows_Server_2016_V2R4_STIG_SCAP_1-2_Benchmark.zip +U_MS_Windows_Server_2019_V2R4_STIG_SCAP_1-2_Benchmark.zip +U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark +U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.zip + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +bootmgr +BOOTNXT +Documents and Settings +DumpStack.log.tmp +LD +MSOCache +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +Satismo-Lockdown-Tool.exe +Standalone-Windows-STIG-Script-master +swapfile.sys +System Volume Information +Users +Windows + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +addins +appcompat +apppatch +AppReadiness +assembly +bcastdvr +bfsvc.exe +BitLockerDiscoveryVolumeContents +Boot +bootstat.dat +Branding +CbsTemp +comsetup.log +Containers +CSC +Cursors +debug +diagerr.xml +diagnostics +DiagTrack +diagwrn.xml +DigitalLocker +Downloaded Program Files +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +GameBarPresenceWriter +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +IME +ImmersiveControlPanel +InboxApps +INF +InfusedApps +InputMethod +Installer +L2Schemas +LanguageOverlayCache +LiveKernelReports +Logs +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Professional.xml +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +SoftwareDistribution.bak +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - D$ + - IPC$ + - print$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - WKS1-SOTERIA\Administrator (User) + - WKS1-SOTERIA\Cinnabon (User) + - WKS1-SOTERIA\DEGTHAT (User) + - WKS1-SOTERIA\tester (User) + - WKS1-SOTERIA\dbingham (User) + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 10 +Password history len: 24 +Maximum password age (d): 90 +Password must meet complexity requirements: Enabled +Minimum password age (d): 1 +Forced logoff time (s): 0 +Locked account time (s): 900 +Time between failed logon (s): 900 +Number of invalid logon before locked out (s): 3 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user account has been disabled : + + - Administrator + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following user has a password that never expires : + + - Cinnabon + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - Administrator (id S-1-5-21-1536193852-1370433935-500, Built-in account for administering the computer/domain, Administrator account) + - Cinnabon (id S-1-5-21-1536193852-1370433935-1001) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft Shared Fax Driver --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSDRV.DLL + Version : 10.0.19041.3636 + Supported Platform : Windows x64 + +--- TP PS Driver 830A8AA0BE6248f28478A495CCC72E64 --- + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL + Version : 0.0.0.0 + Supported Platform : Windows x64 + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.19041.3803 + Supported Platform : Windows x64 + + Path : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.19041.3803 + Supported Platform : Windows NT x86 + +--- Brother Laser Type1 Class Driver --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_906f4b456b58c7f3\Amd64\mxdwdrv.dll + Version : 10.0.17119.1 + Supported Platform : Windows x64 + +--- Microsoft Print To PDF --- + + Path : C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_906f4b456b58c7f3\Amd64\mxdwdrv.dll + Version : 10.0.19041.1806 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +cpe:/a:adobe:reader +Adobe Reader is enabled in Internet Explorer. +adobe_reader_enabled_in_browser.nasl +2022/06/01 +Adobe Reader Enabled in Browser (Internet Explorer) +2013/05/20 +local +None +1.3 +Disable Adobe Reader unless it is needed. +The remote host has Adobe Reader enabled for Internet Explorer. +true + +Adobe Reader is enabled for the following SIDs : + S-1-5-21-1536193852-1370433935-2390261316-1002 + +Note that this check may be incomplete as Nessus can only check the +SIDs of logged on users. + + + + +cpe:/a:adobe:acrobat_reader +JavaScript is enabled in Adobe Reader. + +Note that Nessus can only check the SIDs of logged on users, and thus the results may be incomplete. +adobe_reader_javascript_enabled.nasl +2013/05/22 +JavaScript Enabled in Adobe Reader +2013/05/22 +local +None +$Revision: 1.1 $ +http://www.nessus.org/u?f30673d6 +Disable JavaScript in Adobe Reader unless it is needed. +The remote Windows host has JavaScript enabled in Adobe Reader. + +Nessus found JavaScript enabled for the following user and version +of Adobe Reader : + + Version DC for SID S-1-5-21-1536193852-1370433935-2390261316-1002 + + + +60 - 180 days +windows +cpe:/a:adobe:acrobat_reader +CVE-2023-44336 +CVE-2023-44337 +CVE-2023-44338 +CVE-2023-44339 +CVE-2023-44340 +CVE-2023-44348 +CVE-2023-44356 +CVE-2023-44357 +CVE-2023-44358 +CVE-2023-44359 +CVE-2023-44360 +CVE-2023-44361 +CVE-2023-44365 +CVE-2023-44366 +CVE-2023-44367 +CVE-2023-44371 +CVE-2023-44372 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-44372 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +125 +416 +787 +824 +The version of Adobe Reader installed on the remote Windows host is a version prior to 20.005.30539 or 23.006.20380. It is, therefore, affected by multiple vulnerabilities. + + - Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-44336, CVE-2023-44359, CVE-2023-44367, CVE-2023-44371, CVE-2023-44372) + + - Out-of-bounds Read (CWE-125) potentially leading to Arbitrary code execution (CVE-2023-44337, CVE-2023-44338) + + - Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-44365) + + - Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-44366) + + - Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-44339, CVE-2023-44340, CVE-2023-44348, CVE-2023-44356, CVE-2023-44357, CVE-2023-44358, CVE-2023-44360) + + - Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-44361) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +adobe_reader_apsb23-54.nasl +current +2023-A-0626 +2023/11/14 +2023/11/23 +Adobe Reader < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54) +2023/11/14 +local +Medium +High +1.2 +https://helpx.adobe.com/security/products/acrobat/apsb23-54.html +Upgrade to Adobe Reader version 20.005.30539 / 23.006.20380 or later. +I +The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2023/11/14 +IAVA:2023-A-0626 +CWE:125 +CWE:416 +CWE:787 +CWE:824 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Installed version : 23.6.20360.0 + Fixed version : 23.006.20380 + + + +windows +True +software_enumeration +cpe:/a:adobe:acrobat_reader +Adobe Reader, a PDF file viewer, is installed on the remote host. +adobe_reader_installed.nasl +0001-T-0524 +2022/10/10 +Adobe Reader Detection +2006/02/02 +local +None +1.34 +http://www.adobe.com/products/reader/ +n/a +There is a PDF file viewer installed on the remote Windows host. +IAVT:0001-T-0524 + + Path : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader + Version : 23.6.20360.0 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 01_2024 [KB5034122] + Cumulative Rollup : 12_2023 + Cumulative Rollup : 11_2023 + Cumulative Rollup : 10_2023 + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + + Latest effective update level : 01_2024 + File checked : C:\WINDOWS\system32\ntoskrnl.exe + File version : 10.0.19041.3930 + Associated KB : 5034122 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Microsoft-OneCore-ApplicationModel-Sync-Desktop-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-OneCore-ApplicationModel-Sync-Desktop-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Superseded +Release Type : Language Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3930 +State : Installed +Release Type : Language Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Feature Pack +Install Time : 12/7/2019 9:50 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : Foundation +Install Time : 12/7/2019 9:18 AM + +Package : Microsoft-Windows-Hello-Face-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Hello-Face-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.19041.3930 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Superseded +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3758 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3758 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.488 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/8/2022 5:00 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:52 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:54 AM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Printing-PMCPPC-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Printing-WFS-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-QuickAssist-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-QuickAssist-Package~31bf3856ad364e35~amd64~~10.0.19041.3758 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:51 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:52 PM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:52 PM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.19041.3758 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:52 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.19041.3930 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:52 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.19041.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 12/7/2019 9:53 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.3570 +State : Superseded +Release Type : OnDemand Pack +Install Time : 11/5/2023 11:47 PM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.3636 +State : Installed +Release Type : OnDemand Pack +Install Time : 1/30/2024 3:52 PM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9200.1 +State : Superseded +Release Type : Update +Install Time : 11/6/2023 2:51 AM + +Package : Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9214.4 +State : Installed +Release Type : Update +Install Time : 1/30/2024 2:06 PM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4645.5 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:00 PM + +Package : Package_for_KB5011048~31bf3856ad364e35~amd64~~10.0.9166.1 +State : Installed +Release Type : Update +Install Time : 7/31/2023 7:51 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~19041.1880.1.1 +State : Installed +Release Type : Security Update +Install Time : 7/28/2023 8:59 PM + +Package : Package_for_KB5015684~31bf3856ad364e35~amd64~~19041.1799.1.2 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:50 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3570.1.0 +State : Superseded +Release Type : Security Update +Install Time : 11/5/2023 11:47 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.3930.1.7 +State : Installed +Release Type : Security Update +Install Time : 1/30/2024 3:52 PM + +Package : Package_for_ServicingStack_2180~31bf3856ad364e35~amd64~~19041.2180.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 4:49 PM + +Package : Package_for_ServicingStack_2300~31bf3856ad364e35~amd64~~19041.2300.1.0 +State : Installed +Release Type : Update +Install Time : 12/8/2022 2:22 PM + +Package : Package_for_ServicingStack_3205~31bf3856ad364e35~amd64~~19041.3205.1.1 +State : Installed +Release Type : Update +Install Time : 7/28/2023 9:01 PM + +Package : Package_for_ServicingStack_3562~31bf3856ad364e35~amd64~~19041.3562.1.0 +State : Installed +Release Type : Update +Install Time : 11/5/2023 2:15 PM + +Package : Package_for_ServicingStack_3745~31bf3856ad364e35~amd64~~19041.3745.1.0 +State : Installed +Release Type : Update +Install Time : 1/30/2024 2:13 PM + + + +cpe:/a:google:chrome +Nessus was able to enumerate Chrome browser extensions installed on the remote host. +win_chrome_browser_addons.nbin +0001-T-0511 +2024/01/16 +Chrome Browser Extension Enumeration +2017/01/16 +local +None +1.202 +https://chrome.google.com/webstore/category/extensions +Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies. +One or more Chrome browser extensions are installed on the remote host. +IAVT:0001-T-0511 + +User : Cinnabon +|- Browser : Chrome + |- Add-on information : + + Name : Google Slides + Description : Create and edit presentations + Version : 0.9 + Update Date : Jan. 30, 2024 at 16:18:32 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 + + Name : Google Docs + Description : Create and edit documents + Version : 0.9 + Update Date : Jan. 30, 2024 at 16:18:33 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 + + Name : Google Drive + Description : Google Drive: create, share and keep all your stuff in one place. + Version : 14.1 + Update Date : Jan. 30, 2024 at 16:18:33 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 + + Name : YouTube + Version : 4.2.8 + Update Date : Jan. 30, 2024 at 16:18:34 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 + + Name : Google Sheets + Description : Create and edit spreadsheets + Version : 1.1 + Update Date : Jan. 30, 2024 at 16:18:35 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0 + + Name : Google Docs Offline + Description : Get things done offline with the Google Docs family of products. + Version : 1.4 + Update Date : Jan. 30, 2024 at 16:18:36 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.3 + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0 + + Name : Gmail + Description : Fast, searchable email with less spam. + Version : 8.1 + Update Date : Jan. 30, 2024 at 16:18:38 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 + + Name : Chrome Media Router + Description : Provider for discovery and services for mirroring of Chrome Media Router + Version : 6117.717.0.4 + Update Date : Jan. 30, 2024 at 16:18:42 GMT + Path : C:\Users\Cinnabon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6117.717.0.4_0 + +User : DEGTHAT +|- Browser : Chrome + |- Add-on information : + + Name : Adobe Acrobat: PDF edit, convert, sign tools + Description : Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools. + Version : 23.9.1.0 + Update Date : Jan. 30, 2024 at 16:18:20 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\23.9.1.0_0 + + Name : Google Docs Offline + Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access. + Version : 1.65.0 + Update Date : Jan. 30, 2024 at 16:18:22 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.65.0_0 + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 16:18:24 GMT + Path : C:\Users\DEGTHAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + +User : dbingham +|- Browser : Chrome + |- Add-on information : + + Name : Chrome Web Store Payments + Description : Chrome Web Store Payments + Version : 1.0.0.6 + Update Date : Jan. 30, 2024 at 16:18:51 GMT + Path : C:\Users\dbingham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.123. It is, therefore, affected by a vulnerability as referenced in the 2023_11_stable-channel-update-for-desktop advisory. + + - Use after free in WebAudio. (CVE-2023-5996) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_119_0_6045_123.nasl +current +2023-A-0594-S +2023-A-0608-S +2023/11/07 +2023/11/16 +Google Chrome < 119.0.6045.123 Vulnerability +2023/11/08 +local +Medium +Critical +1.5 +http://www.nessus.org/u?c5d3d619 +https://crbug.com/1497859 +Upgrade to Google Chrome version 119.0.6045.123 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +30 to 120 days +No recorded events +7.4 +2023/11/07 +IAVA:2023-A-0594-S +IAVA:2023-A-0608-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 119.0.6045.123 + + + +60 - 180 days +cpe:/a:google:chrome +CVE-2023-5997 +CVE-2023-6112 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.159. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_14 advisory. + + - Use after free in Garbage Collection. (CVE-2023-5997) + + - Use after free in Navigation. (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_119_0_6045_159.nasl +current +2023-A-0641-S +2023/11/14 +2024/01/29 +Google Chrome < 119.0.6045.159 Multiple Vulnerabilities +2023/11/14 +local +Medium +Critical +1.5 +http://www.nessus.org/u?7ed0136b +https://crbug.com/1497997 +https://crbug.com/1499298 +Upgrade to Google Chrome version 119.0.6045.159 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/11/14 +IAVA:2023-A-0641-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 119.0.6045.159 + + + +60 - 180 days +2023/12/21 +cpe:/a:google:chrome +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 119.0.6045.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_11_stable-channel-update-for-desktop_28 advisory. + + - Integer overflow in Skia. (CVE-2023-6345) + + - Use after free in WebAudio. (CVE-2023-6346) + + - Use after free in Mojo. (CVE-2023-6347) + + - Type Confusion in Spellcheck. (CVE-2023-6348) + + - Out of bounds memory access in libavif. (CVE-2023-6350) + + - Use after free in libavif. (CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_119_0_6045_199.nasl +current +2023-A-0660-S +2023/11/28 +2023/12/08 +Google Chrome < 119.0.6045.199 Multiple Vulnerabilities +2023/11/28 +local +Medium +Critical +1.5 +http://www.nessus.org/u?be59469a +https://crbug.com/1491459 +https://crbug.com/1494461 +https://crbug.com/1500856 +https://crbug.com/1501766 +https://crbug.com/1501770 +https://crbug.com/1505053 +Upgrade to Google Chrome version 119.0.6045.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 +IAVA:2023-A-0660-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 119.0.6045.199 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_109.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.109 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.109 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.109 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.110. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop_12 advisory. + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + + - Use after free in FedCM. (CVE-2023-6706) + + - Use after free in CSS. (CVE-2023-6707) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_110.nasl +current +2023-A-0693-S +2023/12/12 +2023/12/22 +Google Chrome < 120.0.6099.110 Multiple Vulnerabilities +2023/12/14 +local +Medium +Critical +1.3 +http://www.nessus.org/u?30495da3 +https://crbug.com/1501326 +https://crbug.com/1502102 +https://crbug.com/1504792 +https://crbug.com/1505708 +https://crbug.com/1500921 +https://crbug.com/1504036 +Upgrade to Google Chrome version 120.0.6099.110 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +30 to 120 days +No recorded events +8.4 +2023/12/12 +IAVA:2023-A-0693-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.110 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.200. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_200.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.200 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.200 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.200 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.199. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop advisory. + + - Use after free in ANGLE. (CVE-2024-0222) + + - Heap buffer overflow in ANGLE. (CVE-2024-0223) + + - Use after free in WebAudio. (CVE-2024-0224) + + - Use after free in WebGPU. (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_199.nasl +current +2024-A-0004-S +2024/01/03 +2024/01/12 +Google Chrome < 120.0.6099.199 Multiple Vulnerabilities +2024/01/03 +local +Low +Critical +1.3 +http://www.nessus.org/u?9a495657 +https://crbug.com/1501798 +https://crbug.com/1505009 +https://crbug.com/1505086 +https://crbug.com/1506923 +Upgrade to Google Chrome version 120.0.6099.199 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Low +7 to 30 days +Social Media +6.7 +2024/01/03 +IAVA:2024-A-0004-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.199 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.130. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_130.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.130 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.130 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.130 + + + +30 - 60 days +2024/01/23 +cpe:/a:google:chrome +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.129. It is, therefore, affected by a vulnerability as referenced in the 2023_12_stable-channel-update-for-desktop_20 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +google_chrome_120_0_6099_129.nasl +current +2023-A-0705-S +2023/12/20 +2024/01/04 +Google Chrome < 120.0.6099.129 Vulnerability +2023/12/20 +local +Medium +Critical +1.4 +http://www.nessus.org/u?ecad5ae2 +https://crbug.com/1513170 +Upgrade to Google Chrome version 120.0.6099.129 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 +IAVA:2023-A-0705-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.129 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.216. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_216.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.216 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.216 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.216 + + + +7 - 30 days +cpe:/a:google:chrome +CVE-2024-0333 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +5.4 +CVE-2024-0333 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.217. It is, therefore, affected by a vulnerability as referenced in the 2024_01_stable-channel-update-for-desktop_9 advisory. + + - Insufficient data validation in Extensions. (CVE-2024-0333) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_217.nasl +current +2024-A-0020-S +2024/01/09 +2024/01/19 +Google Chrome < 120.0.6099.217 Vulnerability +2024/01/09 +local +Low +Medium +1.4 +http://www.nessus.org/u?bc91f925 +https://crbug.com/1513379 +Upgrade to Google Chrome version 120.0.6099.217 or later. +I +A web browser installed on the remote Windows host is affected by a vulnerability. +true +Very Low +No recorded events +No recorded events +4.4 +2024/01/09 +IAVA:2024-A-0020-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.217 + + + +30 - 60 days +cpe:/a:google:chrome +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_12_stable-channel-update-for-desktop advisory. + + - Use after free in Media Stream. (CVE-2023-6508) + + - Use after free in Side Panel Search. (CVE-2023-6509) + + - Use after free in Media Capture. (CVE-2023-6510) + + - Inappropriate implementation in Autofill. (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI. (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_120_0_6099_62.nasl +current +2023-A-0669-S +2023/12/05 +2023/12/15 +Google Chrome < 120.0.6099.62 Multiple Vulnerabilities +2023/12/05 +local +Medium +Critical +1.3 +http://www.nessus.org/u?3d175be7 +https://crbug.com/1497984 +https://crbug.com/1494565 +https://crbug.com/1480152 +https://crbug.com/1478613 +https://crbug.com/1457702 +Upgrade to Google Chrome version 120.0.6099.62 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +7.4 +2023/12/05 +IAVA:2023-A-0669-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.62 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.224. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_224.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.224 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.224 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.224 + + + +7 - 30 days +2024/02/07 +cpe:/a:google:chrome +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 120.0.6099.225. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_16 advisory. + + - Out of bounds write in V8. (CVE-2024-0517) + + - Type Confusion in V8. (CVE-2024-0518) + + - Out of bounds memory access in V8. (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +google_chrome_120_0_6099_225.nasl +current +2024-A-0042-S +2024/01/16 +2024/01/26 +Google Chrome < 120.0.6099.225 Multiple Vulnerabilities +2024/01/16 +local +Low +Critical +1.5 +http://www.nessus.org/u?88013c25 +https://crbug.com/1515930 +https://crbug.com/1507412 +https://crbug.com/1517354 +Upgrade to Google Chrome version 120.0.6099.225 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very High +0 to 7 days +Social Media +9.0 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0042-S + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 120.0.6099.225 + + + +0 - 7 days +cpe:/a:google:chrome +CVE-2024-0804 +CVE-2024-0805 +CVE-2024-0806 +CVE-2024-0807 +CVE-2024-0808 +CVE-2024-0809 +CVE-2024-0810 +CVE-2024-0811 +CVE-2024-0812 +CVE-2024-0813 +CVE-2024-0814 +9.8 +CVE-2024-0808 +8.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0813 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Google Chrome installed on the remote Windows host is prior to 121.0.6167.85. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_01_stable-channel-update-for-desktop_23 advisory. + + - Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0807) + + - Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2024-0812) + + - Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) (CVE-2024-0808) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2024-0810) + + - Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0814) + + - Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. + (Chromium security severity: Medium) (CVE-2024-0813) + + - Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2024-0806) + + - Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2024-0805) + + - Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-0804) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2024-0811) + + - Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-0809) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +google_chrome_121_0_6167_85.nasl +current +2024-A-0052 +2024/01/23 +2024/01/30 +Google Chrome < 121.0.6167.85 Multiple Vulnerabilities +2024/01/24 +local +Low +Critical +1.2 +http://www.nessus.org/u?682ca867 +https://crbug.com/1505080 +https://crbug.com/1484394 +https://crbug.com/1504936 +https://crbug.com/1496250 +https://crbug.com/1463935 +https://crbug.com/1477151 +https://crbug.com/1505176 +https://crbug.com/1514925 +https://crbug.com/1515137 +https://crbug.com/1494490 +https://crbug.com/1497985 +Upgrade to Google Chrome version 121.0.6167.85 or later. +I +A web browser installed on the remote Windows host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +6.7 +2024/01/23 +IAVA:2024-A-0052 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Installed version : 119.0.6045.105 + Fixed version : 121.0.6167.85 + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files (x86)\Google\Chrome\Application + Version : 119.0.6045.105 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +windows +True +x-cpe:/a:microsoft:applocker +Windows AppLocker, a tool for managing user access to applications, is installed on the remote Windows host. +microsoft_applocker_installed.nbin +2024/01/16 +Windows AppLocker Installed +2013/03/22 +local +None +1.264 +https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759117(v=ws.11) +n/a +The remote host has an application installed for managing software access. + +Nessus enumerated the following Windows AppLocker configuration : + Exe Rules + Mode : Audit + Rule name : Prevent administrators from easily running the Opera web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Firefox web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Internet Explorer web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWSŽ INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow everyone to execute all files located in the Program Files folder + Description : Allows members of the Everyone group to run applications that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Prevent administrators from easily running the Outlook email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Allow administrators to execute all files + Description : Allows members of the local Administrators group to run all applications. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to execute all files located in the Windows folder + Description : Allows members of the Everyone group to run applications that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Prevent administrators from easily running the Chrome web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Safari web browser + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + Rule name : Prevent administrators from easily running the Thunderbird email client + Description : + Rule type : FilePublisherRule + User/Group SID : S-1-5-32-544 + Condition : PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*" + + + Dll Rules + Mode : Audit + Rule name : Allow everyone to execute all DLLs located in the Windows folder + Description : Allows members of the Everyone group to load DLLs located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + Rule name : Allow everyone to execute all DLLs located in the Program Files folder + Description : Allows members of the Everyone group to load DLLs that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allows administrators to execute all DLLs + Description : Allows members of the local Administrators group to load all DLLs. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + + Script Rules + Mode : Audit + Rule name : All scripts + Description : Allows members of the local Administrators group to run all scripts. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all scripts located in the Program Files folder + Description : Allows members of the Everyone group to run scripts that are located in the Program Files folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%PROGRAMFILES%\*" + + Rule name : Allow everyone to run all scripts located in the Windows folder + Description : Allows members of the Everyone group to run scripts that are located in the Windows folder. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\*" + Exceptions : + - Path="%SYSTEM32%\catroot2\*" + - Path="%SYSTEM32%\com\dmp\*" + - Path="%SYSTEM32%\FxsTmp\*" + - Path="%SYSTEM32%\spool\drivers\color\*" + - Path="%SYSTEM32%\spool\PRINTERS\*" + - Path="%SYSTEM32%\spool\SERVERS\*" + - Path="%SYSTEM32%\Tasks\*" + - Path="%WINDIR%\Debug\*" + - Path="%WINDIR%\PCHEALTH\ERRORREP\*" + - Path="%WINDIR%\Registration\*" + - Path="%WINDIR%\SysWOW64\com\dmp\*" + - Path="%WINDIR%\SysWOW64\FxsTmp\*" + - Path="%WINDIR%\SysWOW64\Tasks\*" + - Path="%WINDIR%\Tasks\*" + - Path="%WINDIR%\Temp\*" + - Path="%WINDIR%\tracing\*" + + + + Msi Rules + Mode : Audit + Rule name : Allow administrators to run all Windows Installer files + Description : Allows members of the local Administrators group to run all Windows Installer files. + Rule type : FilePathRule + User/Group SID : S-1-5-32-544 + Condition : Path="*" + + Rule name : Allow everyone to run all Windows Installer files located in the Windows\Installer folder. + Description : Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer. + Rule type : FilePathRule + User/Group SID : S-1-1-0 + Condition : Path="%WINDIR%\Installer\*" + + + Appx Rules + Mode : Audit + Rule name : (Default Rule) All signed packaged apps + Description : Allows members of the Everyone group to run packaged apps that are signed. + Rule type : FilePublisherRule + User/Group SID : S-1-1-0 + Condition : PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*" + + + + +cpe:/a:microsoft:edge +Nessus was able to enumerate Microsoft Edge browser extensions installed on the remote host. +microsoft_edge_chromium_addons.nbin +2024/01/16 +Microsoft Edge Add-on Enumeration (Windows) +2023/05/22 +local +None +1.10 +https://microsoftedge.microsoft.com/addons +n/a +One or more Microsoft Egde browser extensions are installed on the remote host. + +User : DEGTHAT +|- Browser : Microsoft Edge + |- Add-on information : + + Name : unknown + Version : 1.73.0 + Path : C:\Users\DEGTHAT\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.73.0_0 + + Name : Edge relevant text changes + Description : Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take. + Version : 1.2.1 + Path : C:\Users\DEGTHAT\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0 + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 121.0.2277.83 + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.9214.0 + .NET Version : 4.8.1 + Associated KB : 5033918 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Full + Release : 533325 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8.1 + Full Version : 4.8.09037 + Install Type : Client + Release : 533325 + + + +windows +cpe:/a:microsoft:office +Nessus was able to collect Office macro configuration information for active accounts on the remote Windows host and generate a report as a CSV attachment. +microsoft_office_macros_config.nasl +2018/05/16 +Microsoft Office Macros Configuration +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report Office macro configuration data for active accounts on the remote host. +Office macros information attached. +0ed297383c07304eeabcde60a8121487 +569c4054039c36255e136e06f84c0db0 + + +windows +True +software_enumeration +cpe:/a:microsoft:onedrive +Microsoft OneDrive, a file hosting service, is installed on the remote host. +microsoft_onedrive_installed.nbin +2024/01/16 +Microsoft OneDrive Installed +2020/07/17 +local +None +1.110 +http://www.nessus.org/u?23c14184 +n/a +A file hosting application is installed on the remote host. + +Nessus detected 3 installs of Microsoft OneDrive: + + Path : C:\Users\Cinnabon\AppData\Local\Microsoft\OneDrive\ + Version : 17.3.6998.830 + + Path : C:\Users\dbingham\AppData\Local\Microsoft\OneDrive\ + Version : 19.2.107.5 + + Path : C:\Users\tester\AppData\Local\Microsoft\OneDrive\ + Version : 19.232.1124.12 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.32 : 00-0c-29-5c-7e-f8 +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.104 : 00-0c-29-71-3a-6d +192.168.40.121 : f8-ff-c2-37-57-48 +192.168.40.153 : 00-00-c0-3c-08-4b +192.168.40.173 : 90-09-d0-00-6a-23 +192.168.40.174 : 90-09-d0-00-6a-24 +192.168.40.212 : f8-ff-c2-37-57-48 +192.168.40.251 : 00-0c-29-e1-ad-9d +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +224.0.0.253 : 01-00-5e-00-00-fd +239.255.255.250 : 01-00-5e-7f-ff-fa +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +89e64d9c9820ac5e518b2443a8636e98 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect AppLocker configuration information on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_applocker_config.nasl +2020/06/12 +Microsoft Windows AppLocker Configuration +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report AppLocker's configuration on the remote host. +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba\value : <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\1d04fdc7-5e29-45b1-a0d7-f7e9293774f8\value : <FilePathRule Id="1d04fdc7-5e29-45b1-a0d7-f7e9293774f8" Name="Allows administrators to execute all DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\7ca2deae-991c-4e26-b688-98137f9cc777\value : <FilePathRule Id="7ca2deae-991c-4e26-b688-98137f9cc777" Name="Allow everyone to execute all DLLs located in the Windows folder" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Dll\f36fbeba-ab50-48c0-9361-41af365d82ce\value : <FilePathRule Id="f36fbeba-ab50-48c0-9361-41af365d82ce" Name="Allow everyone to execute all DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\1712f2de-e1b6-4d3d-85a9-a7da49b796c1\value : <FilePathRule Id="1712f2de-e1b6-4d3d-85a9-a7da49b796c1" Name="Allow everyone to execute all files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\187ae870-255e-42d7-8ef9-9a8434a70716\value : <FilePublisherRule Id="187ae870-255e-42d7-8ef9-9a8434a70716" Name="Prevent administrators from easily running the Internet Explorer web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\230ebde7-123f-4f56-9caf-a412e5265300\value : <FilePublisherRule Id="230ebde7-123f-4f56-9caf-a412e5265300" Name="Prevent administrators from easily running the Outlook email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="OUTLOOK.EXE"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\54d44e7f-44b7-4d8d-961e-6d9c47e03196\value : <FilePublisherRule Id="54d44e7f-44b7-4d8d-961e-6d9c47e03196" Name="Prevent administrators from easily running the Thunderbird email client" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA MESSAGING INC., L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="THUNDERBIRD" BinaryName="thunderbird.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e\value : <FilePublisherRule Id="97bca7b1-6ff4-40a5-a1fe-e8e8535f6e1e" Name="Prevent administrators from easily running the Chrome web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="GOOGLE CHROME" BinaryName="chrome.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\980f805b-bc66-43c7-95c4-90ef50fe5b04\value : <FilePublisherRule Id="980f805b-bc66-43c7-95c4-90ef50fe5b04" Name="Prevent administrators from easily running the Firefox web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=MOZILLA CORPORATION, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" ProductName="FIREFOX" BinaryName="firefox.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\a88c9192-bbed-4dfe-b435-d0ca25f6576e\value : <FilePublisherRule Id="a88c9192-bbed-4dfe-b435-d0ca25f6576e" Name="Prevent administrators from easily running the Opera web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=OPERA SOFTWARE ASA, S=OSLO, C=NO" ProductName="OPERA" BinaryName="opera.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\afd4074c-4b47-4b55-bb6d-f35ea215408b\value : <FilePathRule Id="afd4074c-4b47-4b55-bb6d-f35ea215408b" Name="Allow everyone to execute all files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f301f291-10d9-4423-8f9c-a78afe9d4ea5\value : <FilePathRule Id="f301f291-10d9-4423-8f9c-a78afe9d4ea5" Name="Allow administrators to execute all files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Exe\f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa\value : <FilePublisherRule Id="f53c8fc8-d0dd-43c4-b874-57f31ba6f4aa" Name="Prevent administrators from easily running the Safari web browser" Description="" UserOrGroupSid="S-1-5-32-544" Action="Deny"><Conditions><FilePublisherCondition PublisherName="O=APPLE INC., L=CUPERTINO, S=CALIFORNIA, C=US" ProductName="SAFARI" BinaryName="Safari.exe"><BinaryVersionRange LowSection="*" HighSection="*"/></FilePublisherCondition></Conditions></FilePublisherRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\0b075828-da4a-41fc-b3b4-9ac83ad18add\value : <FilePathRule Id="0b075828-da4a-41fc-b3b4-9ac83ad18add" Name="Allow everyone to run all Windows Installer files located in the Windows\Installer folder." Description="Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\Installer\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Msi\4833728f-cf7e-4797-a847-c979e29b597a\value : <FilePathRule Id="4833728f-cf7e-4797-a847-c979e29b597a" Name="Allow administrators to run all Windows Installer files" Description="Allows members of the local Administrators group to run all Windows Installer files." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\enforcementmode : 0 +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\4a4170c6-feb8-44f6-bebf-78a319f197fe\value : <FilePathRule Id="4a4170c6-feb8-44f6-bebf-78a319f197fe" Name="Allow everyone to run all scripts located in the Program Files folder" Description="Allows members of the Everyone group to run scripts that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%PROGRAMFILES%\*"/></Conditions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4\value : <FilePathRule Id="8f42d1d3-5f29-469d-8f37-6f01f6c3b2f4" Name="Allow everyone to run all scripts located in the Windows folder" Description="Allows members of the Everyone group to run scripts that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePathCondition Path="%WINDIR%\*"/></Conditions><Exceptions><FilePathCondition Path="%SYSTEM32%\catroot2\*"/><FilePathCondition Path="%SYSTEM32%\com\dmp\*"/><FilePathCondition Path="%SYSTEM32%\FxsTmp\*"/><FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*"/><FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*"/><FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*"/><FilePathCondition Path="%SYSTEM32%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Debug\*"/><FilePathCondition Path="%WINDIR%\PCHEALTH\ERRORREP\*"/><FilePathCondition Path="%WINDIR%\Registration\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*"/><FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*"/><FilePathCondition Path="%WINDIR%\Tasks\*"/><FilePathCondition Path="%WINDIR%\Temp\*"/><FilePathCondition Path="%WINDIR%\tracing\*"/></Exceptions></FilePathRule> + +HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\SrpV2\Script\ed97d0cb-15ff-430f-b82c-8d7832957725\value : <FilePathRule Id="ed97d0cb-15ff-430f-b82c-8d7832957725" Name="All scripts" Description="Allows members of the local Administrators group to run all scripts." UserOrGroupSid="S-1-5-32-544" Action="Allow"><Conditions><FilePathCondition Path="*"/></Conditions></FilePathRule> + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_dns_cache.nbin +2024/01/16 +Microsoft Windows DNS Cache +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report DNS cache information from the remote host. +true + array508.prod.do.dsp.mp.microsoft.com + +DNS cache information attached. + +4fa9f86d2ec0e5f008b65d7615af6780 + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + os : Windows_NT + username : SYSTEM + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\PROGRA~1\CONDUS~1\DISKEE~1\ + tmp : %SystemRoot%\TEMP + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ + windir : %SystemRoot% + +Active User Environment Variables + - S-1-5-21-1536193852-1370433935-2390261316-1002 + onedrive : C:\Users\DEGTHAT\OneDrive + temp : %USERPROFILE%\AppData\Local\Temp + path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; + tmp : %USERPROFILE%\AppData\Local\Temp + +7f5484f3096ff420be2b59da6c593baa +c54971abe1ff6167faec49a3c9f77f59 + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.11,WKS1-SOTERIA,<00>,UNIQUE,Registered,00:0C:29:13:CB:E7 +192.168.40.11,SOTERIA,<00>,GROUP,Registered,00:0C:29:13:CB:E7 +192.168.40.11,WKS1-SOTERIA,<20>,UNIQUE,Registered,00:0C:29:13:CB:E7 +192.168.40.11,SOTERIA,<1E>,GROUP,Registered,00:0C:29:13:CB:E7 + + + +a5366372dc67ab94a997928c725cb253 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +4fe470cad3c85fe7ab3a766dadfaf5cd + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\WINDOWS\\System32\\mstsc.exe + Version : 10.0.19041.3758 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\z: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed4-f250-11e8-9bec-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_PNY&Prod_USB_2.0_FD&Rev_1100#ACB1HD090000078&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0050004e0059002600500072006f0064005f005500530042005f0032002e0030005f004600440026005200650076005f00310031003000300023004100430042003100480044003000390030003000300030003000370038002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{af59e96d-7f80-11ec-9c30-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_&Prod_USB_DISK_3.0&Rev_PMAP#07000483D8E95720&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f002600500072006f0064005f005500530042005f004400490053004b005f0033002e00300026005200650076005f0050004d0041005000230030003700300030003000340038003300440038004500390035003700320030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{d8bf433e-d7c4-11ec-9c45-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_SMI&Prod_USB_3.0&Rev_1100#201302IP0002SERDCNGY&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0053004d0049002600500072006f0064005f005500530042005f0033002e00300026005200650076005f0031003100300030002300320030003100330030003200490050003000300030003200530045005200440043004e00470059002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\g: + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \??\volume{2a78a76f-f18e-11e8-9beb-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_000A#07087A9E311C2839&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f003000300030004100230030003700300038003700410039004500330031003100430032003800330039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{6dd8d9c6-2fc8-11ee-9c55-f8ffc2207748} + Data : _??_USBSTOR#Disk&Ven_General&Prod_UDisk&Rev_5.00#7&3a3d7270&0&_&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e006500720061006c002600500072006f0064005f0055004400690073006b0026005200650076005f0035002e0030003000230037002600330061003300640037003200370030002600300026005f002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\e: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \??\volume{e4ff008d-9a17-11e7-9bcc-60f81dd2b949} + Data : _??_USBSTOR#Disk&Ven_Corsair&Prod_Survivor_3.0&Rev_1.00#1100300000000161&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0043006f00720073006100690072002600500072006f0064005f005300750072007600690076006f0072005f0033002e00300026005200650076005f0031002e0030003000230031003100300030003300300030003000300030003000300030003100360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{93c0eed5-f250-11e8-9bec-f018981982bc} + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{b7aea069-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#058F84688461&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f005300440023004d004d00430026005200650076005f0031002e003000300023003000350038004600380034003600380038003400360031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea06a-ed45-11e8-9be7-f018981982bc} + Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_Micro_SD#M2&Rev_1.08#058F84688461&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f004d006900630072006f005f005300440023004d00320026005200650076005f0031002e003000380023003000350038004600380034003600380038003400360031002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{b7aea083-ed45-11e8-9be7-f018981982bc} + Data : DMIO:ID:#WCuLG) + Raw data : 444d494f3a49443a16235743754cec478e2916dcaa1e17d6 + + Name : \dosdevices\f: + Data : {93c0eed1-f250-11e8-9bec-f018981982bc}#000000079E9F0600 + Raw data : 7b00390033006300300065006500640031002d0066003200350030002d0031003100650038002d0039006200650063002d006600300031003800390038003100390038003200620063007d0023003000300030003000300030003000370039004500390046003000360030003000 + + Name : \??\volume{e4b0bc0c-9414-11e7-9bc2-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&3f6b946&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f004300440030003100230035002600330066003600620039003400360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\d: + Data : m + Raw data : 6d207ff20000100000000000 + + Name : \dosdevices\c: + Data : foP + Raw data : 66df6fbd0000501f00000000 + + + + +windows +True +cpe:/o:microsoft:windows +Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past. +smb_enum_historic_usb_device_usage.nasl +2022/06/01 +Microsoft Windows USB Device Usage Report +2009/02/24 +local +None +1.15 +http://www.forensicswiki.org/wiki/USB_History_Viewing +Make sure that the use of USB drives is in accordance with your organization's security policy. +It was possible to get a list of USB devices that may have been connected to the remote system in the past. +true + +The following is a list of USB devices that have been connected +to remote system at least once in the past : + + +Device Name : USB DISK 3.0 USB Device +Last Inserted Time : Nov. 5, 2023 at 16:48:51 GMT + +First used : unknown + +Device Name : General UDisk USB Device +Last Inserted Time : unknown + +First used : unknown + +Device Name : Samsung Portable SSD T5 USB Device +Last Inserted Time : Nov. 6, 2023 at 16:07:30 GMT + +First used : unknown + +(Note that for a complete listing of 'First used' times you should +run this test with the option 'thorough_tests' enabled.) + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.17.10.8 + + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : Dave-512 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_3.0&REV_PMAP#07000483D8E95720&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEGTHAT256 + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_CORSAIR&PROD_SURVIVOR_3.0&REV_000A#07087A9E311C2839&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FIRM + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERAL&PROD_UDISK&REV_5.00#7&3A3D7270&0&_&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MICRO_SD#M2&REV_1.08#058F84688461&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : C:\ + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F84688461&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : FAT-PRT + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_PNY&PROD_USB_2.0_FD&REV_1100#ACB1HD090000078&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : DEG-TOOLS + Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_SMI&PROD_USB_3.0&REV_1100#201302IP0002SERDCNGY&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} + + Friendly name : Daves-Stuff + Device : SWD#WPDBUSENUM#{37D3844A-9E3B-11E7-9BD2-60F81DD2B949}#0000000000100000 + + Friendly name : STUFF + Device : SWD#WPDBUSENUM#{47E535CC-E60C-11E8-9BE6-806E6F6E6963}#0000000000100000 + + Friendly name : My Passport + Device : SWD#WPDBUSENUM#{677D3D2E-146F-11E8-9BDC-C8E0EB160FF2}#0000000000100000 + + Friendly name : F:\ + Device : SWD#WPDBUSENUM#{93C0EED1-F250-11E8-9BEC-F018981982BC}#000000079E9F0600 + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{9FFF8F1B-7CAD-11EE-9C6C-E0D04567CBCB}#0000000000100000 + + Friendly name : Daves-Data + Device : SWD#WPDBUSENUM#{ABBA9390-146E-11E8-9BDB-C8E0EB160FF2}#0000000000100000 + + Friendly name : DEGTD + Device : SWD#WPDBUSENUM#{B7AEA082-ED45-11E8-9BE7-F018981982BC}#0000000000100000 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5011048, Installed on: 2023/07/31 +KB5012170, Installed on: 2023/07/28 +KB5015684, Installed on: 2022/12/08 +KB5018506, Installed on: 2022/12/08 +KB5020372, Installed on: 2022/12/08 +KB5028853, Installed on: 2023/07/28 +KB5031816, Installed on: 2023/11/05 +KB5033918, Installed on: 2024/01/30 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Google Chrome + Best Confidence Version : 119.0.6045.105 + Version Confidence Level : 3 + All Possible Versions : 119.0.6045.105 + Other Version Data + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe + Parsed File Version : 119.0.6045.105 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.105\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.105\Installer\setup.exe + Parsed File Version : 119.0.6045.105 + [VersionMinor] : + Raw Value : 105 + [Version] : + Raw Value : 119.0.6045.105 + [VersionMajor] : + Raw Value : 6045 + [DisplayVersion] : + Raw Value : 119.0.6045.105 + [DisplayName] : + Raw Value : Google Chrome + + - Microsoft Edge WebView2 Runtime + Best Confidence Version : 120.0.2210.144 + Version Confidence Level : 3 + All Possible Versions : 120.0.2210.144 + Other Version Data + [InstallDate] : + Raw Value : 2024/01/24 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe + Parsed File Version : 120.0.2210.144 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\Installer\setup.exe" --uninstall --msedgewebview --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\Installer\setup.exe + Parsed File Version : 120.0.2210.144 + [VersionMinor] : + Raw Value : 144 + [Version] : + Raw Value : 120.0.2210.144 + [VersionMajor] : + Raw Value : 2210 + [DisplayVersion] : + Raw Value : 120.0.2210.144 + [DisplayName] : + Raw Value : Microsoft Edge WebView2 Runtime + + - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + Best Confidence Version : 9.0.30729.6161 + Version Confidence Level : 2 + All Possible Versions : 9.0.30729.6161 + Other Version Data + [VersionMajor] : + Raw Value : 9 + [Version] : + Raw Value : 151025673 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 + [UninstallString] : + Raw Value : MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} + [InstallDate] : + Raw Value : 2017/09/14 + [DisplayVersion] : + Raw Value : 9.0.30729.6161 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.5.22544099 + Version Confidence Level : 2 + All Possible Versions : 12.3.5.22544099 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523205 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{27B78D8E-F8B9-4AF5-BF9C-8DDD583EAB6B} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 12.3.5.22544099 + [VersionMinor] : + Raw Value : 3 + + - Google Update Helper + Best Confidence Version : 1.3.35.451 + Version Confidence Level : 2 + All Possible Versions : 22.151.14425, 1.3.35.451 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 16973859 + Parsed Version : 22.151.14425 + [DisplayName] : + Raw Value : Google Update Helper + [UninstallString] : + Raw Value : MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} + [InstallDate] : + Raw Value : 2020/04/10 + [DisplayVersion] : + Raw Value : 1.3.35.451 + [VersionMinor] : + Raw Value : 3 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.181.5 + Version Confidence Level : 2 + All Possible Versions : 1.3.181.5 + Other Version Data + [Version] : + Raw Value : 1.3.181.5 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.181.5 + + - Adobe Refresh Manager + Best Confidence Version : 1.8.0 + Version Confidence Level : 2 + All Possible Versions : 23.48.5380, 1.8.0 + Other Version Data + [VersionMajor] : + Raw Value : 1 + [Version] : + Raw Value : 17301504 + Parsed Version : 23.48.5380 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ + [DisplayName] : + Raw Value : Adobe Refresh Manager + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-0804-1033-1959-018244601053} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 1.8.0 + [VersionMinor] : + Raw Value : 8 + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - Microsoft Edge + Best Confidence Version : 121.0.2277.83 + Version Confidence Level : 3 + All Possible Versions : 121.0.2277.83 + Other Version Data + [InstallDate] : + Raw Value : 2024/01/30 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 121.0.2277.83 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\Installer\setup.exe" --uninstall --msedge --channel=stable --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.83\Installer\setup.exe + Parsed File Version : 121.0.2277.83 + [VersionMinor] : + Raw Value : 83 + [Version] : + Raw Value : 121.0.2277.83 + [VersionMajor] : + Raw Value : 2277 + [DisplayVersion] : + Raw Value : 121.0.2277.83 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Update Health Tools + Best Confidence Version : 3.74.0.0 + Version Confidence Level : 2 + All Possible Versions : 85.24.4882, 3.74.0.0 + Other Version Data + [VersionMajor] : + Raw Value : 3 + [Version] : + Raw Value : 55181312 + Parsed Version : 85.24.4882 + [DisplayName] : + Raw Value : Microsoft Update Health Tools + [UninstallString] : + Raw Value : MsiExec.exe /X{1FC1A6C2-576E-489A-9B4A-92D21F542136} + [InstallDate] : + Raw Value : 2024/01/30 + [DisplayVersion] : + Raw Value : 3.74.0.0 + [VersionMinor] : + Raw Value : 74 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + - Adobe Acrobat Reader + Best Confidence Version : 23.006.20360 + Version Confidence Level : 2 + All Possible Versions : 23.006.20360 + Other Version Data + [VersionMajor] : + Raw Value : 23 + [Version] : + Raw Value : 386289544 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Adobe\Acrobat Reader DC\ + [DisplayName] : + Raw Value : Adobe Acrobat Reader + [UninstallString] : + Raw Value : MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100} + [InstallDate] : + Raw Value : 2023/11/05 + [DisplayVersion] : + Raw Value : 23.006.20360 + [VersionMinor] : + Raw Value : 6 + + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 119.0.6045.105] [installed on 2023/11/05] +Microsoft Edge [version 121.0.2277.83] [installed on 2024/01/30] +Microsoft Edge Update [version 1.3.181.5] +Microsoft Edge WebView2 Runtime [version 120.0.2210.144] [installed on 2024/01/24] +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Update Health Tools [version 3.74.0.0] [installed on 2024/01/30] +VMware Tools [version 12.3.5.22544099] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Google Update Helper [version 1.3.35.451] [installed on 2020/04/10] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/09/14] +Adobe Refresh Manager [version 1.8.0] [installed on 2023/11/05] +Adobe Acrobat Reader [version 23.006.20360] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/11/05] + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +cpe:/a:microsoft:ie +The remote host has Enhanced Protection Mode (EPM) enabled for the Microsoft Internet Explorer web browser. + +Enhanced Protection Mode (EPM) is an added layer of protection first added in Microsoft Internet Explorer version 10 that provides a security feature set that includes : + + - individual browser tabs can be run in 64-bit mode, increasing the effectiveness of Address Space Layout Randomization (ASLR) + + - better access protection for files via a broker process + + - untrusted web pages cannot access domain credentials + +Note that Microsoft Internet Explorer running in 'Metro style' uses Enhanced Protected Mode by default. +smb_explorer_epm_enabled.nasl +2022/02/01 +Microsoft Internet Explorer Enhanced Protection Mode (EPM) Detection +2014/06/13 +local +None +1.4 +http://www.nessus.org/u?792794bd +n/a +The remote host has Enhanced Protection Mode (EPM) for Microsoft Internet Explorer enabled. + +Enhanced Protected Mode for IE has been enabled via Group Policy configuration. + - 64-bit processes for Enhanced Protected Mode is enabled + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/1/30 12:45 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2023/02/28 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.46 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : + +1-5-21-1536193852-1370433935-2390261316 + +The value of 'RestrictAnonymous' setting is : 1 + + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry +Logged on users : + - S-1-5-21-1536193852-1370433935-2390261316-1002 + Domain : + Username : + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\WINDOWS\system32\MRT.exe + Version : 5.120.24010.1001 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +cpe:/o:microsoft:windows +The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues. +smb_v1_enabled.nasl +true +2020/06/12 +Server Message Block (SMB) Protocol Version 1 Enabled +2017/02/09 +local +None +1.8 +https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ +https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and +http://www.nessus.org/u?8dcab5e4 +http://www.nessus.org/u?234f8ef8 +http://www.nessus.org/u?4c7e0cf3 +Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices. +The remote Windows host supports the SMBv1 protocol. + + SMBv1 server is enabled : + - HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : 1 + SMB1protocol feature is enabled based on the following key : + - HKLM\SYSTEM\CurrentControlSet\Services\srv + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.5.46049 + + + +Nessus was able to retrieve and display the contents of the Windows prefetch folder (%systemroot%\prefetch\*). This information shows programs that have run with the prefetch and superfetch mechanisms enabled. +windows_prefetch.nasl +2018/11/15 +Windows Prefetch Folder +2014/09/12 +local +None +1.2 +http://www.nessus.org/u?8242d04f +http://www.nessus.org/u?d6b15983 +http://www.forensicswiki.org/wiki/Prefetch +n/a +Nessus was able to retrieve the Windows prefetch folder file list. ++ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters +rootdirpath : +enableprefetcher : 3 + ++ Prefetch file list : + - \WINDOWS\prefetch\AM_DELTA.EXE-B7261F63.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.401.151.0.EX-B3F7F584.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.403.2943.0.E-DB0A6FF5.pf + - \WINDOWS\prefetch\AM_DELTA_PATCH_1.403.2949.0.E-E107CB33.pf + - \WINDOWS\prefetch\APPLICATIONFRAMEHOST.EXE-CCEEF759.pf + - \WINDOWS\prefetch\ARP.EXE-2BC38967.pf + - \WINDOWS\prefetch\AUDIODG.EXE-BDFD3029.pf + - \WINDOWS\prefetch\AUDITPOL.EXE-FE8D42C2.pf + - \WINDOWS\prefetch\AUTORUN.EXE-3954485B.pf + - \WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-353E93DD.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BA.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BB.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1BC.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1C1.pf + - \WINDOWS\prefetch\CHROME.EXE-D999B1C2.pf + - \WINDOWS\prefetch\CMD.EXE-4A81B364.pf + - \WINDOWS\prefetch\COMPATTELRUNNER.EXE-DB97728F.pf + - \WINDOWS\prefetch\COMPPKGSRV.EXE-21DBED9C.pf + - \WINDOWS\prefetch\CONHOST.EXE-1F3E9D7E.pf + - \WINDOWS\prefetch\CONSENT.EXE-531BD9EA.pf + - \WINDOWS\prefetch\CSC.EXE-67679278.pf + - \WINDOWS\prefetch\CSCC-REMOTE.EXE-7C27D0A9.pf + - \WINDOWS\prefetch\CSCC64-REMOTE.EXE-9740F674.pf + - \WINDOWS\prefetch\CSCRIPT.EXE-D1EF4768.pf + - \WINDOWS\prefetch\CSRSS.EXE-3FE41F7E.pf + - \WINDOWS\prefetch\CTFMON.EXE-9450846B.pf + - \WINDOWS\prefetch\CVTRES.EXE-F2B7602E.pf + - \WINDOWS\prefetch\DEFRAG.EXE-588F90AD.pf + - \WINDOWS\prefetch\DISM.EXE-DE199F71.pf + - \WINDOWS\prefetch\DISMHOST.EXE-9424D9C2.pf + - \WINDOWS\prefetch\DISMHOST.EXE-EF6031A8.pf + - \WINDOWS\prefetch\DLLHOST.EXE-0AD6AC16.pf + - \WINDOWS\prefetch\DLLHOST.EXE-2E884D3E.pf + - \WINDOWS\prefetch\DLLHOST.EXE-5A984E5F.pf + - \WINDOWS\prefetch\DLLHOST.EXE-823CA4DA.pf + - \WINDOWS\prefetch\DLLHOST.EXE-9037274D.pf + - \WINDOWS\prefetch\DLLHOST.EXE-9C376A75.pf + - \WINDOWS\prefetch\DLLHOST.EXE-EA533AAF.pf + - \WINDOWS\prefetch\DRVINST.EXE-4CB4314A.pf + - \WINDOWS\prefetch\DWM.EXE-6FFD3DA8.pf + - \WINDOWS\prefetch\ELEVATION_SERVICE.EXE-303C1055.pf + - \WINDOWS\prefetch\EXPAND.EXE-05AD1090.pf + - \WINDOWS\prefetch\EXPLORER.EXE-A80E4F97.pf + - \WINDOWS\prefetch\FONTDRVHOST.EXE-31E45F6D.pf + - \WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-9C89DCB6.pf + - \WINDOWS\prefetch\GOOGLECRASHHANDLER64.EXE-EBE48838.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-97084C14.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-AFC9597A.pf + - \WINDOWS\prefetch\GOOGLEUPDATE.EXE-B95715F5.pf + - \WINDOWS\prefetch\GOOGLEUPDATECOMREGISTERSHELL6-33E72014.pf + - \WINDOWS\prefetch\GOOGLEUPDATESETUP.EXE-D6FCCBB3.pf + - \WINDOWS\prefetch\GPSCRIPT.EXE-CCD32D94.pf + - \WINDOWS\prefetch\HOSTNAME.EXE-D4E60423.pf + - \WINDOWS\prefetch\IEXPLORE.EXE-908C99F8.pf + - \WINDOWS\prefetch\IMPORTREGPOL.EXE-5866C371.pf + - \WINDOWS\prefetch\IMPORTREGPOL.EXE-F3827F3C.pf + - \WINDOWS\prefetch\IPCONFIG.EXE-912F3D5B.pf + - \WINDOWS\prefetch\JKDEFRAG64.EXE-1DD0F723.pf + - \WINDOWS\prefetch\JKDEFRAGGUI.EXE-7401E0FA.pf + - \WINDOWS\prefetch\JKDEFRAGPORTABLE.EXE-8AC1990B.pf + - \WINDOWS\prefetch\LGPO.EXE-1A795E4F.pf + - \WINDOWS\prefetch\LOGONUI.EXE-09140401.pf + - \WINDOWS\prefetch\MAKECAB.EXE-0F1704A4.pf + - \WINDOWS\prefetch\MANAGE-BDE.EXE-37A0B125.pf + - \WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-C4317749.pf + - \WINDOWS\prefetch\MICROSOFTEDGE_X64_120.0.2210.-70DF4AA1.pf + - \WINDOWS\prefetch\MICROSOFTEDGE_X64_120.0.2210.-EF7A106D.pf + - \WINDOWS\prefetch\MICROSOFTEDGE_X64_121.0.2277.-2EF9F42E.pf + - \WINDOWS\prefetch\MMC.EXE-381384EF.pf + - \WINDOWS\prefetch\MMC.EXE-7FBB0956.pf + - \WINDOWS\prefetch\MMC.EXE-CDBE5CC0.pf + - \WINDOWS\prefetch\MMC.EXE-EA3BC57E.pf + - \WINDOWS\prefetch\MOBSYNC.EXE-C5E2284F.pf + - \WINDOWS\prefetch\MOFCOMP.EXE-8FE3D558.pf + - \WINDOWS\prefetch\MOUSOCOREWORKER.EXE-681A8FEE.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-68BB20D0.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-7D4AA24B.pf + - \WINDOWS\prefetch\MPCMDRUN.EXE-B6117D0E.pf + - \WINDOWS\prefetch\MPRECOVERY.EXE-22005A30.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-6CB27A06.pf + - \WINDOWS\prefetch\MPSIGSTUB.EXE-C950A912.pf + - \WINDOWS\prefetch\MRT.EXE-851529F7.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-57D17DAF.pf + - \WINDOWS\prefetch\MSCORSVW.EXE-C3C515BD.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B85.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B87.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B88.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B89.pf + - \WINDOWS\prefetch\MSEDGE.EXE-78F14B8D.pf + - \WINDOWS\prefetch\MSIEXEC.EXE-A2D55CB6.pf + - \WINDOWS\prefetch\MSMPENG.EXE-3870F3D8.pf + - \WINDOWS\prefetch\MSMPENG.EXE-E476D4E5.pf + - \WINDOWS\prefetch\MSTSC.EXE-76A46E8A.pf + - \WINDOWS\prefetch\NBTSTAT.EXE-84461EB8.pf + - \WINDOWS\prefetch\NET.EXE-DF44F913.pf + - \WINDOWS\prefetch\NET1.EXE-849DA590.pf + - \WINDOWS\prefetch\NETSH.EXE-F1B6DA12.pf + - \WINDOWS\prefetch\NETSTAT.EXE-5A5A908F.pf + - \WINDOWS\prefetch\NGEN.EXE-AE594A6B.pf + - \WINDOWS\prefetch\NGEN.EXE-EC3F9239.pf + - \WINDOWS\prefetch\NGENTASK.EXE-4F8BD802.pf + - \WINDOWS\prefetch\NGENTASK.EXE-BB7F7010.pf + - \WINDOWS\prefetch\NISSRV.EXE-4B61B196.pf + - \WINDOWS\prefetch\NISSRV.EXE-F8AAD06B.pf + - \WINDOWS\prefetch\NOTEPAD.EXE-D8414F97.pf + - \WINDOWS\prefetch\NPFINSTALL.EXE-82E7040F.pf + - \WINDOWS\prefetch\Op-SEARCHAPP.EXE-0F10B1A6-00000001.pf + - \WINDOWS\prefetch\Op-SEARCHAPP.EXE-0F10B1A6-00000002.pf + - \WINDOWS\prefetch\OPENWITH.EXE-5C93E816.pf + - \WINDOWS\prefetch\OPTIONALFEATURES.EXE-27133C71.pf + - \WINDOWS\prefetch\POWERSHELL.EXE-920BBA2A.pf + - \WINDOWS\prefetch\REG.EXE-E7E8BD26.pf + - \WINDOWS\prefetch\REGEDIT.EXE-90FEEA06.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-081B5A6F.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-23EA2E5B.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-467448AC.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-791EB238.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-B1C8B9A2.pf + - \WINDOWS\prefetch\RUNDLL32.EXE-F9283CB8.pf + - \WINDOWS\prefetch\RUNONCE.EXE-0E293DD6.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-196943E5.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-1BA55E56.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-72C0C855.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-8BD0949B.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-96347D14.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-98709785.pf + - \WINDOWS\prefetch\RUNTIMEBROKER.EXE-C0023C99.pf + - \WINDOWS\prefetch\SATISMO-LOCKDOWN-TOOL.EXE-044C523E.pf + - \WINDOWS\prefetch\SATISMO-LOCKDOWN-TOOL.EXE-4B1AFDF9.pf + - \WINDOWS\prefetch\SATISMO-LOCKDOWN-TOOL.EXE-6C615014.pf + - \WINDOWS\prefetch\SC.EXE-945D79AE.pf + - \WINDOWS\prefetch\SCHTASKS.EXE-5CA45734.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-0A9AB385.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-8CDCFFB0.pf + - \WINDOWS\prefetch\SEARCHAPP.EXE-AEF051F3.pf + - \WINDOWS\prefetch\SEARCHFILTERHOST.EXE-77482212.pf + - \WINDOWS\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf + - \WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf + - \WINDOWS\prefetch\SECEDIT.EXE-CB2BC3E5.pf + - \WINDOWS\prefetch\SECHEALTHUI.EXE-D6B58CEB.pf + - \WINDOWS\prefetch\SECURITYHEALTHSERVICE.EXE-EE3BC4CB.pf + - \WINDOWS\prefetch\SECURITYHEALTHSYSTRAY.EXE-41AD6DE1.pf + - \WINDOWS\prefetch\SETUP.EXE-3862F976.pf + - \WINDOWS\prefetch\SETUP.EXE-7AC3C71F.pf + - \WINDOWS\prefetch\SETUP.EXE-7AC3C723.pf + - \WINDOWS\prefetch\SETUP.EXE-7F652810.pf + - \WINDOWS\prefetch\SETUP.EXE-916A2EBE.pf + - \WINDOWS\prefetch\SETUP.EXE-916A2EC2.pf + - \WINDOWS\prefetch\SETUP64.EXE-6C6157AB.pf + - \WINDOWS\prefetch\SGRMBROKER.EXE-0CA31CC6.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-23D7A593.pf + - \WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-EF3EE583.pf + - \WINDOWS\prefetch\SIHOST.EXE-2C4C53BA.pf + - \WINDOWS\prefetch\SLUI.EXE-724E99D9.pf + - \WINDOWS\prefetch\SMARTSCREEN.EXE-9B5E4173.pf + - \WINDOWS\prefetch\SMSS.EXE-E9C28FC6.pf + - \WINDOWS\prefetch\SPPEXTCOMOBJ.EXE-BB03B3D6.pf + - \WINDOWS\prefetch\SPPSVC.EXE-B0F8131B.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-58859201.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-D550CB30.pf + - \WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-D80E778C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-08BC2356.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0C2D202C.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0D126A9F.pf + - \WINDOWS\prefetch\SVCHOST.EXE-0E4FE292.pf + - \WINDOWS\prefetch\SVCHOST.EXE-24568AC4.pf + - \WINDOWS\prefetch\SVCHOST.EXE-272EF09B.pf + - \WINDOWS\prefetch\SVCHOST.EXE-2C8F9E34.pf + - \WINDOWS\prefetch\SVCHOST.EXE-3905CA11.pf + - \WINDOWS\prefetch\SVCHOST.EXE-4278A5C0.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5E731DE3.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5EAAEC8A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-5F9C92CC.pf + - \WINDOWS\prefetch\SVCHOST.EXE-62975899.pf + - \WINDOWS\prefetch\SVCHOST.EXE-6579E144.pf + - \WINDOWS\prefetch\SVCHOST.EXE-6C525542.pf + - \WINDOWS\prefetch\SVCHOST.EXE-776D4801.pf + - \WINDOWS\prefetch\SVCHOST.EXE-7B41F868.pf + - \WINDOWS\prefetch\SVCHOST.EXE-7D248B6A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-84ADBFA7.pf + - \WINDOWS\prefetch\SVCHOST.EXE-868216AE.pf + - \WINDOWS\prefetch\SVCHOST.EXE-86AA6B35.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8929E8DF.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8A9E6608.pf + - \WINDOWS\prefetch\SVCHOST.EXE-8D87DCC8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-97CD69B8.pf + - \WINDOWS\prefetch\SVCHOST.EXE-98090C0A.pf + - \WINDOWS\prefetch\SVCHOST.EXE-A1E3F14E.pf + - \WINDOWS\prefetch\SVCHOST.EXE-A8007E45.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AD0331FB.pf + - \WINDOWS\prefetch\SVCHOST.EXE-AFDE613F.pf + - \WINDOWS\prefetch\SVCHOST.EXE-BA748B25.pf + - \WINDOWS\prefetch\SVCHOST.EXE-BC4C6158.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D5B495F2.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D6693F60.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D7909332.pf + - \WINDOWS\prefetch\SVCHOST.EXE-D8FFFCDA.pf + - \WINDOWS\prefetch\SVCHOST.EXE-EBA34E64.pf + - \WINDOWS\prefetch\SVCHOST.EXE-ECA65C63.pf + - \WINDOWS\prefetch\SVCHOST.EXE-F0CB7C91.pf + - \WINDOWS\prefetch\SVCHOST.EXE-FE99AE69.pf + - \WINDOWS\prefetch\SYSTEMSETTINGS.EXE-01D72268.pf + - \WINDOWS\prefetch\SYSTEMSETTINGSADMINFLOWS.EXE-389031F2.pf + - \WINDOWS\prefetch\TASKHOSTW.EXE-3E0B74C8.pf + - \WINDOWS\prefetch\TASKKILL.EXE-8F5B2253.pf + - \WINDOWS\prefetch\TASKLIST.EXE-C6CEE193.pf + - \WINDOWS\prefetch\TASKMGR.EXE-5F5F473D.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-1557F467.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-6DC31D2B.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-95832A05.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-A6B545E0.pf + - \WINDOWS\prefetch\TEXTINPUTHOST.EXE-E14D757C.pf + - \WINDOWS\prefetch\TIWORKER.EXE-0557EEAE.pf + - \WINDOWS\prefetch\TIWORKER.EXE-5883C58B.pf + - \WINDOWS\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf + - \WINDOWS\prefetch\UHSSVC.EXE-EC246342.pf + - \WINDOWS\prefetch\UNINST.EXE-AB33EE5F.pf + - \WINDOWS\prefetch\UN_A.EXE-B491018D.pf + - \WINDOWS\prefetch\USERINIT.EXE-2257A3E7.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-2F987293.pf + - \WINDOWS\prefetch\VCREDIST_X64.EXE-688FA460.pf + - \WINDOWS\prefetch\VCREDIST_X86.EXE-31AAC3A7.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-8052665B.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-B363F05B.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-C05C0B94.pf + - \WINDOWS\prefetch\VC_REDIST.X64.EXE-D51BBA8E.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-0E0F319B.pf + - \WINDOWS\prefetch\VC_REDIST.X86.EXE-5E66990C.pf + - \WINDOWS\prefetch\VMTOOLSD.EXE-CD82EC13.pf + - \WINDOWS\prefetch\VMWARE-TOOLS-12.3.5-22544099--5DDD6B5C.pf + - \WINDOWS\prefetch\VMWARERESOLUTIONSET.EXE-79C811DD.pf + - \WINDOWS\prefetch\VMWARETOOLBOXCMD.EXE-C33722D4.pf + - \WINDOWS\prefetch\VSSADMIN.EXE-9FF2C6A1.pf + - \WINDOWS\prefetch\VSSVC.EXE-B8AFC319.pf + - \WINDOWS\prefetch\WERFAULT.EXE-F416D6BC.pf + - \WINDOWS\prefetch\WERMGR.EXE-0F2AC88C.pf + - \WINDOWS\prefetch\WEVTUTIL.EXE-EF5861C4.pf + - \WINDOWS\prefetch\WINDOWS-KB890830-X64-V5.120.E-CE0D2CE5.pf + - \WINDOWS\prefetch\WINLOGON.EXE-B020DC41.pf + - \WINDOWS\prefetch\WINSAT.EXE-DE36CB46.pf + - \WINDOWS\prefetch\WLRMDR.EXE-C2B47318.pf + - \WINDOWS\prefetch\WMIADAP.EXE-F8DFDFA2.pf + - \WINDOWS\prefetch\WMIAPSRV.EXE-29F35ED0.pf + - \WINDOWS\prefetch\WMIC.EXE-A7D06383.pf + - \WINDOWS\prefetch\WMIPRVSE.EXE-1628051C.pf + - \WINDOWS\prefetch\WORDPAD.EXE-D7FD7414.pf + - \WINDOWS\prefetch\WSCRIPT.EXE-52CF1F0C.pf + - \WINDOWS\prefetch\WUAUCLT.EXE-70318591.pf + - \WINDOWS\prefetch\WUDFHOST.EXE-AFFEF87C.pf + - \WINDOWS\prefetch\WWAHOST.EXE-3FD45057.pf + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information available on the remote host via WMI. +wmi_enum_encryptable_volumes.nbin +2024/01/16 +WMI Encryptable Volume Enumeration +2010/12/15 +local +None +1.210 +http://www.nessus.org/u?8aa7973e +n/a +The remote Windows host has encryptable volumes available. + +Here is a list of encryptable volumes available on the remote system : + ++ DriveLetter C: + + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{bd6fdf66-0000-0000-0000-501f00000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 58.68 GB + ++ DriveLetter D: + + - Automatic Unlock : Disabled + - BitLocker Version : None + - Conversion Status : Fully Decrypted + - DeviceID : \\?\Volume{f27f206d-0000-0000-0000-100000000000}\ + - Encryption Method : None + - Identification Field : None + - Key Protectors : None Found + - Lock Status : Unlocked + - Percentage Encrypted : 0.0% + - Protection Status : Protection Off + - Size : 50.00 GB + + + +730 days + +CEA-2020-0101 +cpe:/o:microsoft:windows +CVE-2020-1574 +7.3 +6.4 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H +3.6 +6.9 +CVE-2020-1574 +5.1 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C +The Windows 'WebP Image Extension' or 'WebP from Device Manufacturer' app installed on the remote host is affected by a remote code execution vulnerability. +An unauthenticated, remote attacker can exploit this vulnerability via an specially crafted image to execute code and gain control of the system. +Unproven +No known exploits are available +smb_nt_ms20_aug_webp_rce.nasl +2020-A-0361-S +2020/08/14 +2022/12/05 +Microsoft Windows WebP Image Extension RCE (August 2020) +2020/09/15 +local +Low +Medium +1.6 +http://www.nessus.org/u?f2638e5b +Upgrade to app version 1.0.31251.0 or later via the Microsoft Store. +I +The Windows app installed on the remote host is affected by a Remote Code Execution Vulnerability. +Very Low +No recorded events +No recorded events +4.4 +2020/08/14 +IAVA:2020-A-0361-S +CEA-ID:CEA-2020-0101 + + Path : C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.30634.0_x64__8wekyb3d8bbwe + Installed version : 1.0.30634.0 + Fixed version : 1.0.31251.0 + + + +730 days + +CEA-2020-0126 +cpe:/o:microsoft:windows +CVE-2020-16918 +CVE-2020-17003 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +9.3 +CVE-2020-16918 +6.9 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The Microsoft 3D Viewer app installed on the remote host is affected by a code execution vulnerability when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. +Unproven +No known exploits are available +smb_nt_ms20_oct_3d_viewer.nasl +2020/10/13 +2022/12/05 +Microsoft 3D Viewer Base3D Code Execution (October 2020) +2020/10/13 +local +Low +High +1.5 +http://www.nessus.org/u?4a0fa39f +http://www.nessus.org/u?baf22b1a +https://www.zerodayinitiative.com/advisories/ZDI-20-1246/ +Upgrade to app version 7.2009.29132.0 or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a code execution vulnerability. +Very Low +No recorded events +No recorded events +5.9 +2020/10/13 +ZDI:ZDI-20-1246 +CEA-ID:CEA-2020-0126 +ZDI-20-1246 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : 7.2009.29132.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-43905 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-43905 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Microsoft 365 (Office)' app installed on the remote host is affected by a code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms21_dec_officehub_app.nasl +2021-A-0584-S +2021/12/14 +2023/07/19 +Microsoft 365 (Office) App Code Execution (December 2021) +2023/07/18 +local +Low +Medium +1.1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905 +Upgrade to app version 18.2110.13110.0, or later via the Microsoft Store. +I +The Windows app installed on the remote host is affected by a code execution vulnerability. +Very Low +No recorded events +No recorded events +8.1 +2021/12/14 +IAVA:2021-A-0584-S + + Installed version : 17.10314.31700.1000 + Fixed version : 18.2110.13110.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-31942 +CVE-2021-31943 +CVE-2021-31944 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-31943 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows '3D Viewer' app installed on the remote host is affected by multiple vulnerabilities. + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-31942, CVE-2021-31943) + - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-31944) +true +Functional +Exploits are available +smb_nt_ms21_june_3dviewer.nasl +2021/06/08 +2023/12/27 +Microsoft 3D Viewer Multiple Vulnerabilities (June 2021) +2021/06/08 +local +Low +Medium +1.3 +http://www.nessus.org/u?e914ff80 +http://www.nessus.org/u?5257edc0 +http://www.nessus.org/u?bdd18cf9 +Upgrade to app version 7.2105.4012.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by multiple vulnerabilties. +Very Low +No recorded events +No recorded events +7.4 +2021/06/08 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : 7.2105.4012.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-31945 +CVE-2021-31946 +CVE-2021-31983 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-31983 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Paint 3D' app installed on the remote host is affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. +true +Unproven +Exploits are available +smb_nt_ms21_june_mspaint3d.nasl +2021/06/08 +2023/12/27 +Microsoft Paint 3D Multiple Vulnerabilities (June 2021) +2021/06/08 +local +Low +Medium +1.4 +http://www.nessus.org/u?941966fe +http://www.nessus.org/u?a40919a7 +http://www.nessus.org/u?99b641c8 +Upgrade to app version 6.2105.4017.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/06/08 + + Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Installed version : 6.1907.18017.0 + Fixed version : 6.2105.4017.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-28465 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-28465 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Web Media Extensions' app installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. (CVE-2021-28465) +true +Unproven +Exploits are available +smb_nt_ms21_may_web_media.nasl +2021/05/11 +2024/01/02 +Microsoft Windows Web Media Extensions Library RCE (May 2021) +2021/05/11 +local +Low +Medium +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28465 +Upgrade to app version 1.0.40831.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2021/05/11 + + Path : C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe + Installed version : 1.0.20875.0 + Fixed version : 1.0.40831.0 + + + +730 days + +cpe:/o:microsoft:windows +CVE-2021-43208 +CVE-2021-43209 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-43209 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of the Microsoft 3D Viewer app installed on the remote host is prior to 7.2107.7012.0. It is, therefore, affected by multiple remote code execution vulnerabilities. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms21_november_3dviewer.nasl +2021/11/09 +2023/11/24 +Microsoft 3D Viewer Multiple Vulnerabilities (November 2021) +2021/11/09 +local +Low +Medium +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43208 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43209 +Upgrade to app version 7.2107.7012.0., or later via the Microsoft Store. +The Windows app installed on the remote host is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/11/09 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : 7.2107.7012.0 + + + +365 - 730 days +cpe:/o:microsoft:windows +CVE-2022-24457 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-24457 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows HEIF Image Extension app installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. +Unproven +No known exploits are available +smb_nt_ms22_mar_heif.nasl +2022/03/08 +2022/03/09 +Microsoft Windows HEIF Image Extensions RCE (March 2022) +2022/03/08 +local +Low +Medium +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24457 +Upgrade to app version 1.0.43012.0 or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2022/03/08 + + Path : C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.30722.0_x64__8wekyb3d8bbwe + Installed version : 1.0.30722.0 + Fixed version : 1.0.43012.0 + + + +365 - 730 days +cpe:/o:microsoft:windows +CVE-2022-23282 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-23282 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The Windows 'Paint 3D' app installed on the remote host is affected by a code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file. +Unproven +No known exploits are available +smb_nt_ms22_mar_mspaint3d.nasl +2022/03/08 +2022/03/09 +Microsoft Paint 3D Code Execution (March 2022) +2022/03/08 +local +Low +Medium +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23282 +Upgrade to app version 6.2105.4017.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by a code execution vulnerability.. +Very Low +No recorded events +No recorded events +6.7 +2022/03/08 + + Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Installed version : 6.1907.18017.0 + Fixed version : 6.2105.4017.0 + + + +180 - 365 days +cpe:/o:microsoft:windows +cpe:/a:microsoft:3d_builder +CVE-2023-23377 +CVE-2023-23390 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-23390 +6.0 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Builder app installed on the remote Windows host is prior to 20.0.3.0. It is, therefore, affected by multiple unspecified remote code execution vulnerabilities. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms23_feb_3d_builder.nasl +2023-A-0094-S +2023/02/14 +2023/09/15 +Microsoft 3D Builder app Multiple Remote Code Execution Vulnerabilities (February 2023) +2023/02/16 +local +Low +High +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23377 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23390 +Update to the latest Microsoft 3D Builder app via the Windows App Store. +I +The Microsoft 3D Builder app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/14 +IAVA:2023-A-0094-S + + Path : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Installed version : 18.0.1931.0 + Fixed version : Update to the latest Microsoft 3D Builder app via the Microsoft Store. + + + +365 - 730 days +cpe:/o:microsoft:windows +CVE-2023-21780 +CVE-2023-21781 +CVE-2023-21782 +CVE-2023-21783 +CVE-2023-21784 +CVE-2023-21785 +CVE-2023-21786 +CVE-2023-21787 +CVE-2023-21788 +CVE-2023-21789 +CVE-2023-21790 +CVE-2023-21791 +CVE-2023-21792 +CVE-2023-21793 +7.8 +7.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-21793 +6.0 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Builder app installed on the remote Windows host is prior or equal to 18.0.1931.0. It is, therefore, affected by multiple unspecified remote code execution vulnerabilities. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +smb_nt_ms23_jan_3d_builder.nasl +2023/01/10 +2023/09/08 +Microsoft 3D Builder app Multiple Remote Code Execution Vulnerabilities (January 2023) +2023/01/10 +local +Low +High +1.3 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21780 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21781 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21782 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21783 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21784 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21785 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21786 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21787 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21788 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21789 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21790 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21791 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21792 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21793 +Update to the latest Microsoft 3D Builder app via the Windows App Store once updates are available. +The Microsoft 3D Builder app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2023/01/10 + + Path : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Installed version : 18.0.1931.0 + Fixed version : Update to the latest Microsoft 3D Builder app via the Microsoft Store once updates are available. + + + +180 - 365 days +cpe:/o:microsoft:windows +CVE-2023-32047 +CVE-2023-35374 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-35374 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The Windows 'Paint 3D' app installed on the remote host is affected by multiple code execution vulnerabilities. An attacker who successfully exploited one of the vulnerabilities could execute arbitrary code. Exploitation of the vulnerabilities requires that a program process a specially crafted file. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms23_jul_mspaint3d.nasl +2023/07/11 +2023/07/14 +Microsoft Paint 3D Code Execution (July 2023) +2023/07/13 +local +Low +High +1.1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32047 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35374 +Upgrade to app version 6.2305.16087.0, or later via the Microsoft Store. +The Windows app installed on the remote host is affected by code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/11 + + Path : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Installed version : 6.1907.18017.0 + Fixed version : 6.2305.16087.0 + + + +60 - 180 days +cpe:/o:microsoft:windows +cpe:/a:microsoft:3d_builder +CVE-2023-36770 +CVE-2023-36771 +CVE-2023-36772 +CVE-2023-36773 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-36773 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Builder app installed on the remote Windows host is prior to 20.0.4.0. It is, therefore, affected by multiple remote code execution vulnerabilities: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36770, CVE-2023-36771, CVE-2023-36772, CVE-2023-36773) +false +Unproven +No known exploits are available +smb_nt_ms23_sep_3d_builder.nasl +2023-A-0484 +2023/02/14 +2023/10/27 +Microsoft 3D Builder app Multiple Remote Code Execution Vulnerabilities (September 2023) +2023/09/12 +local +Low +High +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773 +Update to the latest Microsoft 3D Builder app via the Windows App Store. +I +The Microsoft 3D Builder app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/14 +IAVA:2023-A-0484 + + Path : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Installed version : 18.0.1931.0 + Fixed version : Update to the latest Microsoft 3D Builder app via the Microsoft Store. + + + +60 - 180 days +cpe:/o:microsoft:windows +cpe:/a:microsoft:3d_builder +CVE-2022-41303 +CVE-2023-36739 +CVE-2023-36740 +CVE-2023-36760 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-36760 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The version of the Microsoft 3D Viewer app installed on the remote Windows host is prior to 20.0.3.0. It is, therefore, affected by multiple unspecified remote code execution vulnerabilities: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36739, CVE-2023-36740, CVE-2023-36760) +Unproven +No known exploits are available +smb_nt_ms23_sep_3d_viewer.nasl +2023/09/11 +2023/10/23 +Microsoft 3D Viewer app Multiple Remote Code Execution Vulnerabilities (September 2023) +2023/09/12 +local +Low +High +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760 +Update to the latest Microsoft 3D Viewer app via the Windows App Store. +The Microsoft 3D Viewer app installed on the remote host is affected by multiple remote code execution vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/09/11 + + Path : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Installed version : 7.1908.9012.0 + Fixed version : Update to the latest Microsoft 3D Viewer app via the Microsoft Store. + + + +180 - 365 days +cpe:/a:microsoft:snip_and_sketch +CVE-2023-28303 +3.3 +2.9 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N +1.4 +2.1 +CVE-2023-28303 +1.6 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N +An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11) where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the cropped image file. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +windows_acropalypse_cve-2023-28303.nasl +2023/03/24 +2023/06/14 +Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse) +2023/06/13 +remote +Low +Low +1.1 +http://www.nessus.org/u?ad297874 +Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later. +The remote web server hosts an application that is affected by an information disclosure vulnerability. +Very Low +No recorded events +No recorded events +1.4 +2023/03/24 + + Path : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe + Installed version : 10.1907.2471.0 + Fixed version : 10.2008.3001.0 + + + +True +software_enumeration +cpe:/o:microsoft:windows +This plugin connects to the remote Windows host with the supplied credentials and uses WMI and Powershell to enumerate applications installed on the host from the Windows Store. +wmi_enum_windows_app_store.nbin +2024/01/16 +Windows Store Application Enumeration +2015/09/02 +local +None +1.232 +https://www.microsoft.com/en-us/store/apps +n/a +It is possible to obtain the list of applications installed from the Windows Store. + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.15063.608 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -CortanaListenUIApp + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -DesktopLearning + Version : 1000.15063.0.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -DesktopView + Version : 1000.15063.0.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.15063.608 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -EnvironmentsApp + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.15063.608 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.PPIProjection + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.HolographicFirstRun + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.15063.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.15063.0.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.ContactSupport + Version : 10.0.15063.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.PrintDialog + Version : 6.2.0.0 + InstallLocation : C:\Windows\PrintDialog + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Appconnector + Version : 1.3.3.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.24903.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.24903.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.6 + Version : 1.6.24903.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.6 + Version : 1.6.24903.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.25426.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.25426.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingFinance + Version : 4.26.12334.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.25531.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftOfficeHub + Version : 17.10314.31700.1000 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.25531.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftSolitaireCollection + Version : 4.2.8172.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingSports + Version : 4.25.11802.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingSports_4.25.11802.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsPhone + Version : 10.1802.311.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxSpeechToTextOverlay + Version : 1.21.13002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Office.OneNote + Version : 16001.11001.20079.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.HolographicFirstRun + Version : 10.0.17134.1 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -windows.immersivecontrolpanel + Version : 10.0.2.1000 + InstallLocation : C:\Windows\ImmersiveControlPanel + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.0 + Version : 2.1810.18004.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.19011.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.19011.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.0 + Version : 2.1810.18004.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.27328.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.27328.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.6_1.6.27413.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27405.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.6 + Version : 1.6.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.6_1.6.27413.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27405.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27323.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.19011.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.19011.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.27413.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27323.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27629.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27629.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Advertising.Xaml + Version : 10.1811.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Advertising.Xaml + Version : 10.1811.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxApp + Version : 48.55.9001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxApp_48.55.9001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingWeather + Version : 4.31.11905.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.1 + Version : 2.11906.6001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.1 + Version : 2.11906.6001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsAlarms + Version : 10.1903.1006.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1903.1006.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.SkypeApp + Version : 14.48.51.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c + Architecture : X64 + Publisher : CN=Skype Software Sarl, O=Microsoft Corporation, L=Luxembourg, S=Luxembourg, C=LU + + -microsoft.windowscommunicationsapps + Version : 16005.11629.20316.0 + InstallLocation : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Messaging + Version : 4.1901.10241.1000 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.OneConnect + Version : 5.1906.1791.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxIdentityProvider + Version : 12.54.26001.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsSoundRecorder + Version : 10.1902.633.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1902.633.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameOverlay + Version : 1.43.12001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.43.12001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsFeedbackHub + Version : 1.1903.1582.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1903.1582.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingNews + Version : 4.31.11905.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.PrintDialog + Version : 6.2.1.0 + InstallLocation : C:\Windows\PrintDialog + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Advertising.Xaml + Version : 10.1808.3.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Getstarted + Version : 7.3.20251.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Getstarted_7.3.20251.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftStickyNotes + Version : 3.1.53.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.53.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.25531.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.1.7 + Version : 1.7.25531.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.26706.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.26706.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Wallet + Version : 2.4.18324.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MSPaint + Version : 6.1907.18017.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.3DBuilder + Version : 18.0.1931.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WebMediaExtensions + Version : 1.0.20875.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Cortana + Version : 1.13.0.18362 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27810.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27810.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27912.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.27912.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ScreenSketch + Version : 10.1907.2471.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Microsoft3DViewer + Version : 7.1908.9012.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.1908.9012.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.People + Version : 10.1909.2812.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.People_10.1909.2812.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27810.0 + InstallLocation : + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.27810.0 + InstallLocation : + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AAD.BrokerPlugin + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge + Version : 44.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.PPIProjection + Version : 10.0.18362.449 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CallingShellApp + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CloudExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ContentDeliveryManager + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ShellExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -InputApp + Version : 1000.18362.449.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AsyncTextService + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ECApp + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdgeDevToolsClient + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Win32WebViewHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CapturePicker + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.NarratorQuickStart + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PeopleExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PinningConfirmationDialog + Version : 1000.18362.449.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.StartMenuExperienceHost + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.XGpuEjectDialog + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.CBSPreview + Version : 10.0.18362.449 + InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsMaps + Version : 5.1909.2813.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1909.2813.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ZuneMusic + Version : 10.19101.10711.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ZuneVideo + Version : 10.19101.10711.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.28604.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.2.2 + Version : 2.2.28604.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.27422.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Runtime.1.7 + Version : 1.7.27422.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.2 + Version : 2.21909.17002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.2 + Version : 2.21909.17002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.DesktopAppInstaller + Version : 1.0.32912.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.32912.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsCalculator + Version : 10.1910.0.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsCamera + Version : 2019.926.30.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2019.926.30.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WebpImageExtension + Version : 1.0.30634.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.30634.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.HEIFImageExtension + Version : 1.0.30722.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.30722.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsStore + Version : 12004.1001.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Photos + Version : 2020.19111.24110.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.StorePurchaseApp + Version : 12004.1001.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12004.1001.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -InputApp + Version : 1000.18362.1593.0 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AAD.BrokerPlugin + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AsyncTextService + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ECApp + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdgeDevToolsClient + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge + Version : 44.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.PPIProjection + Version : 10.0.18362.1593 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CallingShellApp + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CapturePicker + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CloudExperienceHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ContentDeliveryManager + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Cortana + Version : 1.13.2.18362 + InstallLocation : + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PinningConfirmationDialog + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ShellExperienceHost + Version : 10.0.18362.1916 + InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.18362.1593.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Win32WebViewHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.NarratorQuickStart + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PeopleExperienceHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.StartMenuExperienceHost + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.XGpuEjectDialog + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.CBSPreview + Version : 10.0.18362.1593 + InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.4 + Version : 2.42007.9001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.4 + Version : 2.42007.9001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.29512.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.NET.Native.Framework.2.2 + Version : 2.2.29512.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.3 + Version : 2.32002.13001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.3 + Version : 2.32002.13001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameOverlay + Version : 1.54.4001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.7 + Version : 7.2208.15002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.7 + Version : 7.2208.15002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingSports + Version : 4.54.31792.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingSports_4.54.31792.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.32530.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingFinance + Version : 4.53.51973.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingFinance_4.53.51973.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Search + Version : 1.14.10.19041 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -AdobeAcrobatReaderCoreApp + Version : 23.0.0.0 + InstallLocation : C:\Program Files\WindowsApps\AdobeAcrobatReaderCoreApp_23.0.0.0_x64__pc75e8sa7ep4e + Architecture : X64 + Publisher : CN=Adobe Inc., OU=Adobe Inc., O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US + + -Microsoft.BingNews + Version : 4.55.62231.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingNews_4.55.62231.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.549981C3F5F10 + Version : 4.2308.1005.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.3DBuilder + Version : 20.0.4.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.3DBuilder_20.0.4.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BingWeather + Version : 4.53.52331.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.52331.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.8 + Version : 8.2310.30001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.8 + Version : 8.2310.30001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsAppRuntime.1.3 + Version : 3000.934.1904.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsAppRuntime.1.3 + Version : 3000.934.1904.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge + Version : 44.19041.3570.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxApp + Version : 48.104.4001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxApp_48.104.4001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.23012.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.23012.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Services.Store.Engagement + Version : 10.0.23012.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.23012.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33321.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00.UWPDesktop + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33321.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge.Stable + Version : 121.0.2277.83 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_121.0.2277.83_neutral__8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33321.0_x86__8wekyb3d8bbwe + Architecture : X86 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.33321.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33321.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsAlarms + Version : 11.2312.2.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_11.2312.2.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Photos + Version : 2024.11010.10002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11010.10002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsSoundRecorder + Version : 10.2103.28.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.2103.28.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ZuneVideo + Version : 10.22091.10051.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsFeedbackHub + Version : 1.2309.12711.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2309.12711.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MSPaint + Version : 6.2310.24037.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2310.24037.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -microsoft.windowscommunicationsapps + Version : 16005.14326.21792.0 + InstallLocation : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21792.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.People + Version : 10.2202.33.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.People_10.2202.33.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Office.OneNote + Version : 16001.14326.21738.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.21738.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsMaps + Version : 11.2311.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsMaps_11.2311.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.OneConnect + Version : 5.2308.2294.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.OneConnect_5.2308.2294.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxIdentityProvider + Version : 12.95.3001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.95.3001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WebMediaExtensions + Version : 1.0.62931.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.62931.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.DesktopAppInstaller + Version : 1.21.3482.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.3482.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Getstarted + Version : 10.2312.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2312.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftOfficeHub + Version : 18.2311.1071.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2311.1071.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.StorePurchaseApp + Version : 22312.1401.1.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22312.1401.1.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsStore + Version : 22312.1401.5.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsStore_22312.1401.5.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ScreenSketch + Version : 10.2008.3001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.3001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsCalculator + Version : 11.2311.0.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.WindowsCamera + Version : 2023.2312.3.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2023.2312.3.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.SkypeApp + Version : 15.111.3607.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c + Architecture : X64 + Publisher : CN=Skype Software Sarl, O=Microsoft Corporation, L=Luxembourg, S=Luxembourg, C=LU + + -Microsoft.Microsoft3DViewer + Version : 7.2311.30032.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_7.2311.30032.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AAD.BrokerPlugin + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AsyncTextService + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ECApp + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdgeDevToolsClient + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Win32WebViewHost + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.AssignedAccessLockApp + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CallingShellApp + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CapturePicker + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CloudExperienceHost + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ContentDeliveryManager + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.NarratorQuickStart + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ParentalControls + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PeopleExperienceHost + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PinningConfirmationDialog + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecureAssessmentBrowser + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ShellExperienceHost + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.StartMenuExperienceHost + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.XGpuEjectDialog + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.XboxGameCallableUI + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -MicrosoftWindows.Client.CBS + Version : 1000.19053.1000.0 + InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy + Architecture : X64 + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -MicrosoftWindows.UndockedDevKit + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -NcsiUwpApp + Version : 1000.19041.3636.0 + InstallLocation : C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.CBSPreview + Version : 10.0.19041.3636 + InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-WTYPF + +Note that all but the final portion of the key has been obfuscated. + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_WKS1-Soteria.csv : lists the loaded modules for each process. + +2708705132761e1345b4fa8997586431 + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- Memory Compression (2072) + 0 : |- smss.exe (344) + 0 : GoogleCrashHandler.exe (1208) + 0 : GoogleCrashHandler64.exe (1212) + 0 : csrss.exe (436) + 0 : wininit.exe (512) + 0 : |- services.exe (656) + 0 : |- svchost.exe (1028) + 0 : |- svchost.exe (1060) + 0 : |- svchost.exe (1100) + 0 : |- svchost.exe (1140) + 0 : |- svchost.exe (1160) + 0 : |- svchost.exe (1188) + 0 : |- svchost.exe (1344) + 0 : |- svchost.exe (1412) + 0 : |- svchost.exe (1472) + 0 : |- svchost.exe (1488) + 0 : |- svchost.exe (1528) + 0 : |- svchost.exe (1556) + 0 : |- svchost.exe (1668) + 0 : |- svchost.exe (1728) + 0 : |- dasHost.exe (1884) + 0 : |- svchost.exe (1772) + 0 : |- svchost.exe (1876) + 0 : |- svchost.exe (1984) + 0 : |- svchost.exe (1992) + 0 : |- svchost.exe (2004) + 0 : |- svchost.exe (2016) + 0 : |- WUDFHost.exe (2024) + 0 : |- SgrmBroker.exe (2032) + 0 : |- svchost.exe (2056) + 0 : |- svchost.exe (2116) + 0 : |- svchost.exe (2144) + 0 : |- svchost.exe (2200) + 0 : |- svchost.exe (2236) + 0 : |- svchost.exe (2288) + 0 : |- svchost.exe (2368) + 0 : |- svchost.exe (2380) + 0 : |- svchost.exe (2444) + 0 : |- svchost.exe (2460) + 0 : |- svchost.exe (2528) + 0 : |- uhssvc.exe (2596) + 0 : |- svchost.exe (2608) + 0 : |- svchost.exe (2648) + 0 : |- svchost.exe (2696) + 0 : |- svchost.exe (2724) + 0 : |- svchost.exe (2736) + 0 : |- svchost.exe (2744) + 0 : |- svchost.exe (2844) + 0 : |- spoolsv.exe (2872) + 0 : |- svchost.exe (2952) + 0 : |- svchost.exe (3080) + 0 : |- svchost.exe (3088) + 0 : |- svchost.exe (3156) + 0 : |- svchost.exe (3228) + 0 : |- svchost.exe (3236) + 0 : |- svchost.exe (3312) + 0 : |- svchost.exe (3320) + 0 : |- svchost.exe (3340) + 0 : |- svchost.exe (3504) + 0 : |- armsvc.exe (3520) + 0 : |- svchost.exe (3532) + 0 : |- svchost.exe (3544) + 0 : |- svchost.exe (3568) + 0 : |- svchost.exe (3576) + 0 : |- svchost.exe (3660) + 0 : |- VGAuthService.exe (3720) + 0 : |- vm3dservice.exe (3728) + 1 : |- vm3dservice.exe (4112) + 0 : |- svchost.exe (3740) + 0 : |- vmtoolsd.exe (3748) + 0 : |- svchost.exe (3764) + 0 : |- MsMpEng.exe (3768) + 0 : |- svchost.exe (3800) + 0 : |- svchost.exe (3808) + 0 : |- svchost.exe (3836) + 0 : |- svchost.exe (3972) + 0 : |- svchost.exe (400) + 0 : |- svchost.exe (4284) + 0 : |- dllhost.exe (4568) + 0 : |- svchost.exe (4848) + 0 : |- msdtc.exe (4920) + 0 : |- SearchIndexer.exe (5016) + 0 : |- svchost.exe (5368) + 0 : |- svchost.exe (5676) + 0 : |- NisSrv.exe (5800) + 0 : |- svchost.exe (6124) + 0 : |- svchost.exe (780) + 0 : |- WmiPrvSE.exe (1692) + 0 : |- WmiPrvSE.exe (4340) + 0 : |- WmiPrvSE.exe (4856) + 0 : |- svchost.exe (896) + 0 : |- svchost.exe (944) + 0 : |- svchost.exe (948) + 0 : |- lsass.exe (676) + 0 : |- fontdrvhost.exe (796) + 1 : csrss.exe (520) + 1 : winlogon.exe (588) + 1 : |- LogonUI.exe (1016) + 1 : |- dwm.exe (276) + 1 : |- fontdrvhost.exe (804) + 0 : Registry (92) + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : Phoenix Technologies LTD + Version : 6.00 + Release date : 20201112000000.000000+000 + UUID : 44C14D56-4BEE-94BE-1A33-9FF47413CBE7 + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +55969ce0c5f966fcf930be10a0d65fa7 + + +windows +cpe:/o:microsoft:windows +Nessus was able to enumerate the directory paths that users visited by manually typing the full directory path into Windows Explorer. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices. +microsoft_windows_explorer_typespaths.nasl +2018/11/15 +Windows Explorer Typed Paths +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?f92f6e9f +n/a +Nessus was able to enumerate the directory paths that users visited by typing the full directory path into Windows Explorer. +C:\LD\Google +C:\ld\ie + +Extended explorer typed paths report attached. + +655d09074e7b3e749870f217f1a3bfc2 + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +fcb243509ee927681e7e82eac4ed0b04 + + +windows +cpe:/a:microsoft:office +Nessus was able to gather evidence of files that were opened using any Microsoft Office application. The report was extracted from Office MRU (Most Recently Used) registry keys. +microsoft_windows_office_recent.nasl +2018/11/15 +Microsoft Office File History +2016/07/19 +local +None +1.6 +https://products.office.com/en-US/ +https://www.taksati.org/mru/ +n/a +Nessus was able to enumerate files opened in Microsoft Office on the remote host. +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\Cinnabon\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\index.dat +C:\\Users\DEGTHAT\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK + +User AppData recent used file report attached + +00f2207cede5535886fae679bd7e7d23 + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@c:\windows\system32\snippingtool.exe,-15051 : Snipping Tool +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@iphlpsvc.dll,-503 : Core Networking - Teredo (ICMPv6-Out) +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@c:\windows\system32\ieframe.dll,-10046 : Internet Shortcut +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\fhsvc.dll,-101 : File History Service +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@%windir%\system32\mstsc.exe,-4001 : Use your computer to connect to a computer that is located elsewhere and run programs or access files. +@%systemroot%\system32\snippingtool.exe,-15052 : Capture a portion of your screen so you can save, annotate, or share the image. +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\gameinputsvc.exe,-101 : GameInput Service +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@c:\windows\system32\windows.storage.dll,-10152 : File folder +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\quickassist.exe,-807 : Connect to another user's computer to help troubleshoot problems +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\gameinputsvc.exe,-102 : Enables keyboards, mice, gamepads, and other input devices to be used with the GameInput API. +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@c:\windows\system32\quickassist.exe,-806 : Quick Assist +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@c:\windows\system32\ieframe.dll,-12385 : Favorites Bar +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@iphlpsvc.dll,-502 : Core Networking - Teredo (ICMPv6-In) +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@c:\windows\system32\xpsrchvw.exe,-106 : XPS Document +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +@%systemroot%\system32\cloudidsvc.dll,-100 : Microsoft Cloud Identity Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +@%systemroot%\system32\browser.dll,-101 : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\smsroutersvc.dll,-10001 : Microsoft Windows SMS Router Service. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@c:\windows\system32\snippingtool.exe,-15051 : Snipping Tool +@%systemroot%\system32\xboxgipsvc.dll,-101 : This service manages connected Xbox Accessories. +@%systemroot%\system32\languageoverlayserver.dll,-100 : Language Experience Service +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\fhsvc.dll,-102 : Protects user files from accidental loss by copying them to a backup location +@%systemroot%\system32\xblauthmanager.dll,-100 : Xbox Live Auth Manager +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%systemroot%\system32\xboxnetapisvc.dll,-101 : This service supports the Windows.Networking.XboxLive application programming interface. +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-102 : Enables spatial perception simulation, virtual camera management and spatial input simulation. +@%systemroot%\system32\ncdautosetup.dll,-101 : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. +@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile. +@%systemroot%\system32\xboxnetapisvc.dll,-100 : Xbox Live Networking Service +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\sharedrealitysvc.dll,-100 : Spatial Data Service +@iphlpsvc.dll,-503 : Core Networking - Teredo (ICMPv6-Out) +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\fxsresm.dll,-122 : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\xboxgipsvc.dll,-100 : Xbox Accessory Management Service +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\keyboardfiltersvc.dll,-102 : Controls keystroke filtering and mapping +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\drivers\ndu.sys,-10001 : Windows Network Data Usage Monitoring Driver +@%systemroot%\system32\wlansvc.dll,-258 : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\spectrum.exe,-101 : Windows Perception Service +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\diagsvc.dll,-100 : Diagnostic Execution Service +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wwansvc.dll,-258 : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. +@%systemroot%\system32\windows.management.service.dll,-101 : Performs management including Provisioning and Enrollment activities +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@%systemroot%\system32\dusmsvc.dll,-2 : Network data usage, data limit, restrict background data, metered networks. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\autotimesvc.dll,-7 : This service sets time based on NITZ messages from a Mobile Network +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\windows.management.service.dll,-100 : Windows Management Service +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\wcncsvc.dll,-4 : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\drivers\gpuenergydrv.sys,-100 : GPU Energy Driver +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\aarsvc.dll,-100 : Agent Activation Runtime +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\fxsresm.dll,-118 : Fax +@%systemroot%\system32\assignedaccessmanagersvc.dll,-100 : AssignedAccessManager Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\microsoft.bluetooth.userservice.dll,-101 : Bluetooth User Support Service +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@c:\windows\system32\ieframe.dll,-10046 : Internet Shortcut +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\firewallapi.dll,-53500 : Recommended Troubleshooting +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\provsvc.dll,-202 : HomeGroup +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@%systemroot%\system32\wscsvc.dll,-201 : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\xblauthmanager.dll,-101 : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\wfdsconmgrsvc.dll,-9001 : Manages connections to wireless services, including wireless display and docking. +@%systemroot%\system32\wwansvc.dll,-257 : WWAN AutoConfig +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\rdxservice.dll,-256 : Retail Demo Service +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\wfdsconmgrsvc.dll,-9000 : Wi-Fi Direct Services Connection Manager Service +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\sdrsvc.dll,-107 : Windows Backup +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\aphostres.dll,-10002 : Sync Host +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\webclnt.dll,-100 : WebClient +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%systemroot%\system32\drivers\iorate.sys,-101 : Disk I/O Rate Filter Driver +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mixedrealityruntime.dll,-102 : Enables Mixed Reality OpenXR runtime functionality +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\drivers\vwififlt.sys,-259 : Virtual WiFi Filter Driver +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\spectrum.exe,-102 : Enables spatial perception, spatial input, and holographic rendering. +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\firewallapi.dll,-60501 : Cloud Identity +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\pnrpsvc.dll,-8004 : Peer Networking Identity Manager +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\diagsvc.dll,-101 : Executes diagnostic actions for troubleshooting support +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\fhsvc.dll,-101 : File History Service +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service +@%systemroot%\system32\webclnt.dll,-101 : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wbengine.exe,-105 : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@%windir%\system32\mstsc.exe,-4001 : Use your computer to connect to a computer that is located elsewhere and run programs or access files. +@%systemroot%\system32\snippingtool.exe,-15052 : Capture a portion of your screen so you can save, annotate, or share the image. +@%systemroot%\system32\sdrsvc.dll,-102 : Provides Windows Backup and Restore capabilities. +@%systemroot%\system32\naturalauth.dll,-101 : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\xblgamesave.dll,-101 : This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live. +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\dialogblockingservice.dll,-101 : Dialog Blocking Service +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\ipxlatcfg.dll,-500 : IP Translation Configuration Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\gameinputsvc.exe,-101 : GameInput Service +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer. +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\xblgamesave.dll,-100 : Xbox Live Game Save +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\mitigationclient.dll,-103 : Recommended Troubleshooting Service +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\lpasvc.dll,-1000 : Local Profile Assistant Service +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@wifidisplay.dll,-100 : Wireless Display +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\workfolderssvc.dll,-101 : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders. +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\wpcrefreshtask.dll,-100 : Parental Controls +@%systemroot%\system32\bdesvc.dll,-100 : BitLocker Drive Encryption Service +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\wbengine.exe,-104 : Block Level Backup Engine Service +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@c:\windows\system32\windows.storage.dll,-10152 : File folder +@%systemroot%\system32\peerdistsvc.dll,-9001 : This service caches network content from peers on the local subnet. +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\wlansvc.dll,-257 : WLAN AutoConfig +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@wlansvc.dll,-36864 : WLAN Service - WFD Application Services Platform Coordination Protocol (Uses UDP) +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\bcastdvruserservice.dll,-100 : GameDVR and Broadcast User Service +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\naturalauth.dll,-100 : Natural Authentication +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device. +@%systemroot%\system32\pnrpauto.dll,-8002 : PNRP Machine Name Publication Service +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@comres.dll,-2797 : Distributed Transaction Coordinator +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\quickassist.exe,-807 : Connect to another user's computer to help troubleshoot problems +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\gameinputsvc.exe,-102 : Enables keyboards, mice, gamepads, and other input devices to be used with the GameInput API. +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\messagingservice.dll,-100 : MessagingService +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver +@%systemroot%\system32\wpcrefreshtask.dll,-101 : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced. +@%systemroot%\system32\fveui.dll,-843 : BitLocker Drive Encryption +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection +@%systemroot%\system32\lpasvc.dll,-1001 : This service provides profile management for subscriber identity modules +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\bdesvc.dll,-101 : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. +@c:\windows\system32\quickassist.exe,-806 : Quick Assist +@%systemroot%\system32\pnrpsvc.dll,-8001 : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\autotimesvc.dll,-6 : Cellular Time +@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\pnrpauto.dll,-8003 : This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\peerdistsvc.dll,-9000 : BranchCache +@%systemroot%\system32\drivers\fvevol.sys,-100 : BitLocker Drive Encryption Filter Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\pnrpsvc.dll,-8005 : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\vac.dll,-200 : Volumetric Audio Compositor Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\rdxservice.dll,-257 : The Retail Demo service controls device activity while the device is in retail demo mode. +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\perceptionsimulation\perceptionsimulationservice.exe,-101 : Windows Perception Simulation Service +@wlansvc.dll,-36865 : WLAN Service - WFD Services Kernel Mode Driver Rules +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1001 : A service for managing display enhancement such as brightness control. +@c:\windows\system32\ieframe.dll,-12385 : Favorites Bar +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\wscsvc.dll,-200 : Security Center +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\pnrpsvc.dll,-8000 : Peer Name Resolution Protocol +@%systemroot%\system32\dialogblockingservice.dll,-100 : DialogBlockingService +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\p2psvc.dll,-8007 : Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@iphlpsvc.dll,-502 : Core Networking - Teredo (ICMPv6-In) +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\ipxlatcfg.dll,-501 : Configures and enables translation from v4 to v6 and vice versa +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\smsroutersvc.dll,-10002 : Routes messages based on rules to appropriate clients. +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\sharedrealitysvc.dll,-101 : This service is used for Spatial Perception scenarios +@c:\windows\system32\xpsrchvw.exe,-106 : XPS Document +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\windowsudk.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\vac.dll,-201 : Hosts spatial analysis for Mixed Reality audio simulation. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service +@%systemroot%\system32\languageoverlayserver.dll,-101 : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly. +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%systemroot%\system32\microsoft.graphics.display.displayenhancementservice.dll,-1000 : Display Enhancement Service +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\mitigationclient.dll,-104 : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device. +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\keyboardfiltersvc.dll,-101 : Microsoft Keyboard Filter +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\mixedrealityruntime.dll,-101 : Windows Mixed Reality OpenXR Service +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\assignedaccessmanagersvc.dll,-101 : AssignedAccessManager Service supports kiosk experience in Windows. +@%systemroot%\system32\p2psvc.dll,-8006 : Peer Networking Grouping +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\cloudidsvc.dll,-101 : Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@%systemroot%\system32\workfolderssvc.dll,-102 : Work Folders +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search + +MUICache report attached. + +32b2ed34f19725193b9aaef8d6919fe0 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer. +microsoft_windows_opensavemru.nasl +2018/05/23 +OpenSaveMRU History +2016/07/19 +local +None +1.5 +http://www.nessus.org/u?ac4dd3fb +n/a +Nessus was able to enumerate opened and saved files on the remote host. +Open / Save report attached. + +ef6472ad784c6def118565746d1f37a7 + + +windows +cpe:/o:microsoft:windows +Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings. +microsoft_windows_mru_exe_registry.nasl +2019/08/15 +Windows Explorer Recently Executed Programs +2016/07/19 +local +None +1.6 +http://www.forensicswiki.org/wiki/LastVisitedMRU +http://www.nessus.org/u?7e00b191 +http://www.nessus.org/u?ac4dd3fb +http://www.nessus.org/u?c409cb41 +n/a +Nessus was able to enumerate recently executed programs on the remote host. +notepad.exePO :i+00:.:,LB)A&&)33Y4[.c +chrome.exePO :i+00.9#K&]B_b1W NESSUS~1J V[eW.<Nessus-ScansN1eW2023: eWeW.S!2023 +NOTEPAD.EXE!c(c +chrome.exe 1\r + + MRU programs details in attached report. + +eab458d970f479c4e9cfdcc8c848761c + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence of files opened by file type from the remote host. +microsoft_windows_recent_files.nasl +2018/11/15 +Recent File History +2016/07/19 +local +None +1.7 +https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html +n/a +Nessus was able to enumerate recently opened files on the remote host. +C:\\Users\tester\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini + +Recent files found in registry and appdata attached. + +31633346bcbe116934265f8b16ffe675 +2b25ec2081662e3a0a4f0af17f9ddeea + + +windows +cpe:/o:microsoft:windows +Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user. +microsoft_windows_regedit_lastkey.nasl +2018/11/15 +Registry Editor Last Accessed +2016/07/19 +local +None +1.6 +https://support.microsoft.com/en-us/help/244004 +n/a +Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host. +S-1-5-21-1536193852-1370433935-2390261316-1002 + - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-18 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003 +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004 +C:\\$Recycle.Bin\\S-1-5-18\. +C:\\$Recycle.Bin\\S-1-5-18\.. +C:\\$Recycle.Bin\\S-1-5-18\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1002\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1003\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\.. +C:\\$Recycle.Bin\\S-1-5-21-1536193852-1370433935-2390261316-1004\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below : + + - Administrative Tools + - AppData + - Cache + - CD Burning + - Cookies + - Desktop + - Favorites + - Fonts + - History + - Local AppData + - My Music + - My Pictures + - My Video + - NetHood + - Personal + - PrintHood + - Programs + - Recent + - SendTo + - Start Menu + - Startup + - Templates +microsoft_windows_shellfolder_settings.nasl +2018/05/16 +User Shell Folders Settings +2016/07/19 +local +None +1.5 +https://technet.microsoft.com/en-us/library/cc962613.aspx +n/a +Nessus was able to find the folder paths for user folders on the remote host. +S-1-5-21-1536193852-1370433935-2390261316-1002 + - {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\DEGTHAT\Searches + - {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Libraries + - {374de290-123f-4565-9164-39c4925e467b} : C:\Users\DEGTHAT\Downloads + - recent : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Recent + - my video : C:\Users\DEGTHAT\Videos + - my music : C:\Users\DEGTHAT\Music + - {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\DEGTHAT\Contacts + - {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\DEGTHAT\Links + - {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\DEGTHAT\AppData\LocalLow + - sendto : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\SendTo + - start menu : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu + - cookies : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\INetCookies + - personal : C:\Users\DEGTHAT\Documents + - administrative tools : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools + - startup : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup + - nethood : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Network Shortcuts + - history : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\History + - {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\DEGTHAT\Saved Games + - {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\RoamingTiles + - !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead + - local appdata : C:\Users\DEGTHAT\AppData\Local + - my pictures : C:\Users\DEGTHAT\Pictures + - templates : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Templates + - printhood : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Printer Shortcuts + - cache : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\INetCache + - desktop : C:\Users\DEGTHAT\Desktop + - programs : C:\Users\DEGTHAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs + - fonts : C:\WINDOWS\Fonts + - cd burning : C:\Users\DEGTHAT\AppData\Local\Microsoft\Windows\Burn\Burn + - favorites : C:\Users\DEGTHAT\Favorites + - appdata : C:\Users\DEGTHAT\AppData\Roaming + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.0.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\ams8cm-8.5.1.0.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\BKD-7369089468.pdf +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Crypto-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Encoding-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-ODBC-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-Socket-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\MindQuake-SQLite3-Plugin.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\NET462Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\setup.log +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2012U4Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\VC2015SP3Setup.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Plugins\Wow64Bundle.exe +C:\\Users\Cinnabon\Downloads\AutoPlayMenu8.5\Serials.txt +C:\\Users\Cinnabon\Downloads\ChromeSetup.exe +C:\\Users\Cinnabon\Downloads\desktop.ini +C:\\Users\Cinnabon\Downloads\VSE\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\._DAT Files +C:\\Users\Cinnabon\Downloads\VSE\._Icon +C:\\Users\Cinnabon\Downloads\VSE\._VSE-Patch6 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8-Patch7 +C:\\Users\Cinnabon\Downloads\VSE\._VSE8.8P8 +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._.DS_Store +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\._Icon +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\CM-217339-avvepo8502dat.zip +C:\\Users\Cinnabon\Downloads\VSE\DAT Files\Icon +C:\\Users\Cinnabon\Downloads\VSE\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203111-VSE880LMLRP6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\CM-203112-VSE880P6.Zip +C:\\Users\Cinnabon\Downloads\VSE\VSE-Patch6\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\._VSE-Patch 8 HF +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\epo45_help_vse_880.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\ePOPolicyMigration.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\example.sms +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\FramePkg_UPD.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\mcavscv.scv +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\msistrings.bin +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_DE.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_EN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ES.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_FR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_IT.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_JA.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_KO.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_NL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PL.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_PT_BR.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_RU.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_SV.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_CN.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Readme_ZH_TW.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SetupVSE.Exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\SignLic.Txt +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInst.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\UnInstX64.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCAN8800(448).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VIRUSCANREPORTS120(272).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880.msi +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\VSE880Install.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7\WindowsInstaller-KB893803-v2-x86.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205722-VSE880LMLRP7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\CM-205723-VSE880P7.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\CM-215089-VSE881159675HF.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8-Patch7\VSE-Patch 8 HF\Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\._Icon +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\!ReadMe.html +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\deferred.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\immediate.mfe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Patch8.msp +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\PkgCatalog.z +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.exe +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\Setup.ini +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCAN8800(511).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VIRUSCANREPORTS120(311).zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8\VSE880Det.mcs +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\CM-212867-VSE880P8.zip +C:\\Users\Cinnabon\Downloads\VSE\VSE8.8P8\Icon +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\autorun.inf +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\Autologon.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\DownloadLinks.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\hashdeep64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.cpp +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\IfAdmin.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\bin\unzip.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\builddate.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CleanupRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\CreateUpdateAdminAndEnableAutoLogon.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\FinalizationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\InitializationHook.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\custom\SetUpdatesPerStage.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DeleteUpdateAdmin.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineFileVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineRegVersion.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineSystemProperties.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DetermineTempAdminSID.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\DoUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallListedUpdates.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOfficeUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\InstallOSUpdate.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListInstalledUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListMissingUpdateIds.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdateFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\ListUpdatesToInstall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareRecall.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\PrepareShowLogFile.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\RecallStub.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SafeRmDir.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\SetTargetEnvVars.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\Sleep.vbs +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cmd\TouchMSITree.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2005_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2008_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2010_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2012_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2013_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\cpp\vcredist2017_x86.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-DEU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\dotnet\NDP47-KB3186497-x86-x64-AllOS-ENU.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\ExcludeList.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\exclude\HideList-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-cpp.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-dotnet.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-w100-x64-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-win-glb.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\md\hashes-wsus.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-Q.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\opt\OptionList-qn.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\software\custom\InstallCustomSoftware.cmdt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateFiles-modified.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie10-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-ie9-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k10.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k13.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k16.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-o2k7.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-rdc-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10240-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-10586-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-14393-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w100-15063-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w60-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w61-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w62-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet35.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-379893.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-393297.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394271.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-394806.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-dotnet4-460805.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-seconly.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd1.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-upd2.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x64.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-w63-x86.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w60.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w61.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w62.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\static\StaticUpdateIds-wupre-w63.txt +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\Update.cmd +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\UpdateInstaller.ini +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_bb12a14ec3891ec0a9e24edb529632263783d389.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3172729-x64_f4fc9775baa98c176f43e87c40088231a884122b.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_d95e56e499e2c281a1f59585221dc891253414c7.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173427-x64_e3da65fe753d24a1759cdd029028cde743a62a23.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3173428-x64_52fa3686737353fae20ab55fa9c924bd90558a31.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb3181403-x64_6d9c9524471412a0ed566f739a403cd9a35649ed.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4022405-x64_cb1286f2547dd21a06f1ec5b9a55769a7227b371.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4023834-x64_1f2af418b6f9dafb593f5ce89b4e0783057102b2.msu +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038781-x64_9adb5d5773dadc9f7c59b6a431824308fc1f9ae9.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038782-x64_a8dac961b659c8c7c8b95418f6c7864dcca8637d.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038783-x64_0c20869770acf7590a72ded6e894f29818707539.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038788-x64_93253f3a31f18f4aee3a8774646770827037cf15.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_1acfe2e753a7b7baae92aa85fa77ab72aac6cc4f.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_25a23a36a094d81d15adc2979fdae0c9053d6444.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_45b3c4f2a262fd1846527738b455d318cde392e0.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\w100-x64\glb\windows10.0-kb4038806-x64_a3bae1ebb5c8403c913a3264933f17398ee4eee1.cab +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\win\glb\Silverlight_x64.exe +C:\\Users\Cinnabon\Downloads\WSUS-Offline-W10-Off16\wsus\wsusscn2.cab +C:\\Users\dbingham\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\ChromeSetup (07282023).exe +C:\\Users\DEGTHAT\Downloads\ChromeSetup.exe +C:\\Users\DEGTHAT\Downloads\desktop.ini +C:\\Users\DEGTHAT\Downloads\Nessus-10.0.2-x64.msi +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\2023\Soteria-Test-2023-11-5.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\audit_warehouse.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA-asr_audits.tar.gz +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\nessus-bug-report-20230731T202523Z.txt +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\SCAP scan_timing_yygqya.csv +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\Sign_Audit-Windows-1.0.0.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\SCAP scan_hyvoh9.html +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\outputs\win2022.xccdf.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\SCAP-Windows2022.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Firewall_V2R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2016_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2019_V2R4_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.zip +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-2 Patchscan.nessus +C:\\Users\DEGTHAT\Downloads\Nessus-Scans\Windows-2022-3 Patchscan.nessus +C:\\Users\Public\Downloads\desktop.ini +C:\\Users\tester\Downloads\desktop.ini + +Download folder content report attached. + +d6f7dce04dda650320417eca8df27716 + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. +microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb} +chromium.nolzcl6qw5qprtb6ygy44a.1dkbhcmc.l5j.default +c:\users\degthat\desktop\microsoft edge.lnk +chromium.nolzcl6qw5qprtb6ygy44a.q0w22a0g.j3i.default +c:\users\public\desktop\autoplay media studio 8.lnk +chromium.nolzcl6qw5qprtb6ygy44a.3jbhbkga.qbg.default +c:\users\degthat\downloads\readerdc_en_xa_cra_install.exe +microsoft.windowsmaps_8wekyb3d8bbwe!app +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk +{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe +c:\users\degthat\desktop\netsparker\netsparkersetup.exe +microsoft.internetexplorer.default +{6d809377-6af0-444b-8957-a3773f02200e}\condusiv technologies\diskeeper\diskeeper.exe +chromium.nolzcl6qw5qprtb6ygy44a.xvmab0mj.5dk.default +chromium.nolzcl6qw5qprtb6ygy44a.bwah0n4d.r5b.default +chromium.nolzcl6qw5qprtb6ygy44a.frgymbqh.wcb.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk +{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\clicktorun\officeclicktorun.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\mcafee\common framework\x86\updaterui.exe +chromium.nolzcl6qw5qprtb6ygy44a.3buwyv01.ltr.default +chromium.nolzcl6qw5qprtb6ygy44a.ylrddgms.mv2.default +microsoft.zunevideo_8wekyb3d8bbwe!microsoft.zunevideo +chromium.nolzcl6qw5qprtb6ygy44a.f32kmenv.gtw.default +msedge +c:\users\degthat\desktop\vmware-tools-12.3.5-22544099-x86_64.exe +chromium.nolzcl6qw5qprtb6ygy44a.eknu2mla.klx.default +c:\users\degthat\downloads\p9\cm-221593-vse880p9\setup.exe +chromium.nolzcl6qw5qprtb6ygy44a.vv52dyj2.mvp.default +chromium.nolzcl6qw5qprtb6ygy44a.blxu333e.j4n.default +chromium.nolzcl6qw5qprtb6ygy44a.qkyvqczv.gkv.default +microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy!app +d:\pcatv.3.2.7.4\pcatv.3.2.7.4\.backend\portpython2761\app\python.exe +chromium.nolzcl6qw5qprtb6ygy44a.q0iu2wki.1sc.default +d:\jkdefragportable\jkdefragportable.exe +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.0.2\scc.exe +microsoft.windowsfeedbackhub_8wekyb3d8bbwe!app +c:\users\degthat\downloads\cm-221594-vse880mlrp9\setupvse.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\notepad.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk +c:\users\degthat\desktop\tutela-ia-lockdown-tool.exe +chromium.nolzcl6qw5qprtb6ygy44a.rpmwp5uy.ltj.default +chromium.nolzcl6qw5qprtb6ygy44a.b5uovm4k.5hq.default +microsoft.microsoftstickynotes_8wekyb3d8bbwe!app +ueme_ctlsession +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\netsparker\netsparker.exe +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe +microsoft.people_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x +microsoft.getstarted_8wekyb3d8bbwe!app +chromium.nolzcl6qw5qprtb6ygy44a.w4hspt4a.0sm.default +chromium.nolzcl6qw5qprtb6ygy44a.atxn3f5a.4jg.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\musnotificationux.exe +{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemtemp\gumd0c.tmp\googleupdate.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe +chromium.nolzcl6qw5qprtb6ygy44a.gckd5jx1.pbk.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\pcaui.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe +c:\users\degthat\desktop\satismo-lockdown-tool.exe +c:\users\degthat\appdata\local\microsoft\onedrive\19.192.0926.0012\onedrivesetup.exe +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk +chromium.nolzcl6qw5qprtb6ygy44a.2il0v11x.cev.default +chromium.nolzcl6qw5qprtb6ygy44a.md0yxahi.kn5.default +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\common files\adobe\arm\1.0\adobearm.exe +c:\users\degthat\appdata\local\microsoft\onedrive\18.172.0826.0010\onedrivesetup.exe +e:\wsusoffline12-ce\updateinstaller.exe +chromium.nolzcl6qw5qprtb6ygy44a.1tfwjbd2.o1v.default +chromium.nolzcl6qw5qprtb6ygy44a.uvja0ypf.yvu.default +e:\updateinstaller.exe +d:\jkdefragportable\app\jkdefrag\jkdefraggui.exe +chromium.nolzcl6qw5qprtb6ygy44a.z4uer2ix.jl3.default +c:\users\degthat\desktop\scap workbench.lnk +chromium.nolzcl6qw5qprtb6ygy44a.userdata.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk +chromium.nolzcl6qw5qprtb6ygy44a.pc4geyw0.d5p.default +chromium.nolzcl6qw5qprtb6ygy44a.sbd5jpib.4du.default +c:\users\public\desktop\invicti standard.lnk +chromium.nolzcl6qw5qprtb6ygy44a.3hpo3xzg.i4h.default +c:\users\degthat\appdata\local\temp\ir_ext_temp_1\autorun.exe +chromium.nolzcl6qw5qprtb6ygy44a.fkvg1cox.gtk.default +microsoft.office.excel.exe.15 +c:\users\degthat\desktop\diskeeper\v18\diskeeper professional edition\autorun.exe +chromium.nolzcl6qw5qprtb6ygy44a.treejf2a.ysc.default +chromium.nolzcl6qw5qprtb6ygy44a.4sifuxko.hfl.default +microsoft.windows.sechealthui_cw5n1h2txyewy!sechealthui +d:\program files (x86)\netsparker\netsparker.exe +chromium.nolzcl6qw5qprtb6ygy44a.pbgrl2qg.yeo.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe +chromium.nolzcl6qw5qprtb6ygy44a.vgnb5055.xr4.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe +c:\users\degthat\appdata\local\temp\ir_ext_temp_0\autorun.exe +chromium.nolzcl6qw5qprtb6ygy44a.qrmtnr5w.nfj.default +c:\users\degthat\downloads\setup.x64.en-us_o365proplusretail_098946f0-81ee-43c8-b302-1980ec82d259_tx_pr_b_64_.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cleanmgr.exe +chromium.nolzcl6qw5qprtb6ygy44a.nmbbe4ba.vyn.default +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.4.2\lib64\scc64.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gum9883.tmp\googleupdate.exe +microsoft.windowscalculator_8wekyb3d8bbwe!app +chromium.nolzcl6qw5qprtb6ygy44a.5pzaq2bs.2ai.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\registry editor.lnk +c:\users\degthat\downloads\scc-5.4.2_windows_bundle\scc_5.4.2_windows\scc_5.4.2_windows_setup.exe +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.0.2\scc64.exe +chromium.nolzcl6qw5qprtb6ygy44a.ojtambga.zkf.default +d:\jkdefragportable\app\jkdefrag\jkdefrag64.exe +microsoft.windows.remotedesktop +d:\program files (x86)\netsparker\netsparkerupdater.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk +chromium.nolzcl6qw5qprtb6ygy44a.5xt10swv.ibs.default +chromium.nolzcl6qw5qprtb6ygy44a.heuygovk.5cm.default +actiprosoftwarellc.562882feeb491_24pqs290vpjk0!app +c:\users\degthat\downloads\jkdefragportable_3.36_rev_2.paf.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe +c:\users\degthat\desktop\tutela-ia-lockdown-tool2021.exe +chromium.nolzcl6qw5qprtb6ygy44a.zav2jwqb.poj.default +microsoft.windows.cortana_cw5n1h2txyewy!cortanaui +microsoft.windows.search_cw5n1h2txyewy!cortanaui +\\vmware-host\shared folders\documents\tools\dod-stig-tool\scap-tool\scc-5.0.1_windows_bundle\scc-5.0.1_windows\scc_5.0.1_windows_setup.exe +c:\users\degthat\wc\d\selfupdate\base\netsparkerupdater.exe +c:\users\degthat\desktop\my-lockdown-tool\ia-lockdown-non_dod.exe +{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe +chromium.nolzcl6qw5qprtb6ygy44a.o2i1w3fb.mtj.default +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk +d:\program files (x86)\netsparker\uninstall.exe +chromium.nolzcl6qw5qprtb6ygy44a.ticsmdte.n5b.default +microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5} +chromium.nolzcl6qw5qprtb6ygy44a.emxbjvob.svx.default +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\excel.lnk +c:\users\degthat\appdata\local\temp\~nsua.tmp\un_a.exe +c:\users\degthat\desktop\invictisetup.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\netsparker\uninstall.exe +microsoft.microsoftedge_8wekyb3d8bbwe!contentprocess +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\autoplay media studio 8\autoplaydesign.exe +d:\autoplaymenu8.5\ams8cm-8.5.2.0.exe +chromium.nolzcl6qw5qprtb6ygy44a.hsb3etsk.jwk.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk +{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\mcafee\virusscan console.lnk +microsoft.xboxgamingoverlay_8wekyb3d8bbwe!app +chromium.nolzcl6qw5qprtb6ygy44a.dkgsu5zs.n5o.default +chromium.nolzcl6qw5qprtb6ygy44a.52q4lvo5.24v.default +chromium.nolzcl6qw5qprtb6ygy44a.wet342nn.wea.default +microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app +chromium.nolzcl6qw5qprtb6ygy44a.mznd5yxc.exa.default +{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk +c:\users\degthat\appdata\local\temp\_ir_sf_temp_0\irsetup.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dfrgui.exe +{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\windowspowershell\v1.0\powershell.exe +c:\users\degthat\downloads\7z1805-x64.exe +chromium.nolzcl6qw5qprtb6ygy44a.30scbjhg.vtr.default +chromium.nolzcl6qw5qprtb6ygy44a.y2pazxmd.bfq.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\word.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe +c:\users\degthat\appdata\local\temp\~nsua.tmp\au_.exe +{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe +microsoft.office.winword.exe.15 +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.4.2\scc.exe +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.4.2\unins000.exe +microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456} +microsoft.windows.explorer +microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8} +microsoft.windows.windowsinstaller +microsoft.microsoftedge_8wekyb3d8bbwe!microsoftedge +e:\ia-lockdown-non_dod.exe +\\vmware-host\shared folders\documents\tools\dod-stig-tool\scap-tool\scc-5.0.2_windows_bundle\scc-5.0.2_windows\scc_5.0.2_windows_setup.exe +chromium.nolzcl6qw5qprtb6ygy44a.i3xkfj50.vef.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk +chromium.nolzcl6qw5qprtb6ygy44a.up0vd2ig.gaw.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\scap compliance checker 5.4.2\scap compliance checker (scc) 5.4.2.lnk +d:\program files (x86)\netsparker\.local-chromium\win64-706915\chrome-win\chrome.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\disk cleanup.lnk +chromium.nolzcl6qw5qprtb6ygy44a.fqotyabz.uzk.default +chromium.nolzcl6qw5qprtb6ygy44a.4rybrmlq.ewz.default +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell_ise.exe +chromium.nolzcl6qw5qprtb6ygy44a.gc0aixkg.wge.default +chromium.nolzcl6qw5qprtb6ygy44a.0ccetamd.t0l.default +z:\setup64.exe +chromium.nolzcl6qw5qprtb6ygy44a.0vs2rmao.0nj.default +{6d809377-6af0-444b-8957-a3773f02200e}\vmware\vmware tools\vmtoolsd.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe +c:\users\degthat\desktop\word 2016.lnk +chromium.nolzcl6qw5qprtb6ygy44a.5wpbnh4e.vaz.default +chromium.nolzcl6qw5qprtb6ygy44a.jpowfxue.a0a.default +chromium.nolzcl6qw5qprtb6ygy44a.gvencs2e.ywh.default +microsoft.windows.controlpanel +chromium.nolzcl6qw5qprtb6ygy44a.i3b3xi5d.tih.default +microsoft.windows.cloudexperiencehost_cw5n1h2txyewy!app +c:\users\public\desktop\netsparker.lnk +c:\users\degthat\desktop\mcafee-av-ent\cm-229717-vse880lmlrp11\setupvse.exe +{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\office16\office setup controller\setup.exe +chromium.nolzcl6qw5qprtb6ygy44a.4h2hbxkp.4ma.default +chromium.nolzcl6qw5qprtb6ygy44a.yh2eitm4.a2y.default +c:\users\public\desktop\acrobat reader dc.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\word 2016.lnk +{6d809377-6af0-444b-8957-a3773f02200e}\scap compliance checker 5.0.2\unins000.exe +c:\users\degthat\downloads\jkdefragportable\jkdefragportable.exe +c:\users\degthat\downloads\fullwithp8\cm-212866-vse880lmlrp8\setupvse.exe +chromium.nolzcl6qw5qprtb6ygy44a.ixk0dkin.oja.default +c:\satismo-lockdown-tool.exe +{6d809377-6af0-444b-8957-a3773f02200e}\npcap\uninstall.exe +chromium.nolzcl6qw5qprtb6ygy44a.z5lf0ccy.mav.default +chromium.nolzcl6qw5qprtb6ygy44a.zjjzhtck.jnv.default +c:\users\public\desktop\google chrome.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\indigo rose corporation\autoplay media studio 8\autoplay media studio 8.lnk +chromium.nolzcl6qw5qprtb6ygy44a.o2cz2w53.elx.default +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell (x86).lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\optionalfeatures.exe +c:\users\public\desktop\scap compliance checker.lnk +microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app +chrome +chromium.nolzcl6qw5qprtb6ygy44a.dcegkquw.jc3.default +chromium.nolzcl6qw5qprtb6ygy44a.a5mzsalm.yu4.default +chromium.nolzcl6qw5qprtb6ygy44a.smgf4y2d.3wq.default +{6d809377-6af0-444b-8957-a3773f02200e}\microsoft office\office16\winword.exe +c:\users\degthat\downloads\jkdefragportable\app\jkdefrag\jkdefraggui.exe +d:\satismo-lockdown-tool.exe +c:\users\degthat\downloads\jkdefragportable\app\jkdefrag\jkdefrag64.exe +ueme_ctlcuacount:ctor +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\autoplay media studio 8\uninstall\uninstall.exe +{6d809377-6af0-444b-8957-a3773f02200e}\common files\microsoft shared\clicktorun\officec2rclient.exe +chromium.nolzcl6qw5qprtb6ygy44a.szc5fhsw.132.default +c:\$windows.~bt\sources\setuphost.exe +microsoft.lockapp_cw5n1h2txyewy!windowsdefaultlockscreen +chromium.nolzcl6qw5qprtb6ygy44a.lzl3svc5.fcq.default +chromium.nolzcl6qw5qprtb6ygy44a.jw0xg4y2.pbq.default +windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel +chromium.nolzcl6qw5qprtb6ygy44a.fz1g0dnu.wm5.default +chromium.nolzcl6qw5qprtb6ygy44a.l0xm1yni.x1p.default +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\mcafee\virusscan enterprise\mcconsol.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\scap-workbench\scap-workbench.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\adobe\acrobat reader dc\reader\acrord32.exe +chromium.nolzcl6qw5qprtb6ygy44a.45mji2yt.kxd.default + +Extended userassist report attached. + +73f50a2810eb743bbd83b983369ebfa5 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of files opened in WordPad on the remote host. +microsoft_windows_wordpad_mru.nasl +2018/05/23 +WordPad History +2016/07/19 +local +None +1.5 +https://en.wikipedia.org/wiki/WordPad +n/a +Nessus was able to gather WordPad opened file history on the remote host. +C:\Users\DEGTHAT\Downloads\Corian (COR) - Self-Assessment-converted.docx +C:\Users\DEGTHAT\Desktop\NetSparker\License.rtf +D:\Nessus\Nessus Professional License Information.docx +C:\Users\DEGTHAT\Downloads\Nessus-Scans\Audit files\DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit +D:\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml +E:\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark\U_MS_Windows_Server_2022_V1R2_STIG_SCAP_1-2_Benchmark.xml + +WordPad report attached. + +b6b875aa3f27e67c581b0b0377e5fe41 + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware Virtual Platform + Computer SerialNumber : VMware-56 4d c1 44 ee 4b be 94-1a 33 9f f4 74 13 cb e7 + Computer Type : Other + + Computer Physical CPU's : 1 + Computer Logical CPU's : 2 + CPU0 + Architecture : x64 + Physical Cores: 2 + Logical Cores : 2 + + Computer Memory : 8191 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 8192 MB + + + +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin uses WMI to enumerate Bluetooth network adapters that are enabled on the remote host. +wmi_enum_bluetooth_network_adapters.nbin +2024/01/16 +WMI Bluetooth Network Adapter Enumeration +2010/01/08 +local +None +1.204 +https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-networkadapter +n/a +The remote Windows host has a Bluetooth network adapter enabled. + +Here is the list of Bluetooth network adapters enabled on the remote +system : + ++ [00000002] Bluetooth Device (Personal Area Network) + + - System Name : WKS1-SOTERIA + - Service Name : BthPan + - Product Name : Bluetooth Device (Personal Area Network) + - Name : Bluetooth Device (Personal Area Network) + - Manufacturer : Microsoft + - MAC Address : E0:D0:45:67:CB:CB + + + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d c1 44 ee 4b be 94-1a 33 9f f4 74 13 cb e7 + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware Virtual Platform + - UUID : 44C14D56-4BEE-94BE-1A33-9FF47413CBE7 + - Version : None + + + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-544 +Members : + Name : Administrator + Domain : WKS1-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Name : Cinnabon + Domain : WKS1-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Name : DEGTHAT + Domain : WKS1-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Name : tester + Domain : WKS1-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Name : dbingham + Domain : WKS1-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + +Group Name : Backup Operators +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-551 +Members : + +Group Name : Cryptographic Operators +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-569 +Members : + +Group Name : Distributed COM Users +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-546 +Members : + Name : Visitor + Domain : WKS1-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + +Group Name : Hyper-V Administrators +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-568 +Members : + Name : IUSR + Domain : WKS1-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-17 + +Group Name : Network Configuration Operators +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-558 +Members : + +Group Name : Power Users +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-547 +Members : + +Group Name : Remote Desktop Users +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-552 +Members : + +Group Name : System Managed Accounts Group +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : WKS1-SOTERIA + Class : Win32_UserAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + +Group Name : Users +Host Name : WKS1-SOTERIA +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : WKS1-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : WKS1-SOTERIA + Class : Win32_SystemAccount + SID : S-1-5-11 + + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.5 + Driver Date : 08/25/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +windows +True +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI. +wmi_enum_qfes.nbin +2024/01/16 +WMI QuickFixEngineering (QFE) Enumeration +2011/02/16 +local +None +1.220 +http://www.nessus.org/u?0c4ec249 +n/a +The remote Windows host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + ++ KB5033918 + - Description : Update + - InstalledOn : 1/30/2024 + ++ KB5028853 + - Description : Update + - InstalledOn : 7/28/2023 + ++ KB5011048 + - Description : Update + - InstalledOn : 7/31/2023 + ++ KB5012170 + - Description : Security Update + - InstalledOn : 7/28/2023 + ++ KB5015684 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5034122 + - Description : Security Update + - InstalledOn : 1/30/2024 + ++ KB5018506 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5020372 + - Description : Update + - InstalledOn : 12/8/2022 + ++ KB5028318 + - Description : Update + - InstalledOn : 7/28/2023 + ++ KB5031539 + - Description : Update + - InstalledOn : 11/5/2023 + ++ KB5032907 + - Description : Update + - InstalledOn : 1/30/2024 + +Note that for detailed information on installed QFE's such as InstalledBy, Caption, +and so on, please run the scan with 'Report Verbosity' set to 'verbose'. + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 512). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3312). + +This process 'svchost.exe' (pid 3312) is hosting the following Windows services : +PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3320). + +This process 'svchost.exe' (pid 3320) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 6124). + +This process 'svchost.exe' (pid 6124) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2872). + +This process 'spoolsv.exe' (pid 2872) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2444). + +This process 'svchost.exe' (pid 2444) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1344). + +This process 'svchost.exe' (pid 1344) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 400). + +This process 'svchost.exe' (pid 400) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2288). + +This process 'svchost.exe' (pid 2288) is hosting the following Windows services : +SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3236). + +This process 'svchost.exe' (pid 3236) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3340). + +This process 'svchost.exe' (pid 3340) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3576). + +This process 'svchost.exe' (pid 3576) is hosting the following Windows services : +iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 896). + +This process 'svchost.exe' (pid 896) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2444). + +This process 'svchost.exe' (pid 2444) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2056). + +This process 'svchost.exe' (pid 2056) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 676). + +This process 'lsass.exe' (pid 676) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 4284). + +This process 'svchost.exe' (pid 4284) is hosting the following Windows services : +DoSvc (@%systemroot%\system32\dosvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 400). + +This process 'svchost.exe' (pid 400) is hosting the following Windows services : +TermService (@%SystemRoot%\System32\termsrv.dll,-268) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 6124). + +This process 'svchost.exe' (pid 6124) is hosting the following Windows services : +CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1884). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3156). + +This process 'svchost.exe' (pid 3156) is hosting the following Windows services : +FDResPub (@%systemroot%\system32\fdrespub.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1488). + +This process 'svchost.exe' (pid 1488) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3156). + +This process 'svchost.exe' (pid 3156) is hosting the following Windows services : +FDResPub (@%systemroot%\system32\fdrespub.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3576). + +This process 'svchost.exe' (pid 3576) is hosting the following Windows services : +iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 656). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3320). + +This process 'svchost.exe' (pid 3320) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'dasHost.exe' is listening on this port (pid 1884). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2056). + +This process 'svchost.exe' (pid 2056) is hosting the following Windows services : +SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) + + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.3636.19041.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.19045 +Architecture = x64 +Build lab extended = 19041.1.amd64fre.vb_release.191206-1406 + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - Internet-Explorer-Optional-amd64 + - MSRDC-Infrastructure + - MediaPlayback + - NetFx4-AdvSrvs + - Printing-Foundation-Features + - Printing-Foundation-InternetPrinting-Client + - Printing-PrintToPDFServices-Features + - SMB1Protocol + - SMB1Protocol-Client + - SMB1Protocol-Deprecation + - SMB1Protocol-Server + - SearchEngine-Client-Package + - WCF-Services45 + - WCF-TCP-PortSharing45 + - WindowsMediaPlayer + - WorkFolders-Client + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: tester + SID: S-1-5-21-1536193852-1370433935-2390261316-1003 + DisableCMD: Unset + +Username: DEGTHAT + SID: S-1-5-21-1536193852-1370433935-2390261316-1002 + DisableCMD: Unset + +Username: DefaultAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-503 + DisableCMD: Unset + +Username: Cinnabon + SID: S-1-5-21-1536193852-1370433935-2390261316-1001 + DisableCMD: Unset + +Username: dbingham + SID: S-1-5-21-1536193852-1370433935-2390261316-1004 + DisableCMD: Unset + +Username: Administrator + SID: S-1-5-21-1536193852-1370433935-2390261316-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-1536193852-1370433935-2390261316-504 + DisableCMD: Unset + +Username: Visitor + SID: S-1-5-21-1536193852-1370433935-2390261316-501 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : Administrator + SID : S-1-5-21-1536193852-1370433935-2390261316-500 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : Cinnabon + SID : S-1-5-21-1536193852-1370433935-2390261316-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : dbingham + SID : S-1-5-21-1536193852-1370433935-2390261316-1004 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : DefaultAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : DEGTHAT + SID : S-1-5-21-1536193852-1370433935-2390261316-1002 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : tester + SID : S-1-5-21-1536193852-1370433935-2390261316-1003 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Visitor + SID : S-1-5-21-1536193852-1370433935-2390261316-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-1536193852-1370433935-2390261316-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 8 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 36 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 54130/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 1900/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 61006/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 60176/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 58190/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5050/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3702/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3544/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49753/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49675/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49673/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 7680/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5357/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5040/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 3389/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:0C:29:13:CB:E7 + - IPAddress/IPSubnet = 192.168.40.11/255.255.255.0 + - IPAddress/IPSubnet = fe80::6b6b:1c9b:f52e:9fd4/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.11 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows 10 Enterprise + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** +- NULL sessions may be enabled on the remote host. + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +The remote Operating System is : Windows 10 Enterprise 19045 +The remote native LAN manager is : Windows 10 Enterprise 6.3 +The remote SMB Domain Name is : WKS1-SOTERIA + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 4 NetBIOS names have been gathered : + + WKS1-SOTERIA = Computer name + SOTERIA = Workgroup / Domain name + WKS1-SOTERIA = File Server Service + SOTERIA = Browser Service Elections + +The remote host has the following MAC address on its adapter : + + 00:0c:29:13:cb:e7 + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49675 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Remote RPC service +TCP Port : 49675 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49673 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49673 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.11 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Remote RPC service +Named pipe : \PIPE\ROUTER +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \pipe\SessEnvPublicRpc +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\WKS1-SOTERIA + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS1-SOTERIA + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS1-SOTERIA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\WKS1-SOTERIA + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : OLE0D6B437C55F4AB2D905C66E22933 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0 +Description : Unknown RPC service +Annotation : Security Center +Type : Local RPC service +Named pipe : LRPC-4c80d2c6f3063074f6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7a20fcec-dec4-4c59-be57-212e8f65d3de, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cfe14d180d1133ce52 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0 +Description : Unknown RPC service +Annotation : LicenseManager +Type : Local RPC service +Named pipe : LicenseServiceEndpoint + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-448c3493ae5bf15596 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC24BA715CEE0BE7EA55C739B2C3C + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97e82aa9abb6d416cf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC24BA715CEE0BE7EA55C739B2C3C + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97e82aa9abb6d416cf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC24BA715CEE0BE7EA55C739B2C3C + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97e82aa9abb6d416cf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC24BA715CEE0BE7EA55C739B2C3C + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97e82aa9abb6d416cf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC24BA715CEE0BE7EA55C739B2C3C + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97e82aa9abb6d416cf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC24BA715CEE0BE7EA55C739B2C3C + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97e82aa9abb6d416cf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEC24BA715CEE0BE7EA55C739B2C3C + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97e82aa9abb6d416cf + +Object UUID : f9b56f16-5179-4138-b0a5-9d855df5cf46 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-21fa1a2d34e9961a0b + +Object UUID : cd5e38b1-acd8-4771-9cf6-b577e4d4f648 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-21fa1a2d34e9961a0b + +Object UUID : ec56371f-1213-4628-b85e-f55edd69879f +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-21fa1a2d34e9961a0b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Local RPC service +Named pipe : ipsec + +Object UUID : 0ee384a9-1b25-4d2c-b8ce-8f220b9e1379 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLE1AC766372BC41EF67B3ED3FBE405 + +Object UUID : 0ee384a9-1b25-4d2c-b8ce-8f220b9e1379 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-ddfa4cc9cb278e1323 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c27f3c08-92ba-478c-b446-b419c4cef0e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-762ffa5363b76d0ea7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : be6293d3-2827-4dda-8057-8588240124c9, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dc1937c546a2c4a99d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dc1937c546a2c4a99d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : RasmanLrpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : VpnikeRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0 +Description : Unknown RPC service +Annotation : Vpn APIs +Type : Local RPC service +Named pipe : LRPC-2568777320179dd504 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-2b9fb15ef02051d6a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-2b9fb15ef02051d6a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-2b9fb15ef02051d6a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-2b9fb15ef02051d6a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLE6DA49B357360BB021366F20F1396 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-33f30159befe5d9e74 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-6fbebd3631115d5bc1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-6fbebd3631115d5bc1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-f3e00e82291365845d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-f3e00e82291365845d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7cce4b2ec974d4305d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-f3e00e82291365845d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7cce4b2ec974d4305d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-286d9e82f2400c0b13 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-f3e00e82291365845d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7cce4b2ec974d4305d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-286d9e82f2400c0b13 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-f796df2eca49103040 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE5BAF41040C105BB2A7529DC109C7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-be971e54b1c1e4c6d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE5BAF41040C105BB2A7529DC109C7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-be971e54b1c1e4c6d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE5BAF41040C105BB2A7529DC109C7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-be971e54b1c1e4c6d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE5BAF41040C105BB2A7529DC109C7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-be971e54b1c1e4c6d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE5BAF41040C105BB2A7529DC109C7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-be971e54b1c1e4c6d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE5BAF41040C105BB2A7529DC109C7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-be971e54b1c1e4c6d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-69cab9f0c519476c47 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-69cab9f0c519476c47 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-69cab9f0c519476c47 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-69cab9f0c519476c47 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-69cab9f0c519476c47 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-9757e2254ac752217f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : 408b6fbf-726a-40d9-889f-9938ca1c2111 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-a9cfead07e17bff477 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaplg + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : nlaapi + +Object UUID : 73736573-6f69-656e-6e76-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-097fd8feeb48a58cd2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-097fd8feeb48a58cd2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : SessEnvPrivateRpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0 +Description : SSDP service +Windows process : unknow +Type : Local RPC service +Named pipe : LRPC-1b5896fce34f6942c2 + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-71e8e63e981b8b113c + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-07c7a4550d7a493f8a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-07c7a4550d7a493f8a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-07c7a4550d7a493f8a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-559c0f2544a4ae5bf2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLE92AB17A50F288370984C74B7080B + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-ac25a9e79e9166bc45 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLE92AB17A50F288370984C74B7080B + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-ac25a9e79e9166bc45 + +Object UUID : 49541cea-a719-4e75-8d58-a3a7bfff960e +UUID : 850cee52-3038-4277-b9b4-e05db8b2c35c, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Association RPC Interface +Type : Local RPC service +Named pipe : LRPC-fd0a9259921fe00e41 + +Object UUID : 80b4038a-1d09-4c05-b1b6-249a4c2e0736 +UUID : a1d4eae7-39f8-4bca-8e72-832767f5082a, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Inbound RPC Interface +Type : Local RPC service +Named pipe : LRPC-fd0a9259921fe00e41 + +Object UUID : 145857ef-d848-4a7e-b544-c1984d26cf05 +UUID : 2e7d4935-59d2-4312-a2c8-41900aa5495f, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Challenge RPC Interface +Type : Local RPC service +Named pipe : LRPC-fd0a9259921fe00e41 + +Object UUID : 289e5e0f-414a-4de9-8d17-244507fffc07 +UUID : bd84cd86-9825-4376-813d-334c543f89b1, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework Query RPC Interface +Type : Local RPC service +Named pipe : LRPC-fd0a9259921fe00e41 + +Object UUID : 1475c123-1193-4379-81ac-302c4383421d +UUID : 5b665b9a-a086-4e26-ae24-96ab050b0ec3, version 1.0 +Description : Unknown RPC service +Annotation : Device Association Framework AEP Store Access RPC Interface +Type : Local RPC service +Named pipe : LRPC-fd0a9259921fe00e41 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-582fa84c012a92d9cd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB213F538A895B6E12751FE295F22 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5f3e897ca4b87a74b7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3C92613BDC43405B921DF8F62FE0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a533b58-0ed9-4085-b6e8-95795e147972, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a7cb752c382d3ff8ae + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3C92613BDC43405B921DF8F62FE0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a7cb752c382d3ff8ae + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5dea026d-f999-40b1-a234-2164fd086783, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-59d774c837435b6f5b + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3C92613BDC43405B921DF8F62FE0 + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a7cb752c382d3ff8ae + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-59d774c837435b6f5b + +Object UUID : fccae962-4722-40c7-a46d-fe5153280723 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1a6c9fdb702adb83b3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3C92613BDC43405B921DF8F62FE0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a7cb752c382d3ff8ae + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-59d774c837435b6f5b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1a6c9fdb702adb83b3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2acb9d68-b434-4b3e-b966-e06b4b3a84cb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27620bd8676b460322 + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-20b0931a493f344d11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-20b0931a493f344d11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-20b0931a493f344d11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-20b0931a493f344d11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-de7660e3cd6fc42092 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-20b0931a493f344d11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-de7660e3cd6fc42092 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-20b0931a493f344d11 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-de7660e3cd6fc42092 + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8ac065005618fe562e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9ed2c7d64df3051536 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-8ac065005618fe562e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLEC23C6A2B300C32E3136A39DCC82A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-d69ce8c8734101faf2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2daf2f376d30263bd3 + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fe25fbba3a80a38539 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-fe25fbba3a80a38539 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-955203132b17beaa10 + +Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001 +UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc4b56938747f7523a + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0C0241 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-abdc307f1d3f821bf0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1489a553e47d574905 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1489a553e47d574905 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b17e9e62c51221ce6c + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1489a553e47d574905 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b17e9e62c51221ce6c + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1489a553e47d574905 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b17e9e62c51221ce6c + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b980a624322f6c311c + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-023ab6f07cd2da2335 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEF8CA32454EBC3B532BB7CBD9BD07 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-97f49efe88850684ce + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1489a553e47d574905 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b17e9e62c51221ce6c + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b980a624322f6c311c + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BDB60 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0BDB60 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + + diff --git a/patch-scans/2-2024-02-02-SoteriaSVR scan_Before.nessus b/patch-scans/2-2024-02-02-SoteriaSVR scan_Before.nessus new file mode 100644 index 0000000..e4ffd8c --- /dev/null +++ b/patch-scans/2-2024-02-02-SoteriaSVR scan_Before.nessus @@ -0,0 +1,79048 @@ + + +Credentialed Patch Audit +bw_prevent_core_updates +yes + +scan.enable_utf8_output +no + +bw_prevent_plugin_updates +yes + +plugin_set +58484;58321;173677;23735;26020;33218;29749;109800;91230;109799;180360;31607;91231;109730;10973;11283;10977;10976;23750;10975;10980;11287;10974;10982;10983;14718;11289;10979;10981;10978;17307;11382;10985;10986;11292;11290;10987;11294;11293;11296;10984;11288;11056;11297;11383;11547;12039;11381;11380;11285;11295;17630;14337;12199;12270;11291;11379;17988;20933;16217;17629;24741;17635;17986;19771;24736;24744;20134;20744;20808;15627;20807;15782;24740;24019;24737;19377;10999;24739;10798;99764;99766;99765;99768;99771;99772;99773;99770;99775;99769;99779;99767;99781;99777;99776;99785;99783;99789;99778;99780;99786;99782;99792;99787;99791;99774;11594;99788;99796;99784;99793;99797;99795;99790;99798;99800;99799;99802;99806;99803;99801;99808;99807;99804;99809;99812;99811;99805;97416;99813;99810;99820;99816;99818;99817;99825;99819;99822;99823;99814;99829;99821;99827;99828;99836;99831;99830;99833;99824;99835;99838;99834;99840;99826;99843;99815;99845;99841;99839;99848;99832;99846;99844;99849;99842;99855;99850;99853;99854;99859;99852;99847;99861;99851;99858;99857;99860;99866;99863;99867;99864;99870;99862;99875;99871;99865;99873;99878;99877;99869;99872;99868;99874;99880;99856;99837;99882;99879;99887;99884;99885;99883;99886;99876;99893;99890;99889;99894;99892;99898;99895;99896;99897;99891;99888;99901;99900;99899;99903;99908;99905;99909;99904;99910;99915;99912;99911;99936;99916;99937;99939;99913;99914;99942;99941;99940;99945;99902;99944;99946;99947;99938;99952;99949;99950;99951;100687;99953;100811;100685;100683;100812;100686;100684;100691;100694;99948;100696;100689;100692;100693;100699;100698;100688;100701;100697;100702;100813;101306;100814;100695;101848;100690;100700;100723;100722;99881;99943;99794;101850;101307;101851;101309;101853;101310;101852;101308;101854;101312;102221;101855;101313;102480;101314;101315;101311;102223;102479;102224;102228;102227;102230;102226;102229;102235;102238;102225;102234;102232;102236;102233;102237;102244;102243;102239;102231;102222;102998;102245;102240;103001;102999;102242;103007;102997;103002;103008;103003;103009;103005;103013;103004;103012;103000;103016;103006;103014;103018;103019;103011;103021;103017;103026;103022;103024;103015;103031;103023;103028;103020;103030;102241;103034;103027;103057;103010;103055;103025;103060;103033;103064;103056;103029;103059;103062;103066;103063;103061;103070;103068;103067;103058;103069;103071;103074;103076;103073;103072;103065;103077;103084;103080;103081;103082;103086;103083;103088;103078;103087;103079;103736;103735;103737;103738;103740;103734;103085;103075;103878;103821;103937;103820;104577;103733;103939;104576;103879;103940;103941;104277;103942;104282;104578;104279;104281;104283;104280;104287;103938;104285;104290;104278;104294;104291;104289;104293;104326;104286;104292;104288;104329;104325;104328;104296;104284;104330;103032;103739;104327;104902;104331;104904;104295;104463;104905;104903;104333;104906;104907;104334;104911;104909;104910;104914;104912;104908;105164;104916;104915;104922;104919;104918;104921;104913;104925;104924;104929;104927;104920;104930;104934;104931;104932;104923;104928;104917;104926;105301;104935;104933;105302;105303;105305;105304;105046;105307;105309;105308;105306;105312;105311;105310;105314;105318;105316;105319;105313;105323;105315;105317;105618;106144;105320;105655;105321;106148;106145;106152;106146;106149;106154;106150;106159;106147;106153;106157;106155;106156;106158;106161;106162;106160;106164;106151;105322;106402;106166;106165;106404;105047;106167;106762;106405;106406;106403;106765;106764;106770;106760;106763;106761;106766;106774;106767;106776;106772;106769;106773;106777;106768;108458;108456;108455;108463;106778;108460;108459;108461;108457;106775;108465;108464;108470;106771;108462;108472;108467;108469;108471;108468;108475;108474;109472;109471;109478;109473;109470;108473;109476;109480;109477;109484;109474;109485;109481;109475;109486;109482;109492;109487;109494;109490;109488;109498;109483;109493;109495;109491;108466;109497;104332;109496;109489;109500;106163;109504;109479;109506;109501;109505;109507;101849;109503;109502;109510;109508;109516;109512;109514;109513;109619;109620;110126;110128;109813;109511;110130;109515;109509;110133;110132;110137;110131;110129;110140;110134;110139;110138;110141;110142;110127;110144;110143;110148;110135;110151;110149;110136;110150;110147;110146;110156;110152;110732;110730;110153;110617;110154;110155;110738;110733;110740;110737;110736;110734;110739;110731;110744;110741;110742;110825;110745;110748;110826;110746;110828;110145;110747;110843;110743;110735;110844;110827;110842;110846;110845;110847;110854;110848;110856;110858;110860;110851;110853;110849;110857;110852;110864;110850;110863;110866;110859;110855;110867;110869;110868;110862;110870;110873;110865;110876;110878;110875;110871;110880;110879;110874;110877;110883;110882;111183;110861;110881;111644;111648;110872;111647;111184;111650;111646;117542;117544;111645;111643;117543;117540;111649;117549;117541;117551;117545;117554;117546;117558;117550;117555;117548;117560;117557;117552;117553;117564;117562;117566;117565;117556;117547;117567;111182;117561;117563;117571;117569;117575;117570;110841;117573;117559;117580;117572;117576;117577;117574;117579;117430;117578;117586;117584;117583;117585;117581;112237;117727;117725;112238;117733;117735;117729;117730;117728;117737;117732;117582;117741;117731;117743;117738;118049;117742;117739;117734;117726;117744;117740;117746;117748;117736;117752;117747;117755;117753;117757;117756;117749;117750;117760;117758;117754;117751;118366;117761;117759;118414;118412;118411;118415;117762;118419;118367;118413;118418;118416;118421;118420;118423;118425;118427;118426;117745;118424;118422;118417;118430;117763;118429;118432;118435;118434;118439;118436;118440;118431;118740;118437;118743;118738;118741;118739;118438;118742;118756;118433;118737;118758;118736;118757;119061;118760;118759;119059;119060;119066;119064;119063;119072;119065;119068;119070;118761;118755;119062;119071;119067;119074;119069;119517;119564;119515;119514;119516;119513;119522;119520;119519;119525;119518;119530;119523;119526;119528;119524;119533;119531;119529;119897;119896;119527;119521;119899;119901;119902;119900;119565;119898;119909;119905;119907;119910;119906;119908;119904;119532;119073;119912;119911;119915;119903;119918;117568;119914;119917;118428;119924;119920;119921;119927;119923;119929;119928;119919;119931;119916;119926;119925;119922;119935;119932;119930;120992;120974;119933;120996;120991;120994;120998;119936;120993;120990;120995;121276;121000;120999;122167;121275;121278;122166;121002;121277;122169;122171;120997;119934;122203;122172;122170;122174;121001;122207;122201;122209;122205;122210;122202;122214;122173;122211;122213;122206;122218;122208;122374;122216;122212;122377;122373;122204;122376;122378;122217;122381;122380;122385;122375;122388;122386;122382;122215;122414;122384;122687;122379;122168;122383;122689;122690;122387;122688;122692;122694;122693;122696;122697;122695;122702;122770;122699;122700;122705;122704;122706;122703;122710;122701;122698;123104;123106;123105;122691;123102;123103;123109;122709;123112;123110;122708;123117;123114;123108;123111;123107;123115;123113;123121;122707;123583;123119;123120;123588;123584;123591;123587;123116;123592;123586;123597;123593;123585;123598;123589;123590;123599;123601;123603;123594;123602;123596;123607;123605;123604;123610;123595;123612;123608;123614;123606;123613;123609;123620;123617;123616;123619;123621;123615;122459;123623;123600;123118;123627;123611;123630;123618;123626;123845;123628;123625;123629;123624;123849;123843;123853;123844;123848;123851;123847;123856;123852;123854;123858;123846;123861;123857;123850;123860;123862;123863;123867;123859;123866;123873;123868;123870;123865;123872;123871;123869;123876;123864;123879;123877;123883;123875;123881;123882;123880;123886;123855;123884;123887;123878;123891;123890;123893;123895;123889;123896;123892;123899;123888;123901;123885;123900;123902;123905;123897;123898;123904;123912;123908;123907;123910;123906;123903;123913;123911;123699;123909;123768;123698;123700;123894;123701;123705;123703;123708;123704;123707;123712;123874;123714;123706;123702;123715;123711;123716;123721;123709;123719;123718;123713;123724;123720;123717;123725;123722;123726;123727;123710;123729;123730;123732;123736;123731;123734;123741;123728;123742;123739;123737;123743;123745;123735;123740;124375;123738;124377;123723;124378;123733;124379;124380;124385;124376;124383;124382;124389;123746;124387;124393;124384;124388;124381;124391;124395;124392;124430;124386;124397;124435;124390;124431;124433;124396;124439;124432;124398;124444;124437;124434;124438;124440;124436;124394;124443;124442;119913;123744;109499;124441;123697;124447;124448;124610;124446;124450;124613;124611;124615;124614;124620;124616;124449;124619;123622;124622;124621;124625;124618;124617;124629;124624;124626;124627;124628;124635;124630;124729;124612;124733;124631;124634;124636;124632;124731;124633;124735;124730;124738;124732;124737;124739;124740;124623;124736;124746;124743;124742;124750;124741;124745;124748;124747;124744;124878;124877;124751;124749;124883;124882;124881;124884;124890;124880;124886;124888;124887;124893;124885;124892;124894;124895;124891;124896;124898;124897;124901;124889;124879;124734;124902;124900;124904;124903;124907;124906;124909;124912;124905;124911;124913;124908;124915;124917;124916;124919;124923;124914;124910;124926;124918;124928;124922;124921;124925;124924;124934;124929;124927;124936;124930;124933;124938;124932;124920;124937;124935;124939;124931;124942;124941;124943;124944;124947;124946;124945;124949;124950;124957;124951;124955;124954;124959;124956;124962;124953;124948;124963;124960;124969;124952;124961;124965;124968;124792;124964;124795;124966;124794;124967;124796;124793;124799;124798;124801;124800;124797;124958;124803;124940;124899;124807;124791;124805;124804;124808;124810;124809;124806;124812;124814;124813;124815;124816;124818;125100;124823;124811;124821;124820;124817;124822;124825;124827;124826;124829;124828;124824;125301;124832;124833;124831;124835;125101;124837;124971;124970;124836;124834;124830;124974;124973;124976;124819;124975;124977;124984;124983;124986;124988;124987;124990;124979;124978;124982;124980;124991;124989;124985;124981;124993;124995;124997;124996;124994;124999;125001;125003;125002;125000;124998;125006;125007;125008;125005;125010;125009;125103;125102;125279;125489;124992;125493;124972;125496;125491;125490;125498;125495;125004;125502;125492;125503;125500;125497;125499;125494;125507;125501;125509;125508;125504;125515;125506;125512;125510;125514;125513;125511;125518;125517;125523;125519;125522;125524;125526;125521;125527;125516;125529;125505;125557;125528;125559;125530;125562;125520;125566;125556;125563;125564;125560;125571;125558;125569;125568;125570;125573;125567;125576;125575;125565;125581;125561;125582;125579;125577;125585;125574;125588;125578;125583;125587;125580;125586;126267;126266;126268;125488;125752;125753;124802;126270;125584;126272;125525;126276;126273;126271;126274;126281;126275;126278;126285;125572;126286;126283;126288;126287;126279;126277;126280;126292;126282;126293;126284;126298;126291;126294;126295;126296;126289;126299;126419;126416;126417;126929;126297;126423;126415;126422;126420;126290;126426;126421;126430;126418;126428;126427;126536;126429;126433;126432;126540;126535;126542;126431;126538;126541;126424;126537;126539;126545;126544;126543;126547;126554;126549;126551;126556;126550;126553;126843;126552;126847;126548;126850;126846;126848;126852;126851;126844;126546;126845;126425;126930;126849;126555;126858;126855;126861;126859;126854;126864;126857;126860;126863;126865;126868;126856;126873;126867;126874;126872;126862;126875;126869;126879;126871;126870;126931;126877;126932;126878;126935;126866;126933;126880;127000;126998;127002;127001;126881;127003;126997;126999;126934;127009;126876;127005;127007;127006;127014;127011;127015;127008;127019;127012;127016;127010;127013;127018;127021;127020;127017;127027;127023;127025;127026;127028;127564;127029;127024;128090;128089;128094;128092;128087;128091;127022;128093;128088;128095;128086;128101;127004;128099;128098;128103;128185;128100;128184;128104;128187;128183;126853;128189;128188;128097;128105;128191;128194;128190;128193;128192;128102;128197;128186;128195;128202;128199;128198;128201;128203;128892;128204;128200;128890;128891;128888;128894;128893;128897;128899;128898;128901;128896;128895;128889;128904;128196;128903;128905;128908;128902;128907;128906;128909;128911;128910;128913;128920;128914;128917;128918;128915;128924;128916;128912;128922;128800;128919;128796;128799;128797;128923;128798;128804;128803;128806;128801;128805;128809;128808;128921;128811;128810;128807;128802;128816;128900;128814;128813;128821;128818;128820;128822;128826;128825;128815;128828;128817;128827;128824;128823;128819;128832;128829;128838;128833;128835;128839;128834;128830;128840;128925;128836;128843;128842;128837;128844;128929;128928;128931;128926;128930;128935;128841;128831;128936;128939;128927;128934;128933;128943;128946;128940;128937;128948;128941;128938;128952;128942;128947;128950;128945;128955;128949;128956;128959;128960;128951;128957;128944;129119;129115;128958;129123;128954;129118;129121;129116;128953;129117;128932;129124;129122;126269;129120;129128;128812;128096;129126;129132;129129;129131;129130;129174;129134;129175;129133;129127;129173;129182;129176;129178;129180;129181;129186;129177;129135;129185;129179;129191;129188;129184;129193;129196;129189;129194;129190;129201;129187;129195;129136;129199;129198;129203;129197;129204;129183;129206;129200;129209;129205;129208;129213;129210;129207;129215;129220;129214;129216;129192;129218;129217;129224;129211;129222;129221;129226;129212;129231;129219;129228;129230;129225;129229;129227;129238;129237;129235;129233;129234;129239;129236;129243;129223;129245;129241;129246;129242;129248;129202;129247;129252;129232;129249;129253;129257;129255;129254;129244;129250;129251;129261;129258;129256;129430;129429;129259;129428;129435;129433;129438;129431;129434;129439;129436;129443;129432;129442;129446;129440;129441;129444;129448;129447;129260;129450;129449;129445;129437;130808;129454;129453;130806;130810;130807;130805;130811;129452;130817;130812;130815;130818;130813;130821;130816;130814;130823;130820;130822;130828;130825;130827;130829;130809;130833;130824;130831;130837;130826;130832;130834;130838;130839;129451;130840;130836;129240;130842;130819;130844;130830;130843;130845;130848;130835;130847;130849;130850;130855;130846;130852;130854;130859;130853;130857;130860;130858;130865;130851;130862;130870;130856;130868;130867;130863;130873;130869;130875;130866;130879;130864;130882;130877;130872;130878;130874;130861;130881;130637;130880;130876;130639;130871;130646;130640;130638;130642;130643;130648;130645;130644;130653;130650;130649;130652;130647;130641;130656;130655;130654;130651;130664;130658;130661;130660;130659;130662;130663;130667;130672;130665;130674;130666;130671;130670;130668;130669;130677;130676;130675;130679;130673;130682;130657;130681;130883;130686;130684;130680;130683;130688;130687;130690;130685;130691;130693;130694;130700;130696;130698;130697;130702;130699;130695;130704;130689;130707;130692;130711;130703;130705;130710;130706;130713;130709;130708;130719;130714;130717;130720;130715;130718;130716;130724;130722;130701;130723;130712;130726;130725;130728;130734;130729;130727;130735;131342;130730;130732;130733;130731;130736;131344;131343;131350;131346;131348;131347;131341;131352;131356;131354;131353;131349;131361;131351;131359;131358;131364;131363;131355;131362;131365;131345;131360;131357;130841;131367;130678;130721;131472;131371;131370;131475;131369;131474;131368;131479;131473;131477;131480;131372;131484;131482;131483;131485;131489;131478;131481;131490;131476;131493;131488;131497;131494;131487;131499;131491;131502;131492;131504;131501;131507;131495;131503;131496;131506;131509;131500;131498;131513;131515;131505;131486;131512;131845;131516;131510;131517;131850;131514;131847;131853;131855;131511;131848;131849;131852;131856;131854;131860;131858;131846;131861;131851;131866;131864;131863;131867;131859;131865;131862;131870;131869;131875;131873;131871;131876;131857;131872;131878;131877;131874;131868;131882;131880;131881;131883;131886;131885;131891;131887;131508;131892;131888;131890;131895;131884;131894;131896;131893;131898;131897;131901;131900;131902;131903;131905;131910;131907;131906;131912;131889;131577;131904;131913;131911;131578;131909;131576;131581;131579;131580;131908;131587;131583;131584;131899;131585;131589;131592;131590;131596;131593;131598;131591;131588;131600;131595;131597;131586;131601;131604;131594;131603;131606;131599;131611;131608;131609;131607;131602;131914;131614;131612;131618;131610;131613;131617;131616;131619;131621;131623;131622;131615;131625;131582;131879;131627;131624;131628;131620;131634;131605;131630;131629;131631;131632;131638;131633;131637;131640;131642;131635;131639;131645;131643;131648;131647;131641;131646;131650;131651;131652;131649;131654;131655;131657;131661;131656;131658;131659;131653;131660;131664;131644;131666;131663;131636;131665;131668;131670;131669;131667;131798;131797;131673;131796;131672;131674;131800;131802;131803;131807;131805;131799;131809;131801;131811;131671;131814;131812;131817;131808;131810;131815;131806;131818;131821;131816;131820;131822;131824;131813;131804;131825;132271;131827;131819;131826;132273;132272;132275;132276;132278;131662;132284;132277;132279;132281;132280;132288;132282;132290;132286;132294;132283;132287;132289;132274;132297;132293;132298;132296;132301;132299;132123;132292;132291;132295;132121;132302;132126;132300;132285;132131;132125;132128;132127;132132;132122;132130;132129;132134;132133;132136;132138;132142;132144;132137;132141;132135;132139;132145;132140;132150;132147;132149;132151;132154;132143;132148;132153;132152;132158;132155;132156;132159;132161;132163;132162;132169;132160;132166;132165;132146;132168;132124;131823;132167;131626;132164;129125;124445;132173;132171;132177;131366;132172;132176;132175;132174;132157;132182;132178;132181;132187;132185;132183;132179;132180;132184;132189;132188;132186;132192;132191;132194;132193;132196;132195;132201;132198;132199;132197;132209;132202;132206;132205;132203;132208;132207;132213;132200;132215;132190;132217;132211;132216;132214;132204;132212;132220;132218;132353;132359;132355;132354;132356;132358;132357;132360;132363;132365;132219;132368;132364;132366;132372;132370;132376;132367;132373;132362;132594;132369;132595;132378;132374;132371;132361;132375;132379;132598;132596;132600;132210;132602;132377;132599;132601;132603;132605;132607;132608;132611;132604;132614;132612;132606;132615;132610;132619;132616;132622;132609;132624;132617;132621;132613;132626;132623;132630;132628;132627;132620;132796;132794;132798;132631;132629;132625;132799;132632;132618;132801;132795;132807;132803;132802;132805;132797;132812;132808;132806;132816;132810;132813;132811;132809;132818;132804;132815;132814;132826;132821;132819;132824;132820;132825;132823;132829;132828;132833;132822;132832;132834;132800;132830;132597;132831;132827;132837;132836;132839;132817;132838;132841;132844;132843;133896;132840;132846;133744;133902;133895;133898;133900;132842;133904;133901;133899;133906;132845;133910;133905;133911;133909;133908;133907;133916;133897;133921;133914;133915;133917;133918;133920;133919;133912;133913;133927;133925;133923;133924;133929;133903;133931;133930;133935;133933;133937;133928;133974;133938;133932;133976;133939;133926;133940;133977;133936;133975;133983;133979;133981;133988;133990;133934;133982;133989;133987;133984;133986;133985;133995;133994;133992;133997;133993;133999;133998;133922;133996;134001;134002;134005;133980;134004;134007;134009;134003;133991;134011;134010;134008;134006;134013;134015;134017;134014;134019;134476;134018;134016;134012;134387;134480;134479;133978;134484;134481;134482;134483;134485;134478;134486;134487;134490;134494;134492;134489;134499;134491;134496;134488;134498;134493;134503;134495;134477;134501;134506;134502;134505;134511;134497;134504;134514;134507;134510;134513;134509;134516;134518;134512;134522;134521;134508;134515;134524;134519;134520;134523;134525;134532;134527;134534;134536;134526;134530;134535;134533;134517;134529;134500;134537;134528;134000;132835;134539;134541;134543;134540;134544;134531;134548;134547;134542;134546;134545;134550;134552;134551;134733;134553;134554;134735;134734;134549;134555;134739;134744;134736;134738;134747;134746;134745;134742;134740;134741;134749;134778;134777;134780;134743;134782;134748;134784;134785;134783;134787;134779;134791;134793;134789;134845;134795;134788;134792;134737;134800;134790;134798;134797;134781;134803;134794;134802;134806;134799;134807;134796;134809;134804;134812;134808;134801;134816;134814;134813;134811;134820;134818;134817;135121;134810;135117;135120;134786;134819;135119;135118;135126;134805;135128;135124;134815;135125;135127;135131;135129;135130;135134;135133;135135;135138;135123;135139;135140;135137;135146;135132;135142;135143;135144;135136;135145;135148;135150;135149;135147;135155;135152;135502;135153;135154;135158;135156;135504;135157;135506;135151;135141;135509;135505;135507;135511;135508;135501;135516;135513;135512;135517;135510;135521;135518;135515;135519;135526;135522;135523;135524;135525;135530;135520;135514;135529;135528;135533;135534;135536;135535;135541;135531;135538;135542;135532;135543;135539;135540;135545;135537;135527;135546;135548;135547;135544;135552;135503;135122;135550;135558;135553;135551;135556;135555;135554;135557;135560;135566;135562;135564;135570;135559;135568;135561;135567;135607;135569;135565;135605;135563;135606;135612;135610;135613;135611;135609;135616;135615;135617;135608;135619;135620;135622;135624;135621;135618;135614;135626;135630;135625;135633;135571;135629;135635;135627;135631;135628;135632;135637;135636;135639;135641;135640;135647;135634;135643;135644;135651;135646;135645;135648;135654;135638;135656;135650;135659;135655;135661;135658;135649;135623;135660;135652;135735;135653;135642;135739;135734;135737;135736;135742;135657;135746;135740;135743;135738;136220;135745;136221;136217;136223;135741;136218;136219;136224;136226;136228;136222;136227;136231;136230;136232;135744;136234;136236;136229;136241;136233;136238;136237;136239;136240;136244;136243;136246;136235;136225;136247;136242;136255;136248;136252;136251;136249;136259;136253;136250;136257;136264;136261;136260;136258;136268;136254;136263;136266;136270;136267;136265;136273;136256;136271;136262;136272;136275;136276;136278;136277;136859;136855;136857;136856;136865;136274;136860;136861;136858;136863;135662;136862;136864;136854;134538;136269;136867;135549;137013;136869;136868;136871;137017;137012;136870;137020;136245;137021;137022;137019;137018;137014;137015;137023;137016;137026;137025;137029;137028;137030;137027;137035;137033;137032;137463;137031;137036;137464;137461;137034;137466;137467;137465;137462;137473;137469;137474;137471;137470;137472;137024;137481;137475;137478;137476;137486;137480;137482;137479;137477;137483;137484;137490;137488;137485;137496;137491;137489;137499;137494;137492;137501;137493;137505;137498;137504;137500;137497;137503;137487;137506;137509;137495;137510;137502;137468;137515;137511;137513;137512;137517;137508;137514;137519;137525;137516;137524;137520;137526;137523;137521;137518;137522;137796;137528;137801;137795;137798;137797;137804;137527;137802;137803;137800;137808;137799;137807;137809;137805;137815;137814;137810;137806;137812;137816;137811;137934;137794;137931;137932;137813;137933;137939;137937;137936;137941;137938;137944;137935;137943;137948;137946;137945;137942;137947;137951;137949;137953;137818;137950;137955;137940;137954;137956;137958;137960;137964;137957;137963;137968;137965;137962;137966;137971;137961;137959;137970;137969;137973;137975;137952;137817;137974;137507;137979;137977;137978;137967;137984;137985;137980;137983;137976;137991;137987;137988;137982;137990;137995;137981;137998;137993;137986;137994;138000;137997;138003;137999;137996;138005;137989;138001;138009;138007;138008;138002;138010;138004;137992;138011;139126;138012;138006;139131;139124;139127;139129;139136;139133;139132;139130;139135;139137;139138;139140;139142;139128;139139;139141;139148;139144;139134;139152;139143;139149;139155;139146;139151;139158;139154;139147;139159;139150;139741;139160;139743;139742;139157;139938;139156;139153;139161;139125;139943;139940;139145;139946;139941;139945;139949;139950;139942;139944;139947;139955;139951;139954;139958;139952;139953;139948;139962;139960;139963;139961;139959;139956;139965;139964;139973;139969;139968;139971;139975;139967;139972;139970;139977;139957;139979;139974;139966;139984;139976;139982;139981;139980;139991;139985;139983;139988;139986;139990;139992;139993;139995;139994;139989;140000;139987;140003;139999;140004;140005;139998;140006;139997;140002;140009;140008;140012;140015;140001;140014;139996;140013;139978;140011;140010;140007;140136;140137;140017;140140;140144;140139;137972;139939;140141;140146;140148;140138;140142;140149;140150;140152;140151;140147;140143;140153;140155;140154;140160;140145;140157;140164;140165;140158;140162;140159;140317;140166;140318;140161;140322;140320;140319;140326;140163;140324;140323;140329;140327;140325;140331;140321;140167;140156;140337;140334;140333;140336;140330;140342;140332;140340;140344;140335;140347;140339;140346;140348;140338;140350;140345;140352;140355;140351;140356;140343;140359;140357;140940;140353;140354;140360;140943;140939;140944;140942;140341;140945;140941;140358;140950;140349;140948;140949;140947;140328;140954;140952;140958;140955;140953;140951;140963;140964;140959;140957;140961;140960;140967;140965;140971;140969;140956;140973;140962;140977;140974;140979;140970;140972;140983;140968;140980;140985;140978;140976;140982;140966;140984;140987;140991;140975;140993;140995;140990;140989;140992;140818;140996;140994;140820;140981;140823;140821;140826;140819;140822;140997;140824;140828;140825;140832;140988;140829;140831;140998;140830;140834;140836;140837;140835;140843;140839;140841;140840;140842;140833;140844;140986;140946;140845;140849;140827;140846;140854;140848;140838;140851;140855;140858;140853;140856;140861;140852;140859;140860;140850;140864;140863;140866;140865;140872;140857;140868;140870;140862;140875;140869;140874;140876;140881;140873;140879;140878;140887;140880;140883;140885;140867;140871;140886;140884;140882;140890;140892;140891;140896;140877;140897;140889;140901;140898;140893;140895;140902;140900;140908;140903;140910;140894;140906;140904;140912;140914;140909;140916;140899;140999;140905;140915;140913;140907;141000;141005;141002;140917;141008;141319;141324;141316;141004;141006;140888;141001;141320;141003;141326;141337;141007;141323;140911;141332;141329;141328;141338;141321;141339;141330;141334;141333;141380;141331;141335;141377;141325;141646;141336;141675;141715;141718;141647;141671;141327;141768;141705;141670;141752;141758;141737;141721;141700;141765;141724;141750;141665;141706;141726;141722;141658;141676;141674;141645;141682;141731;141766;141672;141660;141742;141668;141712;141659;141749;141745;141678;141666;141697;141692;141693;141739;141751;141769;141714;141764;141733;141717;141730;142113;142074;142083;142092;142098;141740;141684;141763;142096;141655;141315;140847;140016;142062;136866;142106;142125;141878;142100;142064;142075;142118;142073;142066;142124;142127;142109;142070;142087;142067;142084;142072;142111;142085;142132;142117;142129;142121;142101;142123;142093;142134;142089;142069;142061;142103;142133;142076;142120;142130;142082;142102;142088;142128;142079;142119;142090;142081;142071;142063;142116;142126;142086;142077;142080;142065;142094;142112;142179;142131;142180;142068;142184;142110;142099;142200;142175;142168;142177;142148;142147;142173;142201;142166;142167;142152;142164;142172;142161;142298;142255;142187;142170;142154;142091;142157;142204;142267;142265;142266;142203;142277;142340;142288;142282;142287;142244;142290;142237;142286;142269;142263;142342;142346;142294;142256;142231;142319;142337;142281;142315;142289;142240;142349;142314;142235;142358;142280;142234;143229;142310;142257;142357;142361;142348;142304;142262;142261;142339;142305;142238;142259;142303;142343;142312;142347;142328;142313;142227;142251;142232;142300;142352;142354;142268;142317;142284;142307;142278;142308;142326;142322;142333;142345;142306;142353;142292;142309;142299;142254;142350;142316;142330;142332;142320;142329;142296;142293;142335;142327;142242;142271;142331;142279;142285;142273;142295;142360;142321;142270;142297;142252;142302;142236;142301;142249;142274;142260;142233;142336;142253;142355;142334;142243;142230;142323;142341;142258;142576;142543;142245;142585;142562;142505;142578;142557;142566;142554;142246;142344;142536;142512;142538;142558;142567;142565;142544;142514;142579;142525;142511;142534;142528;142508;142516;142584;142568;142559;142547;142531;142545;142530;143254;142553;143393;143257;143415;143408;142507;143409;143407;143416;143396;143259;143387;143404;143413;143403;143394;143400;143395;142561;143411;143391;143390;142582;143414;143417;144178;143402;143399;144118;144181;143389;144168;143412;144159;144128;144164;144162;144131;144192;143406;144119;144145;144186;144130;144169;144154;144155;144195;144142;144160;144156;144170;143418;144151;144180;144150;144139;144176;144229;144161;144220;144194;144149;144239;144138;144224;144238;144258;144230;144221;144255;144245;144270;144267;144269;144244;144263;144219;144253;144228;144268;144240;144226;144252;144242;144251;144233;144235;144256;144653;144222;144670;144231;144261;144686;144265;144249;144236;144685;144271;144272;144698;144668;144697;144153;143385;142276;144655;144675;144687;144661;144665;144663;144682;144667;144677;144678;144660;144662;144676;144674;144690;144656;144689;144695;144680;144693;144684;144671;144683;144692;144703;144702;144727;144688;144715;144659;144700;144699;144734;144741;144739;144722;144728;144742;144716;144731;144724;144721;144719;144829;144726;145099;145137;144831;145151;145210;145116;145188;144720;145162;145168;145202;145103;145159;145209;145182;145184;145216;145211;145160;145147;145111;145145;145163;145161;145098;145201;145207;144718;145127;145100;145129;145206;145166;145158;145113;145173;145180;145183;145134;145212;145176;145106;145157;145130;145125;145102;145174;145135;145128;145155;145146;145117;145104;145170;145148;145171;145185;145186;145144;145139;145189;145177;145169;145110;145101;145121;145136;145140;145105;145133;145153;145203;145215;145109;145118;145782;145777;145214;145737;145754;145761;145773;145709;145712;145726;145715;145770;145733;145752;145753;145749;145764;145730;145741;145719;145756;145744;145774;145732;145718;145779;145734;145731;145750;145778;145757;145766;145738;145742;145713;145721;145743;145143;145213;145727;145783;145785;145745;145755;145723;146179;145717;146151;146121;146182;145748;145740;146138;146147;146160;146159;146158;146157;146178;146154;146110;146167;146149;146128;146175;146140;146172;146108;146153;146152;146190;146161;146120;146181;146193;146131;146180;146124;146177;146186;146168;146114;146117;146123;146176;146183;146126;146107;146116;146115;146113;146136;146164;146109;146139;146127;146132;146118;146143;146188;146142;146150;146185;146134;146165;146148;146218;146169;146246;146252;146229;146173;146236;146217;146230;146112;146235;146239;146226;146255;146171;146219;146227;146222;146225;146240;146245;146253;146189;146254;146231;146224;146250;146249;146261;146232;146262;146256;146251;146228;146237;146238;146243;146259;146220;146732;146767;146257;146697;146647;146221;146742;146710;146764;146644;146702;146734;146741;146258;146678;146713;146765;146754;146686;146646;146655;146687;146753;146659;146705;146704;146668;146744;146671;146701;146707;146651;146696;146641;146660;146739;146709;146743;146680;146681;146650;146672;146675;146708;146728;146703;146731;146684;146663;146645;146740;146738;146664;146752;144664;146690;145771;146263;146727;146692;146652;146760;146711;146747;146682;146679;146694;146656;146698;146722;146642;146719;146674;146661;146714;146723;146706;146762;146730;146761;146657;146712;146720;146717;146748;146759;146758;146670;146648;146716;146724;146756;146755;146721;146695;146693;146654;146735;147546;146658;147480;146766;147505;147542;147587;147455;147492;147477;147530;147536;147608;147588;147582;147513;147583;147499;147614;147430;147613;147456;147471;147539;147487;147453;147552;147596;147423;147526;147472;147431;147574;147540;147531;147457;147580;147549;147479;147533;147557;147577;147607;147462;147527;147468;147458;147573;147520;146683;147547;147600;147448;147516;147442;147422;147503;147541;147427;147465;147428;147521;147535;147538;147569;147590;147466;147566;147599;147585;147446;147534;147474;147493;147449;147491;147611;147603;147467;147490;147559;147451;147444;147616;147460;147438;147525;147605;147551;147517;147595;147562;147459;147507;147432;147619;147443;147424;147461;147489;147598;147584;147433;147425;147555;147592;147518;147441;147601;147475;147118;147495;147035;147609;147124;147081;147114;147129;147100;147045;147074;147117;147046;147088;147029;147510;147042;147125;147126;147049;147561;147478;147080;147092;147528;147057;147054;147131;147105;147040;147028;147079;147132;147119;147066;147104;147041;147110;147122;147061;147128;147107;147089;147043;147064;147130;147065;147084;147095;147069;147055;147032;147047;147094;147109;147077;147031;147111;147112;147038;147044;147093;147063;147083;147133;147090;147123;147052;147037;147059;147073;147097;147053;147103;147085;147113;147056;147062;147120;147051;147075;147058;147096;147070;147078;147048;147072;147039;147115;147036;147025;147121;147076;147099;147067;147091;147101;147034;147473;147082;147615;147108;147578;147086;147560;147033;147581;147504;147106;147543;147071;147470;147512;147594;147445;147127;147553;147602;147486;147610;147488;147508;147567;147440;147572;147439;147434;147589;147514;147550;147501;147496;147593;147537;147522;147426;147565;147497;147494;147556;147481;147617;147506;147509;147670;147483;147485;147523;147668;147482;147679;147672;147664;147686;147702;147681;147683;147690;147674;147476;147669;147703;147701;147693;147677;147676;147665;147694;147696;147673;147699;147691;147687;147692;147667;147671;147675;147700;147684;147698;148055;147682;148043;148050;147695;148046;148077;148067;147678;148057;147689;148059;147604;147102;148073;147666;148060;148084;148083;148075;148047;148041;148049;148062;148079;148056;148052;148076;148058;148074;148044;148065;148078;148063;148042;148086;148071;148068;148040;148061;148589;148081;148054;148582;148070;148576;148069;148048;148618;148064;148631;148580;148620;148628;148626;148619;148596;148625;148598;148612;148630;148638;148597;148605;148583;148613;148611;148585;148607;148608;148575;148601;148633;148627;148595;148637;148586;148635;148577;148604;148622;148603;148579;148624;148629;148602;148621;148609;148587;148581;148634;148591;148593;148616;148592;148617;149116;148640;148632;149107;149096;149102;148578;149176;149165;149175;149190;149161;149154;149097;148590;149153;149197;149137;149095;149182;149155;149147;149140;149124;149171;149148;149144;149130;149166;149178;149115;149177;149156;149187;149110;149173;149104;149183;149114;149157;149141;149149;149134;149158;149131;149098;149118;149109;149117;149170;149194;149111;149184;149202;149200;149169;149198;149143;149099;149129;149167;149201;149136;149168;149163;149132;149159;149139;148584;149160;149128;149122;149186;149108;149100;149204;149188;149105;149146;149162;149119;149123;149101;149112;149127;149142;149106;149126;149196;149125;149164;149133;149121;149172;149150;149189;149138;149151;149199;149192;149565;149193;149588;149563;149625;149615;149559;149583;149181;149191;149552;149601;149622;149597;149145;149607;149543;149531;149556;149532;149595;149544;149638;149561;149623;149551;149626;149538;149632;149624;149575;149585;149618;149582;149591;149619;149593;149617;149604;149599;149586;149574;149587;149620;149608;149581;149547;149621;149578;149631;149606;149546;149540;149630;150192;149610;150216;150167;150208;150227;150166;150170;150197;149576;150174;150225;150210;150214;150224;150189;150211;150231;150221;150181;150198;150184;150229;150217;150186;150226;150219;150179;150178;150187;150177;150176;150169;150209;150195;150202;150213;150205;150247;150175;150188;150207;150278;150199;150265;150263;150277;150204;150268;150250;150264;150253;150271;150252;151039;150249;151045;151031;151032;150254;151040;151026;150258;151048;151042;151043;151029;151033;151047;151041;151171;151046;151038;151161;151036;151169;151172;151174;150185;149120;149592;148082;151034;151052;142122;146733;151157;132170;151175;151035;151177;151167;151166;151178;151182;151156;151173;151160;151184;151170;151162;151183;151179;151176;151168;151159;151186;151158;151181;151164;151232;151249;151256;151165;151257;151228;151245;151258;151250;151223;151163;151237;151185;151221;151229;151233;151242;151227;151235;151248;151259;151246;151236;151262;151220;151222;151263;151230;151238;151260;151225;151243;151251;151234;151252;151231;151253;151241;151224;151254;151226;151255;151240;151239;151314;151294;151325;151297;151348;151307;151344;151336;151244;151299;151326;151247;151324;151331;151261;151342;151337;151323;151320;151349;151295;151313;151332;151317;151311;151334;151327;151321;151312;151296;151340;151316;151303;151338;151302;151319;151300;151329;151335;151322;151345;151305;151328;151298;151301;151339;151350;151315;151304;151310;151341;151306;151347;151415;151343;151309;151351;151318;151896;151388;151902;151421;151333;151398;151420;151399;151408;151392;151382;151402;151381;151895;151416;151409;151397;151389;151384;151414;151894;151417;151898;151400;151405;151385;151394;151395;151330;151379;151380;151387;151419;151308;151411;151401;151391;151404;151412;151383;151376;151396;151386;151393;151406;151568;151403;151378;151538;151413;151560;151544;151556;151563;151536;151549;151548;151562;151390;151565;151535;151558;151570;151541;151547;151534;151552;151537;151561;151533;151555;151564;151569;151550;151553;151543;151551;151566;151559;151554;151540;151539;151567;151546;151773;151782;151788;151769;151766;151768;151767;151542;151785;151787;151779;151557;151774;151781;151772;151789;151784;151786;151770;151783;151771;152336;152343;152309;151775;151780;152334;152303;151776;151545;152302;152295;152321;152324;151777;152289;152308;152274;152275;152328;152314;152316;152340;152338;152331;152319;152294;152299;152330;152345;152304;152342;152296;152276;152277;152337;152310;152293;152326;152286;152317;152287;152292;152311;152280;152313;152315;152290;152284;152281;152323;152339;152301;152305;152298;152282;152333;152306;152329;152344;152332;152307;152312;152341;152300;152320;152278;152291;152297;152400;152325;152283;152327;152322;152408;152335;152396;152404;152403;152409;153067;152407;152397;152405;152318;152402;153064;152285;152279;152406;152399;153058;152401;151418;153070;153085;153084;153048;153049;153079;153053;153071;153063;153080;153076;153057;153078;153075;153081;153086;153065;153059;153050;153054;153066;153056;153055;153051;153069;153077;153068;153333;153060;153313;153276;153314;153318;153346;153339;153328;153289;153287;153357;153082;153280;153262;153319;153295;153270;153264;153338;153275;153323;153311;153281;153292;153312;153348;153355;153290;153342;153302;153301;153305;153273;153279;153272;153268;153359;153320;153354;153299;153300;153271;153315;153324;153329;153316;153340;153332;153308;153297;153260;153347;153298;153353;153358;153307;153309;153293;153261;153349;153327;153343;153306;153326;153344;153266;153360;153263;153282;153288;153321;153322;153283;153274;153304;153317;153330;153352;153337;153334;153345;153286;153294;153335;153267;153336;153356;153284;153350;153341;153325;153310;153277;153296;153265;153291;153259;153648;153628;153634;153606;153303;153642;153269;153629;153651;153610;153653;153633;153640;153607;153650;153664;153609;153639;153644;153602;153608;153660;153603;153662;153351;153638;153278;153658;153641;153604;153657;153605;153649;153646;153663;153655;153331;153661;153659;155469;153647;153714;153717;153645;153654;153739;153697;153747;153755;153715;153673;153732;153758;153656;153746;153692;153708;153681;153700;153688;153693;153720;153719;153730;153675;153716;153735;153718;153713;153760;153726;153740;153680;153721;153671;153698;153677;153682;153728;153749;153703;153674;153737;153686;153722;153734;153695;153672;153704;153687;153710;153738;153712;153701;153683;153702;153736;153684;153754;153731;153679;153748;153761;153706;153711;153696;153733;153699;153678;153705;153729;153724;153685;153727;153759;153723;154000;154371;154001;154398;153676;154363;154372;154393;153670;154364;154403;154375;154399;154407;154362;154361;154373;154411;154359;154358;154397;154387;154385;154389;154388;154392;154390;154396;154404;154401;154400;154391;154365;154386;154402;154406;154360;154377;154380;154394;154409;154382;154383;154395;154378;154408;154366;154357;154376;154795;154374;154788;154384;154379;154810;154369;154786;154793;154805;154807;154811;154799;154368;154794;154370;154367;154792;154787;154813;153052;154790;154796;154809;154789;153637;154802;154785;154803;153707;154804;154800;154798;155280;154797;155267;155281;155286;155269;154806;155272;154801;155273;155141;154791;155139;155140;155288;155279;155283;155142;155284;155235;155266;155287;155242;155282;155270;155275;155248;155240;155131;155290;155138;155260;155271;155285;155117;155291;155277;155268;155251;155261;155129;155239;155262;155238;155237;155120;155229;155241;155247;155244;155257;155278;155236;155118;155228;155264;155230;155119;155255;155254;155276;155259;155263;155250;155233;155121;155252;155246;155258;155265;155249;155256;155289;155227;155274;155130;155226;155243;155253;155521;155504;155535;155234;155478;155508;155480;155488;155500;155231;155510;155516;155534;155532;155481;155506;155514;155489;155512;155477;155530;155476;155529;155494;155518;155475;155490;155484;155472;155503;155460;155485;155479;155473;155526;155519;155513;155491;155515;155509;155474;155492;155498;155533;155527;155524;155507;155495;155537;155522;155502;155517;155505;155493;155487;155536;155496;155497;155501;155471;155483;155511;155482;155486;155523;156312;155525;155499;156294;155520;155531;156311;156298;156303;156305;155128;156304;155528;156296;156308;156301;156302;156309;156310;156299;156293;156307;156373;156300;156295;156344;156313;156365;156350;156372;156362;156354;156297;156358;156357;156351;156371;156355;156359;156346;156383;156374;156360;156347;156378;156369;156367;156382;156348;156349;156356;156343;156376;156381;156352;156377;156364;156363;156534;156353;156489;156345;156366;156518;156536;156368;156490;156516;156508;156487;156510;156535;156506;156529;156527;156509;156530;156519;156520;156495;156513;156504;156507;156541;156498;156532;156540;156379;156522;156494;156533;156521;156526;156491;156492;156537;156496;156524;156531;156539;156502;156488;156517;156538;156514;156525;156515;156501;156523;156512;156493;156497;156528;156500;156503;156400;156552;156542;156414;156412;156413;156499;156409;156408;156406;156415;156416;156401;156407;156404;156505;156411;156423;156402;156425;156410;156428;156430;156429;156424;156438;156431;157192;156432;157169;157206;157208;157186;157212;156427;157217;157203;157209;157179;157193;157216;157194;157187;157197;157219;157171;157184;157170;157211;157173;157220;157196;157177;157218;157195;157204;157178;157213;157175;157191;157222;156405;156511;157210;157172;157174;157200;156306;157925;157185;157215;157201;157912;157927;157913;157922;157924;157916;157917;157918;157928;157923;157955;157941;157950;157926;157991;157947;157914;157979;157951;157983;157980;157964;157984;158016;157958;158025;157978;157969;158023;157915;157972;158011;157990;158005;158007;157949;158009;158018;158002;158020;157987;157937;158019;158012;157965;158017;157944;157940;157976;158006;157981;158024;157971;158000;157985;157970;157988;157959;158003;158028;157977;157942;157966;158001;158027;157956;157998;157946;157962;157933;157992;157999;157954;158021;158010;157973;157986;157993;157994;157945;157995;157934;158014;157982;157930;157974;157952;158008;157996;157989;158029;157943;157997;157963;157975;157960;157957;157968;157936;158022;158030;157961;157948;157953;158310;158313;158040;158300;158306;158015;158004;157931;157967;158299;158294;158317;158274;158289;158311;158276;158302;158318;158293;158288;158284;158320;158297;158295;158309;158280;158292;158298;158301;158312;158290;158286;158285;158278;158281;158279;158277;158304;158283;158275;158314;158291;158287;158308;158421;158315;158296;158399;158405;158374;158426;158303;158282;158396;158419;158423;158013;158365;158424;158373;158397;158432;158379;158422;158434;158394;158407;158388;158369;158412;158391;158382;158428;158409;158371;158410;158363;158408;158414;158376;158431;158389;158398;158406;158393;158427;158420;158385;158372;158386;158416;158411;158362;158384;158381;158380;158418;158400;158404;158401;158425;158367;158387;158375;158378;158377;158364;158493;158366;170504;158491;158482;158477;158417;158483;158484;158465;158470;158472;158469;158466;158485;158481;158468;158486;158490;158487;158370;158462;158478;158479;158553;158533;158532;158480;158529;158526;158550;158524;158552;158476;158536;158534;158551;158530;158538;158525;158544;158539;158542;158523;158540;158531;158545;158541;158535;158543;158527;158548;158537;159082;158528;158546;158522;159080;159081;159085;159094;159101;158549;158547;159095;159096;159086;159102;159093;159087;159104;159089;159083;159100;159088;159250;159099;159097;159249;159103;159245;159098;159091;159267;159264;159251;159261;159252;159262;159240;159258;159260;159259;159247;159263;159253;159254;159242;159266;159246;159265;159084;158461;159241;159322;159244;159256;158413;154812;159853;157207;159832;159858;159850;159627;159846;159872;159840;159851;159871;159836;159839;159847;159873;159879;159852;159857;159834;159869;159837;159880;159844;159845;159859;159863;159881;159867;159874;159841;159862;159861;170503;159835;159833;159865;159855;159856;159864;159877;159860;159854;159848;159866;159875;159868;159842;159876;170502;159838;159870;159799;159800;159878;159791;159804;159781;159790;159777;159788;159783;159772;159815;159796;159802;159797;159798;159786;159812;159795;159773;159803;159775;159780;159792;159807;159787;159808;159793;159805;159782;159785;159778;159849;159794;159801;159774;159811;159814;159810;160013;159813;159806;159776;159942;159779;159933;159994;159995;159984;159972;159784;160041;159969;159789;160045;160035;159991;160012;159997;159946;160011;159943;160042;159989;159968;159970;160001;160038;159937;159949;160008;160046;159980;160007;160002;159944;159979;159945;160044;160003;159967;159992;160004;160019;160017;159918;160014;160040;159983;159953;159952;159986;160018;159993;160005;159941;160010;159971;159939;160009;160126;160114;159940;159973;160127;160047;160113;160121;160122;160117;160133;160119;160135;160116;160118;160109;160107;160043;159988;159809;160137;160124;160136;160131;160132;160129;160111;160110;160128;160108;160112;160156;160123;160106;160153;160146;160163;160115;160175;160134;160174;160176;160171;160141;160105;160159;160168;160143;160172;160177;160149;160120;160158;160152;160154;160160;160178;160157;160169;160155;160166;160142;160150;160170;160145;160151;160162;160164;160167;160140;160165;160144;160618;160138;160139;160147;160623;160625;160593;160600;160620;160582;160148;160594;160614;160617;160589;160583;160616;170505;160603;160585;160606;160592;160587;160584;160612;160615;160595;160605;160610;160597;160608;160599;160601;160626;160580;160602;160611;160604;160173;160622;160613;160619;160596;160607;160661;160627;160591;160655;160666;160581;160649;160654;160645;160638;160609;160660;160676;160678;160590;160586;160656;160665;160651;160677;160673;160647;160657;160644;160653;160659;160675;160658;160703;160709;160652;160697;160642;160662;160648;160705;160695;160646;160685;160687;160650;160702;160663;160707;160701;160713;160690;160712;163409;163407;160693;160706;160711;160704;160696;160700;160686;160689;160708;161584;160688;161600;160699;160698;161589;161533;161561;160710;161545;160691;161588;161517;161599;161585;161587;161571;161597;161607;160692;161575;160694;161586;160130;161527;161541;161566;160598;161553;161602;161521;161570;161560;161554;161532;161579;161595;161557;161551;161666;161547;161530;161592;161565;161534;161563;161572;161608;161569;161581;161544;161562;161580;161516;161552;161526;161546;161529;161593;161601;161543;161549;161523;161582;161590;161578;161555;161577;161518;161535;161528;161536;161594;161531;161520;161540;161598;161559;161564;161627;161603;161542;161629;161522;161573;161583;161752;161729;161537;161858;161877;161878;161875;161890;161855;161879;161881;161863;161887;161859;161870;161853;161880;161876;161871;161852;161558;161886;161860;161857;161872;161889;161851;161850;161856;161854;161884;161885;161873;161891;162153;161888;162146;162150;162155;162162;161862;162163;162156;162141;162148;162144;162147;162142;162154;162157;161861;162286;162276;162282;162280;162254;162145;162278;162295;162294;162253;162269;162279;162247;162271;162265;162284;162151;162258;162255;162260;162292;162264;162273;162268;162281;162248;162277;162267;162266;162250;162291;162289;162252;162256;162275;162262;162249;162285;162259;162272;162257;162261;162274;162353;162251;162360;162344;162287;162352;162288;162283;162349;161849;162343;162246;162293;162370;162270;162364;162348;162369;162365;162371;162350;162351;162375;162342;162366;162372;162355;162346;162335;162347;162367;162357;162359;162336;162363;162354;162361;162356;162341;162358;162373;162337;162340;162465;162453;162368;162430;162345;162440;162338;162374;162460;162451;162441;162456;162454;162457;162450;162432;162448;162461;162462;162459;162442;162447;162433;162449;162463;162434;162443;162473;162458;162429;162464;162445;162446;162437;162885;162452;162436;162889;162444;162455;162901;162869;162888;162435;162905;162855;162906;162867;162887;162895;162917;162863;162918;162894;162879;162439;162862;162438;162916;162897;162872;162899;162915;162878;162893;162919;162877;162890;162857;162902;162875;162865;162884;162873;162914;162920;162921;162907;162967;162858;162870;162874;162908;162859;162909;162891;162922;162871;162861;162904;162860;162864;162896;162903;162923;162892;162856;163223;162876;163221;163191;163222;163190;162866;163220;163158;163151;163206;163132;163188;163184;163224;163134;163196;163187;163195;163217;163142;163150;163161;163189;163127;163140;163200;163163;163192;163125;163202;163182;163130;163194;163204;163197;163157;163159;163199;163193;162900;163152;163156;162868;162362;163137;161567;163214;163154;163123;163219;163160;163131;163141;163139;163149;163201;163181;163164;163176;163175;163118;163172;163168;163180;163210;163186;163162;163115;163209;163178;163174;163145;163208;163138;163166;163171;163211;163144;163146;163121;163136;163177;163122;163116;163185;163119;163203;163212;163183;163143;163155;163120;163207;163218;163169;163167;163153;163213;163147;163124;163133;163129;163126;163251;163170;163148;163531;163165;163590;163547;163580;163205;163179;163128;163565;163553;163532;163557;163568;163570;163554;163536;163173;163216;163555;163560;163630;163527;163559;163552;163526;163541;163528;163574;163551;163533;163573;163529;163567;163534;163537;163562;163548;163563;163543;163535;163569;163566;163540;163572;163546;163539;163550;163542;163544;163571;163564;163538;163595;163624;163558;163556;163627;163603;163610;163530;163601;163586;163616;163608;163597;163598;163618;163615;163628;163611;163592;163583;163609;163584;163612;163617;163596;163620;163626;163602;163623;163607;176375;163606;163622;163613;163625;163585;164233;163600;164175;164223;163621;164250;164236;164240;164243;163593;164190;163549;164249;164170;163619;164201;163594;164189;164214;164199;164205;164209;164213;164237;164181;164200;164191;164165;164173;164226;164228;164246;164182;164198;164161;164242;164187;164166;164239;164178;164210;164229;164212;164244;164215;164206;164203;164162;164192;164164;164225;164247;164251;164202;164171;164183;164204;164207;164219;164230;164208;164235;164197;164222;164172;164193;164163;164188;164232;164186;164216;165073;165047;165078;164167;164245;165035;165031;165058;165021;165049;165045;165065;165043;165074;165050;165071;165044;165055;165057;165033;165048;165059;164218;165029;165039;165041;165056;165018;165030;165052;165054;165024;165060;165022;165034;165075;165027;165046;165032;165040;165036;165051;165019;165042;165023;165070;165069;165038;165064;165025;165026;165414;165028;165053;165037;165381;165395;165378;165363;165386;165061;165364;165020;165383;165375;165370;165412;165391;165408;165379;165398;165385;165371;165343;165402;165390;165393;165358;165361;165367;165340;165341;165415;165362;165342;165373;165377;165351;165345;165357;165344;165404;165397;165382;165356;165388;165352;165392;165353;165401;165350;165416;165354;165413;165369;165063;165360;164248;165366;165411;165410;165376;165380;165389;165405;165399;165368;165374;165396;165407;165403;165384;165339;165804;165338;165365;165409;165394;165359;165387;165372;165807;165815;165805;165400;165824;165817;165792;165809;165829;165821;165828;165800;165830;165802;165823;165781;165796;165779;165812;165826;165793;165786;165819;165795;165810;165797;165818;165799;165811;165788;165780;165803;165822;165783;165782;165787;165845;165801;165785;165798;165855;165827;165859;165838;165854;165841;165851;165852;165806;165857;165860;165840;165864;165843;165848;165861;165837;165831;165816;165834;165850;165832;165862;165835;165842;165844;165839;165849;165836;165833;165897;165919;165846;165898;165856;165853;165866;165877;165899;165916;165881;165888;165873;165878;165889;165869;165847;165905;165912;165913;165908;165909;165868;165865;165921;165892;165917;165894;165883;165900;165895;165920;165907;165870;165876;165882;165903;165884;165896;165893;165914;165885;165867;165880;165886;165902;165910;165879;165890;165891;165918;165911;165872;165874;165904;165887;165957;165871;165966;165901;165979;165978;165943;165968;165935;165945;165915;165970;165962;165949;165960;165927;165858;165975;165906;165976;165955;165952;165932;165931;165875;165964;165950;165926;165941;165936;165940;165967;165951;165956;165977;165948;165944;165946;165947;165937;165933;165961;165973;165928;165954;165974;165930;165929;165925;165939;165924;166666;165965;165934;165971;165938;165953;165958;165942;165969;166640;165963;166635;166656;166641;166632;166660;166636;166658;166654;166657;166653;166637;166643;166647;166650;166639;166664;166621;166644;166667;166638;166633;166645;166648;166665;166655;166627;166625;166642;166662;166659;166661;166663;166620;166626;166837;166649;166646;166868;166818;166652;166634;166875;166651;166872;166813;166628;166817;166841;166862;166855;166865;166838;166809;166874;166863;166866;166826;166870;166810;166852;166814;166839;166851;166849;166876;166858;166859;166844;166864;166840;166832;166833;166811;166828;166854;166842;166867;166845;166869;166831;166821;166829;166819;166820;166836;166871;166857;166816;166812;166877;166860;166830;166835;166825;166846;166850;166834;166975;166847;166873;166848;166974;166853;166977;166978;166843;166979;166976;166973;167396;167047;166972;167380;166968;166970;167378;167366;167420;167419;167415;167411;166971;167401;167422;166815;167384;167426;167409;159831;166827;163198;165406;167428;167360;165972;167416;167410;167414;167425;167374;167373;167365;167391;167389;167382;167402;167394;167376;167403;167370;167405;167385;167368;167413;167359;167355;167367;167417;167369;167381;167387;167406;167390;167363;167357;167392;167404;167377;167358;167395;167388;167407;167361;167408;167383;167386;167371;167354;167418;167423;167356;167400;167375;167372;168527;167421;168526;167424;168506;167362;168514;167379;168528;168511;168525;168531;168508;168510;168513;168524;168517;168532;168530;168522;168529;168512;168535;168967;168515;168505;169000;168521;168504;168519;169013;168966;167427;168977;169002;168523;168997;168994;168968;168979;169014;169007;169012;169005;169004;168976;168975;168973;168972;168988;168962;168960;168999;168971;168986;168970;168978;168985;168992;168987;168984;168961;169001;168998;169006;168983;168963;169009;169010;169011;168969;168993;169008;168990;168996;169333;168974;169303;169310;168991;169336;169325;169319;169306;168965;169324;169320;169302;169311;169321;169326;169313;169331;169329;169308;169340;169341;169322;169312;169330;169337;169314;169328;169335;169339;169305;169301;169338;169307;169334;168989;168995;169401;169323;169327;169395;169309;169374;169399;169404;169386;169388;169396;169400;169384;169393;169365;169394;169390;169372;169375;169367;169364;169369;169488;169398;169402;169376;169373;169397;169356;169403;169381;169387;169391;169405;169362;169378;169355;169406;169385;169366;169377;169368;169360;169392;169357;169379;169380;169370;169359;169361;169581;169371;169363;169547;169358;169570;169532;169577;169535;169580;169575;169557;169569;169556;169383;169540;169529;169561;169536;169555;169545;169552;169531;169550;169558;169565;169548;169533;170014;169541;169562;169564;169551;169549;169563;169578;169559;169389;169554;169566;169573;169546;169538;169553;169579;169543;169544;169534;169567;169542;169560;169638;169626;169646;169530;169609;169667;169568;169528;169652;169588;169660;169615;169657;169603;169664;169650;169618;169613;188839;169611;169651;169621;169600;169642;169589;169666;169634;169648;169599;169654;169684;169644;169619;169681;169683;169607;169620;169617;169653;169668;169633;169610;169602;169608;169662;169593;169643;169622;169670;169590;169604;169655;169677;169703;169616;169629;169601;169627;169674;169332;169625;169680;169669;169675;169641;169628;169623;169595;169679;169539;169597;169663;169624;169645;169596;169682;169612;169591;169661;169658;169592;169656;169594;169671;169676;169598;169614;169639;169647;169678;169606;169791;169853;169804;169762;169659;169640;169743;169825;169869;169737;169859;169864;169764;169820;169848;169871;169818;169750;169733;169798;169809;169729;169637;169822;169769;169856;169826;169849;169739;169812;169815;169819;169866;169810;169821;169854;169851;169740;169843;169800;169741;169811;169855;169751;169862;169752;169772;169857;169754;169868;169830;169757;169766;169749;169790;169795;169794;169808;169824;169845;169792;169773;169748;169753;169735;169793;169813;169870;169816;169803;169867;169827;169801;169823;169852;169847;169828;169805;169872;169770;169728;169731;169797;169738;169829;169846;169742;169765;169796;169799;169844;169763;169723;169874;169850;169865;169863;169771;169744;170823;169873;169983;170786;169987;170818;170847;170799;170816;169814;170812;170835;170800;170817;170833;170797;170821;170837;170842;170828;188948;170808;170822;170809;170796;170831;170789;170845;170839;170838;170846;170802;170805;170792;170827;169817;170848;170841;170820;169858;170801;170798;170830;170849;170804;170850;170795;170813;170803;170794;170843;170790;170793;170826;170807;170825;170832;170814;170834;170815;170806;170836;170811;170819;170791;170829;171148;170844;171140;171176;171166;171175;170840;171116;171149;171125;171173;171202;171119;171144;171174;170810;171139;171182;171239;171201;171178;171171;171146;171117;171205;171199;171126;171170;171203;171195;171150;171172;171206;171141;171154;171168;171180;171181;171204;171190;171120;171308;171313;171169;171282;171281;171177;171319;171294;171369;171287;171279;171151;171137;171303;171278;171370;171280;171297;171298;171293;171274;171312;171290;171326;171323;171328;171277;171296;171291;171306;171300;171327;171286;171299;171311;171305;171309;171275;171310;171329;171368;171324;171318;171271;171301;171330;171276;171304;171283;171272;171288;171289;171273;171295;171292;171284;172199;171302;172231;172201;172218;171325;172214;172193;172215;172233;172235;172185;172197;172237;172210;172234;172194;172202;172195;172205;172203;172219;172189;172200;172196;172187;172204;172236;172198;172337;170787;172183;172206;172207;171331;171307;172262;172321;172288;172309;172286;172307;172334;169672;172332;172343;172295;172335;172345;172340;172341;172339;172331;172273;172283;172322;172303;172319;172328;172314;172324;172316;172274;172326;172285;172304;172310;172313;172305;172317;172272;172302;172330;172320;172336;172306;172352;172269;172278;172270;172333;172275;172271;172293;172263;172296;172292;172279;172353;172323;172268;172312;172297;172315;172311;172354;172287;172346;172280;172347;172342;172348;172284;172294;172301;172265;172298;172266;172282;172344;172291;172349;172299;172267;172300;172259;172706;172688;172699;172264;172720;172707;172709;172718;172686;172689;172685;172704;172723;172695;172350;172705;172724;172728;172701;172715;172713;172703;172700;172697;172721;172727;173032;172729;172683;172681;172698;172719;172714;172725;172696;172712;172692;172722;172684;172726;172694;172687;172716;172691;172690;172682;173365;172702;172710;173359;173362;172730;172693;172717;173353;173361;173360;173370;173354;173368;173366;173367;173352;173356;173357;173351;173355;174190;174207;174209;174183;172708;173358;174218;172351;173369;174191;173363;174213;174210;174217;174199;173364;174189;174204;174187;174206;174202;174201;174212;174205;174182;174200;174184;174203;174193;174211;174186;174208;174847;174867;174868;174849;174859;174845;174822;174828;174856;174841;174861;174880;174185;174857;174850;174192;174848;174879;174865;174858;174821;174870;174817;174852;174872;174824;174818;174830;174842;174823;174843;174877;174884;174829;174874;174827;174820;174826;174882;174871;174825;174844;174836;174831;174878;174838;174863;174834;174851;174860;174876;174837;174816;174881;174840;174864;174862;174846;174873;174869;174814;174833;174819;174855;174835;174866;174839;174832;175197;175205;175227;174815;175224;175217;175226;175166;175219;175214;175171;175184;175228;175222;175229;175173;175183;175182;175175;175168;175223;175230;175212;175216;175186;175190;175196;175174;175218;175181;175207;175164;175198;175195;175179;175225;175221;175206;175169;175215;175199;175209;175165;175208;175180;175203;175172;175194;175213;175170;175187;175188;175200;175220;175210;175161;175189;175202;175211;175176;175204;175177;175201;175162;175245;175163;175276;175255;175273;175242;175264;175178;174875;174188;175167;175246;175185;175275;175267;175248;175274;175244;175265;175241;175235;175239;175256;175251;175240;175236;175234;175269;175261;175247;175268;175253;175271;175249;175250;175238;175257;175260;175254;175266;175231;175272;175232;175270;175311;175318;175259;175312;175258;175292;175243;175233;175302;175294;175310;175299;175252;175309;175314;175313;175322;175298;175315;175316;175323;175365;175297;175301;175300;175321;175293;175289;175360;175305;175320;175296;175290;175326;175325;175295;175324;175507;175352;175550;175308;175291;175319;175317;175544;175526;175519;175542;175545;175543;175536;175510;175538;175353;175504;175530;175508;175512;175515;175500;175491;175520;175521;175527;175490;175522;175534;175498;175518;175356;175524;175502;175499;175492;175503;175493;175514;175488;175516;175523;175495;175494;175505;175509;175511;175501;175780;175771;175513;175799;175497;175776;175496;175778;175735;175736;175777;175737;175772;175784;175773;175779;175800;175785;175796;175781;175738;175783;175795;175797;175786;175787;175788;175774;175789;175794;175741;175740;175744;175746;175793;175748;175739;175790;175775;175745;175747;175798;175754;175506;175529;175752;175751;175764;175750;175743;175765;175749;175766;175731;175768;175767;175756;175755;175732;175742;175769;175770;176001;175733;176012;175734;175753;176002;176018;176016;176014;176040;176005;176003;176047;176007;176049;176011;176004;176006;176022;176010;176048;176008;176013;176021;176009;176017;176020;176050;175757;176029;176027;175997;176023;176028;176024;176032;176033;176039;176030;175998;176031;176035;176000;175999;176034;176038;176019;176609;176606;176613;176610;176604;176572;176573;176594;176588;176582;176574;176611;176614;176581;176578;176576;176575;176580;176584;176605;176015;176612;176589;176591;176596;176590;176595;176592;176600;176598;176593;176602;176585;176599;176601;176568;176597;176569;176867;176579;176570;176877;176571;176879;176878;176807;176869;176875;176872;176848;176873;176870;176881;176850;176862;176808;176851;176857;176819;176603;176880;176852;176825;176876;176853;176811;176859;176854;176813;176855;176817;176827;176858;176847;176809;176835;176829;176810;176836;176815;176864;176820;176863;176826;176828;176860;176866;176865;176823;176803;176822;176868;176834;176780;176833;176824;176843;176802;176839;176830;176874;176845;175237;172308;176841;176812;176583;176778;176806;176776;176842;175730;176789;176844;176837;176882;176792;176883;176840;176849;176779;176784;176777;176794;176788;176772;176805;176804;176781;176783;176787;176786;176793;176790;176821;176814;176801;176818;176799;176773;176775;176798;176846;176795;176796;177026;176800;177029;177028;176774;177043;177048;176797;177013;177019;177074;177014;177032;177031;177020;177016;177021;177075;177017;177008;176990;177073;177036;177022;177038;177034;177049;176993;176997;177076;177039;177040;177035;176995;177037;177041;176999;177046;177001;177018;177027;176785;177009;177025;176996;177030;177003;176992;177042;177011;176991;176994;177044;177045;177033;177010;177000;177006;177004;177002;177005;177007;177171;176989;177172;177165;177160;176988;177167;177182;176998;177183;177185;177168;177201;177175;177047;177179;177204;177202;177134;177137;177200;177139;177206;177207;177174;177163;177203;177149;177143;177141;177138;177135;177180;177136;177170;177140;177166;177190;177161;177176;177164;177142;177173;177147;177146;177178;177148;177151;177186;177177;177150;177181;177154;177152;177169;177184;177157;177133;177970;177162;177132;177153;177155;177969;177023;177982;177156;177960;177943;177962;177978;177985;177948;177955;177941;177965;177967;177949;177984;177944;177954;177940;177958;177972;177956;177979;177947;177942;177963;177980;177957;177983;177939;177976;177945;177971;177975;177974;177973;177961;177950;177946;177938;177959;177977;177981;177964;177968;178058;178093;178095;177952;178073;178091;178059;177951;178077;178096;178090;178086;178067;178081;178069;178078;178097;178065;178083;178071;178074;178068;178082;178072;178084;178062;178079;178061;178089;178092;178076;178080;178075;178370;178085;178094;178088;178064;178060;178066;178087;178378;178063;177966;178385;178070;178389;178369;178388;178352;178347;178371;178386;178373;178379;178377;178363;178350;178346;178364;178351;178354;178395;178391;178372;178367;178392;178355;178349;178387;178360;178359;178381;178348;178376;178380;178361;178345;178358;178357;178375;178394;178383;178393;178344;178390;178362;178374;178382;178365;178867;178353;178880;178855;178890;178366;178384;178882;178889;178863;178896;178869;178901;178887;178861;178873;178856;178866;178881;178879;178871;178868;178854;178892;178878;178874;178865;178857;178900;178897;177953;178883;178876;178356;178898;178368;178858;178895;178899;178859;178862;178885;178875;178853;178891;178872;178864;178894;178888;178884;178893;179024;178870;178877;178860;178990;179005;179022;179009;179004;179015;179011;179003;178997;178994;178992;179010;179013;179025;178983;178987;178977;179008;179014;179012;179002;178978;178998;179006;178988;178985;179007;179023;179018;178982;179017;178993;178999;178976;179016;178986;179019;178996;178995;179000;178979;178991;178984;179021;178989;179103;179100;179111;178981;179102;179098;179099;179079;179001;179090;179101;179083;179109;178980;179094;179091;179080;179112;179093;179096;179107;179020;179105;179089;179087;179095;179097;179113;179085;179086;179077;179092;179104;179106;179078;179283;179081;179110;179082;179286;179108;179272;179266;179275;179273;179259;179277;179284;179267;179088;179279;179260;179276;179261;179281;179265;179271;179262;179268;179269;179263;179274;179254;179285;179264;179278;179288;179258;179256;179282;179549;179255;179252;179253;179280;179552;179257;179522;179530;179566;179532;179251;179561;179270;179520;179517;179287;179562;179511;179514;179557;179521;179540;179535;179529;179084;179543;179559;179564;179553;179565;179550;179524;179525;179541;179513;179563;179568;179537;179554;179536;179526;179531;179558;179546;179555;179533;179542;179528;179567;179539;179534;179518;179516;179519;179545;179547;179538;179510;179512;179527;179515;179544;179548;179569;179523;188219;179560;189050;188784;188692;188539;188818;188140;188788;188224;188205;188262;188249;188757;188734;188399;188967;188937;188308;188302;188457;188325;188300;188979;188306;188172;188836;188744;189042;188421;188728;189043;188532;188239;188298;188246;179556;188180;188271;189060;188876;188309;188278;188878;189027;189057;188203;188717;188197;188871;188882;188243;188251;188708;188248;188363;188799;188242;188681;188449;188200;188236;188930;188864;188958;188307;189034;188225;188315;188282;188995;188296;189052;188316;188796;188171;188691;188667;188210;188918;188680;188729;188807;188512;188087;188827;188317;188389;189002;188821;188230;188237;188218;189005;188660;188850;189061;188173;189012;188164;188263;188739;188932;188100;188597;188194;188220;188366;188288;188244;188168;188630;188106;188226;178886;188811;179551;188834;188595;188806;188196;188270;188231;188832;188408;188623;188129;188550;188202;188294;188928;188204;188763;188272;188880;188256;188996;188523;188425;189046;188234;188250;188944;188241;188822;188190;189053;188188;188957;188952;188602;188972;188574;188116;188862;188865;188960;189006;188631;188665;188214;188245;188292;188599;188704;188181;188163;188484;188376;188285;188174;188108;188931;188286;188193;188699;188179;188323;188430;188538;188518;188962;188762;188335;188189;188393;188867;188187;188191;188490;188576;188212;188350;189024;188303;188808;188290;188146;188542;188919;188571;188861;188240;188766;188590;188407;188714;188933;188257;188167;188177;188895;188894;188934;188340;188311;188261;188252;188649;188604;188175;189018;188840;188233;188843;188162;188092;188892;188222;188794;188195;188268;188299;188267;188287;188259;188745;188908;188975;188283;188778;188276;188536;188751;188216;188247;188297;188142;188804;188760;189065;188461;188733;188289;188422;189011;188380;188123;188719;188910;188809;188170;188789;188138;188976;188221;188498;188644;189008;188943;188416;188301;188852;188281;188770;188557;188873;188990;188284;189014;188122;188786;188983;188253;188775;188659;188857;189036;188320;188184;188280;188893;188260;188305;188137;188687;188310;188211;188824;188815;188125;188988;188413;188674;188215;188228;188232;188207;188182;188898;188208;188165;188992;188336;188504;188754;189033;188295;188926;188213;188697;188090;188313;188917;188853;188479;188496;188755;188169;188274;188906;188468;188198;188277;188192;188625;188500;188885;188201;188621;188419;188312;188737;189016;188846;188716;188279;188444;188700;189039;188959;188678;188258;188265;189023;188235;188749;188782;188554;188414;188669;188581;188199;188863;188598;188634;188868;188185;189063;188886;188291;188238;189022;188610;188293;188135;188178;188446;188223;188217;188229;189019;188153;188639;188176;188671;188269;188505;188275;188488;188848;188965;188186;188562;188337;188254;189047;188980;188494;188672;188968;188450;188206;188622;188209;188314;188273;188530;188405;188264;188266;189032;188353;188735;188854;188109;188732;188227;188152;188695;188322;188119;188079;188911;188354;188346;188166;189021;188731;188370;188632;188964;188499;188473;188628;188095;188304;188720;188907;188795;188703;188998;188453;189000;188887;188825;188685;188183;188358;189056;188772;188747;188489;189045;188356;188813;188637;188083;188769;188872;189048;188513;188787;188715;188635;188761;188723;188355;189025;188662;189062;188912;188255;188343;188548;188472;188991;189017;188144;188945;188624;188404;189049;188462;188373;188130;188966;188710;188445;188970;188502;188913;188615;188145;188823;188686;188909;189009;188953;188361;188463;188654;188344;188149;188758;188319;189001;188401;188764;188546;188675;188454;188565;188978;188969;188620;188947;188439;188347;188547;188098;188367;189015;188679;188924;189067;188651;188752;188904;188560;188837;188521;188800;188387;188111;188641;188410;188128;188321;188520;188094;188549;188398;188682;188481;188097;188409;188961;188939;188618;188616;189068;188664;188391;189064;188417;188643;188756;188689;189051;188127;189007;188364;188543;188645;188131;188705;188570;188619;188126;188382;188497;188666;188577;188438;188845;188820;188362;188510;188351;188156;188555;188359;188318;188455;188148;188780;188117;188611;188810;188713;188514;188896;188511;188460;188870;188458;188869;188718;188478;188694;188556;188411;189038;188151;188338;188903;188124;188973;188652;188334;188426;188955;188743;188080;188793;188466;188348;188901;188545;188740;188388;188487;189003;188989;188753;188107;188956;188495;188572;188849;188342;188088;189066;188629;188881;188435;188586;188693;188721;188936;188383;189013;188448;188792;188491;188331;188929;188767;188701;188559;188601;188984;188698;188844;188797;188397;188617;188768;188608;188534;188515;188826;188783;189010;188891;188638;188927;189054;188589;188994;188706;188469;188099;188115;188726;188596;188925;188371;188452;188711;188579;188626;188999;188646;188859;188661;188690;188592;188112;188516;188841;188977;188143;188384;188866;188134;188833;188084;188655;188524;188369;189020;188508;188986;188897;188838;188587;189029;188935;188949;188105;188349;188575;188974;188096;188476;188847;188374;188724;188415;188428;188406;188085;188503;188506;188522;188341;188725;188493;189035;188459;188507;188648;188480;188580;188899;189028;188636;188357;188677;188736;188544;188150;188812;188420;188441;188588;188531;188451;188569;188552;188372;188139;189031;188464;188938;188696;188817;188379;188663;188465;188437;188915;188835;188566;188916;188874;188591;188537;188474;188774;188423;188801;188103;188442;188326;188443;188858;188877;188110;188114;188541;188890;188603;188392;167364;188613;176782;188985;188436;188540;188798;188875;151180;188133;188483;188673;189026;188375;188676;188997;188855;188856;188920;188567;188475;188748;188640;188668;188771;188396;188118;189030;188081;188900;188526;188527;188683;188963;188385;188086;188712;188921;188492;188653;188884;188627;188883;188467;188561;188594;188702;188657;188418;188830;188593;188429;188395;188519;188121;188582;188368;188551;188670;188585;188647;188722;188987;188583;188485;188440;188517;188954;188482;188981;188433;188132;188378;188486;188860;188776;188612;188102;188327;188352;188605;188600;188386;188427;188154;188456;188424;188802;188529;188147;188816;188330;188501;188101;189059;188738;188332;188609;188773;188656;188741;188578;188431;188922;188402;188584;188923;188941;188157;188642;188707;188120;188951;189058;188831;188946;188814;188905;188155;188558;188535;188400;188470;188727;188377;188390;188688;188633;188982;188525;188412;188791;188606;188568;188950;189004;188805;188082;188434;188993;188742;188803;188553;188381;188447;188528;188365;188828;188329;188093;188345;189041;189069;188394;188333;188746;188842;188684;189037;188851;188781;188940;188730;188432;188091;188477;189044;188471;188650;188360;188339;188777;188785;189040;188790;188607;188089;188709;188328;188779;188759;188914;188902;188889;188765;188658;188113;188829;188971;188942;188141;188136;188614;188819;188564;189055;188324;188750;189697;188403;189690;188509;188104;189683;188888;189682;189679;189694;189685;188573;189684;189704;189686;189692;189696;189680;189676;189700;189689;189677;189706;189698;189703;189687;189701;189695;189705;189699;189693;189678;189702;189691;189681;189688;188533;121646;121651;121653;121647;121649;121648;121656;121652;111848;121654;121650;121657;121655;111850;121659;121662;111849;111847;111845;121660;121661;111851;121658;111852;121667;121664;111853;121665;121666;121669;111854;121668;121672;121673;111855;121671;111857;121674;111856;121670;121677;111859;111858;111846;111860;121678;121682;111862;121679;111861;121685;121680;121681;111863;121675;121688;121686;111864;121684;121676;121691;121689;121693;121687;121695;121690;111867;121692;121694;121683;111866;121698;121696;121702;121697;121703;121700;111868;121699;121704;111869;121707;121708;111872;121705;111873;121701;121711;121709;121710;121714;121712;121717;121716;121715;121706;111876;111870;111875;121718;121720;111871;121663;111865;121719;111877;111874;111878;188563;121713;121722;111880;111879;121725;111881;121723;121730;111883;121724;121727;121729;121726;111882;121734;111884;121728;121731;111885;121737;121733;111887;121736;121732;121739;121735;121740;111888;121744;121742;121745;121738;111889;111890;121749;121746;121748;111886;121747;121741;121751;121750;111892;121743;121757;121753;111893;121759;121755;121762;121756;111894;121754;121764;121752;121761;121763;121758;121760;111898;111895;121767;111896;111897;121765;111900;121769;121770;121775;111899;111902;111901;121777;121771;111903;121768;121780;121779;121772;121776;121766;121773;111891;121783;121778;121774;121784;111904;121789;121786;121785;121787;121781;121791;121790;121788;111905;121795;111907;121794;111906;111910;121793;121799;111908;121800;121797;111912;121802;121798;121801;111914;121792;111911;121804;111918;121806;111919;121808;111913;121807;121805;111917;111909;111916;111920;121811;121810;111915;121803;121796;121814;121813;111925;111926;121812;111923;111927;111921;111929;121815;121818;121816;121817;111930;121819;121821;121824;121826;111922;121823;111928;121828;111931;121830;111924;121825;121833;121831;121832;121822;121827;121809;121782;121829;111932;121836;121820;121839;111933;121837;121840;121834;111935;121842;111271;121838;111270;121841;111937;111273;121843;121846;111936;111934;121845;111274;111276;121847;121851;121850;121844;121852;111277;111272;111275;111938;111940;121849;121854;121848;121856;111939;111943;111944;111941;121860;111945;121857;121862;111942;121863;121859;121858;121855;121866;121864;111948;111946;121869;111947;121868;121871;111949;121861;121876;121873;121875;111950;121867;121865;121877;121878;121872;121879;121870;112221;112223;121874;117336;121882;121880;121853;117396;121884;121886;121881;117637;121887;121888;121885;117633;117881;118208;121893;121883;121894;121892;118494;121897;121889;111278;121900;121902;121898;121895;121896;121899;121904;121890;121905;121908;121901;111279;111281;111283;121891;121907;121911;121909;111280;121910;119749;111284;121906;111286;121913;111285;111282;121915;121919;121917;121922;111288;121912;121918;121920;121916;121925;121923;121927;121924;111290;111287;121903;111289;121926;112034;111291;121921;121721;121928;121914;121931;111295;121835;121930;121929;121934;121932;111294;121937;111293;121939;111298;121938;121936;121941;121933;111300;121942;111296;121940;121944;111301;121935;121943;111297;121945;121946;111302;111304;121950;121948;121947;111305;121951;111299;121952;111308;121949;121955;121953;111306;111310;111303;121956;111951;121957;121961;111309;111954;111955;121954;121963;111952;121959;121960;121965;121962;121967;111953;121966;121958;121969;121968;111958;111957;111956;121973;111959;121970;121972;111961;111960;111963;121964;111964;111962;121977;121971;121980;121981;121978;112035;121975;121983;112062;121985;111307;121979;112224;112220;121984;112222;121976;121988;117399;121982;121987;121989;121992;121991;121994;121990;121996;119423;118209;117397;117634;121986;121993;121999;122000;117638;122003;121997;122004;122001;122006;122002;122005;121998;122007;122010;122009;119750;122013;121995;119753;122008;122017;122014;122018;122022;122011;122899;122012;122016;122019;122020;122021;122902;122901;133298;133300;122903;122905;122904;122900;122015;133297;118308;122898;133296;122923;121974;122895;122921;125161;133299;122924;122922;122920;125160;122926;125157;125156;125086;125159;124862;125158;125085;125084;122925;125155;125162;124864;125088;124867;125089;124870;124865;125401;124869;125083;125403;124868;126123;125402;126124;124866;125400;126122;126194;126196;126121;124863;126201;126203;126198;126205;126185;126199;126200;126190;126187;126204;126176;126197;126202;126470;126188;126177;126186;126178;126955;126472;128166;128168;126954;128170;126189;128163;128167;128171;128172;126120;128726;126478;128727;128165;128173;129783;128169;129293;128709;128164;126471;128710;126195;128758;129788;128759;129789;129294;129786;129683;129785;130108;129686;129681;132521;130109;129687;129682;129787;132525;132522;132524;129685;132527;132526;132520;132523;132964;132519;132694;132966;132696;132969;132963;122023;132968;132965;132967;129684;122026;122028;122024;122897;122029;122027;122025;122030;122031;122911;122896;122908;132695;122915;122906;122916;122909;122919;122918;122907;122914;122917;122912;125087;122913;126215;126212;132528;126214;125079;126216;125077;126213;124861;125078;125075;124681;125082;125076;125394;125393;125399;125396;125397;125398;125395;126211;126106;126182;125080;126179;126108;126107;126181;125081;124680;126209;129784;122894;126110;128714;128717;126473;128716;128715;126180;128174;128175;126210;122910;128721;128719;128722;128720;128711;128713;128712;128737;128734;128723;129690;128718;129692;128736;129691;128738;129689;129295;129296;130116;130114;130107;130204;130205;129688;130203;130117;130115;128735;129693;131125;132541;132540;132543;132542;132544;132537;132531;132539;132538;132545;132546;132535;132971;130118;132534;132970;132973;132972;132976;132533;132975;132677;132536;131763;132977;132978;126378;126377;132532;126111;126116;126113;126114;126376;126379;126206;126380;126115;126208;126207;126192;126112;126184;132974;130206;128153;126193;128155;126474;126183;128151;126117;128159;128154;128162;128160;128152;128158;128731;128729;128739;128156;129103;128157;128730;128728;129163;128733;129678;128161;130124;129164;129680;129679;129165;130111;129102;130120;130112;130110;130101;130113;130119;130122;130121;130125;130104;132529;130126;132589;128732;130105;130123;133227;130103;133061;132530;132979;132981;133062;132983;133301;133469;133503;133470;132982;132984;131762;132985;133302;133502;132986;132980;133683;133685;134040;133684;133811;133812;134041;130106;134425;134206;134424;134207;134835;135494;135489;135485;135484;135483;133501;135487;130102;126191;135488;134426;135491;135486;136030;135492;135493;136036;136031;136032;136034;136104;136105;136106;136035;136405;136109;136406;136033;136110;136108;136553;136556;136107;136557;136037;134208;136549;136554;136555;136550;136548;136695;137057;137318;136694;137323;137321;137320;137317;137316;136552;137638;137644;137637;137643;136551;137319;137776;137639;137875;136693;137641;137876;137878;137642;138442;137640;138519;138441;137781;137877;139048;138516;138443;139050;139080;139079;138518;139046;139510;139242;139049;139047;139697;139702;139700;139081;140125;139051;140413;141639;139696;140113;138517;139509;137322;140459;140711;139864;140495;141439;140710;141638;140718;141096;141440;141091;141476;141860;141441;141644;143063;141478;143065;141859;141480;143066;143064;143061;143444;143062;144517;143363;144082;144062;144061;144521;144518;144520;132987;132989;133262;133686;132990;132988;133263;143060;133499;144519;133264;133688;133500;134085;133466;133803;133802;135301;134084;134423;134422;135306;134875;135307;135310;135309;135305;135308;135299;135298;134086;133689;135303;135304;135302;135865;135863;134427;135877;135906;135869;135868;136331;135866;135907;136335;135867;136337;136336;136333;135870;136092;136334;136326;136327;136329;133687;136330;136328;126109;111292;135864;136408;141640;136409;136332;136568;136567;136572;135490;136901;136571;136697;136570;137328;137192;137197;137191;137193;136569;137712;137194;137196;137303;137198;137302;137718;137329;137873;138190;137717;137716;137195;137719;138189;138192;138180;137874;138515;138191;138814;138513;138184;137714;139053;138179;139054;139058;137713;139243;139055;138520;139514;139608;138815;139611;139056;139728;139865;139057;139513;139075;140114;139863;140115;139610;140661;140122;140536;140116;140117;139609;140704;140664;140715;140713;140663;141090;140662;141098;140716;141442;140712;139052;140714;141642;140709;141477;139866;141858;141443;142652;141643;141475;141444;142991;142989;142653;143446;142988;142986;142987;143244;143488;143362;133063;143245;133065;133067;144071;144072;133064;133066;144217;133060;133068;133498;133295;133505;142985;133467;133069;143487;133209;133504;133807;133808;133506;133805;133468;133804;133810;133957;133809;134872;133956;134873;134209;135405;134212;135300;134210;135402;135403;134211;135404;135782;135406;135783;135786;135781;135784;134874;135793;135789;135790;135787;135785;135791;135873;135780;135871;136095;135778;136098;136099;135792;136096;135872;136097;136094;135777;136093;136100;141445;136576;133806;136573;136574;136575;135779;136579;136577;136578;136699;136580;137199;136346;136581;137188;137190;136696;137189;137201;136698;137723;137187;137721;137720;137200;137777;137725;137783;137779;137722;138181;137780;137782;138182;138514;137724;137778;137202;138521;138183;138817;138813;137784;139077;138188;139043;139512;139045;139612;139076;140126;139698;138816;140118;139078;139044;140408;140410;139729;140580;140412;140112;140411;140457;140706;140703;140707;140702;141481;140537;141093;141094;139699;140409;138812;140785;141864;140705;142215;140708;142658;141867;141495;142990;141866;143379;142655;142656;143252;141865;143251;143250;143248;144065;142654;144064;144067;143358;143448;142657;144077;144218;144516;144514;144076;143247;144068;145231;144896;144901;144515;144069;144513;143447;145420;145232;146864;146482;145233;145699;146877;146772;146878;146863;146773;147007;145419;147006;147005;147950;147004;146862;147822;147008;148282;148128;148283;148814;147954;148809;148817;147952;148338;149058;147825;149919;148284;149290;149920;148905;148818;149827;149950;149921;148904;148294;145411;141496;150046;136345;150047;150035;149949;150287;148823;150749;150284;150439;151197;150922;151436;150923;150243;151437;151953;150944;151952;151962;150924;150241;151950;152014;151951;152381;152052;152051;152092;152370;152386;152556;152368;152785;152793;152884;152878;152883;153498;153691;153690;153506;153958;153031;152787;152053;153938;153957;153929;153975;153503;144894;153935;144892;145421;155850;155328;144898;144891;145417;144893;146483;144895;145694;146769;146771;146774;145416;145695;146484;145459;146487;147002;155329;147824;147000;147001;146770;147949;147823;146876;145418;153689;148290;147819;148288;147951;148339;147948;148286;147955;148824;148822;148340;148186;148902;148287;149838;148289;148820;149294;148811;149926;150072;149284;149057;149925;150288;149831;150442;150438;148821;150071;150423;150751;150070;150424;153933;150069;150931;150925;150441;150932;151196;150930;151961;150926;152015;149832;152090;152050;152369;152016;152558;151435;152085;151966;152371;152084;152373;152789;152882;152792;152797;153038;153042;153493;153491;153742;153505;153756;153043;153956;153757;153934;152881;152880;153744;150998;153963;147818;153928;153962;155331;153979;154025;153980;155347;155330;153743;144902;144900;155851;145693;145413;145414;145230;144899;145415;146485;145696;145412;146778;146486;146067;146873;146775;146997;146875;146874;146776;146777;146996;147953;147820;148190;147821;146440;148129;146999;148192;146995;148291;148191;148293;148344;148342;148292;148341;148285;148907;148901;148813;148812;149291;149052;148908;149048;148900;149295;149293;149289;149292;149829;149285;149828;149288;149833;149930;146998;149823;150040;149820;149945;150039;149819;149283;148189;149821;149944;150067;150239;150240;150285;150068;150917;150286;150444;150435;150910;150908;150909;150915;150916;150445;151438;150929;151439;153185;153184;151958;150911;151949;152054;151644;151956;151957;152083;152379;152372;152385;151955;152374;152380;151959;152560;152388;152502;152557;151016;153041;153032;152886;152885;153033;152794;153045;153497;153501;153750;153040;153500;153753;153492;153499;153751;153939;153990;153987;153960;155309;153945;153752;155321;153946;156583;153988;156587;153986;156585;155310;155319;153961;155320;156584;156586;152788;148023;149951;148025;153955;148024;148027;148030;148028;148029;155852;148356;150041;148350;148026;148355;148347;148352;148354;148349;148346;148351;148816;148353;148345;149053;148815;148357;149437;149054;149287;149051;149837;149830;149286;149050;148909;149826;149824;148348;150036;149836;149953;150038;150043;149952;150042;150066;150236;150037;150237;148910;150750;150443;150437;150283;150934;150918;150919;150921;150235;150933;151015;153936;151433;153937;150907;151645;151963;151014;151434;151946;151945;152091;151964;151967;151960;152082;151965;150920;149825;152376;152492;152377;152378;152500;152387;152499;151947;152796;152786;153039;152559;153034;152501;153044;152879;152791;153496;153495;153035;153036;153725;153930;153494;153037;153502;153974;152790;153971;155326;153972;153973;155313;155327;155322;153745;156578;156589;156579;156580;155853;156577;156592;128725;156590;153504;128724;153927;156591;11378;54848;156581;54850;54852;54851;54854;54853;54856;18713;37391;18721;54855;18714;18729;18716;18723;18741;18720;18715;18719;54849;156582;18722;18717;18730;18736;18726;18733;18727;18740;152375;18731;18739;18732;54862;18734;18743;18742;18712;18728;18795;18755;18784;18772;18735;18789;18771;18783;18785;18758;18792;18768;18750;18786;18765;18725;18769;18756;18761;18787;18790;18770;18779;18762;18791;18747;18774;18778;18763;18749;18781;18794;18767;18777;37950;18773;18759;18754;18764;18782;18746;18753;18752;18766;18776;18780;18744;18757;18775;18807;18811;18793;18804;18751;18788;18748;18806;18760;18809;18808;18745;18801;18796;18800;18799;18797;18805;19850;19209;19852;19851;19208;18803;19855;19854;19858;19857;18802;19861;19856;54863;19860;19864;19862;19859;19867;18810;19952;19863;20149;20151;54864;19951;20017;54865;19865;20912;19866;20913;20150;20163;20918;20919;20915;20914;20917;20916;21074;21075;21314;21272;21343;21342;21248;20920;19853;21345;18812;21584;21640;21346;21766;21583;21639;21765;22098;22099;21699;22102;21121;22153;22081;22101;22100;22050;24656;18798;21344;18724;20152;21767;22349;54866;22236;22152;22348;22237;22421;24658;24657;22468;22467;22420;23939;24659;24663;54867;23654;23940;23653;24665;24662;24787;24668;24661;24789;24791;24790;24691;24788;24666;24660;24667;24914;24916;25174;25094;25092;24918;24792;24917;25374;24915;25222;25774;24664;25093;25776;25772;25844;25773;25831;25771;25775;25848;25843;25957;25846;25907;54868;26202;26053;25845;25373;26054;27537;26113;28149;26055;25847;28148;28147;27609;29188;28295;28294;28296;29704;28277;28362;28335;31101;29254;31324;31323;31099;31053;31100;31027;25253;26972;31708;29189;31739;31706;31802;31801;32033;32083;31803;32445;32056;33288;31740;33465;31994;32455;33398;33534;33466;33287;32444;33746;33565;54869;33533;33748;33750;33754;33755;33749;33753;33751;33752;34061;34295;34296;34300;34086;34731;34783;34784;33825;32446;33824;34822;34971;34852;35223;33747;35282;35035;35376;34782;35377;54871;35636;34972;35274;35728;35577;35727;35292;54870;34719;35826;36011;35601;36037;36105;35825;36145;36038;36104;36009;36573;38166;36186;36106;38720;36010;38719;36206;35827;38655;34785;31707;39421;38915;39522;38201;39472;39560;38778;39567;40459;39559;39473;40512;40408;54872;39422;40503;40622;40598;40624;40513;40669;40511;54873;40473;40877;40977;42293;41972;54875;42168;43112;42294;42826;40623;39796;44120;42341;43102;44121;42169;44946;54874;44994;44122;50435;54876;43353;54877;44947;45426;45611;45024;45007;45581;45424;47047;54880;54878;54881;45400;47563;54879;47141;47787;48919;45425;54884;46345;47562;48922;47786;46358;54882;54885;49177;48921;54886;49238;43638;54883;49290;48920;49230;54887;49178;54889;54888;50436;50388;54890;49229;50660;54891;50353;51063;50427;50668;50832;50661;54895;54894;51386;51372;50308;51943;54893;51944;51942;51940;51126;54892;52165;54896;51941;51451;54897;51371;53298;52636;54898;54900;52599;54902;54903;52635;54901;54904;54905;54899;53898;53476;53361;52996;54648;53626;55173;53515;55704;53362;55705;55735;54649;55703;55737;55423;56092;55834;54906;56094;55706;57894;56093;55980;56142;55707;55736;57892;52460;53899;57893;56513;48923;39008;59507;57896;156588;59478;59508;59970;22170;60051;59510;59509;60053;60112;136407;59971;59686;61553;60050;61749;61751;61552;62079;61748;60052;61660;60087;61752;62102;62483;60141;62501;62762;62500;62469;62549;63003;62719;63169;62761;63170;63168;63481;63647;63004;63555;61750;63480;63002;64535;63167;64622;63479;64879;65060;62080;64728;64970;64590;65660;64727;65583;65552;65724;65176;65946;65706;65944;65177;65705;66483;65553;66484;66449;66967;66450;67009;66638;67116;66850;65943;69196;69242;69431;65945;69244;69226;67115;68916;69224;69519;67234;69243;69433;69521;69225;69957;64491;69520;70437;66158;69958;70441;69935;70500;69818;70951;70954;70438;70953;70199;70738;70439;70440;71234;70499;70952;71233;71472;71235;71471;71470;71929;71467;71930;72187;71468;72265;71931;71473;72188;71932;71469;71232;72399;72488;71573;72589;72591;72943;72590;72838;72489;73029;72781;72398;73249;72731;73248;73252;72967;73409;73251;73253;73788;73637;73247;74329;73028;74255;74332;73789;74497;74330;74380;74331;76207;76204;73250;76713;74370;76208;76974;76206;77091;76476;76714;73951;76712;76205;73638;77583;77544;77543;77833;72400;69432;77917;76975;77832;78483;77915;78588;78724;77877;78657;77878;78656;78831;77916;78829;79867;77972;78832;79866;79869;79692;79870;79871;80205;78830;79872;79254;80570;80206;80204;80571;80443;81523;81075;81653;81386;80572;81388;79868;81524;82917;81387;80569;82920;82915;82922;82918;82925;82916;82927;82921;82926;83373;82924;80883;83492;83374;82923;84590;82919;84126;83371;83372;84675;84589;85043;84829;85412;84588;84830;84646;85277;85725;84591;85768;86223;85694;85746;86222;82914;86106;85583;85276;86662;84127;86791;87055;86792;86663;85413;87375;87182;87478;87603;86664;87377;86875;87183;87378;87376;87929;88565;88564;87477;88723;88567;88910;88566;88625;88909;88626;87602;88701;88992;89758;89084;89085;89790;89086;89726;88912;89789;87883;89836;89942;89759;90028;88911;90319;90029;90204;90203;90548;90320;90800;90715;90363;91046;90010;90802;91354;90863;91285;90321;90836;91312;90801;91356;91353;90547;91357;91718;91719;92498;91573;91830;92759;92761;91462;91918;92760;92607;91976;92499;86224;89941;92758;77545;93198;93081;92523;91355;93082;93535;93412;93618;93384;93619;93246;93742;93411;93664;93663;93484;94438;93722;94439;94517;94972;94440;94441;94516;95443;93687;95724;95028;95723;95773;95725;96090;93819;93617;96091;96181;96092;96408;95442;96703;96165;96407;96179;96409;96612;96180;97103;97102;97918;97581;97580;96804;97101;99267;97104;99378;99138;99249;97755;99597;99441;99917;99635;99598;100223;100795;99596;100703;100512;101115;100389;97919;100794;100224;99034;101117;101170;100964;101316;96166;101116;101532;101550;101051;101317;101549;101358;101206;101932;101359;102365;101790;102432;101905;102366;101789;101169;102133;102038;102435;102501;102433;103091;103090;103089;103142;103361;103256;103308;103307;103143;103537;103255;103599;103516;103424;103306;102434;103423;103943;104105;103705;104216;103703;104215;104146;103945;104641;103570;104858;104362;103944;104860;104642;105377;104788;104859;104702;106106;105416;104363;106564;105113;106632;106586;106204;107006;106565;106309;107234;106051;108303;107102;108594;108382;107233;108302;106352;106850;105656;108412;101118;108763;107103;108725;103704;108690;109433;108762;109432;108413;109653;109147;109870;109948;108890;109950;109871;109654;109554;110391;109362;110432;109949;110936;110619;111036;111035;111226;110693;111149;109685;111004;109583;111185;111498;111524;111499;111995;110528;112180;111660;111413;111500;111996;117326;112054;117653;110308;117328;118059;111737;117515;118168;117654;117896;118746;118316;117327;119113;118903;119640;119332;119280;121144;119448;119447;119536;121145;119853;122046;118586;121505;121458;122219;122176;121567;122469;122415;117495;122143;122940;122576;121632;123124;123649;122577;123437;123811;123650;122740;121327;123812;123059;123810;125917;124140;117325;126032;126094;125348;126092;126367;126093;125323;126031;127882;125209;128274;128518;127730;127729;128751;126614;127993;128750;126685;128963;126882;128749;130079;129868;129521;130507;131114;131178;130751;132741;132383;132847;130158;133437;132688;133945;131681;133643;132742;133250;132333;129375;132384;133642;133665;134616;134971;134277;134850;135219;135717;135159;135666;135576;136544;135892;136707;136392;134396;135160;137042;137177;136305;135280;137699;137130;137391;136393;137822;137890;137774;139719;138131;139764;136728;140740;139279;139779;138207;140362;137823;136729;134276;124354;108595;139011;140568;141789;142916;144141;143541;143350;145276;144018;93080;147737;143256;148266;144863;145472;148512;148866;145028;148274;148500;146369;147790;149975;149067;150334;149799;148201;150008;149858;153456;150337;150096;156121;151897;156769;153430;152969;156338;153528;155849;157284;151970;158034;158157;157116;149513;157865;158149;158105;158352;158489;156200;158245;158558;158645;158111;158743;158686;158209;158764;159068;158644;158886;159052;158473;159115;159055;159559;159365;159745;159237;160209;159726;159746;160394;159300;159606;159532;161057;160517;160516;160450;159747;160273;160518;158921;161429;156857;160874;161421;161748;161626;162169;161968;161839;162585;162501;161793;162731;162576;162648;162971;162928;162577;163089;163635;162995;164125;164325;163348;164364;164156;163449;164261;164365;163579;164457;164798;164619;164510;164363;165265;164588;164796;164938;163501;164795;164829;165480;168103;164458;165239;165598;165523;165478;165599;166228;165597;166167;166136;176363;166493;166226;166503;166622;166174;165596;167045;166949;166772;167775;167233;165863;167280;167774;167777;168374;167230;168190;168483;168594;167778;168544;168270;165292;168741;168743;168542;168947;167893;161422;168951;169574;167881;169480;168899;169687;170149;169279;169479;170153;169685;170930;170243;170653;170254;170981;170652;171102;170152;170040;170150;171479;171473;171086;171367;170932;172550;171515;171514;172358;173709;173044;172635;172634;171600;173402;173764;173790;170931;173710;174977;171621;175484;174764;173040;174138;176132;174243;175989;176217;175569;176640;176394;176641;176761;176498;175121;177078;177063;176353;177495;177064;177532;177639;178489;177540;178039;178217;179233;177937;179072;179073;180320;179369;178488;179368;180319;181254;181329;181395;178773;177355;173765;181772;181484;181449;181901;181397;181771;181394;181558;181770;182165;182407;182740;182467;182871;182870;182406;182466;182878;182949;182876;183927;183259;183835;183677;185345;183928;185502;186088;183430;186183;183836;185709;186845;186243;186706;186492;187108;187107;186923;187293;185902;189072;187135;189304;187272;189371;189071;186087;54859;54858;182877;189866;189396;54860;189867;10474;54857;97974;121162;54861;189266;97976;97978;97975;97983;97979;99106;97984;97980;97986;97982;99599;97985;97981;100325;97987;99315;99173;99732;99201;100466;187109;100132;168742;97977;100601;99710;100769;181396;100600;101052;101030;100599;101053;101029;101172;101822;101233;102436;101234;101171;102206;102134;102591;102207;102205;102979;102593;102980;101207;103426;104703;102981;103880;102922;103468;103425;103538;103681;104500;104131;104297;104298;102592;104499;104719;104130;105166;104132;105464;105167;105392;105391;105657;105393;106053;103571;105324;105165;109621;106588;108565;108596;109801;108566;106587;105619;109922;106052;109623;110100;110232;110157;110234;110694;110311;110233;111642;111104;112206;121098;121100;111527;121099;111582;112018;111151;121097;111103;104673;121419;121104;121103;122611;133451;121102;121420;109622;121418;125254;133453;125308;125285;126175;133454;133455;133456;125626;133457;125627;133459;124409;133460;133463;133452;133462;133458;133765;128032;133399;133461;129492;136805;101533;131227;127808;137746;136804;131834;101403;101399;133952;101401;101406;101409;101408;101402;101405;101407;101404;101415;101413;101417;101411;101418;101419;101416;101412;101414;101400;101410;101423;101420;101422;101424;101425;101427;101426;101431;101429;101430;101432;101438;101434;101436;101435;101433;101421;101428;101440;101439;101443;101398;101444;101437;101442;101449;121101;101450;101445;101448;101451;101454;101446;101453;101455;101447;101457;101456;101459;101461;101460;101464;101452;101463;101469;101465;101458;101467;101468;101473;101472;101471;101474;101480;101476;101478;101477;101462;101466;101483;101475;101470;101487;101479;101482;101485;101484;119218;119217;101534;101486;119221;119219;104580;119226;119220;119225;119224;119228;119227;119232;119223;119222;104579;104582;119231;119235;119234;119230;119236;119238;119233;119086;104674;104816;105049;119229;119085;104581;119088;105086;119091;119237;144534;105048;119090;119089;144524;101481;122749;144523;122972;119092;144266;144526;144545;144543;144538;144533;125286;123683;126243;144257;126505;144234;122400;126700;144537;144528;126048;144544;144227;144243;127809;144232;144248;128111;144025;128968;125727;144250;130363;129846;144024;144540;144021;144260;131724;144529;144531;144026;144035;144428;144539;144044;144424;144019;144434;144530;130758;144430;144433;144431;144425;144525;144442;144429;144436;144223;101441;100598;141673;119087;40666;59785;24012;11435;31350;31349;73306;73307;40802;40804;40803;40799;40801;40800;52671;49172;57042;53450;40806;43875;40798;77813;51924;45504;44643;47164;56197;50613;58682;48374;64785;40805;74011;70342;57483;69845;66409;61561;71946;83470;63453;55143;77711;87917;84800;79855;92034;89830;86402;104626;94071;102427;106845;96452;99373;91096;42119;111793;117876;111011;77176;122252;119675;118931;120951;117599;124007;122367;136562;133672;127903;132036;134705;125221;146421;139580;142466;129977;154153;150343;149380;163958;159656;156665;151584;163032;153363;166041;174136;181274;40797;185552;135693;179482;56212;42861;144109;137646;134168;150503;23776;169877;156228;185560;149452;157896;152044;158780;154713;40447;171463;134169;159706;186774;34815;43069;44595;46858;50604;55805;53474;61624;52755;56959;59425;58537;65909;63241;64583;63449;62835;62479;66871;70214;66444;70857;73432;48299;74430;141834;77576;65218;71950;84156;77171;80483;79139;71350;84155;86059;73993;84641;84158;85325;84157;88638;78440;87243;141788;87656;91162;32504;86850;147748;93523;150419;171459;154435;55806;146445;185573;62693;164986;149451;89868;177266;141787;144946;137645;156231;136948;88718;86368;154724;54605;23779;185564;148454;147413;154426;147418;147411;124089;152630;151581;171517;152000;162180;62681;147415;165079;182909;63300;154710;185562;151977;161180;163034;62682;54606;69865;145064;156661;145065;62683;91386;22540;94055;109729;91780;138572;112191;127896;160842;111965;122254;157902;134945;153458;91388;172541;93513;149449;78679;97214;95888;141805;100792;89781;104575;72171;121128;99366;109039;174126;118085;133674;72169;179505;135695;122815;172600;72173;174124;185575;186768;44939;161777;108379;146448;141835;126633;124026;62685;62686;102324;62684;62687;118089;137362;140491;161175;133694;43861;171548;164018;147716;153471;118090;59179;50988;185550;137647;146442;133056;141804;149466;154434;151660;136190;157448;144979;164984;158733;156654;163954;43860;166216;168725;162179;186770;161172;141848;161173;109030;153437;162227;124022;149480;171510;169888;172540;185567;109895;144052;154720;139602;186766;140728;74024;139603;152028;185558;152667;109032;62688;141861;149447;155585;131943;131836;55815;69098;23975;59172;88719;61775;69099;112061;122817;104629;99369;51189;109864;53632;118976;132022;84403;154729;127899;138891;145015;141854;150451;154430;147659;156059;157450;152628;153400;151828;148457;146446;159666;158730;164988;172538;171461;55816;144051;185767;151976;138888;134223;51188;186864;154727;154712;150713;62689;182914;156220;150714;164089;154230;137628;157402;154719;185557;134764;137651;134218;163028;153439;152029;157840;141786;137905;21698;62691;137652;24002;22035;62690;156229;27584;33256;30200;53451;39355;38746;57043;35821;44644;49173;52672;40494;51925;42120;45505;48375;47165;34695;56198;55144;50614;43876;69846;64786;63454;61562;58683;77175;70343;79856;86403;77712;71947;89831;74012;66410;91097;83471;87918;84801;94072;99374;111012;102428;106846;109896;96453;104627;117600;117877;118932;119676;122368;127904;111794;120952;124008;125222;92035;132037;122253;133673;144107;57484;134706;136947;139581;154155;136563;150341;142467;149379;153364;159657;163955;146422;169880;166043;156668;151586;181276;20836;174135;179484;66517;66542;185553;137067;148705;187904;62692;163033;56213;69556;186915;150480;69237;69238;69236;150484;150489;150488;69239;150486;150485;150487;150482;150943;150481;100959;42304;18431;18432;100955;150483;18299;106685;106687;106686;106684;108892;108893;108895;106689;106314;106688;106312;106316;106311;108894;106313;109952;108891;109954;109956;109951;109953;108896;118825;108897;109955;118830;118824;118827;119620;106310;118831;109957;119618;106315;118826;119622;118829;119623;119627;119619;119625;119624;118828;119629;119628;119626;119631;119632;122425;122426;132731;122428;122429;132730;139753;122427;139755;139754;119630;143147;139752;143142;119633;132733;144320;143136;143131;144496;144485;145114;151050;144314;145124;145097;119621;151027;144502;144498;151051;132732;151030;145195;129978;152856;152173;152174;152151;150804;152855;155458;152172;152149;152152;152148;155452;155453;155454;152854;156553;155455;156554;156555;158667;152858;155456;158514;155457;156600;158658;156556;155459;156596;158342;158515;156602;156599;158517;158519;158343;158665;158668;158513;158669;158520;158516;158662;158661;158346;158663;158345;158670;158666;158659;158671;158660;158518;158344;158495;158498;162222;158512;162224;162225;173296;162223;162226;158664;158499;173298;158497;173244;158496;156601;173243;173247;173245;168760;173297;165285;173246;168764;168765;170123;165283;168772;168761;165284;168762;168862;168757;170125;168755;168759;168768;168769;168758;168766;168776;168773;168756;168763;168753;168751;168771;168767;168752;168775;169317;168774;187168;168770;168864;170124;168754;174445;169318;168777;168865;169315;168863;178847;174444;174454;174455;174453;174446;174443;174439;178845;174438;187170;174440;178846;187997;187173;178849;168750;187991;187992;187987;187989;178848;174441;174442;169316;187988;187990;187167;187169;187993;173299;63696;187995;187996;63699;63701;187172;63695;63700;63702;187998;63704;64299;63706;187171;63703;63712;63698;63714;63707;63697;63716;63709;63719;63713;63721;63710;63723;63725;63711;63727;63722;63718;63715;63717;63705;63726;63729;63724;63734;63732;63735;63730;63738;63736;63740;63742;63733;63744;63731;63743;63720;64509;63746;63739;64510;63737;66785;63748;66787;63741;67178;66788;63747;66790;66789;68964;67180;63749;66786;63745;68966;67181;68968;67179;70275;67182;70277;68967;68969;72927;70274;72067;63728;72069;72926;72287;76075;67177;72070;72068;70721;70276;72288;76078;72066;76077;73840;73842;73837;73839;76079;76074;74193;73841;74191;73843;77251;74192;74194;76076;73838;76080;74196;77255;74195;77259;77253;77256;77254;77263;77250;77258;81920;77261;77266;77262;77260;77265;80498;80500;77267;80499;77264;80502;81272;81271;81922;81274;81499;81498;81273;84264;81923;84493;81275;81500;81108;77257;77252;81502;68965;84492;152175;81501;178189;81921;84266;57895;84272;84267;84268;187994;84269;84274;85603;85604;84270;85304;84275;84271;85301;84273;85605;85415;85302;85417;85515;85303;86353;85606;86352;86351;85416;86766;94170;86765;94169;86768;86354;85414;86767;86350;88882;85450;92609;88883;94174;92608;88884;94176;88885;86769;92560;94173;92611;94178;92610;94175;92562;92563;92561;94443;94442;94444;94097;92612;94096;94180;94099;94181;93822;94445;95483;92565;94446;93820;92564;94098;95482;93821;94171;96880;96879;96881;100470;100469;22372;22375;99918;22377;100471;22374;100467;100468;22380;22383;22379;22382;100472;22378;22385;22390;22389;22386;22387;22376;22392;22394;22384;22393;14394;22391;22373;22381;14392;14396;22388;14398;14393;14402;14401;14397;14612;14399;14616;14400;14617;14603;14602;14408;14410;14409;14405;14391;14412;14404;14604;14414;14406;14415;14413;14618;14416;14407;14403;14421;14420;14606;14605;14619;14620;14422;14419;14417;14423;96878;14418;14426;14608;14424;14621;14431;14432;14411;14430;14427;14429;14609;14607;14601;14436;18449;14622;14428;18450;14434;14610;14438;15863;14433;18452;18456;18454;14435;18451;18457;14439;18453;22396;18455;22401;18459;22397;22402;22399;18458;22395;22404;14437;22406;14395;64312;22400;22407;64310;22398;63750;63752;63751;64311;63753;64309;64313;63755;63754;64314;64318;63757;63759;64319;64315;22405;63761;63763;64316;64317;63765;63758;63766;64321;63762;63756;64320;63769;63770;63767;64323;63764;63772;63771;63773;63774;63760;63778;64324;64322;63775;63780;63784;63776;63785;22403;63787;63783;63781;63779;63789;63777;63782;64328;64326;64332;63786;64334;64333;64330;64337;64331;64339;64338;64341;64325;64342;64327;64344;64329;64340;64343;64335;63792;63793;64336;63797;63788;64345;63796;63794;64349;64346;64350;64353;63790;64354;64352;63795;64347;63801;64348;64356;63798;64351;63805;63800;63802;64357;64358;63803;63808;63804;64360;63807;63806;64359;63799;63810;64355;63809;63814;63791;63816;63812;63768;63819;14425;63815;63818;63822;63820;63825;63817;46820;65259;63813;65258;63823;63826;63827;46821;63821;65257;65261;63824;46712;47053;47052;65262;46823;47048;65263;47049;47055;47054;30256;47050;46824;46822;47057;47056;47058;65264;47051;47060;65260;46827;47059;46826;65265;30258;30263;30265;30260;30264;31026;65266;30257;30267;30266;30259;30271;30272;30268;65268;30262;65269;30269;30276;46828;65267;30261;30275;30279;30280;30278;30284;30274;30286;30282;30273;30277;30283;30270;46825;30289;30281;28378;30285;28382;28383;28379;28380;28387;28385;28388;28391;28394;28381;28392;28390;30287;28386;28389;28396;28402;28401;28398;28399;28384;28404;28400;28408;28409;28393;28403;28397;28406;28395;28410;28412;28416;28417;28405;28415;28414;28420;28407;28424;28425;28418;28413;28419;28422;28428;28421;28429;28423;28435;28431;28433;28437;28440;28438;28432;28430;65271;28426;65270;28439;65274;28411;28434;30288;65273;65275;65276;28436;28441;28444;65272;28445;28442;28449;47061;28451;28446;28450;28427;28455;28443;28454;28447;46713;46716;28453;46715;46717;28452;46719;30290;46720;46718;28456;30293;46871;30291;30295;28448;30296;46870;30294;30298;30300;46714;30303;30299;30304;30297;30306;30292;30307;30301;30305;28458;28459;65277;65279;28461;28462;46721;28457;28460;65280;65278;30308;28465;28468;28463;28467;28471;28469;28466;28470;28472;30309;30315;30312;65281;65282;30310;28464;30302;30311;30317;30313;30321;30320;30319;30318;30325;30329;30323;30314;65283;30327;30330;30328;30324;65285;65288;65284;28473;28476;28477;65287;30322;28480;28481;28478;28483;28485;28474;28484;65290;65289;28479;30326;28489;28488;28482;28492;28494;28491;28487;28475;28498;65286;28493;28501;28490;65291;28497;28495;28504;28499;28507;28508;28505;28506;28500;28511;28509;28515;28496;28512;28518;28513;28519;28514;28516;28517;28486;28503;30316;28502;63811;28522;28524;31804;28510;28527;32507;28529;28525;28526;28532;28534;28523;28530;28537;28535;28538;28520;28533;28531;28528;28542;28543;28541;28547;28550;28536;28546;28544;28549;28552;28539;28545;28555;28553;28559;28556;28548;28540;28554;30333;30331;28557;30335;30336;30340;30337;28558;28551;30342;30334;30345;30338;30349;30351;30344;30339;30343;30350;30347;30341;30353;30348;30356;30360;46722;30346;30358;30354;28561;30357;28563;28567;28566;30361;28560;28564;28562;28565;28569;30352;30332;28572;30355;28577;28571;28573;28570;65292;30359;28579;28582;28584;28583;28574;28581;28578;28576;28575;28587;65293;28586;28590;28594;28589;28597;28588;28595;28599;28591;28596;28580;28603;28605;28593;28607;28606;28604;28600;28602;28610;28592;28601;28612;28608;28598;28585;28614;28611;28613;28616;28618;52071;47062;52072;47063;28619;28615;28622;28621;28620;46723;28624;28629;46872;28626;28623;28631;28617;28627;28632;30365;30364;30363;65294;28635;28638;65295;28636;28630;28633;28634;28625;28568;28609;28637;28641;28640;28642;30362;28646;28647;28628;28645;28644;65297;28649;65298;65300;28643;32511;65296;32510;65299;28650;32516;28648;32514;30367;32509;32513;30371;30366;32515;30373;32508;30375;30370;30380;30378;30368;30369;30374;30372;30377;32512;30382;30384;30383;30386;30385;30391;30392;30389;30388;30387;30394;30393;30376;30397;30396;30395;30390;30379;30404;30399;30406;30398;30408;30402;30405;30410;30411;30400;30416;30407;30418;30417;30413;30414;30409;30412;30401;30419;30421;30424;30426;30403;30415;30423;30429;30427;30431;30432;30381;30422;30435;30434;30428;30430;30433;30436;30439;30445;30444;30437;30442;30447;30441;30448;30440;30443;30449;30446;30425;30438;30455;30451;30456;30452;30461;30453;30458;30457;30462;30466;30460;30450;30467;30464;65301;30470;30472;30474;30459;30476;30465;30475;30473;30478;30471;30482;30483;30480;30481;30477;30463;30454;30468;30420;30479;30488;30487;30469;30491;28639;30493;30489;30495;30498;30484;30497;30492;30501;30502;30490;30499;30496;30505;30486;30500;30503;30509;30508;30513;30514;30494;30512;30510;30511;47064;30515;28653;30507;30517;30506;28652;30516;28651;30504;28655;28657;28660;28663;28658;28662;28665;28664;30518;28661;28659;28667;28666;28670;28654;65305;28669;28673;28668;28671;65304;65302;65303;28675;65306;28677;28681;28682;28676;28680;28679;28685;28687;28672;28688;28683;28691;28686;28690;28689;28684;28656;28693;28678;28692;28674;28698;28697;28703;28704;28702;28696;28700;28707;28701;28710;28705;28695;47067;47066;28711;28699;28706;47065;47069;28708;47075;47074;47071;47072;28709;47078;47079;47070;47082;47084;47081;47083;47076;47085;47068;47088;47090;47077;47089;47093;47094;47073;47092;47091;47097;47098;47080;47087;30521;47095;65307;47099;47096;30523;30525;30519;30526;30530;30520;30528;30527;30534;30535;30529;30538;30533;30540;30537;30536;30524;47086;30531;28694;30539;30543;30545;30532;30544;30549;30546;30552;30548;30554;30556;30558;30560;30551;30557;30547;30555;30562;30541;30553;30559;30564;30563;30550;30567;30568;30572;30574;30565;30577;30576;30575;30522;30573;30570;30571;30566;30561;30579;30581;30583;30584;30569;30586;30585;30591;30593;30582;30595;28713;30590;28712;30592;30580;30587;28715;32213;32216;30594;30596;30597;32214;32217;32215;30589;28716;28719;28717;28722;30588;28725;28724;28720;28723;65308;30578;28721;28730;28728;28729;28733;28714;28734;28731;28737;28718;65310;28740;28726;28743;28732;28741;65309;28735;28736;28739;28738;28742;65311;28746;28753;28748;28749;28747;28745;28755;28758;30599;28752;30601;28751;30598;28750;28754;28744;28757;30605;30610;30609;30600;30608;30604;30606;30603;30615;28756;30617;30619;30618;30607;30616;30613;30621;30625;30614;30611;30627;30623;30629;30612;30630;30622;30626;30635;30628;30631;30620;30602;30542;30633;30485;28521;30632;30624;65312;30634;30638;30639;28761;28727;28759;30640;30641;28762;28764;30642;28766;30637;28763;28765;30644;28769;28767;28760;28771;30649;30646;28773;28770;28774;30647;28776;30645;30652;28775;30643;30651;28777;28772;28780;30650;28779;30648;28782;28784;30653;28787;28785;28790;28768;65313;28781;65316;28789;65315;65314;28788;28783;28797;28795;28799;28786;28801;28794;28800;28792;28805;28807;28803;28798;28810;28806;28791;28802;28793;28804;28812;28809;28796;28814;28778;28819;28822;28821;28813;28808;28824;28817;28816;65318;65320;28815;32218;32220;32219;28818;65317;65321;28820;28823;65319;32222;32228;32224;32223;32225;30656;30659;32229;30655;28825;30658;30657;30654;30661;32227;30660;30664;32226;65323;65322;28826;28828;28827;30665;30663;32221;28831;30667;28835;28832;30666;28830;30669;28829;28837;30668;30672;30670;31805;30673;28833;28838;30674;28834;30676;28839;30681;28841;30671;30679;30684;30680;30677;30675;30662;28840;30683;30686;30678;30689;30691;28836;28811;30693;30695;30687;30688;30682;28844;28847;30690;30694;28849;28850;28845;28846;28842;30692;28853;28843;28856;28859;28861;28854;28848;28863;28855;28858;28866;28868;28862;28867;28857;28870;28873;28865;28871;28869;28864;28872;28874;28852;28878;28876;28880;28851;28883;28860;28884;28881;28887;28885;28890;28882;28893;28896;28879;28895;28889;28894;28891;28886;28877;28888;28900;28899;28903;65325;28898;28901;28902;28904;28892;30696;30699;30700;65326;28907;30698;65324;28905;65327;28875;30697;28906;30704;30702;30706;28897;30703;30711;30707;30708;30712;30714;30717;30720;30713;30719;30705;30716;30710;30715;30724;30723;30709;30725;30728;30726;30732;30727;30722;30718;30735;30736;30729;30739;30742;30734;30740;30738;30721;30733;30731;30730;30744;30741;30750;30752;30737;30754;30746;30753;30756;30745;30759;30757;30747;30761;30751;30763;30760;30748;30749;30767;30769;30765;30768;30755;30771;30762;30775;30770;30766;30758;30777;30772;30780;30774;30773;30783;30781;30785;30779;30782;30784;30764;30778;30743;30701;30685;65330;30776;28908;65329;28912;28909;28914;28910;28911;28913;28917;28918;28920;28919;28924;28927;28922;28925;28923;28921;30788;28915;28916;30786;30790;30791;28926;30797;30796;30792;30793;30800;30795;30803;30805;30789;30798;30807;30806;30802;30794;30799;30801;30809;30808;30804;30811;30787;30816;30818;30814;30813;30815;32518;32523;30812;32520;32522;32526;30819;32519;32529;32525;32527;32528;32517;32533;32524;30817;32531;32535;32536;32521;30820;30821;32538;28928;30823;28929;30824;32537;30827;30828;32534;30832;30825;30831;32532;30826;30822;30830;32530;28930;30829;30810;30834;28933;30836;30837;30839;30841;28931;30840;28932;30843;28937;30845;28935;30842;30844;30838;30849;28934;30847;28936;30851;30848;28938;30835;30853;30850;28940;28941;28946;30852;28942;65332;28943;28947;28944;65331;28939;28949;28952;30854;28945;28951;28953;30846;30858;30856;28950;30855;28955;30861;28958;30857;30862;28960;28954;28959;30859;30865;30863;28961;30860;30868;30869;30867;30871;28957;30873;30872;28956;28963;28965;28962;30876;28967;30877;30878;30874;30875;28964;30866;28948;30833;28966;28969;30880;28971;30870;28968;28973;30864;28976;28977;28970;28974;28982;28979;28975;28972;28980;28986;28981;28988;28990;65333;28989;28984;28987;28993;28997;28991;28978;28999;28992;28994;29001;28983;29002;28998;28995;28996;29005;29004;29003;28985;29012;29008;29014;29006;29017;29010;29016;29009;29011;29019;29015;29021;29024;29023;29007;65334;29022;30881;29013;29030;29026;29032;29034;29028;29027;29020;29018;29025;29029;29000;32540;29031;32546;32543;29033;32548;29035;32547;32544;29037;32545;29039;32542;65335;29043;32541;29042;29036;29038;29048;29041;29051;29044;29049;29054;29056;29050;29045;29047;29058;29053;29060;29055;29063;29067;29052;29066;29061;29064;29040;29057;29059;29065;29072;29046;29070;29062;29075;29076;29074;29073;29069;29082;29078;65337;29071;65339;65338;29077;29079;65336;29081;65342;65340;65343;65344;32553;32552;32549;32550;32556;65345;32557;29080;32560;32558;32554;32551;32562;32564;65341;32539;29068;32559;65328;32561;32566;32555;32567;32563;30879;32571;32570;32576;32568;32578;32574;32572;32580;32569;32575;32579;32577;32583;32573;32590;32586;32587;32585;32582;32594;32596;32589;32598;32595;32584;32591;32581;32588;32593;32603;32605;32597;32607;32592;32606;32604;32600;32609;32614;32615;32610;32602;32618;32611;32613;32608;32601;32617;32612;32623;32625;32621;32616;32622;32627;32624;32630;32620;32634;32632;32628;32638;32637;32626;32629;32633;32619;32636;32631;32639;32635;32645;32647;32599;32643;32642;32650;32644;32652;32653;32649;32648;32656;32658;32654;32657;32641;32651;32661;32655;32663;32659;32667;32664;32662;32672;32670;32668;32674;32666;32675;32646;32678;32677;32671;32669;32665;32660;32676;32682;32680;32685;32679;32690;32684;32683;32686;32692;32687;32689;32673;32696;32698;32695;32699;32694;32693;32697;32702;32688;32708;32691;32704;32700;32711;32703;32706;32713;32710;32712;32716;32718;32715;32701;32714;32717;32705;32681;32640;32720;32722;32724;32723;32721;32709;32727;32728;32725;32726;29085;29083;32707;29090;29091;29089;32731;29087;32730;29093;29095;29084;29086;29098;29099;29088;29101;32729;29094;29104;29100;29096;29106;29097;29108;29110;29107;29105;29092;29103;29102;29111;29115;29114;29113;29120;29109;29116;29119;29125;29117;29127;29123;29130;29129;29118;29122;29128;29133;29132;29135;29615;29124;29126;29618;29136;29617;29138;29616;29121;29137;29140;29144;29139;29143;29142;29141;65346;29112;29131;30882;30886;29614;30884;30885;30888;30889;30890;29134;30893;30891;65347;65348;30887;29620;30896;29623;29621;29625;30892;29624;29627;30894;29628;29631;29619;29629;29633;29626;29636;30895;29639;29635;29641;29642;29640;29630;29638;29634;29632;29644;29645;29646;29649;29652;29637;29654;29622;29651;29650;29655;29656;29660;29658;29661;29663;29662;29647;29659;29648;29665;29653;29666;29670;29667;29657;29672;29674;29676;29680;29675;29677;29671;29682;29684;29678;31468;29668;29683;29673;29681;29643;29679;29664;29669;30883;31473;31472;32719;31475;31476;32732;31469;31474;31479;31477;29146;31481;29151;29148;29147;29145;31471;29149;29154;31480;29153;29157;29150;29159;29161;29156;29158;29164;31478;29166;29165;29155;29171;29162;29173;29169;29163;29170;29152;65350;29160;65352;29172;65351;29167;29168;65360;65356;65357;65353;65358;65355;29315;29318;29317;65362;29320;29319;65364;65361;65359;29323;65354;29316;29175;65363;29177;29325;30897;29174;29324;30901;30900;30902;29322;29176;30905;30904;30906;30899;29321;30903;30898;65349;30910;30911;30907;30916;30908;30917;30919;30913;30922;30915;30918;30925;30927;30924;30928;30929;30920;30912;30921;30923;30914;30932;30931;30937;30939;30942;30941;30935;30940;30936;30934;30938;30946;30950;30944;30949;30945;30930;30952;30955;30954;30948;30953;30957;30947;31485;31482;30933;30956;31487;30926;31483;31489;31494;31488;31493;31484;31490;31491;31496;31498;30943;31501;31486;31503;31505;31497;31507;31506;31499;31492;31510;31509;31508;31502;31511;31495;31512;31514;31515;30909;32734;32733;31504;31500;32736;32740;32738;32742;32743;30951;32741;32735;32746;32747;29178;32739;32737;32748;32751;32756;32755;32752;32753;32744;32750;32745;32760;32764;32763;32759;32761;32758;32757;32749;32762;32767;32765;32768;32772;32774;32769;32771;32770;32779;32775;32781;32777;32780;32754;32778;32786;32785;32784;32788;32782;32790;32792;32773;32776;32783;32796;32797;32795;32789;32799;32794;32791;32803;32802;32805;32807;32798;32800;32787;32766;32801;32793;32809;32806;32814;32811;32815;32817;32812;32819;32810;32816;32813;32821;32825;32818;32804;32827;32829;32826;32823;32830;32822;32833;32820;29179;32828;37918;32824;29326;32831;29327;29330;65365;29331;29328;29334;36571;29332;29336;29333;29335;65366;29329;32234;32236;32235;32238;32230;32232;32237;32231;32240;32832;32241;32239;65367;32247;32244;32249;32242;32250;32245;32251;32248;32256;32253;32258;32255;32257;32243;32254;32260;32265;32259;32262;32263;32246;32264;32269;32271;32267;32275;32270;32274;32272;32252;32273;32233;32261;32808;31470;32266;32276;32565;31513;32282;30636;32279;32284;32280;32283;32268;32281;32289;32292;29685;32278;32285;32293;29686;32290;32291;32287;32286;32288;29687;31199;31196;31201;29688;31202;31205;31198;31200;31197;31195;31207;31204;31213;31215;31210;31214;31211;31209;31194;31206;31208;29182;29184;29180;31217;29186;31203;29183;31219;31220;29185;31223;31224;29181;31222;31216;31227;31221;31229;31232;31212;31226;31231;31225;31235;31218;31228;31234;31237;31239;31243;31245;31233;31247;31236;31241;31242;31230;31238;31249;31251;31244;31253;65368;31254;31250;31246;31258;31259;31255;31263;31265;31256;31264;31261;31260;31257;31267;31252;33289;31270;33291;31240;31269;33292;31262;33290;33295;33299;33298;33293;31268;65370;33296;65371;31271;30958;65369;65374;31266;65376;33297;65377;33294;65380;65375;65379;65372;65384;65382;65385;65381;65387;30959;65378;30964;65383;65386;30960;30962;30970;30966;30965;30972;30968;30974;30961;30969;30975;30976;30980;30967;30982;30984;30986;30978;30973;30988;30981;30983;30977;30987;65373;30979;30985;31248;30971;30991;30994;65388;30996;30963;30992;30995;30998;30993;31000;30990;31001;31005;31003;30997;31007;30989;31009;31004;31012;31014;31010;30999;31016;31008;31018;31023;31022;31002;31021;31011;31019;31015;31017;31516;31020;31517;31520;31006;31519;31518;31524;31528;31530;31521;31529;31527;31526;31013;31532;31536;31522;31523;31534;31525;31533;31540;31543;31538;31546;31535;31545;31537;31550;31544;31549;31539;31531;31542;31552;31024;31555;31548;31557;31558;31541;31554;31561;31553;31547;31559;31564;31567;31563;31565;31560;31556;31562;31566;65389;31569;31273;31272;31570;31276;31571;34853;31279;31281;31568;31275;31283;31285;31278;31288;31286;31274;31284;31280;31277;31290;32834;65390;31867;31870;31291;31287;31866;31872;31875;31282;31874;31868;31881;31877;31869;31878;31873;31292;31884;31886;31880;31876;31887;31871;31891;31892;31890;31879;31888;31889;31895;31897;31885;31896;31883;31902;31898;31905;31893;31901;31900;31903;31894;31289;31899;31551;31904;31910;32294;31908;31907;31913;31911;31914;31912;31916;31909;31922;31915;31924;31921;31926;31920;31919;31925;31917;31918;31882;31928;31931;31933;31930;31937;31932;31935;31940;31939;31923;31575;31929;65391;31578;31574;31576;31934;31938;31936;31927;32836;31572;32840;32838;32842;31577;32843;32837;32839;31573;32841;32848;32845;32846;32849;32850;32844;32851;32855;32857;32854;32856;32863;32852;32847;32861;32858;32866;32868;32860;32859;32862;32872;32869;32864;32867;32853;32870;32877;32835;32865;32876;32879;32878;32875;32874;32883;32871;32885;32886;32884;31581;31584;31579;31582;31580;32880;31583;32882;32889;32887;32891;32893;65392;32895;32890;32881;32888;32897;32899;32896;32902;32894;32900;31585;32892;32906;32901;32905;32910;32898;32909;32908;32907;32904;32912;32915;32914;32918;32919;32923;32916;32913;32917;32927;32911;32921;32928;32922;32920;32925;32929;32930;32935;32939;32933;32938;32926;32932;32941;32936;32943;32944;32940;32924;32942;32903;32946;32937;32948;32950;32949;32947;32954;65393;32934;32952;32953;32951;33593;33592;33595;33597;33594;33599;33598;33601;32873;33603;33602;33604;33605;33596;65394;33608;33607;32931;32956;33606;33591;32960;32962;32958;32964;32961;32963;32966;32967;32955;32959;32969;32968;32973;32971;32975;32970;32977;32979;32957;32978;33600;32981;32984;32982;32983;32974;32976;32989;32987;32980;32985;32988;32991;32972;32992;32990;32995;31941;33300;32994;31942;32993;31944;33303;33302;31945;33309;33305;33308;33306;33304;33301;32965;31943;33311;32986;33314;33312;33317;33318;33320;33319;33316;32998;32996;32997;33322;33307;33313;33001;33000;32999;33321;33003;33005;33008;33010;33011;33315;33014;33002;37646;33007;65397;33015;33012;65395;65399;65398;65396;38134;33009;33004;33006;37916;32297;32295;35475;33013;65403;65400;35478;65401;32296;33017;33020;33019;65402;35481;33023;33018;35480;35477;33025;33026;33027;33022;35476;33032;33034;35479;33028;33036;33029;33031;33040;33038;33030;33039;33035;33033;33021;33042;33024;33045;33016;33044;33310;33041;31906;33047;32945;33048;33052;33043;33050;33055;33054;33037;33053;33049;33051;65405;65404;33614;33612;33613;33611;33617;33610;33622;33620;33609;32298;37656;33616;33057;33621;33623;65406;36316;33619;33056;36461;38003;36370;37340;37037;33618;33615;33058;36923;33062;36448;33059;33064;33068;33060;33067;33063;37335;33061;33072;33065;33073;33070;33076;33074;36985;33066;33075;33069;33071;38089;36341;36911;65407;37843;36546;36464;37489;37652;36733;37981;36390;38100;37973;36498;36286;37780;36732;37744;36398;35830;37666;35831;37906;35835;35832;35837;35840;35828;35836;35842;35845;35838;35847;35846;35833;35844;35839;35849;35853;34854;35834;35854;33323;35843;35852;35851;33325;33329;35841;34855;33332;33327;33334;33333;33326;33330;33324;35848;33328;35850;33338;33341;33336;33342;33331;33345;33343;33347;33337;33340;33350;33349;33346;33344;33355;33339;33357;33356;33348;33360;33352;33952;33359;33358;33954;33957;33955;33351;33959;33362;33958;33361;33961;33953;33353;33354;33963;33964;33335;35829;33967;33968;33960;33972;33970;33956;33965;33974;33978;33977;33969;33975;33971;33981;33983;33979;33986;33966;33982;33976;33987;33973;33991;33992;33984;33997;33985;33996;33990;33994;33993;33989;33999;33995;34003;34006;34005;33988;34002;34000;34008;37325;33980;36314;37921;34004;33363;38146;34007;34009;36663;34001;65409;37344;37321;37195;37277;37980;37691;36246;36871;37158;65410;38097;36481;37653;37345;65408;37187;36921;37638;36469;37436;37971;37024;37329;33998;38105;37894;36387;38057;37615;37697;36727;37908;36845;65411;37228;36666;36501;37685;37020;38102;36647;36455;37339;36371;37919;37267;37536;37889;37832;36936;37338;37729;37132;37807;36372;37102;36602;33625;37314;33628;33630;37365;33632;33631;33624;33629;37181;33634;33635;33627;33626;33639;33638;33637;37445;33643;33647;33641;33649;33646;33645;33642;33636;33633;36713;33644;36540;33651;33653;33640;33657;33656;33962;33654;33652;33660;33663;33665;33648;33667;33658;33666;33659;33664;33661;33662;33672;33655;33674;33671;33676;33673;33670;33679;33683;33669;33685;33684;33677;33682;33668;34512;33678;34515;33675;34514;34511;34517;34521;33681;33680;34516;34518;34523;34525;34520;34527;34526;34531;34513;34524;34519;34533;34528;34535;34522;34530;34538;34532;34537;34529;33689;33688;34541;33693;34536;33695;33694;33697;33687;33699;33701;33698;34539;33696;33691;33690;34534;33705;33686;33700;33707;34540;33706;33711;33703;33692;33708;33704;33718;33715;33713;33710;33716;33720;33723;33721;33717;33719;33714;33722;33725;33729;33728;33731;33712;33732;33727;33733;34545;33726;33709;34547;34544;34549;34542;34546;34548;33734;34550;34552;33724;34554;34543;34559;34560;33730;34558;34556;34557;34565;34564;34553;34568;34555;34570;34562;34563;34572;34574;34576;34561;34575;34578;34567;65412;34569;34011;65413;34577;65414;34013;34566;34015;34010;34856;34573;34859;34014;34858;34017;34571;34857;33702;34579;34861;34863;34016;34551;34866;34864;34870;34865;34868;34012;34867;34862;34875;34872;34879;34869;34876;34878;34871;34882;34873;34884;34886;34874;34883;34877;34880;34887;34891;34885;34896;34888;34897;34894;34893;34889;34881;34890;34900;34895;34903;34905;34902;34909;34907;34901;34906;34904;34912;34892;34913;34898;34908;34919;34911;34916;34910;34914;34915;34921;34927;34926;34918;34924;34929;34930;34922;37396;34928;34925;36368;65415;37776;34923;65416;36630;37789;34932;37619;37214;34899;37248;37074;37307;37395;34917;37184;36282;37623;36317;36744;36803;36289;37352;36410;37793;34931;37349;37209;36646;37174;37787;36801;36408;37392;36718;37985;36738;37863;37494;37012;65417;37651;36982;37705;37972;37192;38082;37465;37233;36956;34920;36453;37941;37441;37464;36854;36849;37636;36487;37521;36532;36785;37784;36395;36219;36668;37684;37967;37232;36405;36834;36412;37930;38059;36269;37245;37976;37112;38209;38213;38212;36607;38210;38215;36942;38217;38211;36586;37035;37914;36809;34860;38216;38214;33650;33046;38220;37014;38221;38225;38226;38219;38224;38223;38230;38227;38231;38234;38236;37104;38238;38229;38233;38240;38222;38232;38228;38243;38237;38247;38235;38248;38244;38241;38251;38245;38253;38249;38255;38242;35482;38246;35483;38250;65418;38239;38252;35486;35488;35487;35490;38254;35492;35489;35491;35497;35493;65419;35498;65423;35484;38256;65422;65421;35495;35494;65425;65427;65424;35502;65420;35500;43406;43408;35499;65428;43407;35501;43405;34934;35496;35858;35860;35859;34935;35857;34933;35855;35485;65429;35863;35866;35856;65426;35861;37694;35864;36631;35865;35867;65430;37774;36828;37182;36536;36466;37384;37564;37642;37199;36792;36900;37943;37854;37897;36465;36902;36939;36836;37146;38121;37837;37041;37566;36818;37322;37394;37730;38119;36754;36705;37077;36439;36817;37903;37372;37009;36667;36726;37574;37216;37008;36283;36381;36488;37304;37120;38077;36800;37332;38029;36979;37678;36296;37611;37879;37597;37805;37620;37847;37160;37056;36525;36669;36691;34580;34582;36416;34581;37351;37360;36728;35862;37023;36230;34584;36940;34588;36359;34587;34586;34593;34585;34589;34595;34591;34590;38039;34592;34596;34600;34599;34597;34594;34605;34602;34601;34609;34603;34612;34608;34607;34606;34615;34618;34611;34616;34598;34620;34610;34623;34621;34613;34614;34604;34622;34617;34627;34631;34625;34629;34633;34635;34637;34626;34636;34639;34632;34619;34640;34645;34647;34641;34644;34638;34646;34630;34642;34634;34649;34651;34628;34657;34650;34655;34654;34652;34659;34663;34653;34662;34660;34661;34665;34667;34666;34668;34648;34656;34624;65433;34664;34658;34643;35112;35113;65432;65434;35117;35116;35115;65436;35118;65435;35114;35124;35121;35126;35122;35123;35119;35120;35131;35132;35127;35135;35128;35137;35130;35133;35125;35141;35140;35143;35145;35142;35136;35138;35129;35139;35148;35152;35146;35150;38258;38260;35134;38259;38257;38264;38266;35151;38265;38268;38269;35149;38267;38262;35144;38263;38272;38261;38277;38273;38278;38275;38282;38284;38274;38270;38283;38286;38276;36310;38271;38279;36502;65431;34583;37376;38281;38280;37156;37129;37845;37302;36593;38285;37224;35147;36223;36867;37986;37674;37659;37113;37660;37511;37754;36581;37760;37303;38045;37059;37770;36437;36529;36741;36829;37679;37622;36367;37668;36227;37524;36917;36932;36988;37720;37719;37054;36325;36888;65437;37408;36764;37168;36901;38139;38125;36881;36444;38120;37380;37067;37771;36270;38093;37084;37816;36424;37975;36783;37761;37116;36876;36580;36307;37022;36419;37280;37502;36328;36778;36274;36431;37247;37001;36252;36500;36885;38145;37468;37557;37578;38123;36771;37737;37265;37764;37082;37937;37500;36434;37745;37689;37708;38017;36695;37926;37357;38088;37006;36712;38040;37775;37583;37208;36642;37858;37266;38124;38109;38033;37193;37342;36345;35153;37709;37676;35155;35157;35156;35159;35158;35161;36612;35163;35165;35162;35164;38020;35167;36393;35169;38288;38290;35160;38289;35154;38295;38291;38287;35168;38294;38297;38296;38041;38302;38305;38298;38293;38303;38292;38309;38307;38310;38300;38308;38299;38314;38315;38306;38319;38304;38318;38316;38311;38313;38301;38312;38322;38324;38323;38321;38327;38329;35166;38328;38333;38326;37650;38317;38331;38332;38334;38325;38340;38337;38335;38339;38338;38344;38336;38330;38343;38350;38348;38351;38349;38342;38354;38345;38356;38353;38355;39624;38357;39623;39626;39625;38346;38341;38352;39629;38358;39631;39630;38361;38359;38360;38362;39627;37005;38365;38363;38369;39632;38371;38366;38368;38364;38347;38374;38376;38367;38378;38377;38375;38380;38381;38383;38370;38379;38386;38384;38388;38387;38391;38390;38372;38373;38389;39628;38395;38393;38392;38398;38397;38401;38403;38385;38399;38402;38405;38396;38407;38400;38382;38413;38410;38411;38406;38409;38416;38404;38408;38412;38417;38419;38424;38414;38420;38426;38418;38423;38427;38430;38429;38428;38435;38437;38422;38436;38434;38421;38425;38439;38431;38432;38440;38433;38443;38444;38442;65438;36680;38441;38415;35170;38445;44137;65439;35171;65440;65441;36627;38446;44141;44144;44140;34936;44146;44143;44149;44145;44151;44138;44148;44147;44152;44154;44142;44139;44150;44157;38438;38320;44153;37721;44155;44156;44161;44160;44162;44159;44166;44170;44169;44163;44165;44168;44172;44174;38394;44173;44167;44178;44171;44176;44179;44181;44177;44182;44186;44175;44190;44187;44184;44185;44183;44188;65442;44164;65445;35504;35503;65443;44191;65447;44180;44189;35506;65446;35511;35508;44192;35513;65444;35507;35510;35514;35519;35518;35512;35516;35515;35522;35520;35521;35527;35525;35524;35509;35531;35528;35533;35534;35535;35532;35526;35537;35539;35529;35538;35517;35544;35541;35543;35536;65449;35523;39811;39810;35545;39813;65448;35540;35546;35542;35870;35505;35873;35530;35871;35875;35869;35868;39814;35877;35876;35880;35878;35881;35884;35887;35882;35886;35879;35890;35889;35893;35891;35888;35872;35885;35895;35892;35896;35899;39009;35874;39010;35883;35900;39013;39014;39015;35897;39011;39018;39022;39019;39016;39017;39024;39023;39026;39027;39028;39025;39030;39021;35894;39034;39036;39020;39032;35898;39035;39031;39033;39043;39045;39041;39038;39037;39040;39029;39012;39812;39039;39048;39047;39051;39050;39044;39049;39052;39056;38101;39054;36824;36839;37796;36477;39042;37690;36970;37411;36609;37453;37786;39055;39053;36417;36961;36490;37861;36708;37170;38062;36994;36925;38127;37961;37291;36440;37993;37140;39059;36884;39061;39058;39060;39063;39065;39057;39066;36544;39062;36613;39069;39071;39073;39072;39077;39067;39079;39070;39078;39074;39076;39068;39084;39086;39064;39088;39083;39087;39075;39082;39091;39093;39095;39085;39097;39099;39096;39081;39080;39094;37230;39103;39101;39092;39098;39102;39090;39108;39107;39111;39113;39105;39104;39114;37417;39106;37491;39110;39116;39109;36595;36253;39089;39112;37301;37931;37343;37382;37434;37448;37476;37955;36247;38053;38016;39115;37531;37664;37083;37693;37757;36514;36886;37763;37917;36758;36974;37011;39118;37573;39120;39119;37079;39117;37856;37088;36898;37963;39126;39129;39125;39122;39132;39131;39130;39128;39123;39138;39124;39134;39136;39127;39141;39139;39135;39121;39133;39140;39137;39100;39142;39143;39146;39145;39046;39148;39151;39153;39149;39150;39147;39156;37748;39161;39154;39164;39162;39158;39159;39157;39155;39152;39168;39160;39169;39175;39174;39166;39173;39171;39167;39163;43410;43409;39170;39177;65450;43415;39176;43413;39172;43414;38449;38451;38453;38447;43411;38452;38448;38457;38454;39165;38460;38450;38459;38462;43412;38464;38456;38461;38463;38455;38465;38466;38469;38472;38468;38475;38478;38458;38477;38474;38481;38480;38471;38467;38484;38486;38473;38483;38482;38476;38485;39633;38489;38491;38479;38492;38488;38470;38497;38499;38487;38498;38495;38494;38493;38503;38504;38500;38502;38509;38510;38506;38507;38505;38501;38513;38515;38519;38508;38518;38511;38516;38521;38522;38496;38517;38527;38524;38531;38528;38523;38525;38526;38520;38512;38533;38530;38534;38514;38535;38536;38537;38529;38542;44431;38540;44433;44434;65451;38543;65452;38541;38539;38538;38545;44437;38547;44435;38549;38548;44432;38546;38544;38553;44438;38555;38561;38556;38560;38554;38559;38551;44436;38558;38490;38563;38550;38564;38552;38567;38571;38557;38570;38532;38566;38565;38573;38576;38569;38568;38579;38574;38580;38582;38578;38581;38577;38572;38575;38585;38586;38591;38594;38589;38592;38590;38588;38583;38598;38597;38602;38596;38600;38605;38601;38599;38584;38595;38593;38604;38609;38608;38607;38587;39635;38611;38603;38610;39636;39637;39642;39640;39634;39644;38612;39647;39643;39639;39638;39641;39649;38613;39646;39652;39651;39654;39653;39656;39650;39660;39645;39657;39662;38617;39659;38619;38615;38614;39658;39648;38606;38622;39655;38624;38625;38627;38618;38630;38628;38621;38626;38632;39661;38635;38637;38639;39663;38616;38634;38633;38623;39665;39667;38638;39669;39672;38631;39671;39668;38629;39677;39675;39679;39674;39666;38636;39676;39670;39681;39684;39682;39680;39686;39690;39664;39689;39678;39687;39692;39688;42481;39694;42480;39685;39695;39693;42483;39696;39673;42488;42486;42491;42487;42485;39691;42495;42490;42497;42489;42500;42493;42499;42496;42482;42498;42484;39683;38620;38562;39144;32277;38218;84265;42504;188879;42492;42503;42508;42502;42510;42494;42507;42506;42512;39698;39697;44158;42505;39699;42509;39702;39701;39700;42511;50707;39703;39708;50708;39707;39705;39714;39711;39718;39710;39717;39715;39706;39709;39720;39722;39721;39716;39713;39724;39723;39726;39730;39729;39712;39732;39719;39734;39728;39727;39731;39739;39733;39741;39704;39742;39738;39735;39743;39736;42515;42518;42517;39745;39740;42520;42513;42514;42522;42525;42527;42519;42516;42529;42526;39737;42523;42530;39744;42528;42532;42535;42537;39725;42539;42536;42524;42541;42534;42543;42547;42521;42548;42533;42544;42542;42540;42550;42538;42552;42545;42553;52073;42551;65454;39747;65453;42546;39181;39746;39182;39186;39187;39184;39183;39180;39179;39178;39190;39191;39188;39195;42549;39198;39193;39200;39185;39192;39202;39201;39197;39206;39196;39194;39205;39207;39210;39203;39204;39208;39213;39217;39199;39220;39218;39211;39215;39216;39224;39222;39223;39226;39225;39214;39212;39219;39221;39209;39228;39189;39230;42531;41650;41647;39227;39231;41652;41648;41653;41649;41658;41656;41659;41651;41654;41655;41661;41664;41668;41663;41667;41657;41665;39232;41670;41662;39233;41673;41671;41672;39235;41666;39237;41669;39239;41660;39241;41674;39242;39236;39245;39240;39247;39243;39238;39251;39246;39255;41675;39248;39250;39244;39257;39249;39261;39259;39260;41676;39258;41678;39252;41680;39254;41682;41677;39263;39265;39253;39262;41679;39267;39264;41681;39268;39256;39234;41684;39270;39266;39274;39271;39276;41683;39278;39277;39275;39279;39285;39281;39272;39283;39284;39287;41686;39289;39282;41685;39286;39288;41688;41693;39273;41694;41696;41689;41691;41698;39280;41690;41695;41701;41700;41707;41699;41706;41702;41697;41687;41705;41711;41710;41692;41715;41704;41714;41712;39291;39295;41703;41713;39297;39290;39293;41709;39301;39296;65455;39294;39299;39302;39292;42557;42561;42554;42563;42559;42562;42556;39298;39300;41708;42558;39269;42565;42555;42569;42567;42572;42560;42568;39748;42573;42566;39229;39753;39751;39755;42570;39758;39754;39749;39756;39757;39760;65457;65458;39752;39750;39815;42571;39818;39820;65456;39817;39822;39825;39816;39827;39823;39826;39759;65459;39821;39829;65460;39831;39830;39837;39835;39832;39819;39840;52074;39824;65461;39841;39836;52075;52076;39839;39843;39838;39833;43901;39842;39834;43903;47622;47625;43902;47623;65462;47624;47632;47628;47626;43899;47631;47629;47636;47637;50709;47633;47630;47627;39828;43900;47634;47642;47635;43417;47638;43421;47640;43420;43423;47641;43425;43418;47643;43424;43416;43429;43430;43427;43428;43422;43419;43426;47644;47648;43434;47647;47650;47645;43435;47646;43906;43432;43907;47649;43904;43910;43911;43905;47651;43913;43916;43912;43915;43919;43917;43908;43921;43431;43923;43909;43922;43920;43918;43433;43929;43932;43927;43925;43934;43926;43928;43937;43930;43938;43933;43924;43941;43945;43936;43944;43943;43940;43931;43948;43942;43939;43953;43946;43952;43935;43949;43914;47639;43947;43955;43956;43950;43957;43961;43958;43964;43962;43967;43960;43970;43968;43963;43972;43974;43959;43973;43966;43971;43965;43951;43978;43976;43983;43969;43982;43977;43981;43986;41717;43979;41716;41720;41718;43984;43975;41719;43980;41724;41726;41722;41721;41729;41730;41725;41728;41734;41732;41738;41731;41735;41741;41743;41736;41742;43985;41739;41733;41745;41746;41737;41751;41748;41740;41753;41727;41750;41757;41758;41747;41756;41752;41749;41723;41755;41762;41764;41759;41754;41744;41761;41765;41768;41767;41772;41773;41763;41776;41769;41770;41780;41783;41778;41782;41766;41777;41775;41779;41785;41790;41781;41789;41787;41771;41792;41793;41786;41791;41788;41797;41801;41802;41774;41803;41795;41800;41796;41799;41806;41798;43186;41804;43188;41784;43190;43437;43438;41794;43440;43442;43189;43439;43184;43445;43446;43185;43441;43436;43187;43450;43452;43443;43451;43455;43459;43458;43449;43454;43457;43447;43462;43461;43456;43464;43444;43468;43465;43463;43460;43467;43448;41805;41760;42564;43466;43453;65463;43473;43954;43477;43478;43472;43476;43474;43471;43475;43482;43486;43470;43479;43488;43484;43485;43480;41809;43481;41811;43487;41810;43483;41813;41815;41817;41819;41808;41818;41822;41814;41824;41812;41820;41823;41821;41816;41826;41828;43489;41831;41834;41825;41832;41835;41807;41838;41833;41829;41840;41830;41844;41845;41837;41843;41842;41848;41839;41850;41846;41841;41853;41849;41856;41852;41858;41862;41854;41861;41836;41859;41851;41847;41857;41827;41855;41860;41865;41864;41867;41866;41872;41876;41869;41879;41868;41877;41873;41875;41870;41882;41878;41874;41871;41887;41881;41889;43191;41886;41883;41891;43195;41885;43197;41890;43196;43193;41880;41888;43199;43194;41884;43201;43192;41892;43200;41893;43202;41894;41899;41896;41901;41895;41902;43204;41904;41906;41898;41903;41897;43203;41905;41909;41900;41907;41915;41917;41913;41918;41920;41919;41911;41912;41923;41922;41921;41908;41916;41910;43198;41924;41863;41929;41928;41927;41925;41933;41930;41936;41934;41914;43206;43207;41931;41935;43210;43209;43208;43205;43214;41937;43217;43216;43220;43212;43222;43223;43211;43218;43221;43225;43228;43219;41932;43226;43234;43230;43233;43227;43224;43232;43215;45630;43231;45632;45634;45628;45637;45631;45635;45633;45629;45641;45636;45642;45639;45640;43213;45647;45645;45638;43229;45649;45644;45646;43491;45643;43495;43493;43496;43494;45650;43492;43500;43490;43505;43507;43499;43502;43506;43503;43501;45648;43498;43235;43513;43511;43504;43509;43517;43514;43497;43512;43515;43521;43520;43519;43510;43525;43524;43522;43523;43518;43516;43531;43532;43535;43529;43537;43536;43538;43526;43533;43530;43539;43543;43534;43544;43548;43550;43542;43549;43545;43541;43540;43546;43528;43554;43547;43527;43237;43236;43553;43552;43555;43243;43238;43241;43244;43242;43249;43245;43246;43556;43240;43239;43251;43252;43256;43257;43253;43254;43247;43260;43255;43264;43265;43258;43263;43262;43261;43266;43250;43259;43268;41926;43270;43508;43275;43273;43248;43271;43269;43272;43278;43277;43274;45651;43276;43279;48765;48766;45652;43280;48770;48771;43551;45653;48775;48769;43282;43281;48772;48768;43286;48773;43284;48767;48764;48774;43288;43290;43294;43296;43285;43291;43295;43298;43289;43292;43283;43300;43299;43307;43302;43305;43301;43293;43297;43303;43310;43313;43304;43311;43309;45654;43312;45655;43315;43306;45656;44194;45658;44196;43314;44197;43558;44193;45657;43308;43559;43287;43557;44200;44202;44201;44205;44198;44208;44204;44195;44206;44213;44209;44203;44217;44211;44219;44212;44214;44215;43560;44210;43563;44218;43565;43568;43566;44216;43564;43562;43570;43561;43571;43567;43575;43569;44220;44207;43572;43578;43579;43573;43584;43581;44439;43580;43585;43582;43583;44444;43574;43576;44440;44221;44441;44443;44223;44227;44229;44445;44232;44442;44230;44228;44222;44225;44235;44231;44238;44240;44237;44236;44234;44233;43577;44224;44243;44239;44244;44199;44241;44226;44249;44250;44245;44246;44254;44255;44252;44258;44259;44248;44253;44247;44256;44262;44264;44251;44268;44270;44260;44269;44266;44265;44273;44257;44274;44263;44279;44278;44267;44272;44271;44275;44261;44284;44277;44285;44283;44290;44289;44287;44280;44286;44294;44293;44288;44298;44292;44299;44296;44297;44295;44282;44291;44276;44300;45143;45145;45149;45144;45146;45142;45153;45147;45152;45148;45155;45150;44301;45141;45151;44281;45156;45154;42580;42576;42582;42583;42581;42579;42577;42586;42584;42590;42592;42589;42587;42585;42591;42596;42598;42588;42600;42594;42597;42578;42602;42603;42595;42606;42574;42605;42604;42593;42610;42601;42607;42608;42614;42612;42613;42611;42599;42619;42622;42617;42625;42620;42627;42626;42618;42629;42621;42623;42631;42634;42624;42636;42637;42632;42633;42615;42630;42640;42616;42644;42645;42635;42648;42647;42642;42643;42638;42628;42641;42575;43469;42646;42609;44242;42650;45159;45157;42651;45162;43267;45166;45164;42639;45161;45168;45160;45171;45173;45158;45175;45165;45174;42653;45163;45169;45167;42654;42656;42660;45170;42659;42657;45172;42655;42663;42658;42668;42666;42672;42670;42664;42662;42667;42661;42669;42675;42676;42652;42674;42681;42665;42671;42679;42685;42683;42686;42689;42678;42677;42691;42687;42694;42693;42684;42682;42688;42692;42698;42696;42699;42680;42702;42704;42697;42701;42708;42700;42710;42709;42703;42690;42715;42711;42712;42706;42707;42695;42673;42717;42714;42713;46359;42719;46361;42718;42720;46360;46365;42705;46369;46364;46370;42722;46366;46368;46362;46363;42721;46367;42723;42725;42728;42729;42727;42726;42734;42732;42738;42730;42739;42736;42724;42735;42731;42742;42740;42745;42743;42737;42751;42749;42747;42753;42746;42756;42733;42754;42744;42758;42750;42761;42759;42763;42748;42755;42765;42767;42770;42771;42757;42769;42764;42766;42768;42776;42778;42760;42781;42779;42775;42777;42772;42741;42752;42716;42774;42783;42773;42780;44446;44447;52077;65465;44451;65464;44453;44455;44457;65466;42762;44459;44452;44454;44449;44448;44461;44464;44458;44467;44463;44469;44450;44470;44456;44465;44472;44474;44462;44479;44477;44473;44475;44471;44468;44466;44481;44482;44476;44485;44478;44487;44483;44484;44460;44486;44492;44497;44490;44493;44499;44494;44488;44491;44501;44489;44495;44503;44508;44507;44502;44510;44498;44506;44496;44505;44512;44514;44519;44518;44511;44515;44504;44509;44516;44480;44517;44523;44500;44524;44527;44521;44528;44529;44531;44513;44532;44522;44535;44534;44533;44526;44530;44525;44537;44536;44539;44541;44542;45178;45179;45176;45182;45183;44544;45184;44540;44543;45177;44538;45180;45187;45188;45185;45191;45181;45190;45195;45198;45196;45197;45193;45203;45192;45202;45201;45199;45206;45194;45209;45200;45189;45208;45205;45214;45213;45210;45215;45218;45219;45207;45212;45204;45216;45220;44520;45222;45211;45186;45224;45227;45223;45230;45229;45228;42782;45217;45232;45235;45234;45237;45239;45236;45226;45231;45241;45245;45225;45247;45246;45242;45244;45249;45243;45233;45250;45238;45252;45251;45255;45253;45254;45258;45260;45257;46372;45248;46375;46374;46373;46378;45259;46380;46379;45240;45261;45262;46381;46371;45264;46377;46382;45267;45269;46376;45271;45268;46384;45273;45265;45275;45278;46383;45280;45266;45279;45272;45270;45263;45256;45282;45286;45283;45284;45277;45288;45274;45291;45287;45294;45290;45292;45296;45301;45300;45285;45299;45289;45295;45298;45276;45303;45308;45293;45304;45311;45307;45297;45313;45306;45315;45319;45318;45310;45316;45309;45305;45317;45323;45312;45325;45327;45314;45321;45330;45326;45322;45302;45333;45329;45336;45328;46386;45332;46388;45335;46385;45324;45331;45334;46389;46395;46391;46397;46387;46401;46394;46400;46398;46399;46403;46393;46406;47653;46405;46392;47655;46396;46402;46404;46390;45320;47654;47658;46407;47652;47660;47665;47657;47663;47659;45281;47667;47662;47669;47664;47661;53917;53920;53919;47672;47666;47671;53918;47668;53924;49311;53923;49314;49312;53921;49310;53925;49316;52080;52082;49309;49313;52083;52079;52084;52081;47670;52086;49318;52085;49317;49315;49320;49322;52078;49321;49324;49323;49327;53922;52088;49332;49319;49331;49334;49328;49330;49335;49336;49333;49326;49339;49340;49338;49325;49344;49343;49347;49346;49349;49342;43988;49341;49329;43990;43992;43987;43991;49345;49348;43993;52087;43996;43994;43998;43989;43997;44001;43999;49350;44003;44005;44000;44009;49337;44011;44002;44006;44010;44013;44015;44017;44008;44016;44007;44022;44024;44004;44023;44020;44019;44547;44018;44549;44548;44021;44546;44551;44554;44012;44553;44545;44550;44014;44555;44557;44552;44560;44558;44565;44566;44564;44559;44569;44563;44561;44571;44572;44025;44562;44575;44567;44573;44579;44574;44577;44568;44576;44583;44582;46018;46409;44570;44578;46413;44580;46408;46410;46415;46417;46420;46411;44584;46422;46416;46418;46414;44556;46423;43995;47656;46412;45221;46425;46419;46427;46421;46428;46430;46431;44581;46432;46433;46429;46435;43318;43316;46434;43320;43322;42785;44302;43323;46426;42784;43324;45662;43319;45661;43317;43321;45665;45670;45669;45667;45666;45672;45663;45674;45678;45671;45660;45673;45675;45668;45677;45676;45680;45682;45685;45664;45683;45688;45659;45686;45689;45681;45695;45690;45692;45691;45687;45693;45698;45701;45697;45704;45700;45684;45706;45702;45709;45699;45707;45703;45713;45694;45710;45708;45696;45705;45712;45714;45717;45719;45720;45711;45715;45679;45727;45721;45722;45725;45729;45723;45731;45718;45730;45733;45728;45735;45738;45740;45734;45739;45732;45742;45746;45724;45745;45741;45726;45737;43588;43589;45744;45743;45751;45752;43587;45747;45749;45748;45750;45755;45736;45759;43586;45758;45761;45756;45765;45760;45753;45763;45768;45771;45762;45769;45757;45774;45777;45767;45772;45775;45764;45766;45770;45776;45773;45780;45781;45787;45783;45784;45782;45789;45790;45785;45779;45795;45797;45792;45793;45796;45794;45786;45778;45754;45791;45716;45798;45805;45800;45788;45806;45803;45810;45804;45813;45802;45807;45801;45809;45814;45808;45819;45822;45812;45820;45817;45816;45811;45824;45821;45828;45831;45826;45818;45829;45815;45825;45835;45834;45827;45833;45841;45838;45837;45832;45823;45830;45843;45839;45847;45840;45851;45836;45846;45845;45844;45853;45857;45849;45856;45848;45859;45855;45861;45854;45850;45865;45862;45868;45866;45870;45860;45864;45872;45871;45867;45876;45869;45874;45852;45879;45883;45882;45858;45885;45873;45884;45877;45880;45875;45881;45842;45889;45891;45890;45887;45863;45894;45892;45898;45893;45878;45896;45900;45902;45895;45905;45897;45901;45906;45908;45904;45888;45899;45909;45912;45910;45916;45907;45903;45917;45913;45921;46888;45914;46887;45915;45922;45919;46886;46894;46889;46890;45920;46892;45911;46896;46899;46891;46901;46903;46900;46898;46893;46905;46902;43326;45918;53926;46022;46021;46897;43590;46904;65467;46024;46019;46026;46027;46025;46031;46035;46029;46034;46033;46028;46030;46037;46040;46020;46039;46032;46043;46042;46038;46036;43325;46023;46895;46041;45886;46045;46047;46051;46053;46055;46044;46049;46057;46052;46048;46059;46061;46060;46050;46064;46054;46066;46063;46065;46056;46058;45799;46070;46071;46069;46062;46075;46068;46080;46078;46072;46077;46074;46076;46073;46079;46082;46087;46083;46081;46086;46067;46091;46084;46094;46088;46093;46096;46085;46100;46095;46089;46102;46097;46104;46106;46099;46092;46098;46109;46437;46105;46438;46101;46107;46441;46103;46444;46446;46108;46448;46443;46450;46442;46449;46445;46452;46436;46453;46459;46458;46447;46455;46462;46454;46456;46460;46457;46451;46440;46461;46466;46439;46467;46090;46471;46465;46473;46472;46469;46470;46477;46478;46474;46481;46484;46482;46463;46480;46479;46475;46486;46489;46491;46476;46493;46483;46492;46490;46496;46497;46487;46500;46502;46488;46504;46498;46505;46495;46494;46503;46485;46501;46509;46499;46513;46514;46512;46507;46510;46517;46511;46468;46519;46525;46524;46518;46523;46520;46522;46515;46527;46521;46528;46531;46534;46529;46533;46516;46530;46508;46539;46537;46532;46540;46538;46535;46545;46536;46543;46526;46506;46464;46544;46548;46552;46546;46551;46541;46554;46555;46549;46553;46556;46560;46550;46557;46563;46542;46562;46561;46558;46559;46569;46568;46564;46567;46575;46571;46577;46570;46579;46580;46574;46578;46583;46586;46584;46565;46582;46576;46581;46588;46566;46591;46573;46594;46572;46597;46596;46592;46589;46593;46599;46595;46603;46590;46601;46600;46606;46598;46607;46604;46585;46611;46605;53928;53929;46602;46609;53927;46612;46610;53932;53934;53938;53936;53930;53931;53935;46608;46587;53937;53941;53947;53946;53943;53944;53939;53950;53949;53942;53952;53957;53951;53956;53945;53953;53955;53961;53954;53933;53963;53968;53967;53962;53966;53964;53960;53959;53972;53971;53970;52091;52092;53965;52090;53969;53973;53958;52095;52093;52099;52101;52103;53948;52102;52098;52089;52096;46614;46618;52100;52097;46620;46617;46616;52104;46623;46625;46627;46613;46619;46629;46631;46615;46633;46621;46632;54303;46628;54305;54306;46624;54304;46635;54302;46630;46634;52094;53940;54307;46046;46424;42649;54309;54311;54310;46547;46626;54315;54314;54313;46622;54319;54323;54317;53974;54321;53976;54312;53975;54320;54318;53978;54322;53982;53983;54324;53985;53986;53979;53981;53988;53992;53991;53984;53980;53995;53996;53989;53987;53993;53994;53997;54001;54000;54316;54003;54002;53977;54007;53990;52107;54005;52109;52113;53999;52112;52110;52106;54006;52105;46638;46639;52111;52108;46642;46643;54004;46640;46645;54325;46644;54328;54331;46647;54327;46637;54326;46641;54330;46636;54329;54333;54338;54336;54340;54339;54335;46646;53998;54345;54334;54347;54342;54008;54344;54343;54341;54337;54349;54010;54346;54015;54348;54016;54011;54013;54019;54021;54014;54025;54020;54022;54023;54009;54024;54027;54018;54029;54032;54017;54030;54012;54035;54037;54031;54040;54041;54036;54028;54044;54034;54042;54033;54043;54047;54039;54046;54049;54053;54050;54051;54057;52115;54038;54054;52118;54052;46111;46110;52116;52117;52114;54055;54056;54026;54048;46112;46116;54332;46120;46114;46119;54045;46122;46124;46118;46117;46127;46129;46123;46126;46121;46115;46125;46132;46137;46139;46135;46138;46134;46136;46128;46141;46147;46146;46143;46149;46142;46148;46144;46133;46140;46145;46151;46131;46156;46157;46154;46153;46130;46160;46152;46164;46167;46155;46162;46166;46163;46165;46906;46910;46158;46909;46159;46912;46911;46161;46916;46908;46918;46914;46913;46907;46919;46922;46923;46168;46917;46150;46925;46926;46931;46930;46921;46928;46933;46920;46934;46927;46937;46941;46929;46940;46936;46915;46932;46943;46935;45924;45925;45923;46939;45928;54350;45930;45926;45934;54351;45937;45935;45929;45931;45927;45932;46942;45941;45939;46938;45943;45936;45947;45933;45940;45949;45945;45953;45950;45944;45955;45957;45951;46945;46944;45954;45946;45952;45956;45959;45948;46947;46951;46948;46949;45942;46954;46953;45958;45961;46956;45962;46950;45965;46955;45966;45967;45971;45970;45964;45968;46952;45963;46924;45969;46113;45973;45974;45978;45976;45938;45980;45975;45983;45979;46946;45985;45977;45987;45960;45989;45993;45981;45991;45990;45988;45995;45986;45997;45998;46002;45999;46957;45984;46004;46000;45996;45992;46959;46963;46962;46001;46965;46966;45982;46969;46964;46003;45994;46961;46971;46960;46973;46972;46968;46975;46976;46967;46974;46958;46981;46979;46985;46986;46978;46984;46977;46980;46983;54353;50710;46989;46982;50712;46987;50716;54352;50715;65468;50714;50720;50711;50721;50718;50724;50725;50713;50723;50719;50717;46988;50722;46970;50726;50727;50734;50732;50738;50735;50731;50733;50730;50740;50729;50743;50737;50742;50748;50749;50736;50747;50744;50746;50739;50752;50755;50750;50757;50758;50745;50756;50754;50761;50762;50753;46652;50741;46654;46650;46649;46648;46653;50751;46656;46651;46660;50759;46662;54354;46657;46661;46659;54357;46658;54360;54364;54355;54363;54366;50760;54365;54358;54356;54359;54361;54370;54367;54373;54372;54369;54058;54060;54375;54059;54374;54063;54062;54371;54376;54362;54368;46655;54061;50728;54065;54067;54069;54073;54071;54068;54076;54070;54078;54077;54074;54064;54082;54072;54085;54075;54084;54079;54087;54080;54089;54092;54088;54090;54083;54095;54081;54091;54093;54097;54096;54098;54094;54099;54101;54105;54100;52120;54102;52123;54104;52122;54106;52126;52127;52119;52130;52132;54086;52131;52128;52129;52124;48780;52121;48782;48785;48779;48781;48784;48776;52125;48789;48787;48793;48792;48778;48786;48790;48788;48791;54103;48796;48798;48783;48800;48802;48799;54109;48794;48803;48777;48797;54111;54113;54117;54108;54116;54107;54119;54110;54112;54121;54123;54126;54118;54125;54128;54114;54124;54127;54115;48801;54134;54130;54132;54138;54139;54133;54137;54129;54135;54136;54122;54144;54143;54131;54147;54120;54149;54145;54148;54140;54146;54142;54154;48804;48806;48809;54150;48805;54153;54152;48813;48810;46992;46990;46994;54151;46996;46995;48812;46993;54378;54379;48807;54381;48808;54385;54377;46991;54141;48811;54383;48795;45972;54387;54389;54391;54384;54380;54394;54066;54390;54382;50763;54157;54393;50764;54396;54388;54399;54158;54397;54156;54392;54398;54402;54403;54401;54395;48438;48442;48441;54404;48440;54155;48447;48445;54405;48437;48444;48439;48446;48453;48451;48443;48452;54400;48449;48457;48456;48448;48455;48461;48462;48459;48460;48450;48466;48464;48467;48471;48472;48458;48470;48469;48465;48475;48468;48477;48473;48481;48482;48476;48485;48484;48479;48478;48488;48489;48483;48492;48487;48496;48463;48495;48490;48486;48491;48480;48493;48498;48494;48454;48501;48474;48504;48507;48505;48502;48503;48510;48506;48500;46997;47002;54406;47001;46998;46999;47004;47005;48508;47006;47000;48509;47009;47010;47014;48499;47007;54407;54411;54410;47008;54408;47013;47015;47003;47012;54413;54419;54418;54415;54416;54409;54421;54414;54423;48514;48513;54422;54425;48512;54417;48516;48511;47011;48518;48521;48519;48517;48520;48526;48522;48528;54424;48529;48524;48527;48515;54420;54412;48497;48532;48534;48537;48533;48530;48538;48540;48523;48535;48544;48539;48547;48545;48541;48549;48551;48536;48550;48548;48525;48542;48546;48556;48553;48559;48552;48557;48543;48563;48564;48562;48560;54426;48555;48558;54428;54429;48565;54434;54431;54436;48561;54435;48554;54433;54427;54432;54440;54439;54438;54444;54430;54446;54447;54443;54450;54441;54445;54452;54448;54455;54453;54459;54442;54451;54458;54456;54454;54449;54463;54457;54465;54466;54461;54470;54472;54460;54471;54468;54464;48567;54467;48569;48573;54469;48571;48568;48575;54473;48566;54437;54462;48570;48574;48581;48584;48583;48572;48580;48587;48586;48576;48578;48589;48582;48594;48596;48579;48595;48592;48591;48588;48585;48598;48601;48600;48604;48605;48590;48602;48608;48610;48593;48611;48599;48613;48607;48617;48618;48606;48603;48616;48614;48597;48615;50765;50767;50770;50771;50773;48612;50776;50772;48609;54160;50769;54163;50768;54166;50774;54169;50775;54168;54162;54159;54161;48620;48623;54164;48621;54167;48622;54476;54477;54475;54165;54474;54482;54478;54487;54481;54489;54479;54488;54484;54480;48619;54486;48531;54485;54483;54491;48577;54497;54494;54495;50766;54499;54492;54496;54503;54501;54500;54505;54493;54509;54511;54498;54513;54510;54504;54516;54508;54515;54502;54507;54521;54519;54522;54518;54523;54525;54520;54526;54527;54517;54512;54529;54531;54530;54528;54514;54535;54540;54539;54533;54538;54537;54542;54532;54544;54546;54543;54536;54534;48815;54506;48819;48820;48818;48817;48823;48816;48825;48821;48830;48828;54541;48826;48814;48822;54545;48824;54524;48827;48835;48833;48839;48842;48829;48841;48840;48836;48832;48845;48849;48848;48838;48846;48851;48844;48853;48852;48837;48850;48857;48847;48859;48858;48862;48854;48864;48843;48861;48863;48860;48867;48865;48871;48874;48855;48872;48870;48869;48866;48834;48878;48877;48881;48873;48882;48856;48876;48886;48888;48879;48887;48890;48891;48868;48885;50089;48883;48889;48880;48884;48892;50093;50096;48893;50091;50098;50100;50092;50102;50103;50097;50101;48625;48894;50094;48627;48624;50104;50099;50095;50090;48875;48629;48831;48628;48633;48637;48631;48639;48641;48634;48638;48632;48636;48643;48644;48648;48626;48640;48651;48646;48647;48642;48655;48650;48635;48657;48659;48661;48653;48656;48663;48658;48654;50106;50108;50110;48649;48660;50113;50109;48645;50105;48652;48662;50107;50115;50118;50117;50121;50122;50112;50125;50124;50119;50120;50127;50123;50131;50129;50133;50135;50116;50134;50128;50132;50126;50139;50143;50111;50142;50136;50140;50145;50147;50130;50149;50141;48664;50138;50146;50144;50150;48665;50114;48668;48667;48670;48673;48666;48671;50148;48676;48672;48679;48675;48674;48682;50137;48684;48683;48680;48677;48686;48678;48688;48689;48687;48685;48690;48681;48698;48695;48692;48694;48701;48693;48696;48706;48697;48703;48700;48699;48710;48702;48704;48705;48712;48708;48714;48691;50153;48713;50152;48709;48711;50155;50151;50160;50162;50156;50154;50161;50166;50157;50168;50163;50170;50167;50164;50172;50171;50174;50173;50177;50176;50178;50169;50175;50158;48669;50165;48630;50179;54386;50181;50184;48707;50182;50183;50159;54490;50187;50193;50185;50189;50192;50186;50196;48716;50188;48715;50190;48720;50191;48719;48722;48718;50194;48724;50195;48721;48726;48728;48731;48735;48727;48732;48729;48730;48717;48737;48734;48739;50199;48733;48738;48723;50202;50197;50201;50198;50204;50208;48725;48740;50206;50205;50211;50209;50200;50214;50203;50217;50219;50207;50215;50216;50213;50222;50212;50225;50218;52135;50223;52133;50220;50224;50210;48736;52140;52138;50221;52141;52142;52139;52145;52144;52148;52147;52136;52143;54173;54172;54171;52146;54170;54175;54174;54176;52149;54181;54177;54182;54178;54185;52134;54187;54179;54186;50226;50227;50228;50229;54184;54183;50234;50232;54188;54180;50235;50233;50240;50242;50237;50243;50244;50239;50230;50246;50250;50238;50241;50252;50245;50248;50254;50231;50256;50251;50260;50249;50257;50247;50262;50255;50258;50266;50268;50264;50263;50271;50261;50259;50253;50265;50236;52137;50269;51202;50270;51206;51208;51204;51205;51203;51212;51207;51214;50267;51213;51209;51218;51219;51217;51221;51215;51223;51216;54191;51210;54189;51224;54190;54196;51222;54198;54199;54193;54194;54202;54195;54192;51220;51211;54200;54204;54206;54205;54197;54212;54214;54201;54208;54213;54207;54210;54218;54209;54221;54216;54223;54215;54217;54225;54211;54227;54222;54232;54230;54219;54228;54220;54234;54236;54226;54235;54229;54239;54224;54238;54203;54240;54243;54244;54237;54231;54247;54242;54250;54245;54233;54246;54254;54249;54256;51225;54251;54253;51227;51228;54257;54258;54252;54248;51231;54255;51234;51238;51240;51233;51239;51237;51226;51235;51232;51242;51243;51229;51244;52770;51245;51247;51241;52772;52776;51246;52775;52771;54259;52777;51236;52779;51230;52781;49351;52784;54260;52782;52774;52778;49353;52780;49355;54261;49358;49354;49357;49362;49363;49359;52783;49366;49365;49361;49360;49356;49352;52773;49364;54241;49368;49370;49373;49372;49371;49377;51201;49378;49375;49380;49374;49376;49383;49381;49388;49367;49385;49386;49390;49387;49382;49379;49384;49394;49395;49398;49402;49391;49401;49400;49392;49396;49404;49409;49408;49399;49406;49411;49405;49397;49413;49389;49403;49414;49393;49417;49420;49410;49418;49412;49422;49407;49423;49419;49427;49428;49424;49416;49431;49432;49426;49430;49436;49421;49425;49429;49434;49433;49438;49437;49445;49441;49439;49442;49449;49450;49444;49453;49440;49443;49456;49452;49448;49455;49415;49447;49459;49458;49454;49460;49451;49446;49465;49468;49463;49466;49435;49464;49462;49470;49461;49472;49467;49476;49475;49474;49469;49480;49481;49471;49477;49486;49473;49478;49489;49492;49484;49491;49490;49487;49485;49483;49482;49497;49494;49488;49500;49495;49503;49496;49493;49501;49479;49499;49507;49506;49502;49505;49510;49509;49511;49515;49498;49518;49520;49513;49522;49514;49521;49525;49512;49527;49508;49517;49526;49519;49529;49523;49530;49524;49533;49516;49538;49536;49531;49532;49535;49540;65469;49543;49534;49544;49547;49541;49550;49537;49551;49546;49545;49539;49552;49542;49548;49457;49528;49504;49554;49558;49557;49560;49561;49559;49555;49564;49562;49568;49569;49566;49567;49565;49556;49572;49575;49563;49578;49549;49574;49580;49570;49579;49573;49584;49586;49588;49589;49582;49587;49583;49593;49595;49581;49596;49594;49577;49590;49585;49598;49599;49571;49602;49601;49592;49576;49604;49603;49591;49600;49609;49607;49605;49614;49616;49606;49615;49612;49610;49608;49619;49617;49624;49626;49621;49625;49613;49622;49628;52166;52170;49611;52167;52169;49620;49618;52168;49627;52171;52174;49623;52172;50778;49597;65470;52175;52786;52177;52178;50777;52789;52788;52792;52794;52785;65472;50779;52793;52791;52787;52176;52180;52790;65471;52184;52182;52183;52188;52191;52189;52185;52193;50780;52194;52186;52192;52190;52187;49629;50991;50992;50993;50994;52179;50998;50999;52195;50996;50997;51002;51003;50995;52181;51007;51010;51006;51001;51004;51012;51009;51014;51016;51008;51019;51015;51005;51013;51022;51023;51017;51026;51018;51028;51029;51021;51025;51000;51020;51011;50990;52173;49553;49369;51032;51034;51030;51038;51024;51040;51035;51039;51043;51538;51036;51037;51027;51540;51539;51041;51033;51042;51545;51546;51541;51549;51550;51544;51542;51548;51553;53003;51554;53005;51044;51555;53007;53002;53006;51551;51543;53009;51547;52197;53004;52200;51552;52201;52203;52206;52204;52199;52205;52202;52209;52212;52207;52214;53008;52211;52213;52198;52219;52216;52221;52220;52215;52208;52223;52222;50272;50273;52210;49630;50276;50277;49631;50275;52218;49632;52196;52217;50281;50279;51248;50278;50283;51249;50284;51253;51254;50282;51256;51258;50285;51255;50274;51251;51250;51257;51261;51263;51267;51262;51268;51265;51270;51264;51269;51266;51272;51276;51271;51277;51275;51274;51282;51278;51283;51281;51273;51252;51259;51260;51286;51289;51287;51280;51284;51292;53011;51291;53013;51288;53014;51279;53016;51293;53020;53019;51290;53022;53017;53010;53018;53026;53015;53029;53027;53021;53032;53031;53012;53034;53023;53035;53033;53030;53038;53041;53039;53037;53025;53044;53045;53042;53043;53036;51285;53028;50280;53040;54548;53024;65473;53046;54550;54549;50289;50288;50287;53047;51296;51294;51303;51298;50286;51297;51295;51305;51307;51299;51310;51309;51312;51308;51314;51302;51316;51315;51306;51320;51317;51300;51304;51313;51318;51324;51319;51327;51329;51322;51311;51328;51326;51332;51331;51333;51325;52796;51301;52797;51334;51335;51323;52152;52153;52150;51330;65474;52799;52156;52155;52798;52804;52806;52800;52805;52809;52811;52154;52810;52803;52807;52801;51321;52151;52814;52808;52815;54551;52795;54552;52817;50782;54553;50783;52802;50786;52816;50788;52813;50789;50784;50785;50787;54559;50781;54561;50290;54562;54554;54560;54555;50292;54263;54262;54563;54566;54265;54557;54264;54565;65475;50291;54267;54564;54558;54556;51049;51046;51053;51055;51048;51054;51051;54266;51047;51050;53048;54568;53049;51052;53055;53057;53052;53053;53056;53054;54567;53062;53050;53064;53066;53060;53058;53068;53067;53063;53065;53072;53051;53075;53074;53069;53078;53080;53079;53081;53073;53077;53061;53059;51045;53071;53070;54547;53076;53084;53082;53086;53089;53090;53088;53087;52812;53096;53092;53099;53091;53101;53100;53093;53094;53085;53104;53105;53095;53108;53103;53109;53097;53112;53106;53115;53098;53117;53119;53107;53110;53114;53121;53122;53120;53118;53113;53102;53127;53129;53111;53128;53124;53126;53116;53131;53132;53133;53130;53123;53135;53138;53140;54268;53136;53139;53134;53137;54272;54569;52818;54271;54570;52819;54651;52820;54650;54657;54659;54652;54658;54654;54661;54664;54653;54663;54270;53125;54656;54660;54667;54269;54668;54671;54673;54672;54662;54666;54655;54679;54677;54682;54669;54681;54684;54675;54670;54685;54678;54674;54676;52224;54683;52225;54689;54680;54688;52231;52228;52233;54686;52235;52234;52226;52230;52237;52227;52239;52236;52232;52238;52229;52241;52243;54687;52248;52250;52247;52240;52246;52256;52254;52251;52245;52259;52253;52260;52255;52252;52244;52263;52264;52268;52265;52261;52270;52269;52258;52267;52274;52266;52275;52278;52271;52280;52273;52257;52272;52262;52242;52276;52283;52279;54665;52286;52285;52290;52284;52292;52294;52282;52296;52287;52295;52289;52293;52288;52299;52277;52304;52301;52291;52298;55290;55292;55296;52303;55295;55293;52300;52297;55291;52302;55299;55304;55303;55298;55300;55306;55294;52308;52310;52305;52312;52309;55302;55305;52314;52306;52316;52307;52320;52317;52315;52322;52323;52318;55301;52325;52327;52331;52319;52329;52330;52324;52313;55297;52328;52311;52334;52326;52337;52336;52333;52339;52335;52343;52341;52345;52347;52338;52344;52342;52340;52351;52352;52321;52356;52358;52357;52350;52354;52353;52360;52361;52348;52365;52367;52364;52355;52359;52349;52362;52363;52370;52346;52374;52366;52376;52372;52378;52822;52821;52375;52380;52824;52369;52827;52823;52377;52379;52829;52831;52826;52833;52836;52834;52832;52371;52825;52838;52840;52382;52830;52381;52843;52841;52837;52828;52332;52373;53083;52281;52842;54308;51031;52384;52386;52389;52368;50180;52391;52387;52835;52393;52385;52395;52839;52394;52398;52399;52397;52388;52392;52401;52400;52406;52407;52390;52405;52396;52410;52404;52414;52409;52408;52412;52416;52417;52411;52421;52425;52403;52418;52424;52413;52423;52415;52428;52420;52402;52430;52433;52431;52434;52422;52436;52419;52432;52439;52440;52427;52437;52444;52445;52442;52441;52438;52443;52448;52446;52452;52451;52435;55307;55309;52449;55310;52453;52450;55315;55316;52429;55314;55313;55311;55308;55322;55319;52447;55317;52426;55324;55326;55321;55328;55330;55318;55333;55331;55320;55329;55327;55335;55337;55325;55336;55341;55312;55339;55344;55338;55346;55345;55348;55332;55350;55349;55340;55347;55354;55356;55352;55358;55351;55357;55343;55362;55361;55359;55355;55353;55360;55342;55366;55368;55334;55371;55373;55375;55367;55363;55377;55370;55376;55372;55364;55369;54691;55374;55174;54692;55175;55177;55176;72839;54690;55378;54274;52847;52850;54693;52845;52852;52855;52848;52853;52857;54273;52851;52861;52858;52863;52849;52859;55178;52860;52864;52862;52844;55180;52854;55182;55183;52846;52856;55323;55188;55190;55189;55365;55184;55192;55196;55187;55193;55195;55179;55185;55186;55194;55202;55191;55200;55204;55201;55208;55205;55210;55206;55212;55198;55199;55211;55215;55216;55209;55197;55219;55218;55217;55214;55203;55221;55223;55213;55227;55207;55231;55229;55225;55224;55236;55220;55235;55234;55226;55240;55237;55232;55238;55233;55242;55239;55243;55228;55247;55250;55230;55246;54275;55248;52868;55245;52865;55249;55251;55244;52870;52872;52866;52871;52875;55241;52878;52874;52867;52880;52873;52882;55222;52884;52888;52881;52886;52877;52879;52885;52890;52883;52893;52887;52894;52892;52899;52895;52897;52891;52903;52902;52896;52907;52876;52898;52905;52910;52909;52906;52912;52904;52913;52889;52901;52918;52914;52915;52900;52920;52924;52923;52916;52926;52917;52927;52922;52930;52921;52919;52932;52934;52936;52933;52925;52938;52940;52928;52941;54694;54696;52929;54697;52935;52911;52931;52937;52908;52942;52869;54698;54701;54695;54702;54706;55181;54700;54710;54707;54704;54703;54705;54713;54714;54708;53142;54712;53143;54711;54709;53146;53148;53150;54715;53144;53152;53154;53156;52939;53151;53155;53158;53161;53159;53141;53149;53157;53153;53164;53145;53162;53170;53165;53160;53167;53166;53171;53172;53168;53174;53147;53169;53180;53175;53177;53173;53183;53184;53176;53179;53189;53178;53190;53181;53186;53185;54719;54720;54716;54724;53187;54726;54722;54721;53182;54725;53163;54728;54730;54718;54729;53188;54733;54735;54717;54738;54740;54739;54731;54734;54742;54745;54741;54736;54723;54737;54743;54749;54744;53192;54747;54750;54748;55252;55253;53197;54752;53191;53196;54755;53194;54751;53195;54746;54754;54758;54753;54732;54761;53193;54757;54762;54759;54763;54767;54764;54765;54771;54760;54770;54774;54775;54773;54766;54768;54776;54278;54279;54779;54769;54277;54777;54781;54780;54281;54778;54785;54783;54786;54782;54772;54280;54793;54795;54789;54788;54794;54276;54791;54787;54756;54790;54784;54792;54797;54798;54803;54727;54806;54802;54799;54800;54808;65476;54805;54804;54282;54801;54810;65477;54807;55256;55257;54571;54809;55260;55258;55265;55263;55262;59073;55267;55261;55269;55264;55273;55255;55268;65478;55270;55271;55254;55272;54284;65479;65481;65480;54812;54814;55259;54813;55266;54811;54817;54821;65483;54823;54818;54822;65482;54816;54820;54819;55278;55274;55380;54815;55382;55277;55275;55381;55379;55279;65485;55384;65488;55383;65490;54285;65486;72840;65489;65491;65484;65495;55276;54283;65493;65487;65499;65492;65497;72842;65494;59074;65502;65496;65505;65504;65503;65501;65508;72843;65506;65510;65498;72844;65512;59075;65509;65511;72845;65500;65513;65517;65514;65521;65518;72847;65516;65519;65523;65520;65525;72846;65526;65515;65522;65528;65527;71162;65524;65918;65529;71161;65507;65711;66276;65708;66278;65710;71163;71160;66275;71165;65707;66279;65919;65712;69308;69350;69285;69352;69351;69309;66277;69310;69349;66280;71164;69286;72848;72841;54796;74271;69353;69311;65709;74273;54699;77378;77380;72609;74275;74274;77412;74272;87184;79062;74276;77382;77381;87185;77414;77413;77417;77383;80967;77416;86194;77415;91233;69287;88994;83879;91236;80968;91234;83878;88993;77379;91235;102122;79063;102124;91238;86126;102123;102822;102126;102125;104123;69863;103189;102120;83135;102127;126924;76870;76871;91103;102121;85447;103190;77333;94970;89053;81491;87374;79626;14611;97051;102321;81022;84087;91237;77532;83874;89672;103191;102128;102130;102323;102322;99184;99183;102131;73557;136325;92357;136323;73558;73308;102129;95477;86656;85930;73559;136324;81406;90942;77603;88085;84880;76168;88591;95255;78772;90448;107230;111353;73560;107232;92323;88590;107231;73561;107229;89829;73563;152700;73564;125708;82900;74512;73472;125707;79660;94674;73735;111970;73562;111969;73566;111971;110777;74468;40363;73565;32082;33102;164710;25038;164729;164727;164728;165632;164737;164764;164736;164732;111354;111972;164713;164709;164760;164724;164711;164751;164765;164726;164718;92356;164739;164773;164714;164782;164706;164745;164725;164730;164776;164785;164733;164747;164731;164734;164712;164738;164735;164767;164754;164746;164697;164700;164741;164698;164759;164716;164723;164755;164749;164777;164761;164719;164784;164783;164762;164780;164748;164768;164753;164740;164701;164699;164772;164781;164774;164743;164775;164779;164715;164757;164766;164771;164750;164786;164769;164721;164717;164787;164744;164752;164707;164704;164763;164742;164703;176366;164778;164756;164758;164694;164770;166125;165576;166119;166129;166353;164705;166127;166351;166120;166984;166354;166350;166352;166128;166357;166994;167023;166782;167026;167030;167025;167020;167006;167029;166995;167002;166992;166986;167027;166993;167013;167011;166990;167028;167016;166997;167033;167034;167012;166985;167017;167018;166996;167009;167014;167032;167001;167008;166991;167022;167003;167005;167010;167019;167021;166999;166987;167000;166989;167015;168552;167004;167007;170591;170600;168555;166988;168577;168591;170625;168589;166998;168553;168571;164708;167031;168578;168590;168579;164720;168582;168583;168558;168573;168574;168595;168559;168572;168547;169517;168556;168581;168565;168562;168564;168584;168580;168586;168563;168588;168569;168560;168592;168567;168546;168593;168561;168575;168568;168557;168548;168554;168550;168549;168587;169514;168570;170585;170611;168585;168566;170623;168551;170612;170592;170586;170621;170594;170622;170595;170587;170624;173094;170590;170615;170610;170597;173150;170598;170617;173114;173102;173078;173167;173092;170618;173127;173096;173087;173163;173192;173135;173128;173154;173110;173122;173103;173174;173173;173136;173093;170619;173164;173184;173080;173148;173121;173143;173101;173160;173142;173082;173072;173187;173123;173067;173147;173126;173131;173098;173149;173161;173138;173134;173162;173069;173133;173145;173165;173089;173068;173120;173181;173168;173132;173077;173105;173107;173091;173099;173076;173106;173175;173170;173139;173084;173090;173112;173083;173073;173063;173064;173079;173081;173190;173188;173146;173157;173124;173171;173159;173189;173178;173119;173108;173113;173130;173115;173070;173176;173141;173144;173109;173179;173097;173065;173095;173117;173061;173116;173129;173191;173071;173156;173075;173169;173177;173062;173180;173166;173172;173104;173066;173111;173074;173186;173100;173086;173118;173158;173085;173155;173137;173151;173088;173152;173153;173339;173140;173182;173340;173342;173338;173336;173185;173335;173345;173334;173346;173125;173341;173854;173842;173865;173874;173347;173866;173343;173839;173856;173858;173855;173843;175070;174575;174579;175073;175081;174586;175080;175082;173853;175075;174571;175085;175074;175072;175076;175079;175071;175067;176332;176948;176345;176913;176346;175068;175066;176331;176925;175069;176951;176977;173344;176898;176944;176914;176934;176950;176926;176949;176911;176919;176932;176922;176900;176935;176937;177193;176927;176912;177199;177198;177195;176916;177197;177678;177677;177196;177679;176896;177685;177684;177686;177680;177683;177695;177690;177674;177681;176917;177710;177689;177682;177675;177687;177691;177694;178600;178007;178607;178606;177714;178608;178605;178534;178601;178599;178611;178524;178518;178550;178519;178537;178603;178556;178544;178549;178610;178602;178604;178533;178609;177688;178551;178613;178535;178614;176899;178612;173183;69312;179784;168576;179760;179781;179806;179791;179776;179749;179759;179797;179804;179771;179790;180131;179748;179779;179747;179745;179757;180128;180120;180117;180110;180130;180126;180116;179767;179754;180122;180112;179785;180113;180111;180125;180108;180129;180124;180127;180123;180119;181134;180109;181168;180132;181177;180121;180114;180115;181166;181174;181173;181138;181153;181132;181141;181152;181156;181149;181142;181158;181175;181133;181159;181148;181165;181170;181139;181722;181155;181151;181716;181709;181700;181327;181713;181702;181699;181703;181725;181698;181723;182456;182458;181715;182464;180118;182450;182454;182459;181136;182448;182461;182447;182460;182451;182457;182462;182455;182449;182446;182452;182444;182453;183823;182463;183827;183801;183804;183805;183831;183798;183349;182465;183348;183825;183829;183350;183803;183830;183826;183346;183347;183351;182940;183824;183828;183799;184432;183800;184056;184411;184428;184430;184423;184431;184409;184412;184427;184410;184416;184417;184424;184413;184426;184425;184414;184433;184418;184429;184415;184422;185719;185718;184420;185716;185714;185722;186978;185721;184419;185723;185717;185720;185715;184421;183802;186984;182445;186976;186979;186970;186971;186977;186973;186983;186988;186969;186972;186975;187062;186987;186956;186980;187700;186917;187688;186982;186981;187687;187699;187685;186974;187693;187703;187695;187690;187702;187701;187697;187689;187694;187696;189197;189198;187698;189341;187692;187686;189199;187691;189347;189196;189328;189348;189338;189346;189339;189327;189896;189330;189336;189320;189329;189342;109363;109365;109364;109687;109686;109693;189351;109690;109692;109691;109688;110194;110448;110195;110446;109689;109366;189325;110193;110196;110450;110447;110452;110454;109694;110453;110780;110451;110455;110456;110781;111550;110967;111606;111334;111335;111551;111336;110782;111701;111608;111607;117589;112086;112088;112087;111605;117592;117590;117708;118041;117591;112089;118042;117710;118400;118044;112085;118403;118832;118835;118402;118833;118043;118959;118834;118401;119503;117709;119502;119505;119782;118836;119784;119507;119783;119787;119504;119781;119789;119786;119506;119785;109119;109121;109122;109120;109124;109129;109125;109123;119788;109127;109128;109131;109135;109133;109126;109134;109132;119790;109130;186968;118404;110449;109137;109139;109179;109141;109181;109138;121048;109178;109140;121053;121049;121047;121051;109177;121363;121050;121364;109180;121367;121362;121366;121365;122160;121052;122158;121368;122260;122162;122161;122673;121054;122671;122676;122672;122261;122159;122677;123465;122678;122680;122861;123468;124124;122674;123467;123469;122679;123466;123757;124123;124303;124127;124125;125287;124128;124302;124305;124592;124301;124304;125091;124594;125288;125289;125291;124126;125599;125598;125290;125602;122675;125601;125603;125954;124593;126831;126384;125899;126383;125898;126960;126958;126959;126956;126962;125901;127460;126957;127463;125900;126963;127465;127462;127464;128285;128284;127461;127467;128288;127466;128287;126961;128290;129064;128286;128289;129066;129392;129065;129068;129070;129071;129560;129069;129067;129559;129793;129791;129563;129792;129561;129790;130028;129795;130216;129794;129562;130215;130214;130220;130219;130218;130221;130225;130223;130222;130227;130217;130226;130229;130224;130231;130233;130228;130232;125600;130230;130236;129851;129063;130235;130402;130401;130400;130598;130601;130600;130607;130470;130604;130603;131027;130606;130605;131030;131028;130608;131029;130599;131026;131237;130602;131082;131235;131234;131238;132260;131236;132259;132261;132734;132263;132265;132264;133095;132266;133094;133092;132262;132258;133552;133093;132735;131031;133866;133555;133554;133868;133652;133867;133149;133553;133556;134328;134117;134327;134898;134569;134678;134329;134896;134679;134897;134899;134118;135932;135594;135930;135929;135933;136364;136362;136361;135931;136750;136528;136752;136530;136749;136365;136751;133096;136363;136360;137090;135595;137091;136529;137568;137089;137566;137088;138044;137571;137570;138048;137569;138050;138045;137567;138047;138617;138046;138043;138049;138616;138624;138621;138618;138627;138622;138620;138628;138051;138626;138630;138629;138856;138623;139852;138857;139862;139338;138854;139856;139339;138855;139337;138619;139858;138625;139859;139861;140195;139857;140194;140197;139853;140636;140199;140198;140635;140196;143158;143159;141987;141107;140634;141958;140209;141998;141106;141952;141996;141985;141993;141957;141939;141963;141999;141986;141988;141949;141967;141989;141965;141972;141953;141943;141974;141973;139855;141991;136753;141940;141959;141108;141977;141962;130234;141956;141994;141941;141975;109136;141942;141951;141990;141978;142000;141966;141964;141983;141970;141946;141960;141955;141984;142022;141947;141954;141938;141968;141995;141976;142723;141948;142722;142738;141997;142728;142725;142733;142720;142726;143579;142734;142737;142724;141971;143582;143580;143589;143586;143575;143576;143578;143581;144799;144806;144807;144795;144797;143577;144805;144804;144798;144801;145454;144803;145452;144800;145457;145453;145455;156175;146625;145449;146630;146624;146626;145456;145450;146633;146631;147715;146634;146629;146628;143583;146627;146635;144796;147913;146622;146623;147914;147912;147910;147909;147906;148194;147911;148196;148193;147907;148915;148337;148195;147908;149305;148914;148920;148913;149873;149870;149860;148922;149871;148921;149865;149867;149875;149863;150975;149864;149861;148919;149869;150971;169520;169521;150974;150980;150969;150970;150976;150973;150983;169519;150978;150964;150979;150972;150977;169525;150968;169523;169524;169522;151268;150994;151271;151272;150967;151266;151277;151267;151269;151799;151270;151275;150966;151793;150965;150993;151274;151273;146632;151796;151792;151794;151931;152237;151930;153786;153152;152233;152238;153420;151798;152236;152234;153416;153425;153421;153898;153427;153422;153417;153426;153897;153896;153883;153424;154179;153899;154895;154913;154912;155760;155980;154914;155994;153900;153418;155989;154911;155982;156020;156182;156112;155973;156263;158591;160315;158722;156262;180057;160314;158210;158046;157885;157883;158725;158588;157884;158211;158213;157408;158592;158721;158723;158720;158214;159564;158724;158954;159558;158590;158719;159556;155979;158788;159557;160261;157182;159907;159560;159911;160264;160258;160270;160267;160265;160254;160263;160268;160578;160269;160577;160266;161457;160257;160260;161935;161464;160262;161933;162309;161936;161937;163226;163227;161932;161934;163237;163233;163231;163236;161930;160579;161931;163230;163232;163229;163308;163238;163317;163228;163314;163321;163358;163324;163315;163320;164294;163311;163919;163918;163319;163322;165096;163917;164295;165102;165097;165103;165989;165992;165991;166001;165098;165998;165990;165993;165987;166398;166411;165997;165101;163234;166409;165999;159565;166000;151795;166408;165996;166407;166412;166410;166396;166394;166393;167239;167227;167238;167235;167228;167236;167240;167226;168366;168454;168456;168444;168458;166395;168430;168442;168431;168434;168462;168461;168451;168439;168429;168428;168445;168446;168440;168438;168450;168453;168443;170440;168437;168441;168676;170438;170441;170448;170430;168432;170451;170433;170434;170443;170450;170444;170436;170442;171042;170431;171052;170437;171039;171038;171047;171048;171053;171054;171046;171468;171051;171229;171228;171482;171834;171226;171049;171836;170439;168459;171813;171831;171823;171819;171043;171825;171818;171835;171829;171816;171804;171809;171805;171827;171828;171817;171821;171832;171803;171820;172170;171833;171814;171830;172154;172167;172164;172151;171822;172165;172157;172166;171824;172168;172161;172160;172153;172155;172156;172142;172158;173233;172144;172162;173232;172159;173207;173202;173239;173203;173238;173208;173204;173227;172163;173237;172169;173905;173241;173240;173909;173234;173910;173904;173906;174585;174577;173195;174581;173919;174578;172143;173908;174568;173918;171826;174580;175012;173196;175013;175025;175014;175015;175019;175020;175018;175011;175967;175005;175022;175002;175949;175016;175944;175947;175968;175970;175021;175017;175971;175945;175969;175950;175948;175951;175953;176701;175955;176710;175972;176708;176717;176716;176702;176705;176698;176699;176703;176706;176677;175954;176707;176709;176700;176711;176915;176941;176939;176923;176946;176678;176918;176938;176895;176921;176936;176947;176940;176920;176897;177189;177194;176924;176945;177158;177187;177867;177857;177864;177863;177860;177862;177861;177159;177849;177881;177865;177882;177859;177847;177848;178538;176704;177868;177858;177188;178558;177866;178525;178540;178560;177869;178530;178521;178529;178531;178536;178546;178527;178523;178542;178555;178557;178548;178526;178517;178543;178493;178492;178528;178520;178553;178541;178539;178501;178522;178678;178516;178559;178502;178547;178506;178497;178679;178515;178508;178505;178496;178832;178820;178815;178495;178513;178819;178823;178822;178826;178821;178838;178825;178836;178824;178837;178830;178818;178816;178829;179768;178817;179770;179789;178827;178835;179780;179772;177871;179765;179753;174570;166392;178828;178494;178552;179800;141945;179777;179758;178834;179769;179750;179762;179794;179751;179774;179752;179763;179744;179778;179796;179761;180089;179746;179801;180093;180090;180085;179786;180062;180077;180056;180086;180072;180067;180074;180063;180079;180059;179807;180091;180084;181140;180087;181169;181145;181161;181154;181171;181160;181143;181144;181135;181150;181164;181137;181167;181147;181163;181162;181359;181131;181360;181157;181707;181701;181726;181172;181718;181361;181717;181176;180092;181720;181146;181705;181719;181711;181708;181710;181724;181714;181704;182627;182631;181706;182643;182624;182628;182630;182646;182626;182644;182645;182638;182636;182632;182637;182633;182642;182625;181721;182948;182635;182634;183480;182639;182640;183486;183468;183463;183467;183466;183472;183478;182629;182641;183483;183477;183482;183465;183475;183469;183481;183488;183462;183470;183476;183474;183479;183484;183205;183464;183206;183926;183925;183487;183471;184283;184287;184286;183473;184281;184291;184290;184292;184278;184282;184280;185793;185782;184284;184288;185791;184279;181712;184285;184289;185787;185788;185784;185792;183485;185786;185790;186566;186565;185785;186561;185789;186560;186559;186580;186575;186557;186551;186572;186555;186576;186550;186578;186554;186569;186574;186570;186568;186563;186552;186562;186556;186573;186567;187831;186564;187811;186577;187063;186549;187842;186571;187820;186579;187810;187815;187817;187823;187819;187818;187846;187844;187813;187812;187829;187833;187832;187836;187825;187827;187840;187841;187839;187835;187822;187837;187814;187838;187821;189190;187834;187824;187816;187843;187828;189318;189340;189332;189345;189331;189317;187845;187830;187826;189189;189323;189333;189349;189350;189335;189344;189324;189319;181970;182021;182012;181984;181973;189337;181946;181932;181996;160410;166544;189322;163375;183447;170501;160407;160405;189163;174974;189466;160406;166169;160411;166117;160412;162011;182053;174971;178704;182008;180096;180066;183440;173939;180571;180088;189897;183448;180075;189472;176771;178301;184180;178286;178287;180568;178288;183441;183318;180563;184179;183444;183446;183449;184181;185926;184178;184176;182066;185918;185917;185921;185923;185964;185922;185927;185963;189321;187774;185783;183317;189895;185919;173967;181997;182067;182019;182018;182028;181938;182054;181955;181939;181940;182006;182051;183264;182000;183266;185928;187778;189326;181977;189476;182031;182657;182050;182003;189343;182016;182007;181935;182027;171853;160993;181936;187781;181986;187780;179783;176756;181985;165099;160439;160443;160451;160432;160459;160447;160426;168436;163313;160425;160434;163368;160446;162002;160433;166124;163382;166495;164359;163312;171216;168520;170472;160428;168728;175946;174421;174434;174973;173228;173223;177770;180566;180564;177771;179764;183265;176762;185929;182656;178532;189474;167231;163371;184183;187771;163372;162006;189470;166501;164362;166118;167237;163352;173206;163370;174975;165100;171227;174430;170458;177781;175973;173235;168507;176754;180569;178545;177780;186553;180567;184184;185920;182654;183267;189467;189471;160419;179798;160442;160438;160440;160445;160424;160458;160436;160431;160429;187777;176767;160456;160449;160448;160421;160430;160427;160437;160457;160452;160423;160441;163309;161456;163310;162005;163316;163323;163386;163385;163387;168727;166131;165104;167232;160422;174976;170471;175952;173230;166494;177776;168726;177775;179775;185925;178554;182660;180565;171848;184177;182659;160435;180082;187779;176766;189469;182017;181931;181992;164357;189475;182035;182653;182063;181941;187773;182002;187772;181942;181975;182043;181953;181990;182011;182059;182061;181974;183269;182010;181960;160991;173942;160975;162010;173211;176752;160976;173937;162012;183442;180058;180570;180097;179805;183445;183443;179782;189477;160992;185924;181381;189894;182040;181376;182055;186558;182655;181380;181387;181386;181384;181389;181385;181379;181390;181383;182020;181377;181967;181388;182048;182029;182052;181382;181979;182024;182032;182004;181957;189478;182064;181980;189479;182060;182001;181991;181995;189468;189473;181947;181378;182058;181965;182037;184182;181937;182034;187775;182069;182022;182009;181954;182023;182013;182071;182046;181956;189334;181950;181982;182041;181948;182033;181994;182068;182039;182045;182015;181969;181966;181933;181972;181998;182030;181978;182042;181963;181949;182047;181962;182026;181959;181987;182038;181951;182005;181964;181999;181976;181993;181958;181988;182014;181961;183263;181934;181968;182025;182057;181971;182070;181983;182056;181981;69560;182049;182062;182065;181989;183268;181952;69562;69561;69566;69564;69570;69568;78262;69567;69563;69571;69565;69573;182044;182658;69572;187776;187770;69569;69577;69574;69582;69576;69581;69578;69580;69587;78263;69585;69584;78264;78266;182036;69588;69579;69586;78268;69589;69583;69591;78265;69592;69590;69597;78270;69599;69598;69594;69596;69602;78269;69595;78267;69603;69607;69600;69609;69611;69605;69608;69606;69616;69610;69593;69612;69601;69620;69614;69613;69622;69615;69624;69621;69623;69627;69625;69619;69631;69617;69634;69629;69636;69630;69632;69628;69618;69640;69635;69638;69643;69633;69648;69644;69641;69646;69637;69647;69604;69645;69650;69639;69626;69654;69652;69653;69651;69656;69655;69642;69664;69660;69659;69663;69662;69657;69666;69668;69661;69658;69673;69665;69674;69669;69671;69679;69670;69681;69680;69677;69683;69678;69685;69672;69684;69675;69686;69688;69676;69691;69667;69694;69682;69695;69690;69698;69696;69702;69693;69699;69689;69706;69692;69703;69701;69697;69704;69700;69708;69715;69710;69709;69711;69705;69717;69714;69712;69718;69713;69719;69722;69723;69716;69707;69687;69649;69721;69728;69725;69732;69724;69720;69734;69730;69738;69731;69735;69729;69727;69741;69742;69737;69733;69740;69745;69744;69746;69743;69736;69739;69748;69752;69749;69750;69756;69751;69759;69757;69753;69761;73126;69763;69755;69754;69747;69758;69768;69765;69762;69760;69766;70219;69771;69770;69769;70223;70218;70224;70225;70222;70227;70229;70226;70228;69767;70220;70233;70232;70567;70568;70221;70898;70900;70231;70896;70899;70901;70902;70904;70906;70569;70905;70230;70907;69764;70903;71078;71266;72266;71268;70234;71079;70897;71267;71395;71397;71396;71401;71398;71575;71574;71269;71577;71576;71579;71400;71581;72289;72292;71399;71582;71270;72294;71580;72291;72298;72296;72290;72303;72297;72299;72295;72293;72300;72745;72302;71578;72749;72305;72748;72306;72944;72946;72750;72746;72747;72950;72945;72947;72948;72751;73059;72301;72949;73230;72951;73232;73231;73060;73227;73234;73229;73236;73235;73237;73651;73228;73569;73233;73058;73061;73649;70908;73438;73653;73650;73654;69726;78271;78274;73655;72304;78273;78279;78275;78272;78278;78285;78281;78282;78277;78283;78287;78284;78288;78280;78292;78289;78276;78293;78295;78294;78291;78290;78303;78299;78298;78301;78286;78302;78308;78296;78297;78310;78300;78307;78306;78305;78312;78311;78315;78314;78321;78316;78309;78322;78317;78318;78320;78323;78319;78329;78313;78332;78327;78326;78333;78328;78337;78331;78339;78338;78325;78344;78342;78334;78340;78330;78335;78341;78324;78336;78304;78348;78346;78351;78349;78355;78350;78352;78356;78359;78354;78357;78360;78347;78362;78361;78367;78365;78358;78353;78484;78448;78343;78366;78560;78558;78485;78562;78364;78561;78781;78658;78559;78779;78780;78875;78778;78874;78363;79296;78777;79297;79293;78873;79560;79292;79561;79295;79294;79840;79559;79562;79725;79558;79875;79298;80122;80417;80419;79841;79873;80415;80416;80557;80418;80922;80921;81024;80414;81322;81320;81321;81323;78345;81324;79842;79874;80461;81326;81327;78872;81677;81329;81330;81328;81673;81827;81829;81676;81675;82045;81674;82043;81828;82507;82046;81826;82044;82506;82835;82508;82833;82832;82509;82834;82831;82856;82858;82857;83268;83058;83057;83269;83056;83271;83059;83493;82836;83496;82047;82859;83880;83497;83494;83495;83883;83280;83975;83885;83881;83976;83272;83882;83977;83884;84244;83974;84243;84128;83973;84248;84129;84250;84246;84370;84245;84592;84247;84371;84249;84595;84251;84596;84594;84593;84369;84293;83270;84625;84372;84926;83978;84931;84925;84647;84927;84929;84928;85230;85045;84930;85451;85044;85453;85232;84964;85452;84623;85458;85747;85456;85633;85631;85231;85748;85454;85752;85749;85457;86075;85632;85750;86496;86073;86355;86356;86074;86636;85455;86495;86076;85751;86637;86771;87339;87014;87015;87016;87342;86638;86634;86770;87346;87344;87343;87341;87340;87348;87350;87345;87352;87347;87354;87351;87355;87379;87353;87968;87967;87973;87971;87966;87380;87349;87969;84624;81325;86635;87974;87972;73652;69575;87991;87970;88661;88657;88662;88656;88660;88658;88655;89120;88659;89839;89837;89841;88663;89119;88756;89842;89846;89840;89845;88664;90100;89844;89966;89967;89848;90155;89838;89965;90269;89847;90268;90273;90365;90270;90271;90364;90272;90274;90267;90629;90154;90631;90514;90513;90630;90776;90633;90778;90867;90632;90777;91463;91047;90866;90865;89843;91241;91240;91048;90864;91465;91467;91471;91466;91469;91470;91468;91629;91628;91769;92221;92223;92470;92469;91627;91464;92472;91768;92222;92662;91858;92661;93008;93010;93009;93011;91239;90366;92664;92663;93014;93016;93252;93251;93013;93015;93536;93744;93012;93743;93745;93540;93253;93665;93539;94021;94020;93538;93789;94022;94341;94681;94018;94683;94684;94682;94182;94342;94019;93537;94686;94974;94973;94183;94976;95893;94977;95896;95609;94975;95895;96284;95898;95935;96282;96395;95897;96394;96283;95894;96807;96806;96805;96808;96809;97024;97022;97023;96632;97553;97149;97554;97148;97329;97025;94685;97147;97146;97555;96631;97557;99035;92471;99037;97896;99186;99039;99038;99531;99529;99418;99533;97897;99532;99713;99535;99712;99036;99534;99419;100105;99530;100106;100637;100274;100554;99711;100275;100640;100552;100276;100636;100639;100641;100643;100642;100874;100999;100553;100644;100873;100638;101003;101001;99714;101002;101004;101271;101273;101958;101551;101272;101959;101064;102208;101270;102177;102179;101934;102180;102178;102367;102502;101933;102546;102545;102544;102866;102863;102547;102548;102869;102867;102864;102873;102871;102870;102872;102868;101000;102865;102181;102876;102875;102874;103225;103224;103227;103651;103309;103229;103650;103600;103310;103602;103228;103604;103226;103572;103755;103601;103652;103653;103822;104179;103824;103823;103603;104393;104180;104182;104183;104704;104181;104395;104394;105052;104392;105050;105417;104705;105051;105053;105054;103825;105418;105422;104707;105421;105420;105055;109555;104706;109368;109367;109696;109698;109182;117342;109701;109700;109695;110197;109699;110458;110199;110202;110457;110200;110201;110198;110462;110460;111337;110783;111609;110461;111338;110784;111552;109697;111611;111702;111553;110463;112095;112090;111612;112096;112091;110459;112097;105419;112093;112092;117344;112094;117346;97556;117603;111610;117605;102877;117345;117922;117604;117347;117348;118211;117608;117924;118362;118210;117923;118213;117607;118361;118212;118803;118802;118595;118804;119467;119464;119465;119466;117606;119472;118805;119470;119469;119687;119478;119474;119476;118363;119477;119471;119688;121360;119468;119813;121359;119473;119689;119815;119812;121361;105516;119475;106170;106690;105517;106169;106171;106693;106168;106691;106930;119814;106933;106931;106694;106695;106934;106936;106935;105620;106932;107240;107238;107235;107237;107236;108414;107241;107239;124199;108599;108598;108600;106692;108691;108602;108845;108846;108849;108603;108844;108601;109184;121130;108850;109369;108852;108851;108847;109183;121370;109186;122034;108848;122096;123082;122035;122759;121369;121132;122602;123085;109185;123086;123081;123083;123090;123087;123084;122758;122760;123089;121131;124200;123091;123088;125604;123956;124654;124653;125092;124655;125294;125293;125955;123957;125903;125739;125904;125902;125605;127062;126346;127063;125314;125292;125295;127068;127064;127066;127072;127061;127074;127070;127067;127071;127069;127065;127468;127075;127811;127060;127812;123958;108597;127817;127073;127819;127815;128293;127816;127814;127813;129005;128617;128294;127818;128292;129007;129010;129006;129407;129009;128291;129567;129011;129564;129013;129014;129569;129565;129566;129852;129012;130280;129797;129570;129798;129568;129796;130403;130281;130609;130282;131241;130471;131083;131239;132026;131240;132322;131243;132324;131244;130610;133004;129008;132755;132754;132321;132757;132756;133007;132323;133559;133006;133557;131242;134120;133560;133558;133870;133653;134572;133871;134571;134573;133005;134119;134570;133869;134680;130404;134681;135934;134682;135710;134575;135936;135937;135935;136628;136624;136625;136626;136627;137096;137094;137093;137095;137101;136629;135938;137099;138053;137098;138631;137100;138057;138054;138052;138056;138633;138059;138635;138632;138055;137092;138061;138058;138634;138639;138643;138642;138637;138638;138060;139084;139085;137097;138640;138641;139091;139086;139089;139090;139093;139088;139083;140092;139087;139550;139549;140090;140091;148126;140086;139548;140093;139092;140096;140085;138636;140094;140088;134574;127810;140089;140095;117343;140611;140206;141982;140210;141980;140612;140207;141944;141969;142980;141950;141992;142984;141981;142978;142981;142979;141961;143887;141979;142977;142983;142974;144472;142975;142993;144471;143367;144473;173278;144461;144470;144469;144464;144465;142976;144466;144458;144467;144468;144990;144994;144462;144460;145004;144463;145005;145003;145008;145000;145001;144993;144992;145009;144989;144997;145002;144995;145458;144999;144988;146818;145010;144991;144998;145451;146567;146570;147917;144459;146819;148131;146569;148132;147919;147915;148899;147916;149432;148377;149431;148898;149791;148378;149783;149814;147918;150150;149784;151509;149868;149430;151518;149866;149862;151508;151514;151515;151522;151521;151517;151512;151507;151519;151510;151513;151934;151520;153160;151511;153171;153167;153170;153162;153169;153165;153882;153164;153166;153861;153161;153860;153863;153859;153864;149872;154900;153163;154188;155372;155354;155758;154901;154899;154897;156877;155607;156868;156867;156264;158192;156870;157410;156871;156864;158193;158587;146814;158195;158695;156174;153858;158791;158986;158696;158790;158697;151933;159563;158177;159910;159555;161492;160334;160333;161610;162001;159562;160332;161994;159561;161998;159909;161995;162009;161992;162832;162003;162008;162834;161996;162308;162830;161997;162004;162831;161993;162836;162833;163861;163870;163868;163852;163867;163853;162835;164360;163862;163866;164361;164358;165988;168435;163869;164948;166356;165994;165986;168612;168604;168613;168596;168605;168608;168600;164356;168601;168607;170523;168606;168614;170542;170527;168599;170525;168597;163864;170544;168617;170524;170543;170528;168598;170550;170548;170547;170541;170553;171045;170546;171055;170545;170552;171044;171650;171019;170539;171040;171217;170540;171499;171863;171866;171020;171862;171847;171850;171865;171050;172208;172217;172184;172188;173283;173272;171851;173274;171849;172192;173280;173284;173282;173279;173940;173281;173273;173965;172181;173954;171855;173932;173936;173935;173968;173934;173966;173953;173941;173955;174621;174617;174620;174618;173933;175095;174623;173943;175090;174622;175094;175092;175096;175093;176259;175088;176268;176753;175097;175091;176258;176269;176266;175089;173938;158589;176759;176755;176763;176267;177071;176769;177012;170538;176758;176765;177065;177066;177067;177015;177068;177072;177906;177376;177908;177070;177069;177909;177374;178510;178498;177924;178512;177903;178504;178509;178499;178833;178511;178503;178507;178831;179795;179788;179787;177907;178514;178500;179756;179793;179766;177904;179792;179803;179773;180073;180068;179799;180070;180094;180060;180076;180064;180069;180095;181219;180065;181222;180081;180061;181218;180083;181223;180071;181220;181224;181221;181854;181850;181225;181217;181851;181855;181853;180080;181849;179802;181852;181856;182704;181847;182701;182702;182709;182707;182715;182700;182717;182703;182706;182705;182718;182711;182699;182713;182710;183847;183851;182712;182708;182716;183852;183850;183848;183844;183846;183849;183843;183845;182714;183405;183853;184074;183408;184386;184395;184393;184391;183407;184392;184394;186588;184389;186590;183842;184390;186594;187708;186589;186592;186591;184388;187064;186593;187711;187709;187712;189893;187707;189395;189391;189390;189393;189392;189394;184387;181848;183406;90798;157546;157524;187710;157677;157476;157624;157539;157693;157534;157654;157617;157590;157555;157618;157602;157714;157650;157691;157709;157605;157501;157660;157705;157679;157547;157713;157492;157681;157627;157698;157571;157519;157632;157635;157634;157574;157685;157578;157633;157689;157554;157686;157566;157553;157509;157672;157695;157657;157606;157721;157498;157671;157644;157594;157597;157699;157612;157527;157582;157616;157692;157652;157477;157637;157535;157665;157538;157620;157664;157622;157639;157687;157510;157619;157706;157499;157609;157552;157700;157599;157645;157548;157629;157491;157506;157523;157703;157658;157520;157707;157495;157719;157613;157533;157607;157559;157598;157682;157723;157701;157688;157708;157595;157711;157525;157615;157515;157668;157487;157651;157522;157611;157488;157583;157669;157710;157680;157478;157593;157490;157724;157674;157572;157621;157647;157569;157526;157587;157728;157648;157696;157483;157475;157588;157482;157608;157649;157561;157636;157610;157697;157514;157655;157573;157500;157504;157473;157470;157541;157562;176764;87990;179755;157715;140087;179413;157584;157684;52383;157530;179412;157659;157536;157716;157646;157586;157718;157642;157471;157560;157484;157565;157511;157600;157486;157544;157481;158840;157704;157726;157558;157576;157563;157591;157729;157676;157542;158854;157556;157603;157663;157623;157643;158839;157516;157638;157496;157673;157702;157683;157604;157505;157512;157577;157550;158874;158851;157517;157518;158878;157532;157581;157507;157712;157575;157485;157725;157521;157579;157630;157625;157497;157656;157513;157662;157479;157493;157596;157667;157528;157568;157545;157508;157720;157502;157537;159005;157503;157564;157472;157717;157557;157640;157589;157570;157585;157494;157631;157628;157480;157529;157489;157661;157675;157474;157727;157551;157540;157626;157678;157722;157580;157531;157666;157641;157670;157690;157694;158879;157601;157614;158858;158846;158848;158834;158871;157543;157567;158843;157549;158847;157592;158872;158826;158860;158831;158855;158865;158833;158856;158859;158825;158832;158837;158863;158862;158841;158849;158852;158853;158829;158838;158827;158828;158861;158864;179418;158844;158823;167686;158824;161140;179417;158845;161109;158835;158869;157469;161130;161112;161144;161122;161143;161111;161101;161105;161134;161136;161110;161147;161125;161104;161146;161138;161139;161141;161126;161103;161090;161142;161099;161156;161129;161124;161137;161102;161096;161133;161115;161092;161131;161094;161145;161093;161123;161135;161157;161116;161114;161128;161091;161113;161108;161132;161107;161095;167676;167673;161117;161369;167660;167702;167659;167711;167703;167654;167713;167706;161901;161100;161904;167714;161482;167661;161097;161127;161903;161902;167655;167719;167683;167656;167671;161900;167707;167679;167696;167664;167666;167715;167708;163347;167710;167672;167709;167721;163346;167691;163345;163440;167701;163343;163342;163341;167704;167699;163437;167687;167716;167698;163519;167665;167688;163906;167695;163344;164025;163349;167657;167694;163908;164022;164023;163904;163905;164021;164024;167663;167668;167681;163889;167677;167669;164270;164271;164526;164524;163903;164527;167720;167682;164522;167680;164525;166063;167697;165808;167689;165790;167712;167678;163907;161899;166065;166135;164816;165814;167685;166134;167705;167693;166133;167718;167684;166064;166249;167662;167658;167674;167653;167692;167723;165825;167667;167675;167652;166267;167700;167722;166066;166402;167717;167690;166401;166399;167670;166406;166405;166320;166403;166269;166260;166268;165794;166397;166270;166508;166404;166462;166511;166675;166673;166507;166505;166672;166523;166504;166509;166522;166615;166524;166614;166929;166895;166894;166893;166897;166808;166510;167311;166898;167293;167438;167310;167436;167289;167309;167461;167313;167307;167437;167290;167304;167291;167302;167430;167312;167435;167308;167315;166892;167460;167298;166613;167297;167305;167429;167316;167317;167301;167450;167299;167440;167294;167447;167431;167444;167292;167448;167314;167303;167445;167439;167442;167441;167443;167288;167449;167446;167954;167982;167973;167989;167974;167965;167956;167985;167459;167995;167306;167967;167990;167957;167994;167997;167975;167966;168001;167961;167984;167979;167506;167969;167953;167981;167960;167996;167962;167988;167991;167958;167983;167959;167955;167977;167971;167986;168000;167970;167964;167972;167835;167978;167987;167847;167998;168009;167300;167968;167976;167992;167853;167844;167993;167836;167837;167843;167846;167980;167864;167833;168038;167999;167750;168039;167845;168034;168475;168477;168853;168866;168867;167882;168871;169724;168135;169491;168854;169992;170030;170080;170049;170032;170029;169725;170086;170028;170088;170083;170089;170087;170031;170147;168868;170090;170085;170155;170146;179414;179415;170081;170584;170551;170549;170566;170570;170575;170571;170567;170577;170578;170576;170603;170602;170583;170604;170572;170581;170582;170579;170568;170599;170698;170689;171165;170526;170601;171358;170580;170084;171731;171179;171359;171864;171123;171462;171360;171742;171856;171716;171738;171736;171737;171729;171857;171739;171741;171728;171740;172005;172008;171999;172002;171990;172003;171989;171854;171988;172006;171730;172004;171735;172145;172125;172494;172001;172007;173054;172594;173438;173350;173053;173389;173915;173390;173445;172493;179416;173348;173914;173911;173436;174576;173907;173920;174584;173916;174582;174593;174673;174574;174695;174723;175030;174630;175031;175032;175143;175629;175609;174007;171124;174682;175144;165791;174606;175647;172152;175651;175625;175635;175646;175632;175673;175658;175618;175663;167866;175655;175660;175622;175636;175652;175653;175620;175649;175608;175612;175631;175617;175633;175650;175637;175624;175639;175621;175626;175603;175648;175613;175611;175577;175604;175619;175614;175627;175630;175610;175654;175642;175640;175662;175659;175634;175605;175606;175623;175615;175643;175645;175607;175571;175641;176155;175644;175657;176163;176184;176154;176167;176182;176153;176151;176156;176152;176161;176180;176173;176117;176177;176181;176185;176179;176187;176176;176112;176122;176172;176175;176158;176126;176157;175616;176171;176174;176170;176162;176166;176164;176168;176183;176159;176165;176188;176186;176120;176160;176169;176127;176189;176125;176129;176124;176128;176055;176123;176131;176054;176056;176119;176121;176130;176231;176234;176668;176669;176417;176387;176725;176051;176116;177350;176731;177349;176732;176724;177628;177479;177630;177600;177625;177779;177616;177783;177838;177629;177626;177793;177777;177772;178294;177778;178214;177782;178296;178213;178308;178284;178309;178307;178194;178418;178420;178724;178419;176178;178306;178295;178722;176667;177839;178467;178726;178721;179217;178725;179329;179222;179328;179218;178451;179230;179221;179250;179228;179229;179248;179220;179366;179367;179219;179249;179622;179442;179617;179443;179703;179621;179619;179625;179618;179624;179620;179627;179611;179610;179702;179626;179897;179834;179832;179899;179898;179833;180272;179441;180078;180271;181269;180554;180555;181430;180553;179623;181428;180552;181429;181268;181270;181434;181433;181432;181431;181440;181435;181438;181436;181795;181437;181799;181805;181809;181803;181800;181794;181793;181802;181808;181807;181810;181796;181797;181798;181804;181801;181439;180177;182075;182074;182692;181897;182688;182814;182693;181806;182685;182694;182696;182816;182815;182686;182687;182810;183236;182695;182697;183216;182813;183673;183053;183212;183237;183217;183672;183056;183218;183666;183671;183665;183258;183257;183219;183054;183668;183417;183424;183419;183425;183418;183420;183422;183670;183423;183675;183669;183894;183895;183896;183977;183897;184037;184350;183898;183667;184447;183674;184445;184352;184355;184351;186220;184354;184448;185908;186528;185907;184446;186293;185909;185906;186527;183421;186733;181896;186529;178723;186750;186942;184353;186941;186918;186945;186947;186920;187055;186919;186944;186943;186949;186921;186946;186922;187027;187028;186948;187643;187127;187214;187215;187641;187636;187635;187642;187637;188015;188005;188010;188006;187681;188013;188014;187644;187981;187985;188008;187984;188009;187128;187983;188012;189114;189261;189260;189263;187982;189262;189259;189623;188011;189621;189620;189622;189273;189619;189909;189627;189840;189624;189841;189771;189911;189757;189842;189913;189912;189910;189626;189115;189625;30214;32322;41062;42372;33225;42977;189914;31417;34963;43828;34964;40822;27596;45592;32323;25904;44339;188007;148708;153836;16193;27854;11882;34021;61463;186710;175638;186751;181676;143419;144568;143421;142023;143420;142362;141262;106980;122718;106979;156184;156165;14251;72602;90006;90005;35403;62810;58607;69513;62811;62812;19387;11105;23841;34393;24015;24013;25086;32398;22510;26970;24240;22511;18041;24816;72397;72396;31049;72672;179311;25931;137181;117406;137180;122854;126338;106870;131193;186689;117407;117405;106871;124411;76309;74186;55285;55284;170204;73965;62627;11994;179041;183502;73290;73291;176074;87766;180574;81318;96315;73292;168371;76307;76308;135973;176547;174930;81317;135974;174931;77369;177926;169504;77367;177631;76774;180165;174000;77370;176519;76773;42261;87777;25337;24280;178437;44876;24281;87776;54831;25706;19703;84432;76589;38876;25348;38875;33762;38973;25161;35454;20297;177645;177646;186330;12010;57729;12011;31351;46241;28361;46242;10026;34097;34096;136761;24233;136760;38830;38829;24232;28332;58648;110289;110293;110290;66555;110292;58652;66554;58649;49674;55670;73762;51395;88881;72583;82295;70498;51191;43007;77327;38947;20949;50071;35430;65642;42370;33550;65643;53829;55819;71038;84987;71040;51527;14270;12114;11649;68927;68928;93401;93405;93402;93406;93403;34242;11995;11996;23637;42105;69317;35473;69316;55692;67258;33901;25218;55691;27527;25219;33108;40621;45503;20174;96317;29899;103304;103303;103305;145595;145662;21772;145682;25083;145673;145592;145599;145649;145573;145627;145660;145644;145610;145681;145598;145591;145688;145642;145674;145630;145683;145640;145620;145656;145596;145583;145575;145601;145651;145669;145685;145588;145650;145690;145678;145675;145663;145670;145612;145581;145613;145625;145652;145611;145668;145622;145602;145638;145631;145589;145586;145647;145676;145684;145617;145572;145618;145641;145624;145576;145657;145633;145637;145648;145628;145587;145679;145597;145579;145616;145664;145680;145646;145687;145614;145607;145672;145594;145645;145667;145654;145658;145665;145653;145666;145686;145593;145580;145608;145615;145619;145603;145623;145621;145590;145606;145578;145643;145574;145605;145629;145609;145689;145639;145600;145585;145671;145661;145677;145632;145634;145604;145636;145577;145582;145655;145584;145938;146041;145921;145912;145869;145626;145983;145949;145984;145834;145852;145976;145801;145895;145901;145807;145935;145979;145972;145827;146010;145866;145948;145659;145796;145942;145803;145929;145993;145992;145830;146014;145950;145858;145818;145985;145994;146006;145828;146004;146003;146011;145982;145889;145884;146027;145974;145991;146000;145897;146034;145851;145814;146039;146008;145842;145798;145799;145967;145941;146012;145823;145810;145903;145955;145936;145952;146022;145863;145825;145808;146023;146007;145975;146018;145885;145930;145995;145876;145795;145886;145841;145850;145946;145971;145874;145928;145831;145934;145838;145947;145906;145966;145797;145913;146024;145999;145953;145856;145853;145960;145958;145635;145822;145954;145812;145956;146029;145861;145846;145794;145905;145951;145879;145970;145802;145867;145804;145870;145907;146025;145981;146021;145908;145964;146030;145805;145819;145859;145919;146013;145996;145878;145868;145843;145940;145909;145836;145957;145857;146005;145887;145840;145871;145916;146040;145837;145833;145811;145839;145986;145813;145849;145924;145806;145917;145845;145977;146028;145965;145815;145890;145883;145835;145865;145939;146037;145881;145809;145880;145872;145998;145877;146019;146038;145896;145904;145826;145854;145875;145943;145987;145973;145824;145882;145922;145820;145898;146036;145959;146026;146020;145944;146035;146032;146031;145900;145918;145926;145893;146016;145873;145978;145864;145910;145914;145911;145888;145969;145832;145899;145980;145821;145915;146001;145961;145816;145848;145891;146042;145988;145844;145989;145860;145847;146015;145855;145945;145817;145892;145925;145800;145963;146017;145894;145829;145920;145932;145990;145962;145902;146009;145862;145933;145937;146033;145931;145923;145570;145791;145792;146802;146490;145698;146871;146539;146872;146800;146870;146552;145927;145968;146965;146994;146089;146002;147137;147887;146548;148187;147713;148188;148422;146963;148420;147191;148318;148863;148033;148688;148424;148686;148941;148940;148687;148281;150034;149874;149732;149775;149738;149746;149741;149778;149237;149751;149740;149743;149774;149730;149764;149026;149747;149767;149759;149729;149779;149781;150031;149770;149771;149758;149757;149772;149773;149768;149748;149777;149754;149765;149750;149749;150033;149753;149756;149737;149763;149766;149728;149745;149762;149733;150032;149744;149769;149734;149776;149761;149739;149755;150045;149736;150064;150044;150297;149731;149752;150298;150833;150385;150835;150384;150840;150831;150841;150842;149780;151362;150838;150832;150839;151151;150834;150837;151365;150836;150830;151145;151144;151367;151879;151146;151366;151363;151797;151431;151364;152067;152066;152168;151876;152574;152359;152455;152367;152468;152461;152575;152454;151147;152572;153151;152358;152588;152582;152591;152573;153150;152576;153155;152594;153520;153409;152596;152893;153410;153412;153149;153539;153521;153763;154050;154156;153411;154272;153519;154157;153532;154329;154642;154870;154871;154873;154874;154649;154158;154877;153590;146964;145997;152583;154872;154979;154969;155070;155033;154644;155337;150065;155098;155029;155173;155083;155040;155055;155037;155069;155041;155176;155189;155036;155064;155095;155187;155049;155344;155084;155195;155063;155047;155051;155031;155044;155065;155188;155186;155338;155061;155205;155066;155035;155039;155062;155032;155046;155343;155175;155340;155147;155145;155156;155028;155198;155196;155030;155180;155097;155099;155054;155027;155136;155050;155038;155199;155124;155052;155057;155045;155043;155034;155116;155067;155056;155161;155077;155558;155042;155078;155068;155053;155125;155163;155135;155341;155560;155588;155556;155557;155554;155339;155562;155555;155996;155342;155838;156117;156118;155839;156238;155619;156444;155997;156796;156236;157155;156125;157156;156237;157080;157330;156795;157406;158088;158117;156239;158488;157328;157381;157205;156235;158988;159302;158953;158945;158086;158946;159220;160252;160253;160913;158087;160300;160958;158944;160963;160909;160916;160908;160920;160921;160910;160904;160967;160902;160914;160952;160919;160949;160899;160912;160948;160968;160900;160915;160925;160965;160954;160957;160969;160962;160951;158435;155561;160901;160956;160955;160953;160923;160950;160907;160924;160922;160961;160964;160911;161668;160895;160947;161004;160897;161669;161165;160960;161969;161768;162992;162987;160903;162989;163659;161721;162990;162988;164954;163712;163754;164953;162991;164956;165682;164418;163658;167157;164955;167189;166172;161667;166461;167188;166460;167174;167172;167183;167158;167144;167176;167135;167170;167143;167185;167168;167184;167163;167161;167096;167149;167162;167190;167164;167186;167192;167120;167191;167171;167160;167147;167154;167119;165202;167133;167180;167187;167177;167175;167159;167178;167181;167140;168216;167121;167094;168832;167134;168422;171692;169962;171698;169972;170628;174012;167740;175868;169705;174386;175898;174388;175897;175891;175896;174251;176148;176149;175847;175837;175848;175892;175877;176144;175887;175893;175905;175852;175856;175850;175858;175886;173838;175845;175907;175876;175888;175890;175912;175913;175889;175869;175906;175910;177669;175911;177539;176390;178196;177667;177668;178195;175885;181246;177621;179463;179460;179183;175860;179461;177735;160918;181625;179462;183000;175904;183343;183196;167122;183728;181894;184198;183434;185645;185632;183193;185627;183727;185617;185633;185628;183726;185636;185629;185639;185637;185625;185649;185621;185624;185622;185623;185644;185630;185626;185638;185634;185640;185635;185641;185620;185642;185619;185616;185646;185647;187733;187731;185618;185643;187739;185648;187732;187741;187735;187736;187740;187738;187737;188075;187870;187856;187871;187734;187864;187875;187867;187873;187868;187872;187874;187866;189768;187876;189306;187916;185631;187869;189745;187865;189770;188053;188052;21795;21794;189906;189849;21797;188076;21921;189769;189850;21919;21796;21800;21920;21798;21923;21804;21922;21801;67025;21803;21805;21924;21925;21802;21799;21807;67026;21808;21810;21809;21926;21793;21813;21815;21811;21927;21932;21814;21931;21929;21812;21928;21817;21806;21816;21818;21934;67027;23981;21930;23980;21820;21819;21935;21937;21936;21938;21822;21824;21826;21821;21830;21828;21827;21831;21823;21825;21942;21939;21941;21833;21832;21837;21829;21944;21943;21834;21836;21835;21838;21839;21840;21843;21946;21842;21948;21933;21945;21947;189305;21841;67028;67029;21844;21845;21940;21952;21953;21950;21955;21954;67030;21847;21951;21956;21849;21848;67032;67031;21958;21851;21846;21959;21855;67033;21852;21853;21957;21857;21854;21858;21856;21961;21963;21859;23982;21962;23983;21850;21964;21960;67034;21864;21863;21862;21861;21860;21867;21967;21966;21872;21865;21969;21968;21871;21870;21869;21970;21874;21873;21973;21868;21866;21878;21971;21976;21972;21880;21877;21876;21977;21974;21879;21883;21979;21884;21881;21965;21978;21887;21888;21980;21882;21890;21886;21981;21875;21892;21987;21986;21975;21983;21982;21988;21984;21891;21889;21990;21989;21985;21895;21894;21896;21991;22134;21992;22274;21994;21898;22082;22135;21897;67035;21900;21893;21995;21901;21899;22275;21993;21903;22064;22036;21902;21997;21905;21998;21904;22038;22000;22037;22002;22065;21999;22001;22277;22103;22066;21906;22104;22067;22161;22238;22163;22278;22276;22320;22279;22136;22138;22137;22164;22197;22280;22207;67036;21949;22162;21996;181634;21885;154884;22258;22337;22282;22422;22039;22339;22338;22321;22340;22423;22513;22424;22450;22425;22880;22485;22484;67037;22514;22427;36238;36335;36520;22879;22426;37366;36309;37097;37281;37153;23789;37577;36615;24023;24024;23788;23944;23943;23941;23942;24005;24288;23984;37714;24286;24285;24290;24357;24289;67038;24703;24358;24877;24704;24673;24287;24727;24702;24818;24674;24763;25041;24920;24919;25044;25006;24878;25095;25043;25042;67039;67043;67046;25007;67041;67044;67048;67045;43639;25126;67042;67047;67040;25150;67049;25223;43640;24764;25353;25204;25206;25254;36838;43641;25298;25256;67050;25257;25255;25574;43642;25205;25355;25354;25526;38103;67051;25495;25447;25224;25497;25462;37778;25499;25403;25575;25496;25501;43643;25502;25498;25528;25712;25577;25527;25576;25613;36608;25580;43644;25579;43647;25500;25614;25578;43645;25908;25713;67053;25715;25714;25777;43646;38130;43648;67052;67054;43649;25740;25739;25832;36643;37749;25741;67055;25813;26004;25850;67056;26003;67057;25849;26074;27538;25175;43651;25812;26203;25778;25972;25949;25958;25973;26076;26204;26075;26973;26077;26929;26073;26028;43652;37953;26205;43653;43654;26206;37552;43655;26207;26974;37788;43658;43656;43659;36400;27541;37627;27539;37507;27543;27540;36452;67059;67058;37449;37318;43660;37834;36664;67060;37428;27542;43657;36264;29190;43661;36614;29255;37859;67061;43662;37591;37163;67062;29256;29751;29750;36661;43664;29730;43663;29901;29731;43665;29753;29931;29967;29966;29754;30022;43668;43667;29933;29932;30154;43670;30044;38001;43669;29934;43673;29752;30220;43666;31301;30221;30222;31138;43672;31054;31140;31995;31302;31168;31310;31142;31141;31139;43676;31293;43675;31997;31424;31996;43674;31609;31627;43677;43678;31741;43679;32139;31685;31610;31947;43680;31946;31999;43681;43682;43683;31998;43684;31586;32401;32000;32326;31684;32002;33109;32456;43685;43688;43686;33258;43689;33364;33365;43690;43692;33170;43687;33171;33110;33111;33142;33366;33524;33400;43693;33489;33448;33229;43694;33736;43698;43697;33735;33399;43695;33172;43691;43671;33526;32001;43696;43650;43703;37794;43702;43699;43700;43701;33449;33890;43707;33525;34052;43706;43709;43708;34278;43705;34062;67063;43704;34051;34222;43710;34462;34339;43711;34326;34463;34375;36765;34503;37062;37176;36485;43714;34170;37341;43713;43712;34502;35263;37692;43716;43718;43717;43720;35186;35173;43719;35172;43723;35311;43722;35353;35187;35310;43721;43727;43726;35589;35424;35650;43728;35590;35312;35651;35603;43724;35602;36021;35718;35767;35260;35789;35780;38867;35719;43729;43725;43715;35591;43731;36089;43732;35965;38892;43733;35768;35966;38894;38895;43734;35931;43738;43736;36039;43737;43735;38893;43740;36107;38896;43741;36155;36187;36188;38891;38897;43742;43744;38899;43745;38721;38898;38902;43743;38900;43739;38903;67065;43748;67064;38901;43750;38930;67066;43746;38868;43749;39373;43751;39424;43752;43755;39303;39423;43754;43758;43756;43753;43762;43759;43761;43764;43760;43757;43763;39524;40344;43765;43767;43766;43768;39523;39585;39801;40345;43769;43771;43747;43730;40436;39438;43773;40394;43772;43774;40423;40625;43775;40437;43777;40779;40532;43776;40593;40533;43781;40626;43783;43785;40753;43782;43779;40878;43784;43788;43787;43789;40894;43778;43780;40932;40934;40933;43793;43786;43792;43791;40893;43794;43798;43795;41627;43797;43799;40808;42071;42059;43805;43801;43796;43803;42151;43800;42257;43806;43804;43802;42296;42266;42330;42309;67071;67069;67068;67072;42295;67075;43807;67074;67076;43808;67077;67070;43031;67067;43070;67073;42265;43790;43071;43809;43354;43357;43356;43355;43072;43359;43811;43812;43625;43624;44026;43832;43358;43866;43878;44027;43817;44395;44098;44097;44427;44096;44948;44428;44648;44099;44647;44598;44649;44968;44949;44969;44962;45088;44677;44028;45091;45066;45090;44671;45068;45089;45346;45364;45361;45092;45067;45367;45365;45363;45093;45368;45347;45366;46754;45362;45444;46756;46873;45582;45443;45594;46759;46758;46256;46755;46760;46694;46258;46696;46762;46761;46695;46257;43770;46757;45442;45053;33490;48408;46874;43810;47788;47101;48265;47102;47737;47032;47702;47738;47031;48266;47739;47741;47740;47703;47129;47789;48342;47790;47865;47903;48267;47867;48219;47806;48909;48217;48269;48341;48268;48218;48343;47805;48301;47866;48303;48910;48409;48911;48743;48742;48745;49203;48912;49179;48744;48741;49182;67078;49204;49180;49183;49633;49714;49181;67079;49713;49634;49716;49715;49936;49811;49781;49813;67080;49812;50792;49814;49810;50791;50790;50794;50003;48302;49261;49262;50796;50797;49809;50801;50795;50805;50802;50798;50806;50800;50804;50807;50799;50810;50809;51775;51144;50808;51776;50862;51777;50803;51779;51782;51781;51145;51784;51778;51783;51146;51785;53413;53414;51786;51885;51780;53415;51426;51887;50863;51886;51888;53416;53418;53421;53417;53420;53422;53423;52505;53419;52507;52509;52508;53427;53424;53426;53425;52617;53429;52506;52510;52943;52757;53430;52944;53239;53577;53338;52945;53598;53339;53432;53494;53504;53601;53433;53643;53600;53599;53434;53831;53813;53431;53871;53428;67081;53815;54936;53870;53872;50793;67082;53642;55000;54938;67084;55835;67083;55515;55404;55405;55837;55001;54937;55609;67085;56260;56264;56262;56265;56261;55836;55839;56266;55840;56263;55838;56268;55860;55861;55862;56269;56267;55536;55924;56272;56071;55864;56271;55996;55110;56273;55997;56270;56126;56073;56274;56072;56249;56127;56247;56128;56275;56312;56248;56338;56046;56129;56380;56311;56514;56780;56536;56621;56408;56694;56570;56782;56569;56559;56781;56558;56276;56695;56535;56784;56654;56985;55863;56879;56878;57374;56973;57376;57375;67086;57380;56880;57140;57379;57068;57354;57378;57405;57373;57291;57406;57377;57488;57404;57381;57562;57485;57669;57642;57487;57692;57667;57730;57734;57731;57668;57733;57307;57779;57732;57808;57486;57780;57806;67087;57807;57778;57809;57810;57922;57878;57864;57924;57960;57951;57982;57962;57983;57985;57961;63564;58108;58041;58042;58345;58275;58109;58294;58096;57923;58403;58404;58344;58519;58458;58457;58503;57984;58390;58276;56783;58504;58664;57777;58666;58663;58502;58685;53814;58852;58803;58778;58850;58665;58851;58849;58752;67088;59021;59058;59213;59019;59020;59212;59233;59214;59165;59414;59378;59294;59388;59412;58879;59479;59480;59482;59481;59918;59570;59560;59919;59924;59413;59921;59922;59923;59929;59609;59312;59927;59926;59920;59928;59931;59934;59933;59932;59937;59936;59719;59687;67089;59930;59737;59938;59738;59838;59935;60001;59981;59960;59999;60000;59949;60066;60054;59998;67093;60121;67091;61400;67092;61397;61398;67090;59939;59925;61464;60067;61554;61399;67094;61661;61626;61683;61600;61651;61450;61753;61721;61720;61599;61682;61754;62047;61722;61789;61791;62066;62048;61790;62085;62084;62103;62082;62083;62081;62206;62127;62217;62126;62187;62395;62484;62316;62104;61999;62523;62520;62485;62522;62596;62431;62521;62630;62597;67095;62720;62598;62524;62862;62764;62911;62871;62920;62921;62928;63171;62763;63006;62910;63100;63566;63187;63306;63571;63565;63305;63573;63207;63570;63569;63568;63575;63574;63572;63567;63577;63005;63578;62396;61437;63432;63580;63579;63581;63671;63670;63431;64081;67096;64381;63673;67097;64384;64383;64382;64512;64562;64386;64511;64492;64536;63672;64691;64537;64692;64730;64731;64896;65133;65135;65137;65139;65136;65134;65141;64729;64385;65145;65132;65143;65142;65140;65151;65146;65153;65149;65147;65150;65144;65155;65154;64939;65152;65148;65157;65159;65158;65061;64971;65160;65032;65162;65062;65063;65165;65031;65163;65079;65164;65166;65156;65138;65080;65224;65161;65225;65064;65227;65226;65555;65530;65634;65618;67098;65661;65694;65693;65554;65920;65725;65771;65644;65903;65987;65726;65988;66204;65770;66027;66003;66002;66205;66217;66001;66430;66397;66396;66257;66521;66528;66485;66451;66674;66429;66206;66791;66701;66675;66702;65932;66887;66946;66775;66996;66965;66997;66776;66998;66947;67183;68858;67235;69142;68940;69022;69140;68941;66888;69141;69245;69143;69246;69247;69434;69336;69779;69497;69215;69936;69791;65167;69144;58584;69496;46763;22281;69998;63576;68859;70000;70001;66673;70104;69999;79150;79148;79153;70179;79152;79151;79154;79155;70501;70400;70344;79149;70634;70570;70547;70572;70464;70688;70685;70635;70571;79156;70687;70747;79158;70633;79159;70699;79161;79157;70769;79164;70686;70483;79167;79162;79166;79168;79163;79174;79170;79172;79171;79165;79176;79175;79173;71379;79169;71179;71237;71236;71355;71274;71273;71271;71539;71380;71357;71356;71540;71272;71178;79160;71583;71866;71354;71584;71978;71901;71501;72205;72044;72350;72045;72267;72246;72352;72268;72153;72437;71979;72561;72436;72863;72493;72490;72865;72491;72351;72864;72803;72492;72694;72673;72804;72733;72732;72805;72910;72866;73085;73062;72988;73064;72592;72987;73162;73063;72986;73309;73191;73163;73276;73084;73277;73192;73464;73319;73320;73387;73579;73656;73580;73712;73675;73578;74127;74094;73922;74142;74126;74128;74141;73923;73791;74311;74227;74226;74333;74309;74471;74335;74473;74472;73105;74312;71865;74334;76170;73790;74310;76217;74475;76429;76218;76431;76684;76432;76430;76623;76537;76715;76687;76685;76716;76688;76838;76839;76779;76837;76686;76538;77006;77058;77005;77034;76948;77033;77032;77059;77031;77239;77188;77187;77286;77121;77506;77439;77505;77546;76840;77384;77564;77507;77060;77509;77584;77990;77989;77692;77991;78396;77609;77993;77918;77879;77835;77995;78043;77834;77781;79179;77992;77996;79177;79182;78070;78397;79184;78486;79180;78488;79186;79185;79178;78487;79183;78490;78517;78516;77994;77508;78489;78607;79181;78751;78609;78876;78606;78783;78782;78702;78608;79188;78605;79300;79220;79189;79313;78860;79338;79361;79642;79219;79693;79563;79299;79727;79694;79726;78895;79695;79843;79878;79877;79880;79879;80105;80056;80088;80106;79876;80124;80123;79643;80125;80526;79881;80868;80107;80969;80869;80360;80527;80867;80870;81025;81054;81188;81055;81089;81276;81005;81441;81278;81443;81442;81886;81277;81026;81888;81440;81891;81525;81890;81887;81895;81885;81889;81896;81894;81759;81892;81954;81792;81897;81898;81997;81925;81924;74474;81893;81503;82083;79187;82477;82475;82474;82272;82476;80400;82621;82431;82783;82714;82478;82803;82801;82802;82510;82999;82667;83001;82804;83118;83000;83377;83376;83419;83417;83418;83375;83380;83378;83979;83420;83421;83530;83379;84091;83994;82928;84345;84199;84198;84346;84092;84446;84347;84276;84406;84769;84348;84550;84506;84445;85008;84770;84648;84405;85009;85011;85010;84771;85013;85015;85014;85012;85019;85017;85021;85020;85018;85016;85022;85023;84884;84883;85027;84772;84197;85025;84988;85029;85030;85047;85026;85028;85048;85127;85049;85306;85459;85387;85463;85336;85462;85046;85461;85637;85305;85516;85635;85634;85636;86502;86498;86500;86499;86507;86501;86505;86504;85460;85464;86506;86509;86497;86512;86503;86515;86510;86513;86511;86516;86484;86483;86549;86514;86482;86518;86517;86550;86723;86639;86724;86711;86831;86485;86919;86887;86611;87127;87132;86918;86917;87129;86726;87138;87130;87134;87136;87131;86725;86508;87133;87135;85024;87128;87140;87142;87147;87143;87141;87144;87148;87146;87137;87153;87145;87151;87149;87152;87155;87156;87154;87173;87159;87157;87161;87150;87067;87281;87174;87284;87282;87223;87224;87158;87356;87285;87423;87358;87381;87424;87283;87604;87540;87426;87160;87770;87422;87425;87357;87781;87780;87779;87930;87785;87784;87992;87783;87782;88061;88063;88062;88148;88147;88421;88419;88683;88420;88386;88757;88509;88844;88060;88761;88760;88758;88763;88762;89760;89060;89088;88759;89762;89761;89087;89059;89849;89943;89850;89763;89969;87778;89968;90068;89970;89971;90069;90121;90120;88510;90124;90156;90368;90158;90157;90123;90275;90367;90276;90159;90451;90450;90452;90122;90635;90637;90636;90837;90723;90722;90868;91166;91018;91020;90721;91167;90634;91169;91017;90449;91170;91019;91171;91106;91172;91105;91195;91104;91504;91391;91394;91393;91390;91392;91636;91503;91787;91635;91785;92379;91786;92026;91788;92566;92473;92378;92681;92586;92702;92682;92002;92872;92726;92950;92680;91732;92826;92703;87139;92567;93029;81998;89944;93099;93541;92951;91168;93052;93542;93319;93129;93777;93666;93778;93867;93803;93780;93779;93966;93318;93965;94203;93594;94254;93830;94202;94471;95320;94140;94472;94292;95321;95322;95328;95324;95326;95325;94409;95332;95331;95330;95323;93967;95327;95336;95333;95335;95341;95329;95342;95338;95340;95337;95345;95343;95339;95351;95349;95348;95347;95344;95346;94740;95352;95350;94979;95353;94742;95355;94981;95372;94741;94982;95373;94980;96004;94978;95576;95952;95953;95484;96036;96048;95334;95444;96050;95577;96285;95354;96286;96182;96342;96339;95356;96456;96340;96457;96568;96567;96664;96633;96613;96929;96569;96341;96812;96810;96813;97134;97027;97026;96811;97330;97390;97028;97194;97305;97527;97331;97391;97389;97472;97611;97528;97558;97837;97613;97795;97950;97756;96962;97836;97951;97954;97953;97952;97949;97959;97956;99041;97957;97958;99317;97960;99040;97962;99380;97961;99481;99316;99382;99381;99537;99384;99383;99483;97955;100065;99482;99540;99539;99536;100066;99541;99538;100067;100174;100068;100328;97612;100358;100326;100329;99379;100327;96049;100430;100359;100428;100935;100555;100558;100815;100937;100770;100557;101005;100556;100965;100938;100429;101235;101091;101119;101823;101237;101236;101906;101120;101488;101907;102735;102734;102736;102738;101489;102739;102737;102020;102743;100936;102742;102747;102740;102746;102744;102749;102748;102753;102752;102751;102754;102750;102745;102756;102758;102757;102755;102503;102760;102762;102761;102504;102766;102763;102878;102549;102505;102764;102768;102879;102765;102769;102882;102767;102759;102741;102885;102884;103035;103384;102883;103145;103144;103386;102881;103517;103196;103605;103230;103606;103387;103574;103362;103881;103573;103385;104106;103706;103826;103790;104054;104217;104053;104584;104256;104396;104257;104218;103946;104789;104675;104583;105057;103707;104817;105062;104818;105059;105056;105061;105060;105591;105588;105556;105589;105114;105058;105593;105592;105590;106108;106233;105658;106172;106107;106317;106355;106354;106567;106234;106356;107269;107075;106535;106353;106566;107074;107271;107270;100175;105594;107274;104790;102880;107273;108338;107275;108339;108340;108341;108343;108342;108489;108384;108383;108660;108899;108344;109371;109370;108900;108898;109378;109376;109375;109374;109380;110235;109379;109377;110238;110237;109373;109527;110239;110240;109528;110242;109525;109529;109372;110243;109526;109655;110244;109530;109656;110246;110236;109923;110247;110245;109960;109958;109815;109814;110248;110249;109962;109961;109959;110203;109966;109964;110206;110205;110297;110296;110569;110204;110536;110645;110650;109965;110648;110647;110649;110652;110298;110663;110241;109963;110646;111075;110907;111074;111078;110905;110908;111355;111013;111077;110906;111356;111079;111613;111341;111615;111614;111617;111339;112021;111076;111703;112020;111340;111704;112164;118982;112165;112163;112022;117486;117828;117827;117826;117830;117832;117831;117834;117829;117485;111616;118118;118018;118022;118020;118019;118312;118021;118311;119690;118117;118156;118983;118405;118984;118988;118986;119691;118406;118987;118993;118992;119692;118991;118990;118989;118999;118997;118996;118998;118995;119001;119003;117833;119004;119002;110651;119000;118994;118837;119044;119048;118985;119046;118838;119045;119662;119050;119049;119663;119047;119006;119661;119666;119665;119874;119664;119754;119873;119479;121216;119051;120956;121548;121192;121547;121371;121550;121549;122719;121545;122061;122351;122062;122063;121546;121551;122065;119791;122064;122353;122618;122619;122350;122451;122952;122452;122954;122450;122953;123014;123092;122955;123015;122951;123558;123560;123559;122761;123562;124032;124093;124035;124202;124033;124241;124871;124242;124872;124415;124201;124203;124416;124034;122352;124414;125167;125166;125169;125168;125171;125315;125316;125172;125170;125552;125554;126074;125801;123561;126076;125802;126008;126007;126385;125803;126387;126006;125553;126075;126480;126479;126389;126651;126649;126386;126388;126790;126792;126791;126650;126990;126992;126991;127473;126219;127469;127471;126989;128330;127470;135312;128651;127472;127474;128331;128333;128336;128335;128340;128334;128338;128339;128341;128337;128345;128344;128343;128346;128350;128349;129015;128348;128351;128332;128354;128355;128353;128362;128347;128359;128356;128358;128360;128357;128352;119005;126993;128342;128361;92952;128366;128364;107272;128368;128367;128365;128370;128372;128369;128374;124873;128376;128375;128378;128377;128379;128381;128383;129016;128371;128382;128386;128390;128388;128385;128391;129017;128392;128384;128387;128373;127919;129019;129018;128976;128389;128380;129023;127918;129471;129022;129021;129393;128977;130128;129472;129538;130179;129473;130177;129024;130178;130129;130176;130181;130435;130436;130434;130180;130473;130474;130976;131032;130977;131033;131570;131569;131034;130978;132398;131572;132400;131958;132399;131779;131959;132401;132404;132403;132402;132873;131571;129020;130472;132939;133098;133097;133309;133100;133311;133310;133315;133099;133442;133316;133314;133313;133312;133507;133508;133768;133317;134087;133767;133770;133769;134091;134089;134088;133771;134237;133872;134122;134386;134239;134238;134121;134385;134123;134904;133624;134900;134901;134090;134908;134902;134906;134903;134907;134905;134914;134912;134911;134910;135313;136771;134913;135318;134909;135316;135315;135325;135320;135321;135319;135323;135317;135327;135322;135333;135328;135335;135324;135329;135326;134453;135332;135330;132405;135334;135339;135342;135337;135331;135340;135338;135314;135347;135344;135343;135341;135353;135346;135349;135351;135348;135355;135350;135345;135352;135361;135356;136015;135357;135360;135358;136017;135359;136019;136018;136195;136194;135362;135354;136020;136196;136197;136016;136774;136200;136199;136776;136775;136772;137005;136777;136773;137336;137150;137149;137152;137338;137007;137281;137151;137761;137415;137370;137006;137730;139422;138378;137763;139416;137729;139235;138377;137762;139417;139418;138501;139420;139236;139423;139424;137337;136198;139419;140119;139421;141611;140585;140583;141625;139415;141617;141585;141613;140584;141597;143283;141600;143285;141608;141631;141614;141601;141604;141635;141593;141630;143286;141602;141634;141594;141589;141591;143284;141586;141605;141633;141579;141623;141584;141596;141598;141595;141612;141629;141590;141587;141632;141583;141622;141616;141599;143288;141610;143287;141578;141588;141607;141618;141609;141636;141619;142608;142650;142600;142599;141626;142605;142651;142649;142609;142598;142646;142602;142601;142647;142606;142604;135336;141592;142648;142603;140123;141624;142645;143122;143057;142644;143046;143052;143050;143056;143047;143048;143049;143113;143055;143114;143910;144972;145444;144549;144004;144974;146880;144973;145037;144547;144971;144370;143051;146100;145519;145441;149505;145439;146097;145038;146881;146315;146098;148557;146883;146879;146958;148184;146099;147884;147883;148185;148885;148425;148426;148745;147885;149205;149208;149206;150773;150764;149207;148882;150765;152361;150771;150767;150772;151448;150762;150769;151979;150770;152663;150763;152497;152666;151987;152360;152664;151614;146882;150774;152909;152973;152976;153473;152970;155551;153767;153472;152971;155547;155552;155553;155546;155548;151674;155549;155543;155541;155540;155757;155761;155545;155539;156240;155863;155759;155538;156242;155942;156791;155821;157138;156821;157453;157065;157118;156820;157064;156460;155550;156241;157452;158081;158438;157294;158436;158444;159316;158439;158440;160682;159324;159307;159320;161194;160683;163759;178330;163750;161374;163746;161193;163739;163741;159315;163735;163748;163747;163749;163737;163745;163848;163733;164621;163847;164625;164630;161196;163740;152910;158083;164624;163849;166556;166546;166547;166552;166548;166549;168320;163736;168318;168321;168319;166554;168314;170857;170859;170854;170863;178964;170861;168313;170860;170851;170862;170866;171667;187766;171659;170858;187231;170864;172355;171658;172034;172361;171793;187750;172356;172360;173254;187230;173255;173262;171795;170875;187757;174679;187256;174680;187761;178970;187245;174681;187263;178965;178968;187234;187247;178973;178966;178969;187241;187253;178971;187221;187753;178967;187224;187222;179318;179319;187255;187248;187759;187268;187262;187232;187751;187237;187764;187235;187233;187225;187249;187242;187246;187240;178972;187755;187228;187260;187236;187257;187238;187754;187265;187229;187267;187227;187254;187264;187250;187756;187261;187252;187765;187239;187244;187243;187259;187266;187758;187762;187226;187251;187258;187763;187111;187760;187416;187752;187917;189765;189766;189767;189510;189511;189284;189512;189508;189509;187220;187415;130262;187223;44340;11640;142607;187219;164990;65739;179136;62076;160399;62075;68997;139913;55994;65740;161976;11011;66518;17774;17773;83766;77053;17777;69481;17772;77052;17776;17775;91854;76127;83087;84727;91855;84193;71173;84726;93480;48944;137557;85895;48951;48947;48946;48949;48953;48950;48948;48957;48945;48959;48954;17778;48962;48955;48965;48958;48956;48967;48964;48963;17779;48968;55385;48969;17780;48960;48961;48966;48973;48952;48974;17781;48972;48976;48975;48978;48977;48985;48981;48983;48982;48984;48979;48988;48987;48986;17782;48980;48990;48993;48998;48994;48992;48991;71431;48999;48997;48996;49005;49001;49007;49003;48995;49000;49004;48989;48971;91192;49002;49006;49009;49014;49010;49011;49013;71432;70137;49012;49016;49015;69949;49019;71433;69335;49018;66697;49017;49021;49020;49023;49025;49026;49024;49028;49027;68961;70170;69913;49033;49030;49035;69303;49032;49036;49031;49034;69923;159517;70123;49037;49029;49022;49045;49041;49040;49043;49039;49050;49042;71434;49047;49044;49049;49054;49048;49053;49055;159516;49052;49056;49046;56045;52586;49051;17783;49648;17785;17784;49647;70095;56317;56315;56313;56314;56320;56321;56631;56318;56319;56316;69954;79273;49038;79272;66698;58831;70164;58570;58568;58567;71435;58566;58571;59716;58572;58621;58574;59858;59857;62370;58573;58569;67203;69914;62376;69425;62373;62374;62710;62375;67204;62372;69135;62371;70127;71436;70096;69426;70125;65886;65885;70124;67218;70024;65888;65891;62760;65931;65890;65889;70078;69789;69921;69924;69103;66700;70076;69076;66861;66699;69377;69079;69378;69082;69379;70315;69376;69553;130061;130060;70319;70316;70314;70313;70322;70321;70320;70318;70317;65887;70323;70312;70493;71437;79271;49008;70914;69856;72668;71995;71438;72184;72185;70784;73210;72705;73341;73269;72183;73340;73211;73018;72724;73345;73342;73533;73347;73343;73346;74241;73916;73915;74016;74015;88990;76312;88988;78030;77153;88991;78028;77154;78033;77759;88989;78034;78029;78036;73344;79218;77984;78037;78032;81911;78750;78693;78035;81594;83876;86675;81595;79690;78240;81596;81423;90526;92412;81972;83528;82574;82585;82584;90525;82568;82498;82572;82575;82571;82852;82570;82573;130062;82569;83054;108955;81421;85126;85125;130063;83767;130064;85255;78031;85124;85685;86248;84287;93529;86249;86247;93528;86250;93531;92457;88102;86950;86914;87819;86951;86246;86915;130013;88103;87504;91962;130065;93530;88713;88592;97469;89783;88488;130014;90066;89784;89051;88717;89690;90353;90527;89785;90356;86916;90355;90310;90308;90307;93562;90358;90359;91960;90357;93108;90861;90311;90862;91760;91759;90893;90714;91130;90766;130066;91338;91946;91761;91730;93563;93192;130015;93347;92630;93123;93736;93122;94108;92948;93866;93737;93048;93738;131165;131164;94054;108954;108956;91321;90354;130765;93193;130763;108957;130764;94763;94762;130971;130762;93899;93898;95257;95256;130597;94354;130767;94291;130761;94070;129817;130766;95479;129818;94680;96047;129819;99372;94469;97211;99400;95538;99371;97944;97943;97991;97945;99266;103783;99026;102995;94109;99031;99028;99033;97992;99032;99471;99027;103509;99029;103510;99666;99472;100423;99473;99668;99667;102361;102360;99688;99687;102362;99985;99665;103511;130093;102363;99981;103512;100426;100425;100993;100840;101264;100416;101269;102202;101268;101267;101298;100838;101529;100424;131079;101528;102018;97946;131131;131396;131187;102499;131188;131395;131393;131394;102498;102364;102779;102778;103459;103049;103113;160181;130094;103702;129821;129820;103693;103695;103694;102497;131327;103565;103669;103670;131192;103676;103566;103567;103819;103672;103856;103671;103817;103675;103668;104718;104460;104480;104127;104533;104662;130067;106400;130095;107095;104663;133861;105112;105257;106484;104661;129781;107150;106401;132698;106630;108404;108406;131400;132052;132697;132680;131399;109088;131166;109087;131325;131321;131080;131130;94252;107091;104177;104461;70474;128363;108881;124196;108882;131398;108880;134712;125031;131397;131322;132078;131729;108721;132039;131323;131951;108720;131126;108722;132033;131324;135922;108724;132077;109401;132042;132043;109402;109400;133265;110399;109404;109393;133044;108723;131703;110565;110564;109728;130096;130016;130068;110687;110686;110566;110567;138436;124172;110535;130017;138438;138346;138435;135198;138437;138347;110688;138439;138350;138352;134226;138353;138351;123521;138349;130097;133226;130098;112217;112289;112219;112288;112218;123515;138348;134981;122249;140653;111211;117943;117945;117946;132041;117944;132104;117950;132074;117948;117952;117951;132044;117947;132049;133473;117949;117956;117953;133472;123788;117954;127893;133089;145537;130069;130018;133267;128877;134946;144504;117955;132048;118462;117917;118821;118461;119844;152699;118822;131727;126103;129948;123789;131728;124060;124774;126104;121248;133958;126343;126102;139801;129822;139802;129947;130023;126118;124773;126509;125775;131699;136978;132342;122751;126599;132318;132414;131700;132053;132245;126073;132055;132246;125390;122483;134948;134947;127110;132244;125391;123415;138354;123790;127111;138355;131778;132100;127099;124277;127098;134951;123791;127916;126507;124589;129499;134713;127912;127917;128526;130092;127913;123795;132723;123793;127050;127049;128421;128113;129812;123792;124061;128051;128114;124325;126100;126822;126119;128615;138440;123794;126105;126101;137073;124331;124334;124326;139324;126341;134213;124332;137072;136768;137235;137234;136973;138380;136829;128064;139806;126823;137075;137074;134894;128063;136971;124333;125341;136972;126916;126310;125256;126632;125032;129823;131697;126311;129980;129981;136481;133726;132241;132720;128684;130768;139666;132678;130916;129945;130972;128418;128769;128281;130974;128079;129946;128058;130975;132719;131698;136482;128419;132679;126446;136483;126342;132242;130973;125679;134227;126344;125776;130917;127044;126005;140220;134173;147878;126340;147766;128685;126639;126701;126645;128053;126643;126640;126629;128034;128054;143157;126642;127121;126646;133043;137052;127118;128532;147761;127900;128546;128081;128112;128533;137243;128120;142497;127123;131427;126644;125778;128325;126477;128550;128119;136970;128683;131946;132772;128761;132855;128760;130174;134889;128757;129558;136712;130021;129713;128547;129536;129592;129591;129779;135674;129816;134562;129586;130022;129732;129733;129827;129588;129537;129584;129530;129695;129778;129533;129531;129694;129532;129780;133850;129943;129777;133851;139850;133842;138025;138024;133841;130397;130272;129813;129815;134108;129810;129824;135897;130594;129809;130367;134383;129944;129942;130213;129811;129850;130457;134448;135291;134450;129826;133046;135294;135295;140191;129814;134449;130090;130210;130368;130211;140190;130399;129982;130464;130258;132751;131020;132750;130208;130624;130593;130207;131231;131428;151459;131075;130398;131230;132718;131076;139068;131288;131228;131229;134115;131739;136719;147653;131403;135289;140632;133000;131024;130259;133403;133408;132721;133864;141500;133261;133001;135407;133409;147732;147650;133405;133603;133720;133406;133604;147651;134447;133961;142018;133722;140631;140721;140656;134233;134234;134107;134230;134566;134232;134231;131232;134567;134415;134565;134417;133960;131183;134229;134414;133721;134224;134235;134326;140203;134568;134236;134219;147764;148021;83871;151483;147654;82429;166905;86104;78827;134443;138881;150073;143219;143231;162482;146084;148097;143234;148951;187986;148216;139800;148217;148091;148221;153895;148220;134164;177079;148096;150027;161442;166904;150026;178417;173975;186473;161699;148646;152176;146581;139411;144945;165762;142589;137085;150807;149448;148655;150811;154928;148451;144950;148450;160400;149812;161212;182202;161213;151441;182200;136588;180453;161813;148223;136589;148222;136831;161869;138375;136830;149526;165533;139543;186474;152024;161882;149525;155370;155369;161883;138893;138892;137559;137558;149314;149302;154725;149301;152025;149303;149313;154726;148306;136916;186714;186713;149877;173731;160479;150996;164087;149304;161501;173732;161500;155444;136917;149311;149312;161262;149851;152674;152673;161263;160889;160762;164349;137659;164350;137660;137135;149852;137661;160763;137662;161183;152670;181183;136915;136914;160403;161182;138895;138894;137136;139064;182523;152671;134413;129291;160890;161868;155445;149354;154829;154828;168874;155024;178025;149355;178026;155676;149470;168873;141831;149471;141830;155025;139517;150997;139425;156946;145513;139577;173249;140202;166052;137840;171879;152936;145692;152961;157877;182351;165349;168023;143155;151019;152974;155677;160289;179741;183037;151487;138017;158563;138016;142493;147765;181471;172427;153258;182153;139035;172428;156884;141499;179740;139927;185165;149469;182614;189942;142909;139228;182616;139792;160336;182613;182579;162881;149467;180176;182615;162882;148694;145263;154929;142908;154931;160085;182581;180175;189531;182580;148970;180547;180549;189532;148643;180548;170514;189533;148969;139605;146214;139229;149468;162981;163102;138373;173300;148968;162979;135859;166017;162980;140098;144503;139539;139516;151216;139805;140099;145793;139468;139804;139426;160239;140100;139540;163101;139470;145509;139004;139542;139803;137850;139469;140102;176106;143424;176115;140101;139007;166791;186227;139576;176105;134053;173971;176108;147763;166391;152540;171791;163476;140402;134444;166918;147146;135012;171792;167051;140273;169768;178020;140212;166911;141352;178019;153943;145553;170894;145555;134054;146056;149844;169767;162384;154930;149847;162385;148101;149843;165530;153563;142366;149842;137629;153561;144197;153560;148092;165760;152813;153398;177367;180164;161604;165761;152527;141361;138446;158651;148099;177368;167270;168870;142213;154851;149352;152390;162854;148381;159715;167397;161247;149846;168326;160491;155447;161007;149845;142211;141358;145250;154723;136621;168327;149325;181009;161187;138040;181008;136612;136614;136615;160719;136700;147762;149371;161178;161179;136587;137406;161043;152749;142143;136827;168869;154853;138376;155315;155451;149298;167271;168647;168646;136622;146203;152750;152410;170015;136918;160639;152485;136669;140221;161661;142363;184170;149209;149465;184455;155450;173792;155449;149370;161002;161192;142364;160535;142214;168051;168050;162015;162014;161191;136891;150059;164500;142424;152122;152121;142423;149718;141832;148836;142425;161364;183214;186212;146057;186210;150058;183215;149979;186211;161363;146058;137836;155733;154343;155734;142496;137835;160376;146213;141117;139230;141231;159758;174016;139037;146264;141230;137564;145554;149454;140218;141116;137147;139926;137280;148296;137901;141113;138147;137903;141114;152658;165532;189764;148104;142959;141172;137902;148107;165677;148106;148100;183777;165678;166016;138094;143154;141397;142053;137148;153554;149789;141193;148102;138092;141372;142891;166458;165704;173250;159712;141373;142958;168368;141371;140222;148327;151374;148427;137182;141398;148103;138211;173737;141369;141368;183167;140111;140799;165215;153207;140223;151375;141266;148250;153209;140793;183213;134451;172406;147816;142592;153208;161524;153203;160084;173805;148095;153153;171233;147649;153154;152131;137143;172375;143490;153564;133401;146480;153206;166914;169426;176113;180098;158584;166915;176114;184454;146481;141351;176871;160083;146618;176110;173952;184195;153950;176483;184196;181422;139604;170964;185899;166681;153947;166917;166907;185898;176103;181423;176102;181007;133651;135902;166916;154878;135971;171601;143220;151662;141354;170958;166382;150862;149455;140271;150861;184453;140219;153204;142593;140505;140270;165759;141437;153224;189726;149300;160086;165758;151020;141461;148098;138152;158207;149299;158208;140097;160029;149368;149957;156947;171894;171895;164453;164840;140185;171838;158887;149310;157903;168367;152877;146805;158559;180173;137184;137203;139922;180171;152529;146804;140131;149719;180229;140186;180169;139665;188003;173977;180167;173976;180168;140189;155019;188002;137332;180170;134711;137361;169453;152987;142472;182681;170967;166375;142473;174928;170018;154197;166376;148124;152213;138587;166374;170017;134707;164530;140272;153257;139664;146266;138019;137852;141467;139067;139747;138327;146268;146267;189633;163883;140216;152212;173978;140452;148652;171072;170159;173970;148712;154932;163404;173431;164375;173969;188066;161088;153562;151661;153556;154348;159718;153555;150141;165529;165534;149327;139232;151915;149363;149330;150052;163884;141370;149364;142033;147964;145706;148105;165531;151467;151132;150992;145707;149365;145708;150990;183315;147962;165528;151133;150050;159722;139029;153551;146307;147963;159717;153549;144279;139614;160404;145501;151916;159721;141438;174456;159720;150051;150339;147733;187060;176111;147758;134445;163475;136671;149362;147147;157361;152812;155300;166913;136748;167050;137145;171790;137144;146211;161120;148320;161865;161866;146212;184456;140403;184169;141171;157157;137141;184457;165676;137142;178100;136623;178101;158586;141170;165675;187166;141356;145265;141357;137408;137630;137407;152130;137655;137631;137656;138359;133530;154438;187971;142824;163083;149849;163081;153944;154234;154233;142495;139545;163082;160375;137856;137654;160316;160302;162883;146450;146202;140213;143150;163056;139413;163057;151154;141115;135766;147759;137134;147622;142659;186612;148959;143217;148978;173248;149880;151187;145422;145547;182135;148957;149329;146216;148962;142494;142995;164823;145552;149328;145551;142490;145556;148447;178185;147760;147877;147756;143216;147757;142660;142365;142373;143232;141192;147652;142597;147876;160501;142661;160306;160305;145557;139325;137185;137241;139799;137649;138015;164904;138018;133407;146594;143165;140456;133404;150848;150847;148954;139599;139575;140269;136120;142880;140268;143475;139600;141353;139597;142590;144929;139582;142879;183298;141083;138148;142503;137183;139327;138524;166015;139036;144196;165591;165700;165695;183035;160089;166678;135858;164290;139544;140404;167049;181789;166912;149809;148093;141119;149450;142890;148090;138361;148094;143153;17787;153219;137851;141460;148448;17786;153694;147893;165241;71153;71925;72725;71926;72487;138876;72458;78557;72485;82586;82587;72559;70457;72510;72338;73455;72141;76882;73827;72460;73755;70894;73457;73456;78064;72140;71924;134446;77411;76970;70399;78691;76588;79146;77682;76865;78690;77681;77051;74036;73458;74443;82589;82473;76972;73027;77222;83733;79744;82590;77729;81912;76790;82666;78919;78918;82588;91426;83734;79359;89083;87821;81913;93113;87847;78825;78858;73829;73828;76971;78824;79577;79249;79250;76968;77284;79625;76969;83904;73436;76881;78737;79667;83782;83183;79803;17791;17788;80460;17789;68991;99233;17790;10682;17792;99234;69985;69912;74010;10561;91427;17795;69134;76126;149982;78894;87820;150849;69853;72509;10045;33943;11014;33944;66023;140294;61518;81671;78676;71464;81978;65941;82270;88100;86302;85266;87894;76491;54954;95951;93382;110563;59820;104479;88595;100790;85267;59821;97226;149502;69138;63644;54953;91731;59819;85541;151442;107004;88596;182519;59227;91963;81574;91964;61514;61515;155349;11012;133304;10545;131952;32130;69950;32131;69951;70136;69952;64555;70092;58512;76121;77987;80283;93939;81546;69953;79668;76128;70089;90312;70090;70091;79124;17793;142662;77968;83466;101357;110518;23938;112019;180055;85449;133723;10046;128052;179223;143384;94470;69075;10970;101265;138362;68960;187061;10387;152532;69922;103193;96802;12023;10971;11689;61575;10700;89033;66202;61577;61576;78387;76346;73736;69074;74146;61492;61574;169452;74147;47864;184452;133305;71430;69102;67217;183312;84500;84501;69802;17794;11791;69801;166624;87954;70073;72728;97471;73754;86913;76130;76129;69788;60107;16202;66696;69058;69059;91343;72727;16201;91342;87506;86152;152530;99706;86193;10754;91344;66762;101531;104462;86192;100323;107259;93400;70166;67245;82701;80302;122347;70167;100843;118088;90591;118145;82740;130503;112121;66860;69925;112122;90590;88593;69926;87849;143233;83877;69078;69133;122115;148264;69077;109118;88594;156566;69825;148445;156567;79584;10972;128176;155301;83769;83768;126587;126586;81407;69047;79581;76131;69049;81952;70079;81973;77760;69048;69046;69050;83731;72180;186298;83771;83770;83773;90539;97021;90541;86123;76125;90540;85649;78596;72181;76132;69019;78625;81408;97326;128177;88527;92045;85651;86544;72245;70198;72182;103112;70196;81953;82702;78770;78767;81974;70197;85650;70169;69919;91961;70088;141084;80282;129969;93478;129972;129970;25550;42960;25549;55568;69854;93479;25906;71841;71838;129971;11013;96772;69855;164905;101816;69131;119287;69081;101817;130173;69469;96908;70122;69495;69468;78624;86153;69080;33942;69447;19559;96907;64437;55653;62777;55474;142019;55473;48275;55927;24742;179137;142020;40614;42961;58563;25682;58562;40615;69128;62308;40616;166439;69136;59018;56392;51663;59017;62309;96630;62310;154777;51664;52545;52546;52547;137003;176631;171073;92039;177345;171593;67193;189179;148403;38663;149481;150791;134975;130592;152046;140758;70741;59310;171597;63325;76571;69129;154423;63339;56282;148647;159482;159484;159483;159480;159481;20220;74190;55553;55542;57362;58388;64246;79859;65928;66526;63690;70915;78480;85745;82780;117480;93245;91677;86948;103194;122535;109017;99669;138573;129388;125880;134765;153433;91102;135593;132019;178703;166095;161166;178229;178416;68881;148039;122236;72093;63689;72092;172595;68929;55514;25369;58650;21917;126988;20889;126050;58952;20827;58951;58230;22308;100161;77390;126953;185766;161972;59243;65789;25494;111967;45435;182208;51923;136945;63642;175115;70656;161177;45434;51922;48382;159817;176414;140633;23741;45043;58990;58989;32442;186916;33946;157653;149879;69937;42501;131326;171858;171859;171860;11756;181409;178813;15860;152356;28330;106757;109596;72742;19554;18117;18119;19553;168981;72741;54841;187048;70455;62369;84826;76110;70456;84020;82824;69800;76111;94898;87764;86002;84827;84021;87765;94899;101161;103253;126635;77571;138332;103252;138333;126636;108588;134167;134166;143483;171316;147892;143485;147891;143553;163699;151352;144811;151458;108589;151456;147890;151457;157424;163700;157142;151455;171314;157245;157189;157246;157190;157423;147889;157141;18118;101162;171317;175811;171315;175279;175136;175102;175810;175063;175133;179313;175064;175132;23935;179339;179312;179337;175280;179338;175135;175281;34195;23936;39007;23937;33763;76112;58293;34056;62629;30153;49120;51841;43172;91335;84022;53547;79245;84828;91336;50451;76113;62701;46766;40662;56928;51840;76114;59905;71519;25905;59644;76115;34475;60098;46173;28227;33128;70454;36216;101163;103254;42044;144810;143484;86653;22416;22017;11896;22447;91824;91337;55690;10871;24699;15486;10736;11616;22016;143552;59904;122583;76116;22417;101031;101032;101092;101121;101065;101033;82085;101173;101210;101208;101175;101211;82084;101209;101239;101275;101320;101238;101378;82086;101274;101318;101174;101319;101377;101376;101775;101321;101553;101552;101824;101791;101536;101774;101856;82087;101908;82088;102039;101937;101909;101935;101982;102041;101960;102042;101936;101792;82089;102043;102096;102437;102044;102085;102438;102220;102441;102440;102481;102439;102368;102482;101535;175278;102594;102040;11798;82090;102786;102596;102784;102628;82091;102788;102787;102785;102823;102886;102824;102805;102804;102789;102806;102597;102845;102843;102889;102887;102923;102888;102890;102961;102924;103092;102962;102891;82093;103094;102982;82092;103036;102925;102844;103095;103257;102926;82094;103093;103363;103258;103388;103390;103430;103330;82095;103428;103427;103389;103391;103429;103469;103460;103431;103577;103471;103472;103607;103518;103576;103709;103575;103683;103713;103519;103711;103710;103470;103197;103682;82097;103708;103756;82096;103947;103791;104055;103858;103712;82098;103949;103948;103988;104184;104133;104056;103990;103989;103991;104220;104186;104185;104335;104299;104301;104336;104481;104219;104337;104300;104364;82099;104338;104399;104439;104413;104438;104464;104412;104397;104221;104585;104502;82100;104676;104534;104679;104398;104677;104680;104501;104683;104563;104708;82101;104681;104678;104720;104709;104682;104747;104746;104745;104748;104744;104936;104751;104750;82102;104749;82103;104938;104937;105117;105115;104939;105118;105116;105009;103714;104791;104721;105169;105325;105194;82104;105193;105328;105327;104440;105326;105424;105395;105396;105394;105378;105426;105425;105429;105360;105494;105496;105423;105428;105427;105557;105495;105488;105661;105621;82106;82105;105622;105465;105702;105659;105703;105660;106075;105734;105797;105753;105701;106174;105518;106175;106055;106206;105798;106205;82107;82108;106054;106209;106207;106408;106208;106211;106318;106173;106407;106411;82109;106464;106410;106463;106409;106536;82110;106592;106590;106589;106508;106210;106659;105662;106697;106591;106724;106633;106723;82111;106722;106725;106780;106781;106808;106851;106819;106872;106873;106981;106953;82112;106982;106984;107076;106954;106904;107133;107118;106779;107104;106985;107151;82113;107277;107242;106809;107152;82114;107276;107134;108385;106983;107105;108416;107278;108415;108604;108568;108567;108569;108605;108606;82115;108609;108608;108693;108662;108692;108694;108727;108726;108661;108695;108729;108767;82116;108766;108768;108815;108765;108788;108901;82117;108764;108814;108903;108770;108902;105168;108769;102595;108728;108522;106696;109044;109045;82118;109043;109064;109149;109062;109063;109091;109089;82119;109188;109283;109217;109148;109328;109187;109381;109284;109347;109407;109090;109346;109348;109531;82120;109657;109408;109585;109586;109584;109327;109735;82121;109409;109737;109872;110160;109738;109924;110162;109734;110163;110055;110158;110164;110159;110313;82122;110696;110314;110725;110250;110161;110726;110727;110724;110312;110697;110728;110785;110817;110815;110814;110818;110819;110816;82123;110840;110927;110909;109736;82124;110786;110946;110664;110926;111082;111046;110948;110947;111083;111081;82125;111080;111084;111086;111085;111111;111166;82126;111167;111165;111171;111170;111223;111172;111168;111313;111221;111312;111311;82127;111222;111357;111315;111390;111359;111388;111392;111314;82128;111393;111358;111391;111533;111169;111519;111556;111389;111520;111618;111555;111762;82129;111764;111705;111765;111467;111651;111554;111983;111763;112050;112048;111982;112126;112166;112047;112049;112127;112125;111984;112184;112065;112168;112195;82131;112228;82132;112196;112226;112229;112227;112197;110945;112225;112231;82130;111394;112167;117295;117349;117351;117366;117296;82133;117432;117367;117501;117434;117487;117502;117350;117619;117610;117609;117433;117640;117643;117641;117464;117711;117618;82134;82135;117593;117715;117712;117810;117713;117673;117835;117642;82136;117837;117714;117889;117811;117907;117836;117620;82137;118070;118215;118120;118157;118240;118119;118214;118468;118096;118503;118364;118313;118407;118239;118469;82138;118504;118577;118471;118597;118470;118753;118596;118578;118808;118735;118733;82140;118734;118807;118891;118888;118839;118890;118938;118892;117908;82141;82139;119100;118806;119053;119039;119104;119102;119101;119054;118889;119121;119151;119119;119105;119152;119153;119120;82142;119103;82144;119267;119310;119266;82143;119425;119311;119289;119122;119729;119693;119560;119667;119816;119695;119730;119847;119849;119876;119312;119123;119878;82145;119694;119941;82146;119889;120957;119875;120960;119890;120959;119942;82147;121055;119877;120962;120958;120988;121071;121193;120961;119957;121316;121314;121313;121233;121372;82148;121436;121398;121423;121315;121399;121424;121480;121437;121397;112230;119848;121133;119052;121482;121483;82149;121554;121552;121622;121517;121624;121518;121556;121555;121553;121623;121627;121625;82150;82151;122037;122097;122067;122036;122098;122195;122038;122100;122066;82152;122263;122265;122262;122101;121626;122267;122196;122404;122405;122319;122264;122320;122318;122099;122430;122453;82153;122454;122512;122491;122514;122511;122490;122431;122548;122547;82154;122515;122721;122549;122620;122604;122550;122826;82155;122762;122824;122720;122266;82156;122828;122603;122825;122513;122931;122829;122879;122929;123016;122928;122932;122956;123093;123018;122930;123017;82158;123094;123019;82157;123470;123135;123420;123522;123095;123471;82159;123524;123421;123563;123525;123528;123526;123096;123564;123529;123567;123523;123798;123527;123832;123689;82160;123959;123566;123833;124204;124218;124036;82161;123690;124243;124283;124217;124307;123834;124342;124065;124094;124595;82162;124306;124340;124341;124463;124343;124658;124597;124596;124417;124339;124656;122827;124657;123565;124659;124282;124598;124720;124874;124777;82164;125093;124778;125174;124875;125175;125268;125297;125269;125266;125317;125267;82166;125478;125173;125298;125407;82165;125408;125374;125412;125410;125270;125413;125411;125479;125409;82298;125555;125741;125607;125644;125740;125682;125296;125927;125836;125837;126010;125957;82299;125958;125956;126009;125928;125926;82300;126078;126054;126077;126126;126223;126220;126247;126221;126347;126248;126348;126079;82301;126350;126349;126511;126222;126513;125606;126481;126512;126482;126606;126528;126605;126833;126011;126607;126793;126652;82593;126653;82479;126836;126832;127101;126926;126835;127475;126927;127478;126965;127076;82594;126964;127482;127479;127480;127481;127476;127485;127483;127477;127821;126834;127820;82645;127866;127863;127864;127921;127484;127865;127924;127923;127925;82646;127862;127926;128082;128038;127927;128305;128122;128124;128123;128306;127922;128179;128395;82167;128393;128427;128426;128425;128424;82669;82668;128509;128555;128557;127920;128556;128428;128394;108904;128618;126390;128743;128121;82715;128619;121481;128778;128779;128881;128777;128781;129025;82163;128880;82716;129304;129105;129305;129106;128882;129409;128780;129410;129363;129362;128883;129411;129408;82717;129505;129477;129476;129571;129595;129594;129697;129572;129539;129475;129361;82718;129766;129474;129828;129799;129800;129801;129765;82743;129855;130031;130029;129735;129853;129854;130072;130130;130283;130133;130030;130132;130284;130182;130131;82784;130287;130405;130285;83002;130407;130406;130521;130408;130286;130348;130523;130071;129734;130522;130772;130771;130769;130773;130770;130918;131084;130980;82785;131137;131134;131085;131136;130979;82168;131138;131135;131035;131429;131245;131247;131293;82837;131248;131291;131292;131246;131430;131434;131329;131432;131431;131330;131436;131331;131328;131740;131433;131780;82860;131437;131783;131781;131705;131963;82805;131837;131962;131960;82861;131965;131964;131961;132105;132059;132107;82862;132060;132081;132106;132080;132344;132325;132268;132420;131782;132346;132421;132345;132406;132267;132422;131435;130611;132592;132514;132058;132513;132590;132591;82904;132681;132941;132682;132758;132940;132759;132777;133101;132593;83060;132776;133103;133218;133104;133105;133150;133219;133362;133229;133228;133320;132874;133321;133277;133276;133102;133322;133318;133319;83119;133411;133364;133363;83142;133414;133366;133365;133413;133324;133532;133509;133654;133562;83164;82169;133561;133412;133730;133728;133698;133697;83143;133656;133773;133772;133729;133876;133814;133874;133873;133813;133877;133875;134240;133655;134092;133323;83144;134093;134241;134125;134124;134178;134177;134176;134179;134175;134244;134181;83165;134242;134352;134243;134182;134429;134126;134432;134430;134245;134180;134632;134630;134716;134454;134633;134631;134431;134576;134767;134766;134768;134683;134770;134769;83167;134879;134881;134880;134771;134983;134916;134955;83168;135101;135099;135098;134982;135363;83166;135190;135102;135495;135364;135100;136630;135496;83190;135205;135722;135497;135721;135596;135939;135975;135724;135977;135976;135723;135980;135979;83476;135981;136201;135978;135498;136068;136202;136067;136204;134915;133967;82863;136290;136206;136205;82170;136288;136427;136289;136367;136368;136484;136412;136429;136951;83498;136631;83499;136366;136428;136720;136702;136673;136832;136833;136674;136893;83545;136835;136983;136834;136952;136981;136979;136980;136985;136836;83500;136982;137154;136672;137008;137205;136986;83531;137153;136987;137283;137248;137284;137247;137206;137282;137339;137207;137419;137417;137416;137372;137670;137572;137671;137859;137418;137861;83819;137858;83747;137672;137860;137371;137841;137863;137862;137909;137887;137907;137906;137908;136984;138064;137910;83905;138063;137911;138224;138390;138389;83886;138062;138392;138364;138529;138393;138578;138781;138783;138859;138910;138913;138912;138911;139008;138782;138391;139244;139095;139009;138858;139097;83864;83865;139207;139096;139208;139209;139098;139246;139245;82171;139253;139250;139249;139247;83866;139252;139248;139340;139251;139387;139341;139429;139427;139519;139430;139428;139388;139624;139551;139552;139520;139625;83887;139626;139627;137886;139585;83888;139629;139518;139675;139094;139297;139758;139630;139756;139773;139703;139735;139760;139757;140046;83906;139775;139776;139928;139774;139876;139759;140051;140049;140052;140050;83907;140056;140054;140053;140134;140058;140057;140103;140048;140295;140225;140224;140297;140468;140055;140539;83918;140469;140298;83995;140606;140538;140804;140541;140931;140665;140808;140047;84023;140805;140807;140810;140806;141062;140540;140933;140932;140935;141132;84061;141133;141136;141131;141135;141137;140934;84062;141246;141291;141272;140296;141247;82172;141271;141286;141389;140809;141466;141378;141379;141508;141134;84093;141463;141791;141792;141794;142052;141901;142011;141910;141872;84130;142159;142176;142107;142199;142174;142153;142155;142169;142158;143107;142105;142632;142571;142633;142504;142551;84094;142546;142206;142202;142619;142521;142667;142616;84165;142670;142861;142832;142827;142849;142924;84166;142918;142825;142926;143099;142936;143104;142931;143170;143133;142623;142845;143193;143169;143185;143308;84252;143224;143226;143138;143392;84253;143305;143386;143336;142634;143401;141287;143323;143186;139628;136203;143109;143388;143459;143435;143440;143519;143512;84294;143594;143461;143597;143527;144097;144022;144023;144092;144152;144099;84295;144343;143518;144494;144262;144029;144350;144444;82173;144441;144439;144595;144541;144478;144490;84296;144681;144587;144574;144638;144497;144264;144636;144738;144666;144735;144723;84349;84297;144657;144762;144814;144836;145167;144758;144725;144925;144825;144956;145237;145165;84407;145208;145531;145384;145437;145427;145217;145724;145772;145475;145259;146053;144627;146163;146155;144924;84408;146133;146119;84433;146191;146324;146283;146278;146321;146129;146527;146361;146473;146372;146512;146360;146466;84434;146504;146609;146291;146700;146612;146555;146608;146610;146677;146699;146736;146666;146604;84435;146521;146919;146667;146665;146893;146602;146981;147179;146968;146945;146974;147176;84447;147187;147685;146887;84448;147548;147744;147800;147772;147532;147903;147775;147182;147901;147902;147813;147926;147928;148080;147898;148173;147960;148166;148053;82174;84471;146725;147797;145725;84472;148254;148270;148275;148072;148272;148311;148302;148363;148312;148322;84473;148323;148301;148206;148440;148623;148416;148762;148610;148749;84494;148508;148965;148926;149008;149016;149015;148701;148442;149019;149004;148927;149034;149009;84495;149103;149036;149037;84507;149003;149345;149344;149246;149339;149427;149040;149342;149261;149262;149372;149426;149492;149517;149488;84508;149485;149889;149568;149515;150005;149423;150111;150107;149518;150255;150097;150262;150099;150303;150272;150173;149854;150333;149460;84551;149014;150309;150453;150336;150454;150805;150796;150703;150467;151006;150985;150904;151111;150984;151044;84597;151131;151361;151264;151368;151192;84676;82175;151486;150806;151219;151480;151265;151373;151676;84677;151370;152075;151516;151369;151677;151812;151834;153148;151891;151028;152078;152012;152006;84812;152170;152194;152215;152171;84831;152193;152223;152214;152519;152349;152228;152547;152517;152384;152059;152486;152535;152217;152662;154200;152737;84832;152773;152723;153132;152739;152983;152607;152966;152898;148146;152899;150301;84833;153217;151829;153480;153226;153026;153216;84834;152383;153431;153482;153548;153481;153600;153601;153741;153845;153772;84835;153808;153811;153843;153571;153810;153841;153809;153965;153844;153966;154020;154021;153996;154114;153994;84885;154331;154257;154427;154410;153842;154330;154733;154514;154627;154195;84932;154736;82176;153846;154752;154739;154749;154731;154747;154881;84989;154754;154753;84990;154923;154882;154920;154237;154936;154950;155123;154751;155060;155016;155440;155346;155439;155312;155013;155622;155604;155658;155710;84991;155683;155711;85050;155639;155712;155707;155721;155713;155738;155848;155822;154735;155014;155740;155921;85051;155922;155675;156159;156039;156315;156163;155924;156173;85052;156234;155861;156396;156018;156318;156321;156335;156160;156320;156334;156332;156336;156333;156329;156384;156322;85128;156314;156328;156386;156391;156385;156418;156457;156449;156417;85233;156691;156394;156419;156575;156392;156770;156690;156765;156789;156766;156964;156965;85278;85279;156576;156818;156963;156794;157058;157055;156920;156954;85280;157048;157250;157255;157047;156773;156955;156393;157254;155739;82177;158247;157262;157324;157248;157321;157379;157261;85418;157401;157846;157365;158049;157397;157901;158032;157409;158084;85465;158026;158170;158510;158067;158196;157407;158035;158681;85419;158511;158649;158676;158450;158685;159090;158647;158783;158698;158675;158747;158819;158820;158821;158996;158045;159002;158978;85546;85547;159076;159069;159001;158933;159072;159003;159141;159077;159116;85584;159140;159318;159079;159397;159321;159317;159329;159586;159472;159511;159625;159473;85585;159615;159762;159624;159626;159632;159662;85586;159636;160304;159474;158850;160303;159663;160453;159742;159770;85654;160398;160409;160631;160475;160979;160971;160408;82178;161327;160528;161244;160714;161202;160680;161200;85655;161207;161203;161199;161218;160978;161205;161201;161335;161243;161242;161398;161432;161433;161435;161428;161463;85656;161515;161188;161461;161614;161472;161624;161612;161655;85695;161514;161628;161685;161618;161688;161700;161802;161794;161684;161725;161656;161837;161836;162167;161906;161838;161962;161990;161913;161940;162406;162402;162125;162296;162427;161806;161907;162488;162408;162612;162596;159716;157252;162504;85807;85769;143410;85663;152982;162610;162597;128558;162674;162623;162611;162682;163959;163851;162697;164284;164082;164083;85808;164279;164323;164285;164260;164472;164317;85888;164417;164646;164081;164653;164482;164523;164685;164477;164672;85931;164484;164531;164532;164674;164961;82179;164282;164676;164684;164647;164935;164677;164827;164947;86049;164678;164945;164991;164963;165206;86021;165186;164946;165216;165224;165327;165256;165219;165295;165476;165431;86022;165510;164992;165685;165477;165605;165592;165513;165604;165593;165642;165647;86195;165623;165449;165654;164675;165626;165708;165217;165784;165715;165789;165709;86127;165550;166092;165995;166002;166068;166040;166004;166069;86154;166426;166094;166182;166020;166330;165983;166227;166429;166566;166562;166234;166671;166502;166708;166698;166589;166572;166707;166441;86196;166676;86155;166734;166709;167042;166091;166732;166750;166822;167202;166779;167053;167296;86197;167043;167277;167256;167207;167353;167055;86211;167748;167532;167432;167092;167785;167780;167910;82180;167926;167912;167917;167914;165641;167276;166735;167913;167781;168015;168147;168049;168205;168204;168171;168207;86213;168390;168229;168264;168233;168183;168206;168380;168389;168385;168386;168379;168260;168399;168408;86225;168403;86226;168404;168463;168488;168418;168388;168405;168449;168315;168485;168624;168639;168626;168625;168705;168916;168860;168740;168447;86227;168857;169293;169294;168859;169296;169286;86357;169300;169439;168855;169424;169445;169284;169440;169451;169446;169438;169694;169450;169913;169693;86406;169915;169802;170079;170076;169695;86428;169447;169428;170205;169736;170056;170164;170055;170240;170183;170182;168487;170409;86429;170563;170459;170887;170680;170760;170889;170878;170609;170206;86446;170697;170880;170757;170888;170763;170759;170895;170885;170881;170893;170883;170884;170882;86551;170915;82181;170877;170983;170886;170939;171215;171060;171085;170758;171357;86552;171041;171378;171143;171377;171624;86553;171571;171394;171626;171186;171691;171786;171363;171633;171642;171669;171670;171643;171761;171753;171870;171815;171837;171903;171690;171861;171749;170879;171785;170053;86212;86579;171901;86578;171958;171917;171904;171925;171871;172449;171918;86640;171932;172079;172109;172087;172680;172030;172110;172487;172141;86641;172486;172481;172554;172658;172599;172508;173400;173457;173416;173779;173399;173714;173791;173721;86676;173047;172482;173788;173789;173763;173923;173849;173776;173778;86677;174170;173979;174045;174177;174041;174179;174418;174043;174704;174028;174042;174722;174683;86712;174589;82182;86793;174685;174700;174962;175925;175926;174967;174969;174963;174970;174709;174964;174677;175046;173742;175154;174966;174436;175048;175045;174968;175656;175551;175578;86920;175929;175665;175804;175805;176221;175676;175576;176199;175675;86907;176433;176213;176434;176521;176347;176214;176457;176658;176190;176730;176635;86952;176464;176437;175966;176638;176657;176729;176485;176980;176884;86953;176985;177110;177254;177218;177427;177421;177457;177451;177513;177106;177456;177462;87056;177458;177400;177650;177654;177492;87068;177640;177612;177553;177792;177791;178004;177811;177636;177886;176664;177512;86794;177890;178040;178397;177875;178638;178053;178052;178114;178172;178637;178041;87070;178290;87069;178115;178149;178174;178218;178173;178322;178452;178479;178480;87071;178781;178762;82183;178956;178951;178840;178958;178842;179050;87072;178788;178841;179135;178300;179309;179360;179214;179386;179387;179509;179419;179425;179739;179629;179631;87073;179934;179876;179808;179737;179933;179908;179426;179900;179924;180038;179935;180017;179973;180100;179972;87075;180221;180019;180267;180182;180207;180205;87076;87074;179074;180516;180521;180270;180269;180524;180517;180039;180518;181125;181255;180514;181187;180546;181447;87111;181320;181181;181444;181510;181445;181278;181210;181626;87112;181562;181516;181697;181648;181647;181792;181775;181818;181835;181836;87186;181696;181858;181846;182377;181511;182370;182157;182167;182409;181857;182403;182414;182408;182405;182417;182404;182381;182430;182416;182369;182650;182472;182752;182585;87265;182753;182584;182760;182942;182648;182755;87266;182762;182763;181845;182933;180220;171885;182761;178396;182754;183490;82184;183091;183195;87267;183491;183089;182961;183678;183748;183688;183837;183749;183747;183680;183975;183912;183199;183996;87268;183523;184024;184084;184003;184005;184023;184075;184061;184274;184788;184094;185343;185377;185522;184004;87286;87287;185523;184444;186007;185366;185980;185477;186040;186018;87315;186019;186244;186223;186205;185962;186281;186245;186305;186332;186288;186290;184006;186304;87316;186413;186282;186513;186540;186524;186485;186486;186379;186584;186526;186512;186966;186967;186663;186525;87330;186380;186843;186866;185740;187045;187286;187050;87427;187271;82185;87508;189358;189094;189095;189372;189282;186487;189389;189484;189491;189489;189772;189604;189722;189721;189870;189267;189891;189848;189836;87607;189892;87606;189916;87605;87682;189756;87738;92678;189518;87850;87729;87933;87931;87897;189090;87884;87826;87976;87956;87932;87958;87957;88106;87975;87994;88023;82186;87977;87683;88107;88388;88105;88108;88491;87978;88492;87993;88387;88493;88494;88422;82188;88600;88580;88627;88599;88740;88765;88764;88863;88766;88724;88887;88914;88810;88845;88940;88864;88886;88939;88511;88973;88913;88971;88998;88995;88938;88972;88996;88974;88997;87382;82190;82191;82187;89043;89041;82189;89042;89000;90804;89040;90805;89045;90869;90807;90806;90803;89044;90871;90870;90874;82192;82193;90895;90926;90873;90945;91050;91021;91107;90943;82194;91022;91134;91051;91109;91108;91133;91132;91049;91197;90872;91198;90944;91196;91137;91242;91136;91173;91299;91264;91243;82195;91325;91286;91326;82196;91358;91360;91324;91323;91265;91363;91287;91397;91361;91445;91395;82197;91444;91396;91521;91362;91522;91523;91489;91576;82198;91574;91548;91505;91472;91359;91135;91578;91687;91613;91446;91575;91691;82199;91690;91688;91789;91831;91771;91833;91832;91835;91733;91836;91900;91770;91859;91860;91904;91902;91903;91689;91920;91901;91834;91921;91977;92665;91919;82200;91979;91922;82201;91948;92325;92474;91978;92326;91905;92544;92501;92500;92380;92569;92545;92587;82202;92570;92324;92631;92546;92633;92524;92634;92762;92547;92632;92635;92568;92637;92636;92639;92638;82203;92641;92704;92763;92613;92640;92683;92003;91577;88999;92727;92004;82204;92728;92827;92873;92729;92953;92828;92829;93053;92794;82205;92969;93017;92874;92793;93199;92970;93054;93236;93083;93320;93132;93131;93133;93323;93321;82206;93385;93413;93386;93353;93414;93415;82207;93543;93417;93416;93545;93322;93544;93564;93568;93130;93566;93565;82208;93567;93620;93570;93690;93746;93689;93667;93569;93831;93692;93832;93612;93834;93868;93900;82209;93847;82210;93969;93833;94075;93688;93869;94100;93485;93913;94077;93968;93970;93691;94112;94101;82211;94110;94102;94078;94142;94113;94111;94204;82212;94114;94144;94143;94184;94145;94141;94293;94255;94295;94257;82213;94258;94296;94233;94410;94298;94411;94300;94297;82214;94474;94294;94473;94343;94299;94447;94448;94256;94476;94475;94585;82215;94518;94520;94519;94584;94587;94586;94583;94916;95029;94941;94764;94917;94940;94983;94612;95031;82217;95262;95357;95261;95296;95359;95360;95263;95399;82216;95413;95455;82218;95456;95454;95358;95030;94477;94076;95485;95412;95635;95664;95653;95654;95665;95775;95486;95601;95774;95899;96006;96007;96008;96005;82219;96011;96012;95955;96010;82220;95634;95954;96013;96085;96093;82221;96014;96098;96094;96100;96096;96097;96095;96155;96099;96051;96009;82222;96184;96185;96187;96190;96189;96272;82223;96192;96343;96396;96191;96188;96491;96459;96458;96186;96634;96492;96536;96570;96493;96666;96537;96535;96636;96814;96732;96704;96665;82224;82225;96816;96815;96779;96183;96817;96635;96490;96841;96839;96910;96882;96884;96909;96931;96840;82226;96883;97087;96963;96911;97088;96930;97052;96983;97029;97105;97106;97195;97231;97150;97233;97232;82228;97234;97216;97356;97236;97393;97392;97418;97396;97395;82229;97332;97438;97235;82227;97439;97394;97640;97441;97440;97614;97473;97669;97559;97642;97641;97588;97697;97668;97698;97781;97780;97799;82230;97921;97796;97797;82231;97964;97920;97898;97798;99001;97966;99003;82232;97899;97963;99042;97965;99002;95457;99000;92705;97437;96818;99045;97782;99044;99107;182953;82233;99250;99187;99252;99188;99202;99269;99189;82234;99253;99291;99271;99270;99401;99420;99268;99251;99402;99139;99542;99422;99421;82235;99544;99403;99443;99603;99601;99600;99543;99639;99636;82236;99602;99637;99604;99673;99672;99638;82237;99692;99694;99736;99442;99734;99733;99739;99693;99737;99715;99740;99735;99999;99919;100069;82238;99997;100108;99998;100162;99738;100133;100110;100177;100107;100176;82239;100225;100227;100226;100304;100303;82240;100330;100360;100390;100473;100474;100431;100476;100302;100109;100477;99674;100481;100479;100480;100513;100478;100514;100575;100515;100516;82241;100517;82242;100519;100518;100578;100482;100576;100602;100577;100645;100673;82243;100624;100623;100672;100772;100622;100848;100816;100771;100849;100851;100850;100875;100559;100796;100939;100817;100724;100940;100941;101006;14849;100966;101007;14848;14853;14850;14851;14858;82244;14859;14855;14854;14857;14852;14862;14860;14865;14863;14864;14866;14872;14868;14867;14870;14869;14856;14876;14874;14875;14882;14871;14881;14879;14873;14883;100876;100475;14878;14886;14861;14889;14887;14877;14880;14892;14891;14888;14893;14885;14898;14890;14894;14901;14900;14904;14899;14902;14905;14903;14896;14906;14895;14911;14897;14914;14909;14916;14910;14907;14917;14912;14915;14922;14913;14926;14919;14923;14927;14921;14920;14924;14918;14929;14928;14925;14934;14931;14933;22542;14932;14935;14936;22544;22543;14937;22548;22545;14908;22553;22550;22549;22554;22546;22547;22551;22552;14938;22557;22555;22559;22558;22560;22564;14939;22561;22562;22571;22565;22568;22567;22569;22566;22573;22563;22575;14930;22570;22580;22578;22574;22577;14941;22583;22572;22579;22556;22582;22586;22576;22585;22587;22584;22581;22588;22589;22591;22595;22592;22597;14942;22594;22593;22602;22600;22596;14943;22598;22601;22606;22605;22599;22608;22607;14944;22603;22590;22611;22610;22616;22604;22613;22617;22620;22612;22622;22619;22623;22615;22618;22614;22627;22621;14945;22631;22626;22629;14946;22624;22635;22632;22636;22628;22630;22633;22639;22637;22641;22625;22640;22642;14940;22609;22638;22644;14947;38953;22647;22646;22650;22649;22648;22634;22653;14948;22651;22656;22645;22655;22654;22661;22652;22659;22663;22657;22664;22660;14949;22665;22670;22667;22672;22669;22666;22658;22674;14950;22668;22673;22676;22678;22677;22675;22671;22662;22684;22680;22682;22685;22681;22689;22687;22690;22686;22692;22683;22693;22691;14952;22688;22694;22695;22701;14951;22697;22702;22699;22700;22698;22706;22703;14953;22711;22709;22708;22707;22713;22705;22712;22696;22714;22716;22710;22704;14954;22679;22717;14955;22718;22724;22722;22725;22719;22728;22721;22727;22720;22904;22729;22726;22735;22730;22733;22732;22723;22907;22881;22734;22905;22935;22908;22927;22931;14957;23655;22936;23658;22906;22731;23661;23657;14958;23700;23702;22934;23742;23656;23737;14959;23659;23703;23662;23660;23757;23701;23768;23704;23770;23766;23844;23791;23790;23765;23911;23845;23767;23846;23847;23849;22937;23848;22715;23913;23743;23792;23947;23945;14961;23946;23949;23948;14962;24006;24025;24292;25225;24026;25339;24247;14960;24295;24346;24294;14963;24291;24248;24765;24296;24793;24776;24347;24835;24297;24834;24865;24293;24879;24794;24819;24359;25009;24921;24881;24880;25096;25011;14965;25008;25152;25098;25097;25010;25099;25012;25176;25226;25151;25100;25258;25153;25227;14966;25259;25229;25228;25356;25299;25455;14967;25504;25503;25463;25301;25177;25465;14964;25529;25506;25300;25555;25530;14968;25531;25556;25464;25584;25557;25583;25532;25586;25628;25558;25585;25581;25582;25639;25616;25615;14969;25678;25675;25638;14970;25676;25779;25640;25743;25781;25677;25851;25742;14971;25801;25629;25695;25744;25826;25780;25852;25853;25782;25855;25856;25860;25858;14972;25854;25857;25938;25909;25936;25861;25887;14973;25959;25937;25966;25961;25963;25962;25859;14974;25964;26029;25965;26033;25974;26034;26032;26080;26078;26210;26208;26030;14975;26035;26209;25505;26079;23912;22643;25960;26931;26976;25825;27515;26975;26031;27544;27066;27043;27548;27545;14976;27621;27628;27577;27547;27549;27587;26930;27546;27630;27804;27629;27819;14978;27842;28253;28151;28300;27843;28298;28338;28150;28336;28301;28297;29192;28337;28299;28339;29227;29191;14977;29226;29262;29258;29257;29260;29338;29228;29705;29259;29706;29339;14980;29707;29805;29263;14981;29756;29337;29806;29803;29837;29261;29856;29807;29858;29838;29840;14982;29836;29755;29839;29857;29808;14979;29860;29872;29873;29861;29902;29903;14983;29936;29968;30059;29904;30000;29938;29984;30060;29935;14984;29939;30066;30061;30063;30065;30111;30064;30125;29937;38954;30062;30189;30112;30126;30067;30223;30023;30224;30155;30188;30227;30226;30230;14985;30231;31056;31028;31123;14986;31143;30228;31144;31145;30229;14987;31055;31102;30232;31147;31146;31149;31358;31150;14988;31170;31151;31587;31169;31589;31360;31303;31426;31425;31590;30225;31148;31588;29859;31628;31359;31592;31629;31630;31663;31631;14989;31662;31632;14990;31806;31661;31709;31807;38955;31721;31711;31710;31687;31809;31948;31810;31808;31952;31811;32004;31949;31969;14992;31950;32003;31951;32058;32006;32008;32007;14991;32057;32034;14993;32035;32060;32126;32084;32005;32141;32127;32143;32125;32305;32086;14994;32309;32142;32144;32140;32085;32307;32308;32306;32403;14995;32380;32379;32435;32378;32405;32404;14996;32407;32448;33174;32402;32457;32406;32059;32482;32447;33176;33178;33230;32377;33173;33402;33177;33367;14997;33077;33491;33450;33403;14998;33401;33551;33467;33508;33492;33552;33527;33739;33567;33737;33568;14999;33507;33740;33741;33775;33772;33774;33826;34032;33773;33933;33764;33934;34033;15000;33566;34163;34087;34246;34088;34212;15001;33738;34340;34171;34353;34255;34370;34354;34371;34352;34223;34388;34254;34415;34355;34253;34392;34387;34450;15002;34500;34492;34720;34478;34444;34449;34757;34823;34938;34700;34669;15003;34386;34053;33175;34937;31591;34949;35010;34810;35011;34950;34974;34975;35032;34745;15005;34973;34995;35091;35033;35061;35077;35083;35174;35031;35254;35252;35225;35275;15006;35253;35294;35276;15007;35329;35036;35333;35334;35106;35313;35314;35364;35293;35366;35425;35382;35378;35548;35431;35383;35461;35612;35547;35463;35550;35549;35384;35637;35567;35691;15008;35622;35663;35638;35754;35664;35662;35739;35738;35763;35692;35901;35764;35902;35752;15010;35762;35755;35991;35790;15009;35932;35907;35924;15011;35365;35968;35992;35967;35980;35979;35958;35925;35987;35989;15012;36046;35993;36052;36047;36134;36066;35988;15013;36067;36119;36084;36040;36142;36076;36123;36120;36090;36135;36174;36118;36207;36208;36146;36173;15014;36164;36843;36189;36172;38642;15015;38640;38202;38666;38668;38656;38641;15016;36053;38703;38690;38696;38722;38691;38702;38725;38667;38704;38795;38724;15017;38833;38747;38692;38880;38859;38980;39332;39333;38990;38878;38991;15018;38861;38723;38869;38992;35908;39374;39439;38158;39452;39440;39451;39483;39334;39569;39441;15019;44692;39495;15020;44690;44696;44695;44693;44697;44702;44694;39568;44704;15021;44699;44691;44701;44707;44708;44705;44703;44700;44714;44709;44712;44713;44715;44710;44718;44706;44722;44698;44711;44721;44716;15023;44717;44719;44728;44720;44729;44731;44725;44724;44727;44723;15024;44732;44736;44730;44726;44734;44741;44735;44743;44737;44740;44738;44744;44748;44749;44745;15025;44739;44733;15022;44750;44746;44752;44747;44758;44754;44753;44755;44742;44762;44756;15026;44763;44766;44761;44764;44760;44767;44757;44759;44768;44769;15027;15028;44772;44774;44777;44775;44780;44773;44778;44781;44783;44765;44779;15029;44784;44790;44776;44787;44789;44785;44788;44794;44782;44770;15030;44792;44786;44795;44799;44797;44793;44802;44800;44798;44807;44804;44803;44805;44796;44801;44806;44809;44811;15031;44814;44815;44813;44812;15032;44819;44817;44816;44808;44825;44820;44824;44823;44821;15033;44751;44822;44818;39391;26211;44791;44810;44830;99043;44828;44827;15004;44829;85897;44832;44836;44834;44833;44831;44840;44838;44842;44837;44839;44835;44844;44843;44841;44849;15034;44846;44845;44847;44848;44852;44851;44850;44858;15036;44862;44855;44857;44854;44853;44860;44856;44861;44859;44864;15035;44866;44865;44950;45025;44970;45026;44867;45055;15037;45069;15038;44951;44988;45054;45008;45113;45056;45123;45027;45057;45397;45134;45337;15039;45428;45094;45445;45396;45412;45369;45427;45062;45479;15040;45558;45480;45560;45556;15041;45407;45559;44863;46315;45612;45557;46707;46213;46314;46226;15042;46243;46709;46316;46830;46346;46724;46352;46725;46829;46710;46862;46832;47153;46861;47105;47103;46831;47154;47104;47705;15043;15044;47589;47767;46875;47735;46708;47704;47736;47792;48222;47889;47791;47890;48247;48223;15045;48224;48225;48221;48384;48240;48270;48220;48344;48241;15046;48387;48385;48249;48256;49058;48924;48896;48928;48925;48895;49057;15047;49114;45546;49150;47584;49231;15048;49151;49121;49275;48248;49292;48386;49184;49277;49815;49291;49766;49965;49717;49767;50309;49276;49966;50453;50825;50452;50024;15050;49676;51128;50865;51397;50696;50864;51181;51398;50826;51180;15049;51127;51401;51400;51399;51557;51428;51440;51556;15052;51427;51559;51677;51531;51665;51828;51530;51558;51817;51818;51862;51945;51829;51979;51959;51588;51819;51978;52028;15053;51977;52032;52029;52027;15054;52462;52055;52056;52030;52037;52031;51946;52461;15051;52512;52484;52549;52537;15055;52513;52619;52551;52550;52621;52463;52618;52637;52548;52660;52600;15056;52674;52691;52758;52718;52620;52741;52719;52997;52946;52948;53212;52949;53259;15057;52947;15058;52720;53211;53260;53198;53341;52998;53324;53393;53340;53342;53477;53224;53496;53343;53495;53505;53344;53558;53559;53603;53602;15060;53507;53506;53833;53605;53880;15059;53860;53861;55027;53900;15061;53862;55029;53832;55028;55031;55032;55034;55035;53304;53604;55033;49103;55030;54588;55037;55039;55038;52511;55040;55045;55043;55042;15063;15062;55041;55170;55136;55066;55044;55146;55486;55164;55145;15064;55065;55488;55487;55489;55538;55524;55516;55490;55624;55555;55625;55537;55610;55491;55280;55554;55641;55708;55673;15066;55674;55769;55721;55820;55776;55841;55722;15065;55889;55852;55998;55888;55694;55770;56025;55942;56116;56143;56130;56144;56231;56074;15068;56145;56026;56340;56285;56394;56393;56381;56339;56179;56307;56409;55672;15069;15067;56415;56414;56444;56443;56571;56622;56670;56624;56669;56663;56586;56623;56672;56167;56715;56714;15070;15071;56728;56716;56729;56759;56662;56760;56785;56850;56761;56727;56786;56881;56856;15072;56929;56986;56730;56671;56882;57499;56923;57501;56982;56987;15073;56884;56999;57506;57502;57505;57507;57504;57503;57500;57509;57511;15074;57516;57513;57512;57515;57521;57508;57520;57517;57523;15075;57525;57518;57519;57524;57510;57526;57522;15076;57514;57621;56395;57702;56883;57543;57736;57583;57542;57693;57738;57753;57643;57737;57811;57813;57812;57880;57735;57963;57851;57964;57879;57925;57827;58011;58078;15077;15078;58136;58012;58077;57814;58097;58172;58135;58110;58173;58043;58148;58251;58250;58200;58295;58198;58199;58303;58392;58304;58391;58357;58324;58277;58437;58417;58485;15080;58486;58459;15081;58460;58530;58393;58608;58598;58728;58436;58667;15082;15079;58804;58541;58853;58729;58817;58766;58753;58884;15083;58883;58908;59059;58854;58880;58855;59062;59060;59094;58978;59070;59061;58969;59183;15084;59167;59251;59216;59758;59182;59166;59761;59760;59215;15085;59250;59093;59759;59765;59763;59766;59762;15086;59767;59773;59769;59774;59770;59768;15087;59771;59772;59778;59775;59776;59825;59780;59781;59890;59777;59961;59782;60088;60005;59824;59839;15088;60142;60004;60003;60068;61415;61374;61401;61382;15089;60156;58754;60002;55036;59779;59764;61441;61439;15090;61440;61495;61537;61520;57527;61652;61627;61578;61735;61538;61734;61723;61555;61662;15091;62000;62014;62012;62013;62015;62086;62067;62049;62317;61792;62285;62188;62448;62318;62453;62225;62440;62599;62016;62643;62452;62113;62664;62011;62722;62644;62667;62666;62665;15092;62721;15094;62805;62778;62748;63068;62949;62929;62723;63125;63126;63028;63151;63194;62804;63188;62872;15095;63272;63269;63341;63193;15096;63270;63335;63273;63357;63358;63356;63342;63383;63382;63359;63271;63385;15093;63456;15097;63386;63114;63457;63557;63511;63433;64082;15098;63640;63582;63648;63556;63512;64397;64396;64364;15099;64395;64553;64591;64649;64493;64624;64648;64662;64635;64880;64623;64671;64972;64732;64881;15100;64439;64898;64897;64867;65033;64663;64995;65179;65556;65228;64996;65178;65582;65584;65635;15101;65585;15102;65696;65558;65793;65581;15103;65727;65586;65744;65812;65557;66180;65921;66486;66296;66159;66281;66004;65695;66384;66383;66431;66028;66546;63384;64973;66561;66557;66548;66562;66559;66547;66560;66563;66567;66558;66564;66565;66573;66569;66568;66570;66574;66566;66576;66571;15105;66678;66602;66572;66575;66603;66676;66677;66766;66916;66768;66767;66846;66792;66847;66852;66851;66906;15108;66905;66974;15106;66976;66917;67102;67100;66936;66937;68889;67236;67131;67101;67201;68970;15107;69094;15109;69107;69083;68971;69084;67202;15110;69197;69109;69108;69277;69228;15111;69313;69435;69459;66910;69354;69473;69227;69483;69505;69398;69484;69523;69522;69813;69542;68942;69506;69780;15112;69781;69841;69885;69848;69960;69938;15113;70002;70148;69959;70080;70200;69884;70128;70353;70303;15114;70372;70105;70355;70373;70354;70403;69895;15115;70375;70402;70503;70201;70401;70664;70417;70534;70548;70502;70748;70722;15116;70737;70733;70652;70807;70636;70983;70533;71080;70984;70749;71025;70985;70982;15117;71055;70986;71221;71141;71118;71180;71097;70981;70374;71098;15118;71220;71146;71277;15104;71275;71278;69470;71276;71474;71442;71502;15119;71497;71402;71586;71541;71528;71526;71764;71527;71618;71781;71779;15120;71778;71585;71867;71782;71850;71849;71848;71980;71780;71933;71911;71769;72011;72109;71802;15121;72046;72248;71902;72239;15122;72355;72240;72412;72375;72354;71934;72438;72401;72562;72537;72439;72610;15123;72538;72647;72353;72886;72911;72440;72782;15124;72989;72912;72990;72758;73106;72992;72991;72993;72994;72655;73065;15125;72010;73164;72952;73216;72611;73215;73214;73238;15126;73239;73254;73278;73350;73440;73293;73351;73441;73465;73256;73486;73388;73255;73581;73421;73534;73625;73485;73691;73626;73713;73744;73501;73715;73599;73743;73714;73844;15129;15128;73868;73856;73657;73855;73866;73924;73867;15127;74044;74027;73997;74045;15130;73971;74095;74097;74096;74197;77306;74164;74278;15131;74043;73869;74279;74315;74277;74294;74314;74256;74375;15132;74336;74338;74337;73745;73139;74374;74477;74280;74129;15133;74476;76081;74498;74313;76057;76194;76091;76090;76082;15134;76172;76285;76299;74499;76286;76349;76219;76417;76477;15135;76171;76433;76387;76499;76605;76599;76606;76842;76689;76841;15136;76690;76949;76843;76583;76844;76858;76465;76884;77007;77100;76418;77101;15137;76857;76977;77035;76717;77111;77202;76976;15138;77122;77240;77102;77287;77123;77343;77468;77358;77419;77422;77307;77511;77418;77585;77510;15139;77715;77637;77751;77671;77547;77611;77610;77469;77762;77344;77752;76950;77763;77716;77919;77880;77825;77882;77824;77921;77920;77881;134330;78027;78046;15141;78044;78091;78026;15142;78047;78045;77973;78659;78519;78518;78563;78520;78092;78725;78694;78833;78834;78589;78784;15143;78681;78695;78449;78861;78897;78785;79190;78898;15144;79221;79064;79362;79065;79627;79564;15145;79255;79066;79600;79339;79628;79637;79586;79730;79696;79697;79728;79805;79729;79669;79806;79883;79808;79807;79731;15146;79629;79885;79884;79882;71254;79636;61438;78896;15140;79887;15147;80126;74381;79890;80058;80208;80057;79889;80127;79888;80255;80229;80230;15148;80285;80284;15149;80286;80207;80420;80307;80446;80361;80444;80401;80528;80393;80445;80834;80573;15150;80558;80421;80574;80833;80462;80972;80308;80970;80872;80973;15151;80871;81028;81110;81006;81109;81056;15152;81111;81149;81029;81130;81027;81131;81129;81090;134331;81211;81189;81150;81302;15153;81279;81251;81413;81409;81446;81445;81426;81447;81301;81448;15154;81450;81526;81449;81444;81250;80971;81528;81747;81556;81555;81607;81654;81793;81598;81760;81795;81794;81832;81830;81833;81834;81836;15155;81926;81831;81748;81983;81982;15156;81899;81984;81900;82048;82000;81955;82302;81999;15157;81927;81835;82303;82304;82001;82538;82432;82511;15158;82624;82622;82595;82722;82719;82720;82670;82623;82512;15159;82745;82746;82721;82839;82865;82864;82929;15160;83061;82838;83120;83003;83145;83065;83064;82806;15161;83062;82744;82930;83147;83063;83193;81527;83233;83231;82305;83191;83232;83192;83307;83235;83234;83253;15162;83306;83422;83308;83336;83236;83381;83335;83501;83423;83273;83775;83547;15164;83532;83748;83784;83546;83889;83785;83788;83786;83960;83789;83787;83919;83980;15165;83908;84063;84026;84169;83820;84168;84167;15163;84025;15166;84171;84170;84436;84299;84277;84350;84200;84300;84509;84510;84298;84552;84511;84474;15167;84599;84650;84626;84598;84649;84965;84373;15168;84993;84839;85053;84933;15169;84838;84836;84837;84449;85031;85163;84024;85161;85130;84992;85184;85032;85165;15170;85352;85281;85164;85356;85354;85587;85355;85388;85353;85466;85162;85569;85357;15171;85726;85589;85590;85657;85755;85517;85664;85809;85696;85851;85756;85770;85913;15172;85912;85810;85898;85588;85914;85754;85944;15173;86108;86024;86156;85753;86025;86050;86023;86157;86304;86447;15174;86486;86430;86375;86580;86329;86582;86107;86665;86448;15175;86618;86303;86679;86678;86666;15176;86642;86728;86680;86713;86700;86832;86795;86681;86581;85915;86772;85129;86833;86727;86682;86921;83146;86954;15177;87058;87077;87079;15178;87057;87162;87187;87288;87163;87078;86998;87289;87331;87175;87212;87164;87080;87428;15179;87429;87384;92679;87383;87431;87509;87360;87608;87479;87430;87740;87741;87541;87510;87511;87359;87684;87851;15180;87853;87827;87898;87739;87829;15181;87899;87828;87852;87934;87979;87996;88110;87901;88024;88389;87995;88426;15182;87900;88462;88495;88109;88425;88427;88498;88496;15183;88424;88628;88601;88581;88499;88630;88568;88629;15184;88602;88726;88423;87742;88741;88702;88865;88725;88768;15185;88497;88868;88728;88866;88941;88846;88942;88867;15186;88869;88727;88943;88915;89003;88916;89001;88976;89061;89002;89004;88767;89005;89121;89046;89697;15187;89695;89122;89694;89791;89792;15188;89794;89696;89851;89062;88975;89972;89876;15189;89878;90032;90031;89926;90101;89698;90125;90071;90070;89877;90205;90206;90033;90030;90127;90277;90279;90160;90280;90252;90207;15190;90278;90323;15191;90409;90370;90281;90453;90410;90369;90126;90322;88631;90371;90515;90549;90550;15192;90552;90687;89793;90767;90638;90551;90725;90686;90840;90724;90768;90808;90839;90897;15193;90838;15194;90896;90929;90688;91052;91023;90927;91140;90928;91024;91139;91110;90841;15195;91174;91138;91200;91199;91366;91025;91300;91288;91429;91365;91364;91266;91473;91244;91431;91447;91430;15196;91506;91490;91474;91615;91549;91550;15197;91693;91886;91692;91614;15198;91616;91923;91891;91892;91837;91925;91906;91924;91907;91965;91524;91175;91927;92224;92327;15199;92381;92328;92527;92525;92502;92548;92526;92475;15200;92382;92614;92571;92666;92572;92643;92642;92954;92706;92764;92644;92956;92957;92730;92875;92795;15201;92588;92958;92573;93019;92955;93116;15202;93114;93238;92731;93117;93254;93325;93237;93134;93115;15203;93354;93418;93419;93486;93420;93387;93324;93548;93547;15204;93613;93693;93669;93668;93694;93549;93747;93723;93848;93621;93835;93836;93695;15205;93546;93838;90454;93837;93748;93870;93018;91926;93941;93914;94115;93871;86888;15206;94056;94023;94234;94079;94146;15207;94259;94116;94205;94589;94478;94456;15208;94588;94738;94644;94613;94645;94743;94922;94901;94744;95033;94942;95034;94260;95298;94943;94902;95264;94521;95032;95297;15209;95666;95610;95445;95414;15210;95828;95362;95777;95776;95667;95957;96015;15211;96018;96016;95956;95936;96017;95827;96194;96103;96102;96105;96101;15212;96193;96104;96345;96344;96318;96346;96287;96462;15213;96461;96494;95361;96460;96496;96195;95958;96637;96668;96498;96669;96410;96638;96497;96667;96842;15214;96885;96843;96913;96912;96819;96844;96780;96984;96933;97068;97135;97067;15215;97137;97090;97136;97089;97196;97358;97398;97397;97442;97475;97357;97217;97474;97399;97498;97400;96932;97530;97589;15216;97529;97643;97644;97615;97757;97670;15218;97900;97801;97923;97922;97800;97802;99004;97699;15219;99005;99007;99008;99006;99190;99292;99046;99254;97783;99484;99047;15220;99640;99318;97967;99140;99485;99545;99716;99695;96495;99742;15217;99741;99717;99954;99972;99970;99971;15221;100070;100029;100111;100178;100163;100166;100164;100165;100071;15222;100167;100279;99973;100392;100278;15223;100306;100305;100433;100521;100484;100483;100522;100391;100579;100560;15224;100580;100561;100625;100520;100432;100726;100773;100739;100728;100277;100852;100725;100774;100818;100797;100877;100967;100819;15225;101009;100879;100853;15226;100880;101013;101010;101008;101066;101011;101240;100878;101035;101067;101379;101241;101176;15227;101380;101555;101034;101557;101490;101554;101322;101323;101012;101793;101556;15228;101984;101857;101911;101910;101983;15229;102045;101985;102135;100727;102097;102210;102209;102369;15230;102371;102374;102211;102046;102372;102370;102373;102445;102443;102448;102444;102529;102449;102600;102447;15231;102598;103792;102442;102599;15232;102483;102446;102715;102684;102550;102825;102791;102826;102790;102685;102928;102807;15233;102792;102630;102963;102927;102964;102930;102929;103116;103096;15234;103148;103147;103146;103231;103260;103259;103311;102629;103331;103312;101794;99675;103364;102931;103539;103198;103392;103579;103261;103365;103473;103578;15236;103608;103757;103655;103715;103432;103793;103859;103654;103580;103716;103993;103794;103717;103882;104057;103992;15237;15238;104223;104222;104224;104134;104058;103994;103758;104365;104258;104400;104339;104259;104414;104340;104403;104402;104466;104441;15239;104401;104484;104465;15240;104483;104485;104486;104535;104467;104442;104504;104643;104482;104587;104586;104588;104686;104684;104645;104644;104792;15241;104753;104722;104685;104503;104754;104723;104724;104752;104975;104302;104819;105089;105088;104861;104940;105121;105087;15243;105119;105123;105170;105331;105332;105122;105330;105120;105195;15244;104862;105329;105432;105433;105497;105499;105430;105595;15245;105431;105704;105664;105663;105489;105799;105754;105801;105623;105498;105397;105800;106056;106109;15246;106076;106212;106235;106176;106319;106412;15247;106413;106509;106660;106414;106415;106320;106321;106213;106593;106537;106726;106728;106662;106852;15248;106820;106875;106729;106876;106853;106955;106874;106877;107024;106727;106956;105802;106957;106986;15242;107026;106854;107120;106661;15249;107119;15250;107121;107123;107199;107124;108345;108304;108418;108387;108419;108386;15251;108422;107122;108420;108570;108417;15252;107279;108346;108571;108523;108664;108696;108611;108731;108697;15253;108698;108610;108663;108772;108490;108816;108730;108817;108421;108905;108774;15254;108853;109047;109003;108771;109065;109218;108789;109046;109092;109093;108906;109220;109329;109219;109413;109414;109349;109412;109411;109518;15256;109410;109589;109556;109587;109558;108854;109588;109517;109415;109660;15255;108773;109659;109557;109925;109739;109901;109816;109968;109902;110101;109658;109802;15257;110165;110102;110315;15258;110317;109967;110418;110207;110421;109969;110316;110423;110386;110419;110420;110537;110570;110318;110424;110422;15259;110572;110666;110464;110665;110208;110910;110624;110503;110820;15260;15261;110911;111014;110787;110729;111140;111087;111141;111089;111088;15262;111174;111234;110968;110929;111395;111316;111112;111175;111468;111317;110928;111535;111534;111521;111396;15263;111537;110571;111360;107025;111536;111173;93849;111557;109624;111652;15235;111668;111594;15264;111653;79886;111986;111706;111988;111797;111707;111987;111798;112232;112066;15265;111985;117368;112233;117369;117297;112280;117437;117370;117298;117504;117435;117506;111796;117436;112185;15266;117674;117503;117675;117611;117677;15267;117678;117676;117645;117862;117644;117812;117958;15268;117909;117890;117957;117505;118098;118023;15269;118071;118121;118158;118122;117838;118365;118099;118473;118179;118472;118474;118180;118719;118408;15270;118495;118721;118720;118893;118097;117621;118939;118216;15271;118840;134332;118894;118895;119125;118723;119268;119018;119124;119269;119290;119040;119480;119314;15272;119792;119509;119892;119313;119817;119561;119850;120963;119891;121134;119893;121136;119634;121057;121168;119943;121135;121056;121317;119508;121234;121426;15274;121485;121486;121438;15273;121400;121559;121557;15275;121558;121603;121561;122068;121484;15276;122069;122270;121628;122163;122102;122268;121560;122517;122272;121425;122516;122269;122321;122271;15277;122519;118722;122518;122723;122551;121576;121167;122933;122722;122793;122724;122794;123020;123021;15278;123024;123023;123025;123026;123097;122957;123022;123530;15279;123531;123533;123692;123691;123800;123799;15280;123835;123758;124039;124095;123836;124344;124038;124345;124683;124096;124368;124205;124722;123532;15281;124779;124780;124037;125094;125095;125097;125096;125608;15282;125344;125415;125343;125176;125709;125609;125783;125416;125414;125858;125784;125930;125905;125859;126127;125857;15284;15283;126013;126012;125742;125959;126224;124721;126129;126391;125929;126654;126655;126128;126514;126392;126352;126837;15285;126966;126657;127486;126967;126529;126755;127077;127102;15286;126968;127489;126608;127822;127488;15287;127491;127490;126656;127867;128066;127492;127928;127929;128125;127823;127930;128180;127868;128182;128181;128083;128510;128429;128307;128620;127487;128430;128534;128621;128560;128559;128884;128479;129072;128782;128511;128783;128622;129073;15290;129074;129107;129365;129026;15289;129306;129364;129413;129415;129414;129412;129507;15291;129506;129597;129596;129856;129985;129416;130135;130134;130073;129108;15292;130289;126351;122621;130288;15288;130290;130525;130369;130351;130349;130438;130612;130524;130774;15293;130631;130981;130437;130350;130982;131086;130985;131036;130984;131141;131139;131087;131439;15294;131294;131142;131140;131249;130983;131784;131438;131966;15295;132110;132062;132061;132082;132063;132424;132108;132326;132347;132109;132427;15296;132699;132426;132635;132269;132760;132736;132425;132423;133106;133109;133107;15298;132761;133110;132875;133416;133151;133326;133230;133108;133475;133418;133417;133415;133419;133534;133657;131838;15299;133700;133533;15297;133731;133325;133815;133732;133733;133878;15300;133816;133968;133699;134095;134094;133879;134183;133734;134634;15301;134434;134772;134917;134577;134353;134433;133880;135103;134839;135191;134984;15302;135206;135417;135208;135207;135725;135416;135499;135878;135794;134774;15303;135879;135365;135366;134773;135982;136069;135983;136291;136125;136123;15304;136370;136127;136124;136126;136369;136375;136371;136373;136374;136376;136372;15305;136431;136292;136430;136703;136675;136721;136591;136590;136676;136754;136837;137155;15306;136933;137373;137208;137340;15307;136932;137341;137209;136778;135984;133658;137573;137375;137731;137376;137864;137675;136413;137673;137674;138105;137912;137888;137764;138104;138065;138066;15308;138226;138225;15309;138646;138107;138227;138644;138645;138394;138651;138648;15310;138860;138365;138647;138914;138649;139254;139010;139298;139210;139342;138650;15311;139521;138106;139255;139553;139211;139389;139877;139812;139631;15312;139777;139929;139878;140062;140060;140059;140301;140299;139522;140061;140300;140104;140811;140303;141138;140666;140607;15313;140796;139099;140936;141243;140302;139930;141651;141385;141511;141464;141886;141841;141725;141552;142626;142050;141897;15315;142664;142513;142635;142189;140667;142618;142858;15316;141843;142951;143130;143002;143332;143191;143194;143315;142920;143260;143187;143500;143509;143505;143439;15317;142885;143313;143544;143551;144189;15318;144353;144311;144043;144437;144041;144477;144624;144426;144322;144679;15319;144626;144609;144594;144737;144839;144866;144691;144672;144483;145194;145021;15320;145309;145397;145123;145132;145523;145480;145319;15321;143593;144824;145527;137374;145471;145386;146122;146242;144818;15314;146353;146052;130136;146357;146371;146389;146318;146561;146514;15322;146617;146613;146599;146757;146786;15323;146787;146922;146562;146926;146892;15324;146942;146895;147789;146986;146603;147855;147793;147784;148170;148169;148172;148236;148235;15325;148212;148277;148234;147904;148364;146791;148314;148225;148441;148326;148300;148615;15326;148932;148444;148841;149010;148870;148433;148964;148756;149017;148967;149007;148963;148536;149005;149082;149038;149229;149011;149232;149482;15328;149020;149250;149373;149275;149218;149219;149715;148305;149609;150115;15327;149897;149635;150228;150095;150109;15329;150704;149855;150302;150310;150706;150705;15330;150903;151423;150165;151485;151037;151807;150803;151622;151890;151422;15331;151833;152169;152068;152163;152138;151667;152418;152165;15332;150905;152224;152271;152568;152019;152270;152395;152564;152518;152516;152783;15333;152565;152775;152753;152638;152967;153024;152943;153215;153123;15334;153201;153182;153202;153485;153512;152892;153570;153509;153993;153941;153865;153668;153970;154159;154229;15335;154194;154178;154263;153862;154432;15336;154354;154148;153572;152419;149490;154177;154707;154818;15337;154734;154732;154750;154772;155294;154815;154948;155015;176381;155311;155293;154949;155317;155373;15338;155314;156015;155708;155769;155709;156124;156013;155870;155975;156186;156233;156189;15339;156259;156191;156260;155634;156188;156267;156331;156266;156114;156616;156442;156564;156547;156451;156636;156466;156651;156762;156563;156695;156751;156767;15341;156768;156950;156697;156763;156948;157263;156949;157260;157259;157253;157251;157258;157256;157249;157257;157378;157322;157447;157891;157380;15340;157320;157908;15342;157886;158089;158031;158044;158052;158043;15343;15345;158090;158202;158158;158201;158204;158203;158200;158684;158335;158585;158699;158509;158678;158109;158677;15346;158682;158762;158781;158761;158836;158857;158898;158899;159112;15347;159109;158746;158270;15348;159205;159229;158897;159202;159585;159466;159905;159602;159898;159510;160000;15349;159269;159904;159906;160525;160294;160469;160540;160402;160628;160629;161150;159709;161328;160846;161329;161153;161154;160199;160887;15351;161254;161401;158979;15344;154428;161434;15350;161636;161436;161689;161437;161513;161512;161747;161494;161687;161751;161493;161961;161703;161686;162159;162013;161960;162152;162126;15353;162143;15352;162505;162403;162562;15354;162405;162549;162506;162561;162703;162620;162719;162701;162415;162820;162762;163250;162983;163248;163024;163264;163413;15355;163225;15356;161807;163265;163414;163473;163500;163481;163480;163656;163681;163651;163433;163650;163416;163926;15357;163912;163927;163909;163913;163980;164160;164169;164241;164150;164384;164283;15358;164092;164321;164168;164273;163753;162724;164416;164471;164438;164470;164517;15359;164492;164813;164812;164648;165081;164094;165255;164943;15360;164815;165328;165330;165291;165514;165329;15361;165430;165207;165549;165548;164825;165625;165594;165512;165707;165746;165714;165546;165747;165757;15362;165710;165547;165331;166158;166233;15363;166175;166093;166232;166289;166427;166704;166674;166591;166733;166706;15364;166277;166705;167041;167201;166804;166803;166902;167200;167434;15365;167631;167052;167275;167295;167746;167776;167916;167433;168194;168215;167911;168232;167915;15366;168228;168145;167747;167046;168002;166110;168402;168400;168623;168457;164387;168401;15367;168783;168946;168615;168880;168882;169342;168424;169419;169437;169435;169917;168643;169698;169946;169929;169436;170105;169280;170048;170046;15369;169916;170485;170157;169930;170655;170657;170196;170724;170047;170761;15370;170151;170726;170942;170771;170770;170753;15368;171106;170941;15371;171108;171237;170952;171007;171376;171218;171267;171500;170947;171572;15372;171498;171811;171622;171628;171623;171614;171107;171497;171631;171900;171882;171920;170656;171878;15373;171919;171922;171921;172051;172027;172615;172130;172052;172616;172329;15374;172448;173387;173391;172657;173649;172505;15375;172090;173950;173947;174384;174214;174273;174046;173948;173650;174397;174701;174250;174275;175078;174607;175125;174696;175152;175047;175077;175570;15376;173415;175664;176076;175672;175661;174965;176150;176333;176200;176431;176052;176334;176436;176198;176662;176497;176445;176432;176539;176435;15378;177104;176933;176976;15379;177351;177293;177097;177403;177382;177294;177372;176888;177422;177404;15380;177305;145728;15377;177490;161404;177573;168338;177489;177482;177488;171897;177627;15381;177832;177713;177888;177885;178042;177887;178014;178043;15382;177911;177736;178003;178310;178331;178328;178743;178329;15383;178916;178793;178687;179046;179044;179345;179365;179346;15384;179393;179394;179043;179395;179628;178917;179630;178098;179381;179735;179819;179974;179738;179923;180198;180015;180186;179736;180520;180519;180515;180523;180206;15385;181211;15386;180016;180551;181209;181250;181509;181130;181446;181564;181212;181567;181566;181565;15387;180522;181448;181817;179424;182169;181879;182382;15388;182379;182198;182559;182418;182380;182426;182474;182651;182647;182473;182750;182889;182866;15389;182908;183018;182943;182941;182888;183877;183207;183679;183687;183892;15390;183985;182649;15391;183019;183984;183997;184064;184063;183893;184100;184062;183306;184434;184383;184443;184099;184319;185486;15653;185415;184060;185420;185812;185953;186008;185520;185979;15654;185521;186207;186206;186265;186224;181731;186027;185957;186306;183876;186517;186303;186514;186326;184442;186738;186704;186539;15655;187136;186928;186830;187033;186518;187110;15656;187051;187196;187197;187194;187213;15657;187289;189096;189093;186737;189465;189091;189144;189092;189723;189387;189490;189725;187288;15660;189388;189755;189917;15659;15658;189464;189922;189829;187195;15662;15661;15669;15665;15664;15667;15673;15671;15670;15678;15666;15675;15674;15680;15677;15682;15685;15676;15683;15668;15689;15679;15684;15728;15824;15688;15686;15690;15687;15831;15830;15672;15681;15835;15729;15899;15727;15925;15845;15932;15907;15893;15994;15663;16007;15825;16025;16008;16048;16020;15961;15953;16047;16073;16049;16096;16087;16106;16074;16102;16129;16104;16112;16105;16131;16132;16013;16128;16156;16127;16155;16130;16176;16103;16165;16212;16072;16214;16196;16215;16150;16213;16237;16233;16235;16239;16182;16236;16246;16186;16234;16252;16266;16249;16283;16248;16340;16284;16311;16300;16341;16345;16343;16342;16380;16346;16348;16381;16365;16238;16382;16347;16262;16181;16383;15844;16464;16470;186283;16457;16465;17143;16344;17136;17196;17577;17232;17197;17578;17130;17640;17324;17639;17299;17600;17286;17657;17641;17673;18009;18010;18030;18053;18042;18087;17674;18151;18153;18080;18152;18056;17664;18086;18158;18195;18227;18143;18242;18115;18303;18226;18304;18515;18519;18517;18513;18623;18596;18630;18603;18595;18645;18632;18516;18655;18518;18646;18652;18662;18663;18631;18667;18665;18651;18674;18514;19196;18664;19195;19188;18673;18629;18157;19220;19224;19189;19257;19316;19315;19258;19270;19336;19221;19223;19431;19225;19430;19373;19317;19318;19475;19477;19476;19479;19526;57528;19319;19527;19433;19528;19532;19530;19562;19531;19564;19561;19565;19529;19563;19478;19560;19432;19567;19568;19571;19609;19682;19569;19570;19684;19610;19612;19709;19683;19685;19708;19690;19611;19785;19711;19789;19786;19787;19791;19788;19794;19613;19798;19793;19790;19801;19792;19797;19800;19795;19710;19803;19566;19802;19805;19796;19808;19219;19846;19799;19809;19845;19806;19956;19848;19847;19960;19954;19807;19955;19957;19953;19959;19962;19961;19965;19964;20018;19968;19958;20019;19966;19970;20072;19967;22736;20070;20020;22739;19969;20071;22743;22740;22737;22742;22745;22738;22746;19963;22748;22747;22751;22749;22755;20063;22750;22753;22752;22758;22741;22754;22764;22761;22760;22759;22765;22757;22763;22769;22767;22773;22762;22756;22776;22771;22772;22777;22770;22766;22781;22778;22785;22775;22780;22782;22787;22774;22784;22783;22789;22788;22768;22790;22791;22786;22744;22793;22795;22799;22794;22797;22801;22779;22805;22802;22807;22798;22809;22810;22800;22804;22803;22808;22806;22814;22811;22796;22819;22817;22820;22823;22815;22822;22818;22821;22827;22816;22830;22828;22813;22833;22826;22829;22834;22831;22832;22825;22836;22835;22824;22842;22812;22843;22840;22841;22848;22838;22850;22839;22853;22844;22852;22849;22847;22846;22855;22845;22857;22856;22858;22859;22865;22861;22860;22863;22864;22862;22851;22854;22837;22792;16391;19804;149524;167253;180189;173294;172172;165181;178291;153223;187382;189506;178292;180188;189899;138150;137364;166389;166390;138149;186667;153806;52045;186666;180503;163271;148360;144790;58483;168926;126603;161952;164640;138151;179310;173056;173055;164641;144791;31130;52536;166752;121509;51094;139785;24670;36185;51095;58591;33480;55883;20746;181466;181476;155350;117358;180577;159272;117359;181474;181475;105411;29801;72704;10451;11631;26915;35717;136927;11625;11997;31731;136928;14198;22312;26185;24355;136767;136766;149062;31850;22253;105752;55995;77634;77632;85544;77864;85545;77635;77633;79720;77631;55732;108713;153805;150504;111528;172033;174982;168494;164632;164651;70727;177843;78823;69982;62945;87309;104178;182154;91813;62946;83032;168650;111538;44826;76149;73921;177478;99170;90427;155470;26014;25080;99172;22129;24814;22127;22196;11619;25296;141173;38651;24733;22160;58290;18537;85448;165629;147171;77026;108802;108801;108800;152458;108799;14682;176577;188001;150945;175791;177559;176636;80119;177585;183976;183044;177566;175130;177568;184220;175433;177567;176071;183047;175822;179211;177565;177562;177563;179209;177569;177564;182951;177560;177561;179207;179213;183046;184212;177715;183049;177571;179707;183041;183050;181929;180010;177538;179212;182919;182423;179208;182916;182422;184199;189112;178751;181930;133510;184217;189113;184221;186321;188029;139813;91525;137913;122552;184213;126393;177572;110056;97499;141516;183052;132549;118614;88390;105434;163509;184219;164481;97758;118615;96052;94344;126394;97864;95374;91838;122553;134956;105435;118616;184216;88703;94765;129308;184218;97443;118598;118617;166244;118618;150477;104187;132550;147626;140615;136128;118619;91053;95959;124206;142318;135013;160562;136129;160565;147628;154697;136130;105466;184215;184214;184211;179676;104303;129075;105398;138228;97476;151462;144346;184225;118620;184222;162475;118622;95960;88428;152819;159629;96053;144096;118621;129076;184236;152816;157382;184235;174569;132551;100134;118623;166241;87786;184231;104366;132552;97091;89973;139814;93200;137377;160567;183040;119732;134918;147637;132553;162824;151461;105399;174336;137914;138229;96054;124418;91327;184233;184229;118624;151495;163412;156827;177581;154685;118599;118625;151498;156848;105467;126395;160575;161405;118626;93255;184230;93030;104188;146409;122432;184226;151460;159514;92845;127495;147905;136131;91141;166243;118627;78119;105436;78120;129598;78121;78123;88917;78122;154678;88429;184227;163773;118628;105400;126396;165308;95961;165732;154698;78124;118629;132554;139815;132555;166496;159509;78126;88870;154701;168230;123027;97306;122958;118630;142038;118631;156833;118600;167056;97419;92846;78127;91201;184223;136132;139816;166235;78131;123028;78128;78130;97359;78132;78129;184234;97477;104189;97901;178337;78133;163785;146410;97151;87743;167738;86003;125417;78136;78140;88430;78139;78138;78135;160557;78137;78144;78143;95962;78145;105333;78142;78146;78141;78150;88431;78148;78151;163087;78147;95937;78154;78152;162474;78153;123029;88432;84450;184228;78156;123030;146413;78149;78158;96106;78157;78134;78125;88531;78164;78160;78155;86004;160679;78161;93971;86005;78162;78168;118632;78163;78170;78166;83477;78172;78171;78165;93696;78167;144341;78169;78178;78174;78179;78175;78182;78181;78177;138819;78180;78176;154679;78185;184224;78184;79670;78188;100135;143112;78190;78189;78192;78193;78187;78183;78191;83502;83004;105735;78194;78198;78200;78196;78195;80257;78173;78660;78491;78197;127496;86006;80256;84451;78696;91617;78199;80447;133625;78835;79340;79601;78877;137676;79732;79602;79604;79605;79644;86007;79587;79809;79603;79606;85945;80059;78697;118633;85946;79891;80038;81557;80231;81608;92384;79892;92383;80108;92528;86008;88582;80891;80529;97671;81558;86009;81390;80309;81303;85947;88433;162431;156835;141185;160560;82671;184232;86256;81391;82513;88434;86272;82576;86271;81609;118634;83148;82577;85948;119731;88435;82905;85949;82672;125683;82673;82932;83038;83006;83005;83749;86257;95938;85950;85951;82931;97420;99203;91202;93135;93256;86026;111708;154702;85952;93850;86010;85916;85917;163776;91368;85771;85953;85918;91367;79733;88064;85963;78159;88436;94345;84010;86011;86012;88437;82539;85054;86014;99238;88065;85954;84627;85131;86013;88847;85518;88811;88812;93915;94655;91507;91398;91301;91579;85607;105510;85708;85852;85697;88814;93084;85853;86015;88813;91328;85854;85856;85855;85932;101938;85857;91329;85890;97307;85891;138230;119894;97308;97531;91432;91302;95963;86407;87902;86330;118635;86187;86358;88438;91433;86109;86449;87903;97560;91314;91313;88815;156824;86729;91330;91315;91448;99048;86773;136133;147636;86796;86774;123977;88439;86619;184327;161332;118636;184335;85889;88848;160392;184331;144363;95939;119793;154686;126397;155624;104190;149078;184321;118637;139704;93100;135014;99920;175432;110057;93257;183042;126399;92667;126398;118639;139817;118638;177579;183048;123136;184334;138652;118601;91434;97152;118640;144103;118641;132556;184324;167058;92876;100179;159886;184332;118642;161372;142359;94646;154700;101491;136209;136208;90455;134957;99641;104687;97401;104304;104191;92707;132557;126400;152776;118643;87787;118644;101492;151466;105401;97838;149081;104107;119818;160397;146388;107135;100000;166238;94984;163779;91861;160395;121439;97444;94449;160537;87660;122763;160564;132558;90324;160391;118645;132559;129309;124419;119733;95940;184322;136134;156826;177577;184242;100181;127078;154690;118603;95717;184325;95941;151463;97153;122554;118602;160568;144344;139818;122764;184333;163767;144364;132560;118646;123031;142043;177570;156831;95942;139819;129310;118647;132561;183039;87904;105437;118649;166297;129307;124420;118648;129311;132562;156828;118650;184329;154703;97445;157297;184239;91142;184243;163783;91143;91580;139820;119895;146403;122765;100136;132563;104192;156843;87432;119696;165658;95035;184326;156834;129312;118651;87905;147633;163402;125480;144358;159139;137915;105438;122433;88849;91694;105402;154682;138395;176382;166236;94147;104305;118652;147631;97421;92847;105403;104108;119697;132548;154672;154699;152825;137916;142523;121440;154680;146390;160487;95900;146405;118655;161503;159281;88851;151499;184240;105439;118604;118653;156829;132564;118654;184330;147632;105404;177583;184238;123032;184241;118656;168419;95964;97478;184328;184323;97154;163787;97360;107136;95718;94647;100180;136135;91054;146611;126401;136136;93839;127497;162943;134958;94985;118605;95400;148278;160566;154674;152827;124464;139821;93247;91055;97361;150462;118657;144098;132565;164910;138233;132566;118658;104306;118606;160485;96463;93749;177582;88871;97422;132567;124421;94117;184262;147500;157367;184261;184265;127498;97479;139822;154689;152823;162942;149070;183051;153762;100001;91695;119635;160484;127493;118659;184250;177557;184266;160571;95965;118607;123978;150194;184251;139823;144093;100137;101093;166237;167059;118660;97155;126402;118608;144359;152820;78201;139824;163088;100002;136137;92959;152777;137917;147629;177576;87771;136138;184258;96985;184244;103262;184269;78203;118661;105440;166747;154692;118662;78202;122766;142041;118663;152814;142049;159379;97218;138231;154676;147630;156823;184248;143110;91056;118666;118665;118664;118667;126403;184263;184270;118668;129314;122767;174338;93136;105468;101858;139825;86016;147524;124422;166245;118669;97402;118609;160551;78204;144435;135940;183043;91435;91551;88769;166567;124423;136139;97924;118670;144352;142248;78205;95943;88025;155605;118671;125481;160570;132568;133511;184271;144345;118672;129315;156841;93916;163778;97446;184255;88872;184273;100003;149069;92708;97423;184245;160546;90102;150465;144357;118673;118674;144349;118675;94766;118678;95944;105469;99009;90411;137918;170492;87433;93201;118676;160559;184264;166240;154675;152826;147634;163781;118677;160630;132569;105441;97362;93239;118679;160482;101912;184257;163334;93202;156837;100704;123838;123837;184267;118680;118610;127499;111709;136207;88852;132570;94479;95966;125482;154695;136140;160561;97532;103313;118682;119819;160573;122434;184253;161504;156840;118681;121441;104307;97447;118683;78206;162483;118612;100138;145255;99204;143102;155753;94206;147635;163775;177580;104261;147625;100004;184246;147623;132571;177578;156825;160558;139827;101493;184249;139826;93750;87434;151496;162729;144355;107137;160556;136141;142036;177574;163786;163784;91303;78207;99444;88463;94412;184252;132572;105442;160547;94522;154693;156842;88742;134959;184268;100331;118685;118684;144361;118686;88026;104193;91144;132573;132547;90809;122622;104260;119820;129313;126404;125483;92986;84966;142037;118611;88873;132574;88066;146404;154880;97156;118687;165258;154691;160569;88440;94118;136142;118689;118688;118691;133774;88770;118690;78208;93840;118692;126405;184260;97424;78209;143103;104415;100112;136144;118693;95967;177226;78211;184247;78210;88441;155754;78212;184259;136143;78213;147627;154696;161197;154671;184256;157329;160553;95036;176552;126406;156838;99921;138067;101094;147624;177274;118694;94480;134960;160555;184254;94301;166239;93550;88888;152824;78214;184272;146391;160574;94923;163772;168433;154677;95968;154687;139828;104341;138234;136145;126407;118695;144356;119668;112023;95969;100280;126408;105470;126448;184300;154683;103995;104194;125484;142247;93841;88874;118696;87788;110058;150460;100182;132575;110059;127500;91369;184301;142046;135015;104308;91436;174340;129316;118697;78216;184302;152815;154968;126409;101913;118698;163782;97333;93203;150469;184294;163777;154673;132576;78215;78217;118613;118699;160572;78218;104109;78219;91331;140616;137919;104135;160552;184293;118700;95970;184296;86017;90456;95971;142264;124424;146402;96781;151465;78220;156830;132577;105443;100006;177584;118701;184299;161373;163734;158316;78221;105444;105445;160554;154694;96464;78222;162484;154681;78223;179952;87435;100007;138232;127501;94648;146408;78225;94687;146398;129317;136146;124425;87436;163774;154888;78224;100168;149072;156839;122435;140470;140617;92765;184298;132578;78226;92709;160396;184297;163235;132579;99546;90161;118702;132580;176362;160545;160548;152821;163780;156836;167739;166242;118703;94986;104262;124426;87906;136147;132581;132582;139829;152822;125485;101859;152817;119669;101242;88442;104342;97902;127494;126410;154688;88569;89945;78227;177575;78228;138068;163403;122768;97480;96288;184295;101324;129318;137378;160563;183045;78232;105405;118724;78231;78229;105471;91552;151790;102732;102733;151021;174339;174337;81597;175131;78230;175792;30152;60154;43164;13662;13665;13663;13661;13667;13669;13668;13666;13672;13671;100139;92005;13677;13675;13674;13673;62243;13679;13678;13676;13688;13684;13687;13686;13680;13692;13683;13694;13682;13689;13691;13700;13695;13693;13697;13702;13685;13703;13698;13709;13704;13699;13705;13696;13690;13708;13707;13706;13715;13711;13713;13717;13701;13719;13714;13716;13718;13720;13725;13723;13712;13722;13724;13721;13727;13729;13730;13736;13726;13732;13734;13748;13735;13749;13737;13738;13728;13750;13746;14207;13739;13851;13850;14203;14210;14208;13731;14252;13733;14320;13747;14627;13710;14839;14348;14592;14374;14209;14628;14321;14643;14349;14741;14593;14690;14742;14373;14688;14743;14692;14691;14701;14744;14642;14702;14689;14704;14703;14807;14764;14717;14808;15475;14716;15471;15422;14765;15584;15578;15730;62245;15544;15430;62246;14789;62247;15585;15454;15734;15732;15748;15733;15735;14693;15747;15842;15790;15896;15791;15930;15848;16026;15895;15979;15841;15978;15847;16029;15976;16031;16030;16055;15980;16050;16051;15977;16107;16028;62248;16052;16098;16099;16032;16267;16097;16033;16027;16113;15474;16134;16286;15731;20056;16133;20074;20075;16285;16268;16287;20098;20076;20100;20073;20101;16167;20077;20139;20078;16288;20164;16289;20114;20166;20099;20190;20186;20165;20189;20187;20229;20191;20231;20230;20192;20232;20256;20194;20287;20193;16301;20259;20243;20188;20257;20138;20260;20290;20288;20304;20278;20307;20289;20258;20277;20279;20323;20291;20306;16350;20305;20324;20311;16349;20310;16351;20325;16354;20350;16352;16355;20309;16353;16356;20351;20242;20308;62254;16358;62253;17137;16466;19614;16373;20326;19618;16374;19620;19617;19615;19625;16467;19622;18314;19621;18316;19619;19616;18317;19630;19624;18315;19628;19627;19631;19632;18321;18322;19629;19635;18320;18318;19634;19633;19623;18319;19637;19640;18324;18326;19638;62255;18323;19641;18328;18325;19643;19642;18327;19626;18331;18330;18332;19639;18334;19645;18333;19646;19648;19649;19651;19655;19650;19656;19647;19653;19657;19654;62256;18329;19644;19652;18335;16357;62257;62258;18377;16166;18378;18336;18439;18438;18509;13670;18577;18508;19636;18575;18542;18574;18581;19464;18579;18582;18580;18578;62259;18593;18685;18543;19190;18624;19197;19259;18684;16118;16119;18625;19198;19262;18337;19272;19271;19260;19230;19290;19264;19261;19273;19279;18604;19293;19278;19280;19276;19375;19275;19292;19378;19374;19321;19434;19291;19465;19294;19467;19320;19468;19466;19436;19379;19420;19438;19421;19660;19469;19322;19481;19437;19661;19482;19659;19483;19480;19435;19663;19274;19662;19666;19470;19668;19665;19724;19471;19726;19725;19667;19728;19720;19729;19721;19732;19722;19731;19730;19736;19733;19734;19723;19735;19727;19739;19738;19737;19872;19868;19871;19873;19876;19869;19874;19879;19877;19971;19870;19875;19884;19880;19972;19973;19883;19740;19881;20023;19882;20167;20026;19878;20028;20029;20025;62261;62260;20024;20027;20404;24027;20021;20407;62263;20408;20406;62262;20756;20405;20403;20410;20847;20757;24029;24028;20871;24032;20848;20872;24031;20882;24036;20881;24035;20409;24033;20730;24030;20022;19664;20884;24034;24039;24041;24038;24044;24040;20883;24043;24046;24045;20937;24048;24052;24054;20802;24056;24042;24058;24053;24050;24051;24060;24057;20997;24055;24047;24064;24066;24049;24068;24067;24063;24070;24065;24061;24062;24072;24074;24073;24076;21076;20998;24075;24077;24079;24078;24069;24081;21122;21123;24059;24082;21191;21169;21192;21101;21250;24071;21190;24083;21273;21294;21251;24084;21296;21249;21252;24086;21253;21295;24087;24091;24088;21274;24089;24090;24098;24094;24096;24097;24092;24100;24104;24103;24102;24095;24093;24080;24085;24106;24107;24110;24109;24112;24114;24099;24113;24101;24116;24120;24108;24119;24115;24111;24126;24121;24124;24123;24117;24118;24130;24125;24122;24131;24129;24135;24133;24138;24132;24134;24127;24141;24144;24136;24146;24142;24150;24143;24137;24145;24140;24139;24148;24147;24152;24128;24158;24154;24153;24156;24149;24163;24155;24160;24162;24157;24166;24159;24165;24168;24167;24161;24171;24175;24173;24172;24174;24164;24179;24170;24181;24180;24182;62264;24176;62266;24183;24178;24169;24151;24105;24037;62269;24177;62267;27648;24184;27649;24185;62270;62265;27652;27651;24186;27650;27657;27653;24189;24191;24188;24190;24187;27655;27660;27654;24192;24193;27656;27661;27663;24194;27658;27664;27668;27666;24196;24195;27662;27659;27669;27673;27665;27670;27671;27667;27672;24198;27675;27674;24197;27678;27681;24200;24199;24225;27676;27682;27685;27686;27677;27684;24224;27680;27679;27687;24298;24231;27690;27691;27693;27688;27695;24226;27683;27694;27689;27702;27701;27700;27696;27692;27699;24229;24230;27704;27706;27705;27708;27698;27709;24820;27697;27711;27712;27715;27710;27717;27713;27719;24325;24299;27707;27714;27718;24324;27721;27722;27716;27723;27724;27726;27730;27727;27729;27732;27725;27736;27728;27735;27734;27739;27733;27741;27738;27740;27720;24301;27742;27737;27745;24300;27743;27748;27746;27731;27750;27744;27749;27751;27755;27747;27753;27754;24304;27756;27752;27757;27759;27762;24305;24349;27763;27761;27760;27766;27768;27764;24303;27767;24348;24306;27771;27772;27769;27758;24361;24302;24360;27703;27770;27776;27774;27775;27777;27765;24693;27778;24728;24692;27786;27781;27785;27783;24694;27788;27782;27784;27790;27792;27791;27780;27789;27796;27798;27795;27799;27794;27801;24714;28152;27793;27805;27800;27779;24766;27787;27807;27797;27806;27808;27810;24716;27811;28302;24718;27809;24717;24715;24729;27821;27820;28155;28186;28254;28154;27822;24767;28303;28158;28160;28157;24768;24769;27812;28161;28255;28159;28163;28162;28187;28164;28304;24822;24821;28190;28189;28191;28213;28305;28153;24795;28188;28306;24796;28156;28216;24823;24824;28214;28307;24882;28256;28229;28258;28231;24885;24836;24883;28215;28230;28310;28311;28257;24837;28340;28309;28341;28313;24884;28342;29264;28344;28343;24922;24925;28312;24926;30024;24924;24923;28308;28347;25001;29193;28345;29194;29265;24927;25002;29195;29267;29266;24928;30068;29269;25045;29270;29268;29271;29272;25046;25003;29273;29274;30069;25013;29709;25028;29278;29276;29277;29708;25027;29841;25030;25047;25029;25014;29284;29279;29282;25048;29281;29710;28346;29711;29842;29283;27773;29280;29275;19658;62268;28192;154684;29714;29712;30026;29715;29713;25101;29809;29757;29763;29760;29759;29810;29762;29761;29765;29764;29767;29766;29795;29794;25180;25178;25127;25128;25183;25179;29758;25232;25181;25230;25302;25182;25234;25466;25303;25467;25448;25304;25233;29768;25468;25358;25357;25379;25375;25377;25450;25231;25559;25380;25471;25376;25508;25378;25511;25617;25509;25510;25449;25587;25470;25618;25590;25507;25589;25716;25658;25620;25657;25621;25630;25747;25659;25619;25717;25838;25631;25783;25588;25839;25745;25863;25912;25469;25913;25939;25910;25864;25865;25975;25911;25979;25977;25746;25978;25941;25976;25940;26082;25980;26115;26083;26081;26934;26114;27059;27061;27058;26932;27060;27632;26116;27636;26936;27631;27634;26935;27633;26933;26036;27638;27639;27635;29197;28234;29285;28232;28314;28315;29196;29287;29198;29846;30070;29848;29844;29843;29286;29863;30071;29864;29847;29941;28233;29945;29845;30027;29942;29943;29865;30028;29940;29986;29949;29944;29985;29946;29987;29947;29862;29948;31361;29989;29988;30073;27637;25862;30076;30074;30079;30077;30075;30072;30082;31427;30233;30113;30085;62274;30078;62271;30084;30081;30080;30083;31362;62272;30086;62273;34965;37932;30114;62275;30115;35013;62276;34966;37675;36853;37222;35012;35014;35015;36774;36311;37734;35226;35227;35044;35046;35385;36704;37165;35078;37823;35079;35045;35048;37147;36373;35047;30087;36742;38122;35092;35063;37924;35094;30234;35096;35064;35065;37348;37057;35095;35049;35098;37657;35093;35097;37255;35099;36755;37488;35062;30235;36460;35229;37100;35228;35230;38098;35233;35231;38006;36894;36447;36324;37149;35237;37257;35234;35256;35236;35264;35238;35265;35255;35239;35266;35267;37268;36266;37568;36570;37604;35232;36263;35235;35386;30159;35387;30157;35665;30158;35592;30237;30161;30163;30162;30236;30160;31058;31057;31060;30240;31030;31029;30238;31062;31061;31059;31066;31064;31068;31072;31067;31070;31069;31077;31063;31071;31065;31076;37313;31075;31079;31074;30156;30239;31104;31103;31080;31108;37013;31106;31172;31107;31105;31073;31152;31124;31175;31363;31174;31176;31171;31173;31181;31177;31153;31180;31178;31182;31364;31312;31314;31812;31313;31365;31311;31814;31317;31316;31813;31366;31326;31428;31325;31368;31318;31315;31179;31372;31371;31373;31430;31369;31434;31374;31370;31431;31436;31433;31432;31665;31429;31375;31668;31664;31669;31435;31690;31670;31971;31970;31688;31667;31691;31689;31742;31692;31712;31747;31713;31744;31746;31666;31815;31749;31745;32087;31817;31367;31818;31750;31743;31823;31751;31816;31820;31826;31819;31828;31827;31972;31821;31974;31822;31973;31977;31979;31829;32382;31980;31825;31982;31824;32039;31981;31975;32037;32041;31978;32088;32042;32090;32044;32092;32043;32091;32089;32040;32036;32095;32093;32099;31976;32097;32096;32038;32098;32105;32103;32102;32106;32196;32104;32109;32100;32108;32101;32202;33143;32198;32107;32199;33144;32197;32201;32200;32204;32207;32206;32205;32328;33231;32458;32331;32330;32329;32334;32333;33232;32335;32327;32339;32337;32340;32341;32094;32338;32336;32332;32345;32344;32343;32346;32348;31748;32385;32460;32349;32203;32383;32459;32384;32347;32387;32412;32410;32409;32408;32411;32386;32462;32461;32437;32413;32463;32464;32468;32414;32469;32436;32465;32485;32466;33081;32486;32467;33079;32484;33080;33083;33113;33112;33082;33078;32483;33147;33115;33149;33148;33117;32438;33145;33179;33146;33184;33116;33221;33185;33181;33183;33180;33369;33182;33368;33150;33238;33222;33235;33237;33370;33234;33260;33236;33262;33371;33259;33407;33263;33405;33373;33264;33233;33406;33114;33409;33404;33413;33261;33414;33411;33410;33412;33415;33417;34124;33455;33372;33453;33457;33418;33469;33454;33456;33458;33535;33468;33515;34421;33416;33839;33459;33840;33536;33516;33517;33520;33519;33518;33521;33541;33538;33539;33540;33514;33537;33555;33542;33765;33470;33543;33569;33553;33767;33766;33841;33768;33842;33770;33769;33844;33778;33776;33845;34172;34100;34102;33846;33843;33777;34127;34129;34125;34103;34132;33847;34126;34134;34101;34136;34128;34137;34131;34130;34422;34135;34138;34140;34279;33408;34139;34133;33883;33554;34143;32342;34147;34142;34144;34146;31078;34175;34148;34145;34173;34149;34176;34179;34178;34180;34181;34183;34177;34185;34184;34224;34186;34150;34227;34174;34281;34187;34203;34284;34204;34280;34287;34226;34283;34282;34285;34225;34286;34423;34182;34305;34306;34307;34341;34309;34343;34342;34308;34357;34314;34376;34479;34378;34377;34424;34379;34380;34381;34427;34426;34425;34480;34344;34454;34452;34453;34710;34455;34456;34483;34482;34494;34711;34670;34481;34495;34674;34672;34671;34675;34356;34676;34673;34493;34313;34701;34681;34677;34682;34451;34703;34712;34683;34702;34684;34704;34758;34705;34747;34759;34716;34722;34721;34715;34746;34706;34714;34748;35017;34749;35016;34825;34707;34760;34776;34775;34761;34774;34778;34826;34828;34750;34830;34827;34717;34834;34829;34832;34837;34831;37315;34836;34833;37326;34777;34824;37735;36641;37525;35389;35388;37912;35392;35394;37801;35398;35390;36344;35396;35397;37803;35393;35391;36933;35395;37860;36411;37826;35455;36929;37219;37157;35399;37875;35404;36222;35456;35400;37947;36767;35439;35440;35464;35438;35593;34835;34713;37773;35666;35441;35465;37071;38129;38028;37560;41974;42374;42072;42123;42073;41973;36322;42074;42124;42121;42267;42375;42122;42126;42153;42125;42268;42127;41975;42154;42270;42128;42269;42377;42157;35466;42158;42444;42447;42376;42448;42445;42156;42155;42446;42192;42271;42195;35693;42449;42786;42152;36971;42194;42273;42274;42378;42379;42275;42272;42882;42279;42881;42278;42281;42280;35560;42277;42382;42297;42827;42276;42383;42935;42386;42384;42380;42403;42400;42381;42402;42883;42884;42450;42401;42965;42385;42787;42193;42453;42452;42803;42805;42936;42901;36779;42902;42804;42807;42903;42905;42904;42984;42906;42802;42806;42846;42849;42848;42845;42987;42986;35561;42985;42988;44877;37289;37553;43113;42907;43008;37279;36882;42908;42910;42909;43327;42941;42847;42885;42938;42911;42966;42937;42939;43115;47167;43370;44878;43114;42940;43602;42942;43611;43329;43371;43090;43012;43011;35594;43014;43032;35595;43591;43010;43009;43035;47168;43612;43117;43034;43116;43033;37680;43330;35596;43092;43373;37960;43013;43103;43091;42451;43372;43328;43036;35457;43121;43120;44879;43123;43165;43125;43124;43118;43126;43603;43331;43334;43332;47169;43333;47170;43335;43339;43122;43166;43341;43337;43604;43338;43374;35734;43375;44880;43340;43607;43592;43606;44883;37881;43593;35597;37378;44881;35667;43594;44882;43336;36489;43595;35671;36702;36955;37920;37466;35670;35668;35669;36735;36304;36913;35735;35720;37388;36301;35694;35781;35808;36603;37687;36796;35744;37641;35745;35756;35753;37133;37543;35782;36780;35746;35933;36945;35769;37727;35783;36748;36291;35604;38079;35801;36866;35802;35960;35959;37482;35926;36287;35927;36875;35909;35961;35934;36068;37264;37197;38159;36233;36108;35981;39392;36827;35962;37872;36320;37423;37136;35994;35983;35982;36660;36384;35984;38080;36811;36022;35997;37444;35995;36026;36023;37633;37323;37242;36024;36025;37306;35996;36503;36054;37911;37298;36156;37813;37599;36109;37824;36091;36125;36905;36124;37517;36077;37541;37865;37753;37866;36126;37905;38669;38672;36110;36165;36041;38796;36996;37055;36175;38671;39593;36312;36706;36703;36166;39592;36209;37075;38185;38184;38956;36210;36211;36261;37309;36190;37870;38160;38187;38673;38674;38675;38726;38809;38835;38727;38676;38189;38811;38810;39453;38186;38958;38749;38188;38748;38994;38960;38812;38959;38797;38961;38962;38798;38836;38837;38993;38750;38862;39393;38957;38904;39475;38906;38905;38931;39474;38908;38933;38907;38936;38919;38995;39476;38932;38918;38935;38916;38939;38934;38917;38940;38942;38996;38941;38863;38999;38937;39000;38943;39539;39395;39394;39503;39400;39397;39771;39396;39398;38998;38997;39505;39399;39403;39401;39541;39404;39542;39402;39405;39456;39504;39458;39406;39454;39543;39544;39407;39457;39477;39459;39455;39507;39545;39511;39506;39540;39509;39546;39510;39513;39547;39844;39603;40828;39548;39604;39512;39609;39605;39607;39602;39608;40474;39611;39610;39613;39854;39606;39774;40948;39773;39855;39847;39846;40410;40580;39845;39772;39857;39858;39856;39612;39860;39862;39861;39859;40409;34141;39864;39508;38938;38670;39865;40346;43119;39866;40424;40347;40412;40356;40425;40395;40357;40451;40426;43015;40414;40427;40411;40428;40455;40358;40481;40453;40670;40475;40484;40476;40456;40413;40504;40454;40483;40482;40507;40829;40628;40627;40754;40505;40830;40755;40506;40757;40452;40517;40756;40774;40536;40534;40514;40566;40516;40579;40949;40567;40568;40950;40599;40601;40570;40569;40535;40581;40602;40831;41629;40832;40603;40671;40606;40864;40673;40863;40605;41628;40604;40515;40600;40675;40629;40582;40672;40681;40676;40682;40678;40683;40680;40833;40688;40684;40689;40759;40677;40686;40866;40690;40758;40687;40685;40679;40780;40865;40855;40809;41630;40810;40951;40857;40908;41609;40867;40854;41633;40990;40952;41632;40909;42454;40991;40895;41631;40898;40856;41015;40896;41016;40955;40956;40992;40953;40996;40994;41020;40954;40995;41018;41610;42387;41017;41611;41634;41019;41614;40993;42282;42045;41613;42283;41635;41636;47174;47171;47175;47172;47176;47177;44884;44885;47178;44888;40897;40674;44886;44887;44889;41612;47183;50669;47185;47182;47181;47173;47188;47180;47184;47193;47189;47186;47196;47190;47192;47199;47187;47195;47197;47202;47194;47206;47200;47191;47205;47203;47201;47835;47207;47204;47214;47208;47210;47213;47198;47216;47211;47215;47217;49152;47218;47719;47220;47219;47596;47221;47212;47226;47585;47209;47224;47222;47768;47225;47228;47586;47720;47227;47597;47223;47229;47587;47607;47565;47673;47610;47608;47230;47674;47599;47564;47675;47685;47609;47686;47770;47684;47598;47611;47769;47612;47772;47836;47613;47837;47231;47723;47722;47687;47614;47771;48355;47839;47838;47840;47841;48206;48227;48356;47807;47808;47724;50428;48324;48358;48226;47811;48357;47810;47843;47812;47842;48376;47809;47232;47233;48228;47813;48410;47845;48305;47844;48229;47846;47234;47848;47847;47235;48230;47236;47238;47237;48412;47851;48411;47850;48207;47849;47241;48326;48208;47239;47240;47242;49677;48306;48359;49649;48929;48377;48388;48307;49091;49650;49090;48308;47721;48930;48378;47179;48746;48325;47243;48277;48365;49073;48310;48309;48304;48328;49660;48413;48329;53394;47245;48327;48390;48330;48391;48425;48426;47244;48367;50389;49104;48414;48331;48366;48369;49105;48914;48931;48913;48368;49153;48932;48379;48392;49074;47246;48897;48395;48393;47247;48418;48415;49106;48419;48747;48417;49107;49092;48420;48416;49060;47248;49075;48915;48748;49095;49293;49154;49094;49155;49294;49157;49093;47249;49059;49096;47252;49156;49122;49158;49061;49076;49159;47251;47253;49194;48394;49077;47250;48916;47254;49679;49196;49195;49240;49678;49097;49718;49242;49160;49245;49680;49243;49161;49239;49244;47255;49163;49162;49186;49197;49241;49198;49164;49199;49187;49201;49661;49246;49295;49979;49188;49248;49937;49719;49681;49200;49938;47256;49165;49247;49682;49664;49663;49296;49635;47257;51344;47258;49662;49722;51345;49249;49721;49683;49723;49724;49684;49685;49725;49726;49297;50697;47260;49782;49651;49817;47261;49727;50454;47262;49980;47259;49769;49819;49768;49818;49820;49981;49185;50455;49816;49982;49720;50025;49783;49821;50026;49985;49939;49968;50293;50294;51464;49987;49988;47263;49940;49984;50437;50390;49983;49986;50392;50004;50028;50006;50031;50027;50393;49969;50391;50394;50033;50032;50355;50477;50034;50029;50030;50005;50438;50395;50295;50311;50035;50439;50036;50007;50396;50356;50397;50593;50456;50310;50419;50497;50440;50496;50457;50479;50398;50312;50480;50441;50585;50399;50584;50483;50478;50484;50588;50421;50481;50589;50586;50468;50458;50587;50482;50420;50532;50422;50401;50485;50506;50414;50499;50403;50400;50498;50443;50564;50518;50565;50519;50444;50566;50507;50517;50515;50552;50553;50516;50459;50551;50554;50520;47264;50442;50486;47266;50626;50556;50508;50557;50555;47267;50568;50567;47265;50596;50550;50590;47269;50616;50595;50591;50615;47268;50592;50683;50682;50671;50685;50662;50618;50684;50672;50698;50673;50663;50617;50813;50675;50812;50674;47270;50656;50834;50655;50657;50847;50670;47272;50835;50836;47271;50664;50833;50972;50619;50814;50594;50354;48389;50837;50402;47274;51081;51064;51065;50867;47275;51083;51082;47277;47276;51084;51066;51068;50866;51067;50979;51150;51148;47278;51147;51346;51099;47280;51129;51131;51137;51130;47279;47281;51361;51362;51348;51406;51390;51373;51347;51374;51193;51375;51405;51151;51149;51414;51377;51407;51413;51415;47282;51383;51382;51381;51392;51429;51378;51391;51403;51408;51412;47283;51430;51419;51409;51442;51402;47286;47284;47289;47288;47287;47285;47291;53395;47293;51441;47292;47295;47297;47296;47299;47294;47290;47298;47303;51376;47305;47302;47304;47301;47307;51431;47306;51443;47311;47312;47313;47308;47314;47316;47310;47319;47321;47309;47320;47323;47315;47325;47327;47324;47329;47322;47333;47332;47331;47337;47326;47328;47336;47318;47317;47339;47335;47342;47330;47341;47340;47347;47345;47334;47343;47344;47346;47349;47352;47351;47354;47350;47357;47356;47355;47353;47359;47360;47362;47365;47348;47364;47367;47361;47363;47369;47371;47366;47375;47370;47368;47358;47338;47373;47376;47372;47374;47300;47383;47381;47382;47379;47378;47385;47387;47384;47390;47389;47388;47394;47380;47393;47386;47396;47395;47399;47391;47398;47405;47404;47400;47403;47409;47402;47401;47412;47407;47392;47406;47410;47411;47397;47417;47408;47418;47413;47421;47419;47423;47420;47414;47422;47424;47427;47431;47429;47428;47430;47425;47416;47432;47615;47426;47439;47434;47437;47438;47436;47441;47435;47445;47440;47443;47449;47444;47448;47447;47450;47446;47442;47433;47415;47452;47454;47455;47453;47458;47457;47463;47460;47467;47456;47464;47465;47471;47459;47472;47470;47468;47469;47466;47461;47476;47479;47473;47481;47462;47475;47483;47478;47480;47482;47489;47484;47490;47477;47487;47493;47488;47485;47496;47491;47495;47497;47499;47494;47486;47500;47492;47506;47474;47503;47507;47501;47505;47512;47502;47504;47511;47510;47516;47514;47513;47509;47518;47508;47517;47521;47520;47522;47523;47524;47526;47525;47533;47528;47530;47529;47531;47515;47532;47535;47534;47519;47451;47527;47498;47377;47537;47539;47540;47538;47600;47541;47543;47548;47546;47545;47551;47547;47542;47550;47676;47552;47549;51448;47554;54631;47555;47544;51576;51449;51947;47553;51577;51514;51565;54632;47566;51948;51512;51444;52552;51513;51445;51518;51517;51519;51516;51649;51578;51651;51647;51579;51655;51465;51652;51653;51648;51854;51650;51646;51566;51654;51656;51581;51787;51580;51788;51820;51678;51830;51680;51823;51821;51681;51822;51679;55002;53901;51831;51853;52004;51856;51864;51842;51927;51515;51863;51896;55984;55943;55865;51897;55866;55867;55868;55944;53478;55869;55910;55909;55985;55890;56075;55870;56095;55947;55891;55945;55986;55960;56096;55948;55949;56076;55951;55952;55911;55950;55988;55962;51980;55892;55946;56146;55989;55963;56010;51989;55953;55955;56011;55987;56013;55954;56012;55990;56014;56149;56286;56132;56131;55893;56097;56148;56147;56219;56287;51990;56098;56181;56150;56218;56099;56151;55961;56100;51855;56101;56015;56103;56180;56105;56183;56136;51949;56133;56396;56138;56135;56106;56134;56104;56201;56102;56107;56349;56137;56350;56302;56202;52017;56152;56200;56153;56184;52018;56155;52019;56351;56220;56232;56156;56289;56185;56221;56154;56222;56352;56186;52033;56288;56224;56353;56157;56158;56233;56322;56203;56225;56354;56223;52705;56228;56227;56226;52034;56290;56358;56357;56356;56294;52569;56292;51961;56293;56355;56295;52514;56359;56360;56303;56217;56361;51981;56416;56309;52515;56234;56308;56291;56364;51960;56366;52570;56367;56365;56419;56368;56370;56417;56363;56397;56418;56420;56386;56369;56421;56341;56537;56371;56573;56539;56382;56515;56538;56572;52464;56342;56424;56516;56423;56540;56475;56517;56487;56398;56489;56518;56519;56473;56474;56486;56422;56488;56457;56520;56543;56541;56542;56544;56656;56546;56788;56545;56655;56787;56575;52465;56852;56930;56851;56931;56547;56574;57141;56932;56717;56789;56933;56888;56886;57069;56790;57308;56887;56889;56934;56935;56792;56673;56936;56890;56362;56791;56719;56718;56885;56696;56182;47536;30025;47273;39863;57070;56731;57071;56794;56796;56795;56732;56721;52516;56864;57072;56937;56813;56720;56697;56814;56733;56815;56892;56938;56799;56939;56893;57142;56797;56863;56798;56950;56801;56722;56800;56940;56896;56865;56963;56802;56924;56925;56926;56891;56964;56966;56895;56894;57006;56918;57001;57000;57007;56897;57324;56951;56952;56941;52517;56898;57002;57325;52005;56967;57754;52057;57004;57009;57143;56899;57003;57073;57076;57008;57078;52159;57327;57326;57369;57077;57075;57368;57074;57418;57366;52518;57367;57417;52006;57328;57309;57416;57420;56965;57387;57385;57419;57437;57384;57386;57476;57421;57440;57383;57439;57423;57622;57388;57401;57438;57442;57450;57424;57478;57425;57714;57443;57452;57444;57441;57422;52467;57451;52538;52553;52485;52743;52520;52539;52466;57477;57389;52555;52571;52742;52556;52519;52554;52522;52557;52559;52560;52521;52558;52622;52602;52759;52624;52623;52562;52572;52601;52603;52540;52573;52625;52561;54834;52604;52639;52574;52675;52662;52661;52982;52640;52590;52644;52663;52645;52641;52643;52642;52693;52692;52981;52638;52591;52744;57382;52647;52676;52646;52677;52664;52694;52722;52679;52695;52665;52678;52681;52680;52724;52696;52723;52697;52706;52725;52727;52721;52953;52950;52952;52951;53516;53241;52964;52965;53305;52746;52999;52745;56296;53213;52726;53000;52983;53240;53215;53199;53363;53306;53214;53365;52984;53345;53200;52985;53364;53242;52954;52955;53452;53366;53243;53201;53202;53261;53265;53203;53264;53299;53367;53263;53326;53225;53438;53406;53436;53453;53325;53262;53437;53216;53550;53479;53454;53368;53300;53551;53458;53456;53460;53541;53462;53396;53480;53455;53459;53457;53481;53461;53464;53552;53518;53517;53498;53553;53519;53520;53560;53466;53555;53508;53557;53497;53561;53465;53467;53521;53556;53463;53554;53522;53499;53606;53537;53609;53563;53849;53607;53564;53567;53608;53565;53611;53610;53818;53612;53566;53816;53635;53834;53817;53634;54286;53578;53613;53645;53835;53864;53866;53644;53614;53863;53850;55386;53903;53904;53865;53435;53627;55050;53562;53615;53902;53851;54608;54944;54572;54292;54294;54609;54574;54634;54293;54295;54296;54635;54957;54575;54633;54573;55051;54636;54576;54975;54297;54910;55052;54912;54637;54907;54909;54908;54836;54837;54911;54976;54914;54913;54958;55387;54945;54977;54946;55003;54835;55053;54915;54917;54960;54824;54959;54948;55054;54949;55056;54978;55004;54916;54950;54962;55055;55006;55005;55007;54963;55149;54961;55492;54979;55148;55058;55147;55150;55059;55151;54980;55008;55495;55152;55493;55061;55060;55494;54947;55153;55062;55154;54981;55390;55057;55578;55155;55391;55676;55392;55389;55394;55156;55496;55476;55461;55475;55393;55675;55412;55462;55556;55464;55465;55426;55580;55466;55425;55842;55545;55497;55579;55654;55499;55498;55871;55428;55655;55525;55463;55599;55601;55526;55546;55427;55600;55557;55602;55560;55559;55558;55500;55561;55529;55501;55582;55528;55581;55595;55657;55596;55659;55603;55604;55611;55656;55662;56108;55660;55678;55658;55679;55738;55661;55562;55527;55388;55612;55740;55583;55680;55677;55751;56016;55663;55873;55872;55807;55874;55876;55875;55752;55808;55743;55741;55767;55742;55760;55843;55844;55750;56297;55771;55779;55766;55772;55777;55778;55753;55781;55780;57545;55744;55782;57584;55783;57566;57544;57453;57590;57479;57715;57592;57565;57563;57623;57564;57716;57624;57546;57591;57670;57625;57549;57645;57548;57717;57703;57718;57547;57694;57695;57672;57626;58461;57611;57627;57755;57782;57781;58462;57609;57644;55754;57671;57784;57897;57610;57674;57828;57756;57881;57673;57865;60006;57815;57898;57816;59974;57899;57719;59973;59940;60007;59972;59975;59826;62724;60069;59976;60128;60073;59941;60072;60070;60157;57986;57867;60158;62725;61465;60122;57987;57829;60123;61416;60074;57866;57757;60113;60130;60132;60071;60131;61417;61383;60075;61384;60143;61419;60146;60147;61418;60145;60148;60149;60144;61466;61421;60133;61386;61385;61422;61442;61468;61423;61470;61467;61387;61472;61474;61473;61496;61471;61497;61420;61469;61476;61475;61477;55739;61424;57817;60129;61579;61500;61499;57868;61664;61498;57783;61556;53836;61582;61521;61583;61628;57882;61666;61684;61580;61581;61667;61685;61665;61630;61663;61632;61613;61631;61635;57900;61633;61616;61629;61615;61584;61637;58013;61668;61669;62128;61634;62130;61614;62132;61601;61636;61686;61698;61602;57901;61699;61697;61755;61700;61688;62131;58014;61672;61674;62133;62135;61670;62017;61687;62136;61671;61702;62134;61701;61778;61756;62137;57902;62138;61736;61703;61757;62018;58120;61776;61777;61737;57952;61738;61638;57869;61673;62129;58122;61758;61759;57953;61739;62141;61724;57954;62139;62050;62417;62020;62189;62021;58123;62143;58121;62035;62019;62144;61761;62051;62147;62034;62140;62190;62142;62148;57903;62149;62053;62145;62150;62191;62052;62153;62151;57904;62154;61760;62156;62155;62146;62158;62163;62159;62319;62157;62165;62160;62321;62161;62320;58015;62166;62162;62377;62164;62324;62294;62192;57965;62378;58044;62323;62325;62167;62327;62295;58045;62226;62326;57966;62227;62328;62397;62322;62331;62152;62789;61779;62330;62334;62332;62418;62333;62228;62335;62337;62336;62442;62231;62193;62233;62443;62338;62232;62230;62297;62229;62339;64440;62398;62399;62550;62421;62234;64083;62441;62525;57906;62790;62654;62449;57905;62420;62527;62419;62400;62567;62502;62526;62528;62296;58018;62454;62530;58017;62455;62668;62529;62600;62486;62645;62551;62456;58046;62531;62601;62568;62532;63195;62470;62602;62655;62534;62535;58047;62605;62604;58048;62487;62726;62696;62533;62606;62603;62569;58049;62646;58016;62570;62727;62647;58050;62656;62503;62749;62538;62536;62537;58079;62607;62669;62658;62552;62648;62609;62839;62657;62779;62670;62608;58252;62673;62873;62610;62672;62765;62728;62750;62822;62863;62699;62698;62751;62671;58187;57988;62766;57989;62752;63029;62768;57990;62840;62729;62825;62864;62767;62889;62865;62824;57967;62841;62827;62754;62730;62829;58019;62753;62826;62912;62828;62874;62843;62769;58188;62875;62844;62846;62847;62848;62849;58080;62950;62850;62329;62842;62852;62823;62894;62876;62878;62851;62830;62877;62879;62845;62952;62895;62697;62880;62881;63101;62896;62853;62831;62854;62855;62883;62882;62913;58149;63007;62914;62915;62971;58189;65531;63208;63102;62955;62954;62953;63031;62970;63032;62978;63035;63030;63051;63034;63038;63036;63037;63008;63039;63009;63042;63041;63045;63127;63044;63010;63043;63040;63282;63128;63103;63052;63081;63046;63086;63083;63130;63084;58253;58098;63087;58020;63054;63085;63047;63131;63089;63129;63307;63172;63088;63196;63082;63012;63014;63011;63138;63033;63090;63056;63140;63048;63139;63055;63141;63053;58151;63173;63235;63209;58150;63233;63175;63142;63176;63057;63234;63178;63246;63179;63247;63143;63248;63132;58153;58051;63482;63249;63210;63177;63133;63180;63189;63174;58152;63250;63198;63237;63238;63211;63213;63236;63484;63197;63214;63212;63387;63251;63253;63274;63239;63327;63254;63255;63252;63360;63181;63485;64882;63486;63487;63328;58155;63361;63275;63276;63489;63277;63488;63215;63013;63308;65180;63216;58154;63524;63483;63513;63283;63240;63278;63309;58156;63491;63493;63494;63458;63375;63310;63496;63492;63495;63329;63362;63311;65823;63391;63363;63497;63343;63393;63336;63499;63392;63500;63389;63400;63390;63376;63498;63330;63459;63377;63378;63388;58125;58157;58278;63460;58686;63394;58158;58254;58159;58124;58126;58305;58279;58191;58307;58160;58623;58622;58256;58308;58280;58258;58282;58190;58281;58161;58297;63501;58259;58296;58255;58364;58306;58311;58309;58463;58257;58368;58310;58260;58371;58464;58369;58365;58370;58542;58312;58336;58372;58373;58366;58687;58406;58487;58544;58374;58376;58367;58375;58543;58420;58488;58465;58689;58419;58546;58337;58467;58346;58489;58466;58548;58377;58691;58405;58690;58468;58547;58625;58549;58626;58730;58688;58694;58550;58695;58692;58421;58624;58470;58693;58696;58627;58668;58699;58551;58700;58553;58552;58697;58698;58703;58554;58704;58669;58707;58628;58708;58709;58706;58731;58469;58418;58779;63490;58705;61425;62951;58701;58631;58545;58924;58630;58555;58634;58633;58702;58638;58636;58783;58781;58780;58635;58733;58632;58782;58710;58805;58712;58819;58732;58821;58637;58785;58711;58818;58639;58786;58856;58857;58820;58925;58996;58955;58713;58715;58787;58714;58926;58824;58858;58822;58784;58789;58755;58825;58823;58827;58826;58979;58956;58834;58911;58835;58860;58885;58912;58997;58910;58887;58909;58958;58861;58859;58886;58914;58836;58915;58913;58888;58959;58929;58927;58980;58960;59256;58932;59071;58862;58930;58931;59098;58928;58957;58933;58788;59257;58881;58916;58935;59079;58863;58961;58998;61585;59080;58918;58981;58970;59258;59259;58936;58999;59003;59450;59005;58917;59002;59000;59004;59100;58919;58971;59007;59006;58983;59022;58982;59081;59099;59101;59023;59260;58985;59262;61478;59008;59001;59025;59331;59264;58962;59198;59261;59265;59199;59072;59263;59266;61479;59102;59082;59217;59270;59024;59267;59268;59271;59203;59202;59204;59272;59200;59219;59531;59201;59274;59273;59296;59218;59295;59269;59297;59332;59205;59962;59483;58984;59278;58934;59300;59299;59429;59336;59301;59276;59279;59277;59333;59335;59340;59337;59339;59338;59280;59344;59345;59334;59342;59379;59343;59348;59389;59349;59347;59415;59350;59346;59420;59352;59418;59417;59416;59341;59430;59421;59419;59434;59433;59432;59571;59351;59532;59353;59435;59572;59511;59573;59390;59513;59512;59484;59485;59437;59534;59486;59535;59515;59538;59436;59661;59533;59487;59536;59537;59574;59541;59391;59488;59539;59438;59576;59689;59840;59542;59540;59545;59688;59575;59431;59514;59544;59691;59577;59543;59799;59579;59578;59546;59581;59422;59950;59662;59580;59694;59582;59665;59663;59720;59692;59664;59801;59695;59693;59548;59697;59699;59696;59666;59800;59841;59842;59550;59547;59739;59741;59549;59740;59802;59698;59805;59804;59744;59743;59827;59745;59951;59807;59943;59806;59808;59977;63628;63627;59978;63503;63502;63583;63504;63629;59944;63505;63514;63526;63649;63461;65229;63631;63515;63527;65230;63525;63528;63632;63531;63507;64084;63517;63516;63530;59742;63506;59690;59942;63509;63532;63518;63529;69819;63462;63650;63651;64366;64365;63510;63634;64367;63654;59298;64085;63630;63653;63633;63636;63635;63533;63624;63657;63658;64398;63656;63660;64086;64252;63652;64087;64251;63659;64368;63585;63586;63587;63661;64400;64254;64265;64266;64399;63584;63655;64267;63625;64255;64256;64371;64268;64253;64369;67261;64269;64370;64372;67266;67263;64441;67271;67264;67269;67268;67267;67265;67273;67270;67272;67262;64088;67279;67275;67280;67276;64270;68985;67277;69288;67282;64271;67286;67283;67284;67285;67278;67274;64272;67281;64373;64460;67292;67289;67288;67294;64274;67296;64273;67291;67290;67299;67297;67298;67300;67293;67295;67303;64276;64277;64275;67307;67304;67306;67312;67309;67314;67308;68998;67317;67311;64278;67313;64442;67301;67315;67310;67320;67316;67318;67305;67302;67325;67321;67323;68999;64401;67324;64402;67322;64403;67328;67330;64404;67327;67333;67326;67337;67331;67334;67329;67340;67336;64405;68860;64443;67341;69000;68986;67338;67332;67339;67335;67319;69001;64406;67287;68890;67342;68886;68884;69061;68887;68883;68893;68882;67343;64445;64494;68895;68894;68885;68891;68896;64495;68892;69002;68972;69004;64407;69003;69005;65168;64408;69006;68861;65169;68897;64410;69007;68988;68987;68973;69023;64409;69026;68989;69025;69198;68974;69199;68975;69145;69027;70202;69147;64672;69063;69062;69146;69095;69152;69149;69064;69148;69200;69216;64446;69151;69153;69217;69203;69205;69204;69201;69150;69085;64592;69209;69208;69202;69024;69355;69086;69028;69187;69207;69248;69188;69186;69403;64412;64447;69249;69210;64411;69211;69290;69380;64413;69298;64414;69356;69300;69299;69358;69381;69382;69359;70203;64415;69363;69361;69360;64417;69357;69362;69292;69291;69364;69289;64418;64257;69385;64419;69389;69386;69365;69384;64420;69404;69405;69388;69406;69390;69302;69409;69387;64416;64461;69407;69394;64593;69410;69408;69392;69461;69393;69411;69460;69485;64462;64444;63508;70909;69383;69486;64449;64448;69391;69524;69525;64464;69783;69782;69462;69450;69206;69772;64463;69784;69526;69463;69527;64450;69528;69530;69529;69436;69533;69815;69534;69531;69487;69773;69544;69535;69775;69498;69792;69774;69536;69488;69785;69532;69451;69820;69793;69821;69537;69805;69452;69545;69543;69887;70048;69962;69896;69857;69897;69858;70042;70049;70028;69963;69814;70050;70052;70029;70041;64514;70051;64496;69964;69965;69961;70030;70043;70053;69849;70054;69910;70032;70055;70031;64513;69886;70033;69911;69966;70034;69967;64497;70058;64477;70149;70057;70035;70045;64594;70059;64595;70083;70056;69917;70081;70150;70082;64538;64539;64596;70152;70151;70060;70153;70155;70108;70044;70037;70156;70107;69968;64540;70062;70036;70154;70106;70205;70061;70504;70046;70064;70003;70063;64598;70296;70047;70593;64597;70038;64600;70356;71542;70206;70235;70065;70237;70357;70158;64599;70236;70180;70159;64541;70238;70208;64543;64542;70345;70239;70358;70207;70297;70181;70157;69859;70280;70278;70305;71543;71544;70298;64601;64544;71081;70808;70209;70240;70506;64545;70505;65231;70361;70304;70281;71545;64546;70360;70377;70282;70406;70359;64602;70376;70420;70418;70404;70423;70419;64673;70427;70421;70425;70362;70426;70424;70429;70428;70431;70405;70507;70430;70509;70378;70528;70407;70508;70510;70861;70432;70638;70814;70511;70408;70927;70639;70410;70637;70436;70928;70815;70529;70929;70434;70409;70433;70422;70665;70512;70435;70550;64478;70666;70817;64625;70654;70653;70549;70819;70734;70640;70809;70514;70643;70655;70513;70820;70818;70644;70669;70642;70670;70735;70668;70822;70821;70645;64515;70823;70641;70824;70736;64868;70700;64650;70667;70774;70810;71056;64733;70775;70825;70811;70750;70786;71057;70826;70776;70788;70671;70827;70789;71058;70828;70812;64603;70930;70751;70829;70939;70830;70723;70832;70987;70931;70833;70840;71082;70831;70594;70862;70839;70813;70910;70787;70955;70816;70988;64674;70834;70863;70841;70864;70957;70912;70989;70990;70993;70279;71083;64869;70994;71059;70991;70992;70956;71061;70911;71060;64664;71062;71063;66337;64554;71066;71065;64675;71084;64665;70958;64651;71085;71181;71064;71148;66338;71142;71149;71147;64547;71150;71067;71403;64548;71086;71151;71182;71068;64677;71956;71404;71406;71405;71183;71407;64899;64883;71143;64604;71087;71247;72402;64678;71327;71248;71326;71069;64549;71411;64550;71409;71410;71408;64676;71281;71255;71282;71280;71358;71184;71412;71413;71279;71329;71222;71416;71330;71775;71418;71415;71360;71361;71417;71283;71185;71414;71419;71363;71362;71421;71331;71381;71364;71420;71249;71423;71359;71475;71587;71443;71256;71384;71382;71383;72110;71851;71503;71444;71478;72096;71504;71445;71479;71477;71250;71284;71476;71481;72097;72111;66339;71482;71446;71484;71548;71480;71546;71776;71853;66340;71619;71447;71483;71547;71852;71385;71422;71328;71549;71365;71386;71777;71590;71550;71620;71785;71589;71588;71592;71551;71621;71591;71754;71448;71624;71552;71622;71594;71625;71593;71638;71626;71505;71854;64734;71595;71765;71633;64735;71449;71596;71634;71757;71756;71759;71755;71623;71597;71768;71766;71761;71598;71760;71770;71627;72867;64736;71640;71767;71903;71600;71639;71771;71601;71788;71599;73871;71803;71789;71805;71602;71868;64900;64738;71869;71870;71804;64737;71758;71871;64854;71790;71872;64856;64855;64872;64870;64974;64871;64884;64976;64739;64679;65600;73870;64858;64977;64740;64975;64857;64940;64979;64741;64978;65232;65081;64982;64983;64981;65034;65587;64997;65588;64999;65233;65002;64941;64998;65001;65035;65065;64984;65000;65040;65036;64980;65038;65589;65234;65532;65657;64985;65182;64986;65645;65039;65235;65590;65619;65646;65658;65621;65620;65591;64901;65534;65236;65536;65537;65535;65647;65659;65772;65181;65713;65538;65593;65183;65649;65066;65636;65637;65662;65648;65539;65533;65773;65037;65592;71873;65671;70790;70204;65594;69189;65559;65824;65663;65746;65774;65622;58629;65748;71332;65745;65749;65825;65751;65754;66724;65664;65756;65753;65755;65750;69229;65752;65747;65758;65814;65759;65777;65776;66005;65775;65933;65831;65813;65859;65858;65760;65832;65833;65953;65826;65757;65954;65830;65834;65860;66006;65836;65778;65837;65839;65955;66591;66242;65838;65956;65861;66162;65962;66161;65963;65827;65961;66160;65815;65828;65966;65971;66163;65965;65972;65974;65973;66398;66241;66399;65934;66007;66008;65835;67344;66165;66181;65964;66400;66377;66164;66166;66218;66182;66191;66378;66220;66009;66038;66207;66039;66183;66258;69212;66011;66167;66219;66244;66208;66221;66184;66040;66260;66209;67345;66222;66243;66282;66259;66223;71553;66261;66245;66224;66168;66362;66010;66263;66246;66248;66262;66320;66249;66363;66309;66323;66297;66298;66247;66366;66322;66284;66324;66679;66321;66310;66433;66364;66299;66379;66432;66385;66367;66640;66386;66365;66501;66434;66703;66452;66368;66435;66704;66639;66387;66453;66401;66369;66593;66503;66592;66283;66595;66376;66529;66502;66436;66596;66530;66533;66454;66598;66594;66578;66580;66599;66531;66534;66380;66487;66680;66597;66641;67346;66579;66604;66577;66681;66532;66643;66606;66642;66619;66600;66647;66645;66601;66646;66605;66725;66651;66648;66644;66607;66655;66682;66653;66683;66654;66686;66656;67347;66684;66652;66649;67349;66727;66688;67348;66687;66657;66620;66685;66728;66624;66726;66625;66623;66627;66626;66622;66609;66793;66743;66628;66621;66610;66658;66729;66613;66612;66745;66608;66731;67350;66747;66611;66746;66732;66730;66733;66748;66751;66650;66629;67352;67351;67353;66794;67357;67355;67354;66749;66754;66753;67359;67356;66796;66795;67358;67363;67360;67366;66797;67364;67362;67371;67365;67369;67368;66752;66750;69218;67367;67370;67375;67361;67380;67376;67373;67378;67374;67377;67384;67385;67379;67382;67386;67391;67389;67381;67383;67394;67390;71914;67395;67387;67393;72048;67388;71915;72047;71912;71916;71800;71922;71920;71913;72189;72027;71923;72012;72028;71921;71917;71904;71905;71918;71919;72120;67392;72121;66744;72441;67372;71957;66388;72442;72307;73535;72308;73536;72015;72112;72014;71958;72249;72221;72222;72113;71959;72122;71982;71981;72124;77586;72126;77922;72123;77785;72127;77612;77783;77608;77787;72250;77786;77675;72125;72049;77782;79342;79341;77613;77788;77784;77790;77764;77867;79343;77791;77792;72029;77789;77766;77765;72030;78093;77794;77793;77870;77677;77676;77869;77923;77868;77795;77924;77796;78398;77797;77871;78400;72137;78399;77873;77926;77925;72190;77927;77974;72269;77872;77929;77866;77928;72050;72031;72191;77932;77935;77975;77936;78241;77931;77930;77997;78048;77798;77934;77874;78242;78050;78243;78049;78095;77933;77875;77876;77937;78051;77938;77941;77939;78052;77943;78053;77944;78368;77998;78094;77940;78054;77942;78369;78564;77999;78371;78000;78244;77945;78001;78370;78246;78703;78247;78245;78055;78099;78056;78373;78249;78248;78100;78098;78372;78375;78374;78101;78057;78097;78376;78377;72192;78058;78103;78378;78250;78566;78704;78380;78567;78251;78102;78402;78252;78565;78401;78096;78786;78787;78379;78752;78492;78705;78788;78568;78382;78706;78789;78790;78493;78494;78403;78629;78791;78569;78631;78792;78682;78683;79067;78796;78793;78794;78632;78797;78630;78800;78801;77767;78799;78798;78795;79068;79389;79191;79084;78582;78581;78571;78661;78707;78709;78570;78862;79085;78573;79390;78708;78802;78633;78662;78572;78574;78575;78711;78710;78576;78713;78726;78899;72223;78804;78806;78805;72224;78714;79086;78808;78863;78610;79069;78807;78728;78864;78803;79070;78715;79071;78712;78810;79087;78900;78901;79088;79256;78716;78727;78729;79257;78902;78904;78905;79193;78906;79192;72225;79072;78903;79089;78907;79073;79195;72226;79090;79092;79194;78812;79091;79391;78813;79093;79096;79094;78811;79074;79258;78814;79095;79196;78865;80362;78866;79237;79097;79098;79076;79236;79238;79077;79099;79100;79392;79317;79315;79314;79260;79239;79078;72356;72309;79344;79261;79747;79259;72357;79264;79765;79671;79262;79763;79263;79240;79345;79316;79075;78809;79393;78381;72013;79394;79265;79748;79395;79766;79894;79565;79749;79764;79768;79698;79396;79397;79363;79893;72310;79319;79646;79767;79699;81343;79895;79771;79770;79672;79896;81655;79897;79769;79398;79772;81344;79647;79607;79650;79648;79399;79645;79773;79898;79673;81345;79674;79651;79675;79676;79677;79649;79566;72251;79678;79608;79652;79899;79653;80363;79774;79700;79777;79679;79776;79422;79654;79779;79701;79778;79655;72252;79780;79702;72270;79775;79400;79783;79900;79781;79785;79703;79787;79786;79784;79704;79750;79901;79903;72154;79902;79752;79705;79904;79905;79751;79788;79907;79913;79909;79789;79914;79910;80060;79906;79917;79911;79916;72311;79912;79915;79921;79919;80129;80089;79790;80128;79918;79923;79920;79908;79926;80130;79927;79791;80364;79706;79924;79792;80365;79925;79929;79934;80131;80132;79928;79932;79931;79933;80090;80366;79940;79930;79936;80336;79938;79944;80061;79945;79937;80133;79946;79939;80367;79942;80258;79941;80232;79922;80062;80063;80134;79935;72444;79782;81346;79949;79948;80402;80135;79947;80137;80368;80287;79950;80369;80136;80370;79943;80139;80064;80138;80140;79951;80142;79952;80144;80337;80233;79953;80141;80234;80143;80091;81347;79954;80092;80403;80066;80065;83066;80836;80288;80067;80404;80835;80406;80236;80371;80340;80339;80068;80259;80341;81581;80372;80235;80260;80374;80289;80342;80261;80405;80292;80291;80290;80376;80375;81837;80344;80338;80295;80294;80346;80373;80343;80463;80146;80297;80296;80147;80345;72715;80145;80298;80422;80349;80347;80423;80348;80310;72716;72376;80377;80311;80378;72377;80313;80317;80314;80315;81957;81956;80312;80316;80323;72403;80237;80319;80321;80324;80322;80320;80325;80327;72462;80380;72445;80381;72379;80326;72378;72404;72447;72406;80379;72405;72408;72518;72253;72593;72448;72517;72407;72446;72358;72516;72359;72464;72450;72463;72648;72519;80318;72443;72451;72466;72449;72520;80293;72623;72380;72381;72752;72540;72465;72624;72545;72785;72539;72521;72783;72786;72627;72784;73422;72628;73030;72630;72625;72629;72544;72522;72524;72523;73032;72649;72651;72541;72526;72631;73031;73310;72654;72650;72525;72626;72760;72759;72675;72695;72674;72652;72762;72547;72656;72761;72787;72764;72753;72546;72763;72632;73537;72766;72806;72548;72788;72754;72765;72887;72789;72807;73140;72890;72913;72914;72917;72889;72868;73107;72888;72915;72767;72916;72657;72653;72969;73034;73033;73035;72971;72970;72973;72972;73036;72869;73037;73109;72871;73039;73041;72870;73038;72892;72918;73087;73108;72891;73217;73141;73086;72974;73043;73166;73044;73110;73145;73146;73040;73046;73142;73143;73045;73165;73042;73168;73144;73423;73240;73312;73193;73167;73047;73048;73170;73194;73311;73169;73171;73259;73258;73261;73424;73352;73260;73262;73313;73241;73746;73195;73242;73263;73353;73218;73354;73359;73358;73425;73357;73355;73360;73356;73264;73363;73361;73364;73366;73314;73362;73257;73538;72968;73265;73502;73503;73925;73315;73506;73505;73507;73367;73504;73539;73544;73926;73429;73601;73540;73600;73427;73365;73602;73658;73542;73543;73772;73545;73659;73509;73430;73546;73428;73547;73660;73508;73692;73774;73548;73627;73541;73695;73972;73693;73773;73700;73698;73729;73694;73628;73697;73701;74017;73696;73716;73775;73702;73699;73717;73748;73703;73631;73747;73731;73630;73750;73809;73776;73777;73730;73778;73808;73807;73811;73812;77061;73704;73749;73816;73603;73810;73874;73629;73872;73846;73815;73927;74382;73814;73845;73876;73847;73817;73873;73897;73878;73879;73877;73819;73928;79346;73875;73818;73973;73898;73848;73952;73929;74130;73954;73953;73956;73998;73899;73880;74109;79793;73955;74002;73999;74383;74166;73930;74165;73957;74018;74003;74110;74046;74282;74167;74111;74000;74112;74199;74048;74047;76092;74168;74198;74169;74131;74170;74281;74179;74113;74049;74174;74133;74229;74177;74201;74200;74178;74228;74230;74050;77092;74236;77093;73426;74180;79318;74237;73813;74231;72360;74001;74132;74238;74385;77104;77103;74387;74257;74386;74393;74175;74391;74232;74395;74392;74389;74390;74401;74397;74396;74399;74316;74400;74398;74403;76094;74388;74405;74317;74404;74394;74407;74409;76093;76095;76096;74414;74410;74402;74412;74502;74406;74413;74340;74500;74341;74501;74503;74411;76097;76151;76098;76173;76152;76099;76263;76153;74504;76058;76083;74339;76209;76100;76102;76174;76101;76175;76059;74408;76420;76176;76264;74478;76222;76210;79794;76221;76265;76691;76266;76133;76478;77769;77768;76419;76624;76334;77946;76421;76223;77947;76325;76326;76350;76352;76370;76351;76267;76268;76363;76374;76371;76692;76391;76327;76375;76335;76392;76607;76300;76376;76393;76328;76395;76394;76860;76625;76859;78383;76353;76539;76479;76466;76483;76422;76540;76485;76467;76486;76377;76541;77345;76484;77063;77062;76468;76845;76396;76542;76609;76626;76693;76629;76608;77205;77203;77204;76846;76610;76848;77064;76847;76627;76628;77065;76851;77346;76849;77206;76612;76514;76329;76611;76220;76877;76850;76878;76978;76875;76861;77066;76979;76918;76917;76920;76921;76919;76862;76852;76853;76981;76980;77770;77094;76613;76863;76718;77067;76982;76983;77069;77310;77105;77070;77207;77309;77071;77208;77223;76984;77268;77224;77072;77308;77209;77440;77210;77068;77106;77311;77095;77347;77225;77226;77312;77232;77231;77948;77107;77393;77108;77211;77392;77314;77227;77349;77350;77348;77313;77352;77353;77442;77228;77441;77269;77351;77233;77359;77423;77395;77424;77354;77360;77394;77073;77399;77398;77361;77425;77397;77362;77443;77678;77444;77427;77771;77426;77400;77587;77447;77449;77482;77446;77445;77772;78038;77428;77481;77588;77448;77484;77949;77450;77592;77589;77363;77591;77590;77429;77800;77799;77614;77593;77559;77594;77616;77483;77617;78583;77615;80530;77595;89124;77801;77430;80448;89123;80531;80532;83920;89128;89127;80575;89126;80576;89125;89129;89131;89130;80451;80533;80450;80893;80465;80894;80892;80837;80464;80974;82306;80534;80875;80873;89133;80874;80535;80536;82626;82625;89132;80449;80876;77451;80452;80895;80896;81057;77396;80839;80975;81611;81610;76876;89134;80897;81059;81060;81007;89135;81058;81091;81092;80978;81348;81008;80976;89139;80977;89136;89144;89137;89146;89142;89141;89143;84375;89140;84452;84374;84456;89145;84454;84301;81529;84376;84455;84512;84475;89138;84458;84513;81530;85283;84460;84453;92046;84457;84461;84476;84840;84515;81093;84459;84478;80979;84514;85083;85084;84477;84678;85085;84517;81151;84479;84437;81190;81132;81212;84480;84518;84519;84841;85282;84901;84842;84679;84521;84680;84774;84681;84749;84520;86312;80980;84775;84516;81191;84682;89147;84773;84684;84776;84750;84685;84843;84687;84686;84777;84844;84751;84845;84752;89148;85055;84683;84779;84753;84847;84778;80981;84902;85086;81152;84846;85056;81133;84849;84903;84904;84848;84688;84689;84851;84967;84850;84968;85057;85058;84852;84690;80982;84691;85059;84969;84692;84853;81153;84854;85060;89149;82596;85087;85061;85062;85132;84855;81349;85088;84905;84907;85063;85090;85065;81170;85091;85089;85064;85094;81112;85093;84909;81213;84906;84481;85133;81171;81061;81172;85092;85467;85421;85286;85420;85095;85168;85307;85166;85287;85285;85167;85288;85389;81173;85468;85134;85289;85290;85548;85170;85284;85549;92047;85310;85358;85312;85311;85309;85308;85171;85244;81214;85169;81095;85390;85315;81094;85361;85392;85359;85360;85317;85314;85316;85363;87959;85362;85393;85570;85470;85365;89150;85391;85469;85665;85472;85550;85474;85291;85475;85292;89151;85422;85471;85318;85551;85552;85394;85473;85553;85423;85478;85364;85313;85554;85477;85555;85592;85479;85480;85556;85727;85811;85709;85476;85482;85481;85591;85666;85425;85659;85571;85669;85670;85667;85557;85638;85572;86683;85812;85558;85672;81215;89153;89152;85698;85673;85559;85814;85815;86684;85813;85772;85671;85668;86313;85817;85676;85819;85675;87059;81113;87060;86027;85678;85674;87061;86331;85677;85821;85919;85773;81216;85920;81217;85822;85825;85818;81218;85824;85826;85823;86028;81114;86029;85820;85900;85827;85774;81115;81350;85964;85829;85828;86258;85899;85728;85990;85989;80838;86158;86160;85424;85933;86128;86030;86159;84908;85831;86032;85956;85934;86129;85892;85816;86161;86259;85832;85935;86033;85955;86035;81351;85936;85939;86031;85940;85921;85938;86034;86797;85937;86036;86039;86038;89154;85922;86037;86798;86040;86799;86319;86041;86228;85923;86051;81174;86052;86231;86232;86643;86229;86233;86230;86260;86110;86273;86274;86261;86234;86054;86130;86053;86055;86644;86163;86043;86078;86165;86131;86168;86162;86275;86077;86167;86166;86169;86172;86042;86236;86173;86171;86685;86164;86262;86170;86174;86111;86235;81352;86113;86376;86112;86333;86263;81192;83039;86114;89155;81354;86175;86264;81355;81353;81359;89156;81838;81357;81360;81358;81363;86332;89157;81221;81364;81356;83194;83195;81220;81219;81362;81411;81361;89158;81452;81393;81453;81451;81365;89162;81392;89165;89160;89168;89166;89161;87113;89164;81366;81454;89167;89163;89170;89159;81455;81367;81394;89171;82273;81414;81457;89172;81427;82747;81428;89174;81582;89173;81410;89169;86237;82274;81583;81415;81456;81584;81431;81459;81430;81586;81612;81531;89175;89176;81585;81458;81613;81705;89177;89178;81796;81839;81657;81532;81614;82724;89179;81679;82723;81678;81840;81706;82933;89180;81658;81708;81707;89183;81710;89182;81709;81533;89181;81656;81797;82540;82542;81841;81842;81712;81615;89184;81680;81616;89185;81843;89187;81681;81711;89186;81714;81713;81845;81682;89188;89192;81715;89195;81617;81716;89191;89189;89193;89190;81717;81848;81847;81849;89194;81844;82275;81850;82307;81851;82541;89197;89198;82276;89199;81853;81852;81854;82674;81857;82277;81846;89200;89201;81855;81856;81958;81858;82675;81928;81860;81861;82543;92048;89204;89202;81718;89203;81959;81930;81985;81862;82050;81986;81929;82049;81863;89207;82544;82748;89209;81859;81931;89205;82433;89206;82051;81961;81865;82054;89210;82053;82052;81866;81960;89212;89208;89211;89214;81987;89217;89213;89216;89215;81988;82280;81989;89219;82055;82281;82279;81990;82308;81991;89221;89220;81992;82056;82725;89218;81429;82278;81994;89196;82676;82309;82434;81864;82310;82934;82545;82282;82285;82057;82677;82436;82435;82284;82935;82547;82437;82438;82546;82059;82283;82060;89222;82058;89224;82548;82439;82061;82443;82440;89226;82597;82311;82599;82441;89227;82866;82600;82598;89228;82442;82549;82749;89225;83821;82602;89223;82726;82937;82867;82840;82936;82604;82550;82868;82939;82727;82940;82606;82627;82605;82938;89229;82603;82551;82941;82552;82553;85185;89230;82609;82312;82608;82611;89231;82610;89232;82943;82942;82607;82869;82728;82750;82945;82601;82444;82554;89233;82612;82946;82841;82614;82613;82556;82947;82870;86408;82648;82647;82628;82555;82445;89235;89234;89239;89236;82649;89238;89237;89240;82949;82678;89241;83196;82871;82630;82948;82729;82950;82679;82953;82951;82872;82952;82955;82629;82954;82557;82956;85561;83309;82873;82616;85560;82958;89242;82874;82751;82962;82963;82875;82730;82960;82961;82957;82878;89243;82964;82877;82876;89244;82965;82752;82731;86265;82881;82880;82944;82966;82615;82883;82842;82882;82968;82680;82884;82959;83067;82879;83121;83007;83008;83310;83009;82969;82887;83089;82967;83090;83149;82970;83011;82886;82885;82971;83010;82972;84910;83151;83013;82975;83012;89248;82974;89250;82888;89254;83150;89253;89252;89249;89246;83311;89247;82976;89251;82889;82973;89255;83123;83122;83015;83040;89256;82978;83014;83018;83041;83016;83043;83042;83017;83069;83822;83070;83091;83068;83072;83124;82977;83312;83071;83023;83020;83093;83019;83125;82979;83198;83022;83044;83092;83313;83197;83126;83021;83073;83199;83202;83074;83152;83203;83127;89258;83201;89257;83204;83206;83076;83314;83077;89261;89259;83205;83209;83207;92049;83750;83208;83078;83751;83315;83237;83079;83075;83212;83128;83316;83210;89260;83094;83211;83317;83239;83238;83319;83240;89262;83129;89263;83318;83153;83216;83214;89265;89264;83241;83322;83320;89267;89268;89271;83321;89273;89274;83382;89269;83215;89270;89276;89272;89277;89279;83154;89280;89275;89266;83218;89278;89245;81993;83217;85830;83213;74384;83219;83200;65650;83222;56793;83549;83548;83224;83323;83220;83221;83324;83242;89282;87512;83384;83383;83325;89284;89283;83550;83790;83326;83225;84304;84303;83226;83228;83386;83223;83890;83227;83385;83327;89285;83504;83337;83823;83478;83551;83505;83824;83825;83338;89287;83387;84302;89288;83891;89290;83503;83479;83342;83340;83552;83388;83921;89294;83341;89292;89289;84305;89293;89286;89300;89291;89298;89296;89297;89299;89304;83480;89303;84856;89295;89302;83826;83892;83829;84857;83481;83831;83553;83893;83830;84095;89301;83506;83828;83791;83509;83827;89305;83339;83835;83894;83834;83833;83922;83507;83923;83924;83896;84027;83895;83897;83838;83837;89306;83836;83508;89307;89308;83839;83925;84096;89309;83926;83928;83961;83898;83929;83899;84032;84030;83933;83931;84031;84029;83927;84028;83930;84064;84033;83934;84036;83932;83999;84035;83997;84000;84034;84001;83998;83900;83935;84065;84002;83840;89310;84037;84097;84173;89314;84172;89318;84038;89311;89313;89316;89320;89317;89322;89315;92050;83962;89323;84041;89319;89321;84098;84040;83996;86409;84099;84039;84066;83832;86410;83937;83936;84100;84174;84101;83938;89312;89328;89325;84042;84102;83963;84103;84177;89326;84178;89327;84181;84858;89329;84175;84179;84859;84278;84067;84180;84306;84377;84279;84308;84281;84131;84176;84309;89330;84312;89332;84307;89331;84313;84311;89333;89334;84462;89338;89335;89340;84379;89344;84280;89341;89336;89339;84378;89346;89349;89343;89351;89342;89350;89337;89355;89356;89348;89353;89359;89358;89347;89357;89354;89345;89352;84310;89365;89363;89369;89360;89371;89367;89372;89361;89368;89375;89373;89376;89380;89366;89383;89377;89370;89379;89364;89382;89374;89385;89388;89378;89390;89386;89394;89389;89395;89387;89391;89398;89400;89393;89402;89381;89396;89406;89392;89404;89397;89384;89408;89401;89403;89413;89405;89410;89409;89417;89412;89414;89411;89415;89422;89416;89424;89426;89421;89420;89418;89428;89429;89399;89431;89423;89419;89430;89425;89433;89437;89435;89438;89432;89436;89434;89440;89444;89441;92051;89448;89442;89443;89447;89449;89446;89407;89362;89324;89451;89439;89454;89453;89452;89458;89456;89427;89462;89460;89445;89464;89461;89465;89459;89468;89455;89470;89469;89457;89471;89466;94745;89463;92796;90639;92052;89467;93258;95299;94207;92645;89879;92225;90128;94768;94987;92766;96019;94767;92053;90208;94769;89473;89472;96196;94988;90640;95972;96347;92054;93441;93972;94989;90898;96197;92055;90810;92668;92848;90372;94770;93622;92056;94208;92226;89795;94990;92797;93724;94057;93259;89880;90946;95668;89474;95542;90947;90209;95669;90641;92228;93487;94771;95543;92057;94656;89475;90325;94772;93137;90948;93872;95611;90642;94774;89881;94773;90011;96614;96348;94777;94776;93101;90373;92058;89477;92229;95726;94775;90012;94481;96198;89476;89796;92230;96349;95578;90643;96289;90949;91057;89479;90034;94778;89478;93571;94746;94991;92231;95300;92385;93873;89481;94924;89482;90326;95401;89483;90412;89484;92589;94523;95402;92059;92060;90327;92062;89480;96350;92061;90726;94779;92063;92227;89486;90210;92064;94413;94119;93973;89488;90950;89487;95945;92232;93874;90035;89489;90457;93138;95403;94780;93204;93623;92233;89490;92234;90951;94688;89882;91058;91059;95487;89494;89491;89492;92066;89493;92067;93572;89495;95670;90374;95363;95671;94590;92068;96199;93875;92732;93624;92767;93102;90727;95404;92069;90930;95655;89496;93488;89699;89498;92684;93876;90458;90728;89497;92071;89499;90644;94992;90211;94781;92070;93917;94235;90328;92798;92065;94993;92235;92072;94657;96107;94782;92236;89501;93260;94783;93355;96200;92073;95488;94784;93625;94994;92877;96167;89502;89503;93877;92074;90413;94785;92075;94786;96055;89504;93573;93326;93327;92710;89505;94024;94995;95458;90729;95672;93085;89506;89507;92237;92799;93878;89508;90129;92329;93489;93918;92077;90072;92076;93031;90689;92238;95673;94120;92615;96157;89509;91060;92239;93055;96156;92240;94788;94787;95037;94789;90459;90811;89510;92590;96108;89511;89513;89512;90329;90931;92079;92241;92078;94790;90130;95446;90645;94614;89500;89485;93974;90952;94996;89450;92080;94791;92081;94997;90036;89514;90013;94792;92242;92082;93574;94236;93490;89516;94998;89515;92646;94793;95579;96020;96109;94483;96201;90131;89517;94482;96273;94999;94794;89520;89518;92084;90730;92085;90375;89521;92086;89523;94658;94615;89519;92083;94795;90256;89524;92243;94747;89797;93020;92244;95447;93086;89525;92529;92087;94797;94796;89526;92245;92669;92441;92878;90953;92879;94798;92088;92987;94025;89528;89527;92247;89529;88464;92530;95000;89798;92089;92246;90132;92090;92733;92531;94799;89522;94801;94800;93261;90162;95901;95375;92988;90954;92091;90516;89530;92849;95301;94802;94484;89531;93262;92092;89532;89534;92386;92971;92093;95674;89533;92330;89536;89538;94058;90212;94803;89535;95302;93879;89539;89537;90955;90899;94804;92248;92616;94806;95675;89540;95303;89946;92249;92094;92095;93421;94121;89542;89541;95001;89544;94807;93140;96202;95304;93087;92096;89546;89543;89545;96203;92098;96204;95448;92097;90103;95003;89547;95580;95002;93626;93139;92250;94524;95489;94805;91061;94809;93975;93880;93627;94808;96290;94457;92617;93751;93881;90731;90037;93670;92647;93882;89549;93628;89550;90956;89552;89548;92880;93575;92099;91062;89551;89947;95779;93919;92251;95778;96205;93103;95727;95405;89799;94026;95459;90038;94925;92101;96351;89554;89553;90647;93088;90104;95676;93021;92252;89555;94810;95780;90957;92103;90690;96168;92102;95376;90460;90812;93056;93725;93726;92800;92532;93671;94185;96206;89556;95004;90040;95581;89557;90732;90648;90039;90014;94811;95490;89558;92442;92253;92100;92533;89801;94812;92104;90958;93920;94814;94813;93057;90213;90517;90649;89559;94059;91063;89560;92801;89561;95491;90376;96319;95728;93022;92734;90813;95544;89562;92105;90959;92443;89883;92106;90214;92254;92802;90461;94689;90282;89563;95677;90650;96274;90900;92670;93058;96465;93629;89564;89565;92830;94816;91064;92109;92803;95612;92108;94815;94817;94485;92110;93089;92387;94818;95678;94819;90462;92476;92255;90691;90651;92256;89567;89800;92388;92989;94616;92107;89566;90652;95415;92112;89884;92534;90215;92111;92804;92257;96207;92972;90814;93921;92113;92444;94821;96733;94820;90653;93141;89802;92114;92258;90414;92115;93551;94414;95005;95416;95006;92259;90960;92591;93422;92116;92117;94209;94822;89568;89569;93205;92118;92119;94823;92260;92768;93976;95781;96110;93576;92445;90463;94148;90692;90105;96021;89571;90961;93423;89570;93922;90694;95613;90693;96022;92121;95007;92120;92261;94825;90330;94827;94828;90331;93059;94826;93883;90962;94824;92881;90695;89700;93491;92123;93923;92262;92990;92535;90963;92122;89572;94591;96169;90464;93977;92805;96209;96023;95008;96208;94027;97157;90733;93328;92263;89701;93329;89573;92124;89575;94829;92264;93924;89576;94830;93901;92125;95009;89574;90769;90654;95782;95010;96211;90734;89577;94831;95729;96210;95679;92266;92126;90216;90041;89578;96111;94832;94486;93330;90655;96320;94833;95011;92648;90656;92671;89580;89579;89581;95012;92390;92960;90964;92265;92331;93424;90735;90217;92389;92128;95305;90465;93630;92973;92267;94836;94834;90965;96158;88111;92127;95013;93206;94835;94837;94659;97533;95406;90966;96212;89582;92269;94926;89584;95492;90657;94487;90770;89583;90133;89803;89585;94617;93263;92268;92685;93978;90968;90042;95829;89586;93425;92270;92129;95493;96466;93142;94838;92446;92130;90967;90218;96159;89587;94840;94839;92132;94841;95681;96615;92618;92271;92131;95680;92272;93090;89588;90658;90043;94842;95830;89702;92850;90283;92536;92273;92882;94843;90466;92672;90044;94844;95306;90659;92391;92133;93925;95682;95730;96352;92274;92134;94845;92806;93631;95731;92135;94618;94028;93752;96353;94210;90220;93632;95614;92275;93727;96112;92276;89589;89590;95902;93032;92138;96213;90969;92277;93979;92136;93926;92137;95460;92139;93728;93633;95903;95582;92278;90815;90660;89592;95904;90221;90875;92279;94846;90816;90284;93884;93634;89591;90219;94847;92735;93672;92140;90646;92280;96214;95494;94122;92332;90736;90222;93577;93927;92736;93980;90377;92961;94848;89594;92142;89593;90518;92141;90971;92619;90015;90970;93356;90415;89804;89595;95732;92144;92282;93885;92281;92143;89597;93578;89596;94849;94488;92145;93357;92284;90842;93579;95583;92147;92285;89598;92146;93207;95683;89600;89599;95784;94850;94186;89602;95684;95783;96354;94853;89885;90972;94852;92649;90416;96215;89601;92286;92287;96170;90467;89603;92149;94211;90257;90163;92686;93673;94851;94854;96056;92283;90223;96057;92883;92148;89887;90224;94123;96216;95685;92477;90225;94856;92150;94124;94855;92711;93886;89605;94261;93635;89607;90519;96024;90973;89604;89606;96113;90468;89888;93636;94187;93208;95615;93637;89703;90417;89608;95686;94748;94660;93426;92151;95905;89609;94857;92154;93928;93929;93091;89610;92153;92156;90661;92288;92152;95946;94212;90737;94858;92807;95584;94859;92157;92155;92159;96355;92592;96670;93981;92158;90134;96171;92289;89611;89612;94860;89613;94661;92808;95495;92160;90901;94861;95947;93887;91065;89886;90469;93930;92620;95973;94526;89889;90738;92161;94525;89615;90696;94862;90974;94029;96025;89616;93888;92163;89614;92650;93753;92162;94237;90332;90817;95449;94863;90258;89617;92165;92164;92549;95014;92166;92168;92167;92392;93358;94030;89619;89618;94489;92290;92169;92333;90975;94864;92291;94490;92172;94865;95496;92171;95688;90285;96275;95038;95461;96217;92174;93331;92170;92175;95015;92173;92176;95497;94080;90226;90697;94866;92177;92292;94867;94868;92179;92178;93638;92180;92293;92181;90698;89621;92809;94690;90662;89620;94213;93754;92393;93359;95462;96114;93265;93264;89890;94870;94869;96115;95307;90227;92810;94871;95689;93729;93427;90739;93060;95690;92593;90333;95407;93639;92183;90378;89623;89891;92184;92182;92185;92294;95906;92394;90228;89622;92737;94662;89805;89625;93982;89624;89627;92186;92334;92811;92621;92295;92188;89628;96026;90976;92189;94749;92190;92187;89630;95016;89626;92296;96027;92191;95785;94873;90470;89892;89631;92812;90663;94872;93493;89893;96219;92297;90229;89629;93492;94874;96218;95017;95687;92192;89632;92962;90230;95616;92299;95691;89633;89634;92622;92738;92193;89636;93889;89894;94875;92300;92335;90073;92623;92769;90379;94876;92194;95308;94592;90977;96160;92336;89635;89806;89637;92301;90664;92302;93890;92447;90231;95907;94031;92195;92196;94878;94877;90843;89704;92337;89638;90471;92199;92303;92198;92202;92201;89639;96220;92206;92205;92204;93332;92200;94880;90045;89640;92203;90978;94879;94882;94881;92207;94125;89641;89948;94883;95908;90016;92304;90472;92208;92209;92197;89642;94885;93210;96161;90473;92210;96356;93266;89643;94750;92712;92211;93209;92212;92305;92306;94262;94888;94886;90520;93333;90046;89644;94593;95733;92673;94887;89646;89705;90740;92307;95948;90047;96162;90779;92214;92215;90048;89647;95498;96291;89648;95692;92213;92216;93931;89650;90232;92218;92217;89649;92991;93932;89706;93580;101494;89645;92624;89807;97237;104468;97839;105196;95417;105379;99486;104755;104343;100485;96671;99141;105803;97672;99174;96616;101559;102182;105805;101558;105804;95545;105806;94884;101560;101561;101325;101495;97645;101095;102326;99404;103581;99405;101914;99922;101562;101564;99255;97158;101563;104147;99049;96845;101961;101036;101068;99256;97746;99487;101496;102021;105807;101860;102932;101565;97053;101962;96886;104820;102375;102098;101986;104589;105808;105810;96672;101569;101567;99605;105809;97500;101566;105705;101568;96499;100740;101570;104821;102376;105811;100603;102377;104443;99987;97448;96673;105814;105124;102450;100183;96674;101571;102022;105812;101177;97159;102793;105813;101572;101573;105197;105380;100434;97160;101574;96964;100261;101575;99142;100307;99050;102378;103098;100729;105816;97449;103097;97334;101825;104404;103883;99743;103433;101497;105815;96782;102327;101576;105818;103884;96887;97335;104725;101577;96675;104344;104688;103996;105819;105198;105817;99676;105822;103149;99051;96846;105824;105821;101326;105823;97238;99293;105511;99923;104590;101578;96467;96705;97616;102380;103540;101579;97161;97239;105826;102506;96357;103885;104591;101987;97481;105827;101580;104726;105825;102379;97803;105828;105125;105829;92298;103609;105820;104710;97784;105472;96734;101795;102716;105831;101581;100741;101582;101583;104822;101988;100854;104756;105830;102631;101584;100486;101014;101586;97240;105832;101587;97450;105126;103886;105833;97241;102086;105834;100968;100604;102381;96571;103099;101585;100072;101589;101588;101590;104941;103888;103887;102023;105835;97759;100184;99677;105836;104976;102024;104823;99052;105381;101591;99423;103889;97451;96706;97242;97673;104148;100435;102382;100855;103332;105837;105838;101593;105706;97030;99606;101122;100856;101594;101595;101592;97162;100185;102933;102892;101915;97452;97243;104149;97163;101596;105839;101498;101499;104592;99696;99988;105199;100308;104150;99406;97674;105361;105840;101597;101500;100857;105841;102934;105844;105842;97244;96500;101598;105843;97700;102183;97675;101599;105846;105845;104405;96986;101601;101602;102893;101989;104646;97164;101178;102246;101603;99607;101604;104536;104593;105848;102384;101605;97804;101600;102099;96965;103520;105850;97968;100969;97336;102601;105852;101606;105853;105851;101607;102087;102385;97054;105849;105855;105847;99608;102383;101608;101990;104151;104793;105856;100820;97337;101609;97031;101501;101611;100186;97676;101991;100187;105854;101212;105857;101610;105473;104595;97701;104444;97677;101992;97309;105127;97032;105128;105858;104596;101614;102935;101612;105859;101613;103333;103100;103582;97702;101502;101861;103541;97925;101916;100073;104597;104059;96572;103890;97760;97840;96735;101862;100562;101617;101615;100821;96501;102451;99408;101618;99643;97617;97363;100436;100361;101619;105862;105861;97364;99143;105860;97165;96783;100188;101620;99407;103101;102717;101616;100074;99488;101776;104598;102452;100309;105707;102386;103891;105863;97033;103542;105200;100332;105864;102184;101621;97903;100437;105865;104824;96358;102387;105866;101622;101503;101537;96888;102894;101623;101863;101625;105512;101624;96987;100742;104942;105868;104977;105867;97425;104263;102895;105870;102185;105869;102602;102088;101179;101626;105871;99924;97166;105872;100743;101628;103334;101627;105873;104825;103543;100487;101630;102453;101629;99409;105875;97678;102025;105010;105874;99955;101632;101631;105876;101634;104416;100488;105877;105878;104110;96889;104445;99718;103892;101633;100970;104152;100008;103583;97805;104594;99239;104794;97534;97167;101994;99609;101993;100605;100489;105880;102896;100009;104826;103544;101180;102936;103610;102484;103893;102454;101504;104757;104978;102388;100310;97168;104195;101635;96538;105881;102983;97169;101637;97535;99547;105882;101864;101636;104758;97703;100189;105884;105883;102389;101638;103434;101639;104309;103894;100971;96737;104599;96736;104310;96784;101917;99144;105886;105885;101641;105887;101865;99053;100190;101213;100858;103895;101995;102390;101640;101642;100438;102455;96934;105888;103896;100730;105889;104153;104727;101644;101866;97338;102551;104689;105891;101054;97865;96935;105890;101646;101645;101123;97245;100490;103435;105892;101181;104060;100822;105201;100798;101647;105894;97806;97170;103263;99054;99319;105893;103232;103897;105896;105895;102391;99257;101648;96988;103335;105897;102552;103117;105898;102392;96936;100626;103898;101649;102247;99489;104728;101069;100228;101651;101650;96539;105899;101505;102456;100191;102897;97171;105900;101652;104111;99678;97679;96890;105446;100563;101996;105011;104406;101243;96891;103899;99697;100744;104600;102794;101643;97704;101506;104311;99145;101963;101654;99272;105901;103611;101655;101653;102393;99445;102827;99175;101998;101656;101997;101182;103264;99410;103612;105902;101999;102718;99719;101657;101507;104827;103393;101214;105904;102603;103336;101658;105903;101327;103150;96617;97867;101659;105447;96937;102047;102898;105905;97866;105907;97310;101015;105906;101660;105908;101661;102000;101508;103664;105202;105909;103545;100192;101662;101663;99146;105910;105911;105912;96468;96359;99176;101664;99411;103546;105474;102394;105913;96892;102328;104312;101918;96321;105129;102937;99989;105915;97454;99610;97785;105130;100745;100030;105914;96573;103199;100823;100193;100606;101796;97172;101665;104729;101666;102212;96893;105519;105131;104601;99205;103265;105475;97069;101667;103547;99644;104711;101668;104345;96894;101670;102001;105203;100311;101669;101671;101672;105917;101673;100010;96502;100746;105918;96738;105916;100972;97482;97501;97646;97246;104154;105919;97926;105920;102275;102984;100491;101675;103102;99412;102605;102604;102457;104795;101674;100731;100824;104196;105922;96503;105921;105500;103233;101676;99679;105879;99642;104417;102100;96895;101070;103900;93143;103613;104225;97453;105924;103901;101678;103902;105925;101680;105926;97705;100564;105923;97590;104469;105927;102458;101679;96966;102795;101681;100492;104264;102395;105928;104602;99611;102770;104603;100229;101682;99424;101683;99413;102002;103314;96540;102485;102026;103997;103103;100493;99010;104979;103436;105929;99680;97365;104446;102396;100194;102027;105930;102459;105012;102606;101867;97969;102397;104447;96847;97786;99177;102828;102003;105204;100011;100859;100607;100333;97173;104796;102486;104418;101685;105932;104419;105931;99191;97536;101684;99055;99320;102829;101919;102899;100312;100494;99414;97618;96504;105205;103437;99744;101920;100195;99321;103548;102900;104691;105934;97706;105132;97591;103549;104690;97502;105933;101686;103998;101687;97426;104313;99490;105936;101688;101868;97868;105937;102398;104604;99745;96989;99612;105939;100075;101689;97970;105013;103903;101778;103614;104448;105938;99056;101777;102607;102028;105940;101690;100076;103234;101244;105943;105941;97070;101691;104155;102608;103151;101215;99491;100732;105935;103200;101692;101921;105133;105942;101693;104112;102004;101509;97619;105944;101694;103521;103438;104314;102985;101695;102487;101696;96896;105945;101697;103950;97247;101699;97339;101124;105946;99681;97537;101698;100230;105382;100077;105948;105947;101700;97680;99548;103235;103550;105949;102609;97174;102213;99273;100747;102005;101779;101701;105950;100196;104828;105951;105952;97503;97427;102488;105953;100973;104197;100078;100733;100334;97841;99415;102719;100079;104156;97681;101869;102089;103337;100197;105954;101071;96676;102460;105955;104346;97483;97428;100608;102461;101702;105134;97175;96967;103551;105957;97248;105958;104980;105960;104605;101183;99258;101704;101703;101538;105961;99645;97761;101707;103338;105135;97034;105959;101708;101706;104157;102938;99057;105962;102399;101709;102400;99549;101710;101510;101797;102796;101705;96677;97176;103904;105963;97561;100080;103439;105383;101096;97429;99416;96707;101712;101245;96897;103339;101711;105965;103118;102029;97538;105964;97648;105334;104449;101713;97927;102048;97071;103037;101870;102830;97647;97455;105966;104606;97311;102489;99492;102808;97539;97682;105476;103665;101328;105956;102901;100825;97249;97177;97340;101714;97869;102276;99746;101715;96739;104158;99147;105967;102006;100734;105969;105708;96678;104159;105968;102720;100012;101028;101072;105972;96574;96990;100495;105971;104450;97620;102610;97649;103340;105206;96360;99493;103104;105970;104730;101718;104607;101716;100013;101717;100627;104315;103615;97178;97621;105973;100198;103905;105207;103201;102214;103951;102721;100031;102401;97683;104160;103266;103366;100032;96785;96679;105977;105974;105976;101719;97971;101922;96849;100335;103906;100199;97622;102186;97179;101780;105975;101720;96848;104451;105978;101721;96968;97762;105980;105979;105981;102402;102007;105384;105136;99322;101964;104608;101511;105983;104829;105982;96361;100033;106077;100231;102403;101184;97540;99148;102404;101246;97763;103616;96898;103952;103367;96680;97684;100826;101722;101512;101329;105985;104347;101871;105984;97430;101723;96740;101724;105986;97541;105477;101726;101725;101729;103236;99720;97504;102507;97250;101732;101728;96991;101730;101733;97505;101731;99614;100439;101727;105137;100281;97870;101734;99721;96469;99550;97764;104830;96505;100336;105987;101735;101037;99494;101923;100860;97072;102632;96969;97842;100440;102490;103105;104609;105385;101736;104831;103341;104610;96681;103394;101513;101737;100748;99323;99108;103268;105989;101185;105990;102831;103267;103552;102136;102215;104981;101738;99446;97707;96708;100735;105386;105991;105988;101872;100337;101739;96506;96362;103269;101741;105014;97180;97787;99925;101742;101038;105993;101216;105992;97542;101781;105501;101740;101743;100338;104407;100749;100750;103440;105994;104692;104316;100362;103617;96507;99324;101965;100014;104832;99447;101744;100034;103342;102049;102329;99495;105995;105996;101745;97055;105171;104505;102832;99747;101873;104452;105997;102986;106000;101039;105999;102248;101746;104833;103618;105998;103907;103908;102462;102405;102463;103553;103106;102722;101782;97685;106001;100363;97623;100200;106002;106005;104161;96508;106003;106006;102686;102902;96470;101874;97456;102406;105138;102464;106007;106004;101747;99425;102611;101247;97181;104834;106009;106008;102612;106010;103107;102277;97341;100736;99613;105208;96899;103619;101748;102050;100609;102008;96682;104506;106011;100751;105139;102613;101750;104943;102614;97484;101783;97543;106012;103554;102903;101751;100201;101749;104611;101752;106013;106014;97624;97056;97182;96509;100705;106017;100364;101753;102137;106018;106016;97686;101875;103108;101514;101755;102723;99748;106015;103202;101757;102009;109350;106020;102407;99149;120200;120201;101756;96741;106019;108305;107153;110573;120202;120204;108612;108306;108790;120203;106611;120205;108423;117891;108907;120199;106987;120207;120206;111235;120208;120209;111766;109559;101754;120213;107154;108491;120210;120215;120212;120216;120214;111469;106022;120219;120217;108492;106905;120211;120222;120220;110299;109817;120223;108665;110625;120224;106906;120225;120221;120227;108732;110667;110425;117813;106634;120218;108855;108666;120226;106698;107155;120228;117488;106416;120229;120233;106274;120231;120230;120238;107156;120235;109818;120234;120239;120236;120241;120237;117716;118100;108908;120232;109703;120240;120243;120242;120245;108909;110574;120247;118072;108977;110597;107107;118409;120246;120248;109702;120954;120249;120244;120250;106021;106110;109704;120251;108493;120252;120254;106078;120255;108268;120256;117925;108613;120258;120257;120253;111236;108494;120259;106417;119154;120264;120262;120261;109004;120263;120266;108667;120268;120265;109705;120260;120269;117531;119106;120267;111767;109221;108910;120274;120270;108614;120271;120273;117959;120278;107158;120276;120280;120272;120275;110387;120277;108668;120279;120282;109094;107159;107280;120284;120283;118159;105709;120281;120285;108699;106177;106023;120287;118045;117960;120288;107157;107160;109416;120286;120291;120290;120292;106024;106510;117371;120294;117646;106988;120295;120298;120293;109706;110166;107007;120297;120300;120302;110300;106275;118334;120301;120305;120303;109819;120296;118896;120306;106025;111799;120299;117372;120309;120304;108495;119107;110689;120310;112067;108347;106821;106322;109740;120311;110949;120313;120312;120315;108307;120316;120317;120318;120307;120319;120314;110821;120321;118857;120322;107161;107027;120320;111619;110690;110912;120325;120323;120324;120327;120289;120326;111558;110613;120328;106822;120329;118160;120332;107162;120308;106511;120334;120331;120330;120335;118897;110626;109434;106730;110698;120333;108836;120336;120341;109285;120338;118841;106418;106907;111237;120340;118579;120345;120337;117717;120342;109820;121072;120343;108615;120346;120349;120344;120348;108856;109590;120350;120353;120347;120339;120355;108496;106908;110627;120356;120352;120357;107281;120354;120359;111238;117438;112169;120361;117961;107028;120360;120365;119126;120366;120363;120364;106823;120367;117926;105710;120358;120371;120369;109048;111397;120370;117927;120362;120374;120373;117507;120368;118940;120376;111239;108775;120351;107125;120378;107029;120377;109095;106026;120372;120381;120380;107008;106594;108818;117718;107030;117489;110388;120385;120384;120383;120386;119155;120379;106079;108617;108669;109821;109873;110426;120387;120382;106419;108616;120390;120388;120389;106027;109741;120391;106512;111539;120394;110930;120393;120396;109005;120397;117532;117647;120395;120392;120400;120401;120402;119156;120403;120399;119243;109096;109286;120405;120407;120406;111710;106824;120409;120375;120408;120404;120398;119291;120411;120410;106028;120412;107164;120413;119244;120416;120418;108497;106635;117299;111470;120417;120414;120422;120419;120421;111047;120420;120415;108837;119127;120423;120424;119055;120426;111240;120427;109874;120425;110913;120431;120429;120430;106029;107138;120435;120432;106909;120433;108424;107165;120438;120434;108498;120437;120439;109150;120436;118101;120441;120440;120443;120442;106057;106782;120444;109222;120445;110400;109707;107166;118941;120446;108499;119007;120448;120447;109351;119245;120451;106058;106825;107009;120450;120449;120428;107168;120458;120454;110167;120460;120455;120457;109708;117892;120456;120462;120452;120453;120463;120955;120464;110168;109519;107169;120459;108670;106910;120465;120467;120470;120466;120468;117439;120461;111241;120472;120469;109560;110209;120474;111398;120473;111242;120475;109417;120477;120476;120478;106276;120479;120481;106513;120484;120480;108500;120482;108308;118102;120485;120487;106514;120491;120483;110575;120489;120493;106030;120490;120488;120494;106178;120495;120496;110931;109970;120492;117839;120497;120499;120498;117962;107163;106515;108911;120471;107167;106080;120486;120502;120501;110251;105736;120507;119108;120504;120505;120508;120503;120510;106081;108618;110538;120509;120506;110301;106277;106420;120514;120511;108912;120515;120513;120516;120512;110252;117840;111711;120518;107031;120519;120517;109561;109352;120522;120520;120524;109520;120526;108425;120527;111399;106636;120530;120521;111522;120531;120528;120525;106637;106516;120535;120529;120536;120534;112098;117300;120538;120532;108776;120533;109926;120541;106278;110520;120539;120544;106279;120542;109287;120540;120548;120543;120545;106323;108309;120537;120547;106638;120523;110427;112099;117648;106538;120546;106989;120553;120551;120550;111400;120552;108777;120554;120557;110169;120549;118475;106731;120555;117814;108501;106539;106990;120561;120558;120562;120556;106540;118103;106031;111015;120563;120565;120567;106878;111712;120568;120570;120560;106032;120566;109006;120559;109562;110327;117490;120564;120571;120576;106826;120572;111471;120578;120577;120575;120579;120573;120581;120580;111243;107032;118809;120574;106517;111768;120584;120583;120582;111559;111620;109742;110668;120585;106518;109743;120586;108502;111472;120588;110598;110822;120587;120569;120589;109822;120593;108269;120591;112100;117508;109353;108503;120592;118046;109563;120595;106519;120596;120594;120597;120599;120598;110401;120602;106911;120603;106281;120601;120605;106280;105596;120604;110428;120608;120606;120610;120600;120607;111244;120609;112051;120612;106912;120615;120614;120613;106082;107170;107033;112068;120616;118960;120618;106282;105737;112234;109288;120619;108388;109823;110950;120620;120617;120624;120621;109971;120625;108504;120622;109824;120627;111048;120629;120630;120623;118047;121073;110170;108913;106179;120631;120628;106639;120611;108505;120626;118842;108619;120632;120634;120636;120635;120633;106640;120638;120641;106283;109382;120639;109018;109875;111016;120640;120637;120643;107077;120645;120644;120648;108914;117963;117841;120651;120642;120647;119157;110914;120650;120652;109223;120646;110253;118123;120653;107171;120649;111473;108506;120656;105624;110210;120657;109354;110576;120654;110951;106033;110061;120660;111475;120661;120659;108915;120655;108572;108426;106827;111474;120658;120664;120662;109709;118314;120663;117612;117440;108838;107010;120667;106642;108348;118410;117373;108778;120665;110389;109435;110669;108734;120668;108733;110932;111713;120590;120670;106641;120673;120666;120672;120674;110060;120671;108857;120677;120675;120676;120679;120683;120687;120678;120681;120682;120680;120685;120686;120688;120689;120691;120684;117374;106828;106421;109418;120692;106913;107172;110823;106520;111989;108671;120695;109803;120693;120696;120698;111245;120697;120690;120699;109591;107173;120694;109564;106914;120701;120700;120702;120703;108791;106083;120705;110402;108916;120706;120711;120710;120704;118104;120708;120713;120709;120707;109151;120716;106915;120715;108672;120714;120717;120718;106284;118580;120719;106084;107011;108389;106937;120720;109224;120721;107034;120712;120722;111361;109225;120724;120723;110788;120725;120726;106643;110577;118241;108735;120728;120727;106285;107175;109419;119158;120731;110670;120734;120730;109420;120736;105738;110789;120733;120732;110790;120738;118181;109710;109903;108673;108700;120737;120740;120729;110302;120741;120735;120742;120744;117509;111714;120739;120743;120745;118242;120746;118243;120747;106111;109972;106644;120749;109711;120750;120748;108427;120753;120752;110171;120755;117842;106541;120756;120751;120757;120754;120760;120759;117622;111476;108736;120758;117719;120761;108390;108779;117375;120762;120763;120766;110933;120765;120767;120768;117843;112101;120769;111401;108839;120764;107174;120771;105711;110671;106542;106085;108349;107036;120772;120775;120773;120774;106112;119019;108917;120770;120777;120778;107012;120783;107176;120780;120776;120782;120781;120786;110172;110952;120787;107037;120785;120784;120793;120789;120792;120790;120791;108310;120788;106465;120794;120795;118843;120798;120796;111990;108674;111246;106645;120800;109876;109152;120797;120802;120801;120804;109744;109226;108428;120779;110672;120807;120806;120803;119020;112186;106086;120805;120799;120810;120808;120811;120812;120809;120813;110328;111247;107013;106113;120814;112235;109592;117964;108311;108780;106646;106595;120816;120820;106180;120815;120824;120822;111477;120819;120825;120823;106466;109049;118244;106829;120826;120821;118725;120818;118245;108701;120817;120827;120828;111769;108918;117720;120829;108312;120831;120830;108978;120832;108620;109189;106596;120833;106568;111770;120836;108313;110824;109421;120838;120835;120840;120834;119159;110599;120839;109804;106958;106286;117533;106521;111715;120842;109973;120843;119128;108573;120837;120841;110173;108675;120847;120669;120844;120846;120849;108737;120848;106783;110103;110673;120851;118335;108676;107035;120854;120850;120853;108792;108919;106114;106991;111621;120855;120859;120852;111716;120856;107177;111654;120858;120860;120861;109712;121074;108677;118048;120862;106422;109805;107038;120857;120865;109927;120863;120868;109825;108702;120866;120867;109422;109745;108920;110303;107282;120872;120873;109423;120870;120871;106034;120869;120875;110329;111717;119008;120876;109746;120877;120881;111718;120878;120880;111248;111017;111719;111595;120883;106830;120879;120874;110273;120864;117965;108819;120882;120885;120884;108350;120887;106992;120888;117510;107039;120891;106647;111560;120886;106035;120892;120895;120897;120890;120894;120896;118898;120889;120898;117534;120902;120899;108678;120900;120893;120903;109747;108621;120901;120906;120904;120908;111249;109436;120909;118899;120907;120912;120911;120915;120913;120905;107040;120910;120917;120914;117491;108622;120919;108922;120923;109227;120920;120921;120922;120918;120925;120924;106423;120927;120928;120929;107108;120930;108921;108507;120931;106784;110915;118581;112102;106648;108679;120926;120916;120932;119009;117301;120933;111250;109928;105739;120936;120934;111251;106522;110674;117302;120938;107041;120940;120935;120939;120942;110211;129508;120943;129319;121332;131785;119129;122650;120941;131194;131195;124369;130291;131332;121137;125931;123098;122978;127502;128431;130032;120937;127103;121235;124465;121373;125228;122555;130775;120964;131440;125486;124466;129829;132636;125418;127869;124346;131706;122273;125177;131196;130033;129599;123137;121487;124468;123033;120965;126353;128084;131786;128561;125419;129600;124467;123472;122103;125838;122556;122830;129601;132778;128562;125645;123034;121442;122623;122039;122274;124470;131707;129602;125420;130776;130475;125646;124471;129603;131088;124469;126130;124599;130778;128126;123035;132637;123801;130613;123693;132638;131787;129604;124472;130777;129394;125375;129077;123036;121075;124474;125906;131441;124473;126794;126706;127503;129830;124475;131573;125421;128432;131839;122979;129170;129320;130919;122436;122275;122520;131089;130986;125422;124723;129540;126591;131442;125647;125648;130476;122769;121138;127870;124684;131708;131443;130779;121169;126411;132111;122276;131333;124685;122070;109748;126225;124308;126131;128396;126014;123759;129698;129417;127932;127931;124477;132639;129078;130477;122795;130780;124284;124724;129605;124476;129606;123568;131250;128563;122354;131251;125610;125271;128480;126795;130409;122071;125229;124478;131252;121258;130292;132112;131840;126796;131444;128039;125860;122557;129608;132779;128397;124600;124244;124479;129609;129949;125932;130294;130293;123099;130478;128535;129610;124480;130781;124207;124781;125423;129612;121076;132640;131253;133111;129611;124347;127504;125743;128127;124699;128564;129027;125178;123802;131090;124040;129028;125649;124481;129607;126055;125611;121318;132641;122725;124482;123037;128398;122558;126355;125785;132642;126797;122559;131037;123569;124485;127505;129613;124483;125179;128128;121139;124177;125744;122651;129418;122437;132407;128885;131254;122104;123535;123760;124660;126015;124348;124484;121170;125745;123473;130782;122105;123570;131334;128129;125960;132348;121194;122277;129419;124041;131143;127507;128433;122455;128434;124725;127506;121443;123038;125908;132083;129509;132643;122406;124486;131709;123138;125650;128399;130295;125230;129079;122456;128744;129950;121444;123803;131445;125907;122322;132027;122796;131446;123474;126354;127508;124349;122197;122652;124487;127509;122278;122407;125424;131447;121519;129951;124488;130296;131789;130479;121236;122040;123694;124489;129767;125425;131038;122880;124490;132644;130297;122106;129614;128565;124285;121333;126356;129395;132028;124491;131710;128566;130410;128400;127871;129615;122681;125318;125180;131788;131091;127824;132645;130411;131574;125684;132646;128130;123761;130783;128295;126798;129736;126969;131168;129080;128481;128652;125231;129541;121319;124350;129617;129616;130299;129699;122408;122409;122653;122410;129831;121217;130298;121077;129618;130300;121237;124601;129700;124492;122279;126530;125319;130034;131197;125651;126132;127510;124494;122654;122072;124493;132327;128401;126799;128784;130480;122624;121259;122560;128567;130784;127511;128785;130301;130987;123100;125861;123139;122438;128040;127512;121260;132737;130481;121374;128568;125652;128435;127933;131199;128131;131198;128296;124726;124569;129420;128132;130785;128623;126970;128786;128569;125181;129029;129321;125426;126800;131711;127934;122980;127872;129171;122561;122355;127935;132647;127513;129620;124496;125427;127514;125653;129109;124570;127079;132648;124495;123039;129619;125654;123534;124497;128787;120845;130614;122134;101677;120500;128436;127104;124782;125272;129510;123040;131092;125182;131790;128570;124245;131791;131448;127936;128571;131335;123839;130074;129621;132328;124498;126357;130075;129511;131093;129622;124500;130302;128788;131039;125786;129542;126449;129623;130920;130786;132408;129624;130237;124499;128133;122682;132113;122198;123475;122323;132649;124370;124501;131169;122797;127515;122280;131200;129625;126016;123476;131094;132329;126515;131255;129626;131336;130370;128624;123140;125299;124502;126516;131449;126838;131040;129627;127825;124503;121577;124783;122073;132114;130412;122981;128402;125428;127937;126358;121488;130787;132780;130788;124504;131792;122281;123477;131741;131450;124505;122135;130789;124371;129366;131201;131793;122881;122521;130304;131337;131041;126658;121140;125862;130790;130352;124506;131144;122074;122136;122282;127516;128572;131145;123041;124727;124208;131095;124178;130305;131096;132650;132651;130988;124427;123804;122439;132652;122625;123571;124508;128482;127517;125655;126517;124509;122440;130306;130482;131097;131146;122982;130989;122798;121578;122522;123572;130303;125273;124507;131256;124511;125746;126659;121579;132781;129832;122076;124686;128573;122075;128574;129628;126518;131451;125656;130791;121334;127518;131452;131042;131712;128085;124571;122284;125429;123805;124513;124512;122655;126660;127519;122283;125863;125430;130307;122371;129367;124372;130308;124514;123042;120966;131098;132029;132115;124515;121401;124516;127826;122726;129081;125864;124572;125274;131841;123101;131453;123478;124066;123762;130483;132653;129543;125275;126412;126839;128297;129630;121078;129631;125787;132116;129633;122285;131043;129030;129421;129632;131202;122286;121238;122077;131713;124042;131203;121079;121080;129802;126359;128483;129629;128134;131967;130035;124573;121489;121195;131454;122983;130615;121375;121320;126017;126531;121081;131170;128041;128789;131171;124043;124517;131456;125183;131455;129323;131714;129322;128790;124518;122356;124246;131338;121261;129952;128485;126994;128484;128575;122078;127938;124519;130485;122562;121445;121580;130486;130484;124520;129368;127939;129634;122626;121141;123141;130616;125300;127105;131044;127520;132654;124373;129635;130309;131204;128886;123043;124510;129953;122107;123479;132117;124428;126080;128625;125910;127521;124522;123763;127080;121262;129636;128978;125376;126264;124523;124521;129637;127081;123840;122079;121321;125685;130487;124524;124700;123142;129638;121490;124010;125911;124574;126995;125612;127940;124525;121322;130488;130310;124011;132783;128576;132782;126661;130311;129544;132655;124351;129324;129512;123764;132118;131257;121263;123806;124602;124247;131339;124526;124661;129325;121082;129639;124603;126265;122108;130312;130489;127873;126313;122287;121239;127522;124527;126801;121562;127523;128437;122523;121264;123045;123044;121520;124528;129082;129422;124529;121083;132656;130490;130314;132270;130792;128577;124530;129640;129110;121265;122627;122411;123536;122288;124532;130793;122628;126314;122457;126360;124531;127524;121171;121266;130313;131099;129701;128486;130036;129641;126532;129833;121267;129834;130491;124067;121376;129642;122563;129643;123537;125377;124179;125933;131716;126056;124533;131100;127525;124604;129083;121268;131742;125657;131842;125686;131457;125431;124180;123143;129326;131715;130316;126662;132784;121402;130317;124248;129644;131458;124784;124575;130315;128578;123046;121563;129645;124534;131101;129702;128791;131045;130990;125747;129835;125320;129031;126663;123841;127526;122984;128067;122934;131258;123047;131102;130794;125865;128487;129646;125658;131103;131794;131968;125866;124535;126133;127527;125961;125232;128579;125748;121084;124536;130795;124249;132657;123766;124068;122564;130037;121323;129478;127528;121085;132030;131717;122565;121491;124537;122799;132409;128488;127529;122289;121377;124538;129647;130318;122800;132119;123048;124576;123765;127082;124785;127874;127530;124786;130319;125487;122566;124540;131459;131460;131718;122357;122041;131205;123480;131104;129032;123807;124044;130321;124250;124541;130320;129648;128745;123979;130797;129327;128626;129649;124702;129650;121086;130322;122683;129836;120989;128793;130492;124687;124542;125867;125962;127083;130799;130796;123049;130076;125432;125613;128792;124251;121269;131105;122935;124543;129513;126483;127875;124605;127531;129768;128653;122164;121581;130800;125233;125788;126018;130493;128489;131575;126664;122080;128794;129651;128580;121492;124701;132084;130323;124539;129652;122458;124544;127084;130798;126361;123573;132658;124069;124045;131106;129803;132659;121582;124545;125378;131843;131046;129653;125184;131461;129654;129769;122199;122567;122290;129655;127941;132660;128582;131462;128581;122324;122629;129837;125912;132661;129033;125868;124787;124546;125433;132120;125710;122200;124548;123695;123050;129034;127532;124547;131969;124012;122568;125659;128583;124550;126803;130802;131172;126707;122684;129737;124549;127533;129857;122081;127085;125185;121270;130324;124552;126134;131463;124606;121271;124551;123051;131107;131464;121196;127534;130801;122985;129703;130803;130804;126802;126533;124553;129858;132662;121142;129035;129656;122082;131206;124554;131465;125434;125186;129657;129423;121446;124578;127535;130325;131108;122524;129111;127537;131047;122569;122137;127536;124688;122862;125789;132785;127942;122882;125660;125661;122727;130327;124555;125277;129424;130326;130137;122083;124252;123052;126996;128490;126665;132663;128438;125790;122986;122358;125276;131147;132664;131259;129172;127538;121493;124556;129658;126804;121197;125435;130038;126840;124607;125436;123538;132786;122138;124703;130991;125869;125234;121218;131207;120967;127943;123808;127944;121494;124352;131048;124689;124557;124181;124558;129113;126362;122728;125321;121198;126805;126226;124559;123767;129770;125870;130353;124876;125345;124728;122139;137786;122656;126135;137920;129660;130328;139554;129659;133008;140542;133420;133701;137102;141489;143353;134184;137921;139100;137103;140543;137210;136148;139879;138820;136677;141879;137787;141756;135367;135368;137922;143307;138069;133881;142291;143255;133563;134455;140760;141873;140544;140545;144618;137923;136149;134578;140226;137211;133231;143177;144963;134919;134127;140759;142228;142045;134456;136293;134128;144488;138396;133817;137156;134882;141870;134986;138821;143176;133775;134985;133818;137104;137420;144834;135985;137842;135369;142356;140227;137924;139676;137105;140063;143137;143291;140668;141269;141874;142586;135986;134435;142587;137677;134920;144546;135418;138397;136432;135726;134684;140546;139705;140618;144612;139256;138861;142520;137379;142197;133112;134457;136150;137732;134987;133659;138398;135419;143330;142527;135420;141282;141522;138108;140105;139343;132787;142957;136678;137106;141510;141384;135987;133421;129112;142857;136414;141245;138530;133702;138109;134185;136151;145016;133564;144615;136531;137380;140812;141881;133423;137107;143326;141186;134247;136433;134246;141277;133422;140761;141283;133232;143173;135988;133626;133882;135209;143598;143405;142182;133627;135104;144031;137788;134129;140813;134988;143139;138399;139431;139299;142927;141900;133565;136294;135989;143183;139931;134096;134130;137679;134989;133883;137678;136210;144828;132876;134248;136838;133735;139677;144669;143171;133367;136953;141280;143140;143325;134249;138400;133368;142668;139257;141289;144347;139707;137108;136434;134131;137680;133369;139212;138822;143344;141520;143458;140669;135990;142624;135105;134250;141270;139880;138110;134132;133819;134186;144135;139586;137574;141876;144957;133566;140619;140547;137422;137421;142581;138476;136592;138235;136532;138531;137733;137423;140506;136839;137109;133567;140670;134990;143149;141139;138111;141317;140620;143106;138532;144246;137110;136435;136415;141909;141887;138401;143227;138163;143356;138653;137111;133424;135991;133568;136934;144536;137112;134991;140304;134961;139778;133736;140608;134458;142160;134251;137157;137158;136377;144183;137159;133113;134187;143189;139632;137925;139678;139881;141880;144124;133569;138823;141299;140548;142338;138915;135421;135992;139258;133884;139633;143261;140621;141267;141486;133703;133009;142617;142666;134579;143294;142283;133010;133570;140622;138193;133885;142637;141285;134685;144319;138477;142955;134635;144163;136211;142517;133737;141555;134133;139259;138824;136935;137424;137113;134134;141296;138654;143464;139102;135106;139101;140671;139679;142669;141892;143515;142835;133571;143436;138478;142580;144830;137009;137926;139634;143196;137765;134992;138916;137010;142518;133886;138112;141902;144038;139432;136436;141300;142614;137114;134354;133114;133572;134333;144479;141896;133233;140623;136722;139390;137160;135370;137681;138366;138862;135727;133776;137425;138917;144487;136378;133234;139708;142541;141518;137865;138403;133660;140672;137843;136988;141907;138825;132788;132738;135993;144325;140228;144701;136295;144717;133011;144611;142564;133573;133888;133535;135260;133012;132789;134097;141485;140549;136379;136152;136954;135711;142947;142621;135210;144654;144132;139260;143334;133235;133887;134436;136593;139706;124577;133425;133426;143135;137682;144482;138402;133236;137212;133777;136755;141268;138579;134252;144225;136679;137115;137866;138863;140305;138404;134841;141894;135422;134883;132739;140106;133115;140230;132877;135598;139523;142013;136296;143293;138113;133574;133576;140229;135597;134993;138533;133575;137426;141882;134135;138864;141273;141140;134055;141187;136437;144030;141509;138194;135211;144134;141524;144500;134459;135371;136723;142533;140673;143351;143129;138405;141274;139587;141141;141142;138865;134136;144129;133443;139761;136380;135372;137116;136936;133013;134842;136381;141527;141930;142841;142205;133704;136153;134188;141188;139736;136680;138826;139882;141101;134580;137734;133889;138406;136841;139344;136632;136840;141908;144730;133116;133578;139213;140624;133577;134884;141875;135994;142171;143188;136681;137844;136779;139261;137161;142847;134137;136594;140550;135212;142193;137867;144617;134253;138866;142542;140762;141515;138196;142040;138114;143300;133778;143258;141189;138479;139103;139555;141298;136704;139524;144117;136937;140064;134636;142532;144136;134138;141490;138195;133779;144827;142229;139932;134139;133370;134460;141895;142954;139680;136212;141526;139345;139104;133738;133371;138480;141295;141190;136842;142192;132790;141376;140551;141143;140438;140306;133427;144736;139681;136297;137927;142622;141885;135995;135599;133237;141903;139214;138236;142919;133372;137118;143516;137117;134581;137683;139635;140507;137011;137162;137575;138237;141869;140674;139262;140552;141556;144039;142569;134994;138115;143329;133428;139433;134461;141275;136382;144440;138164;139883;133238;141290;138238;133739;140553;136724;137427;134056;139105;138070;133014;142552;140307;143309;136780;144475;144486;139636;139263;142198;139391;138239;134582;144140;137766;134637;135600;141392;136683;132791;133579;136682;133117;142830;140308;133580;144481;144040;138407;137684;134995;136781;137428;142887;136843;138408;139392;133373;134638;142529;139215;141795;134583;137845;133015;143502;133705;142860;133016;136705;137429;144166;139346;141145;136684;138409;141484;137119;138918;144489;144310;134462;137685;136844;133890;139709;138240;143098;135601;136756;136298;140471;141928;133581;142851;133239;139884;138580;143349;140675;136938;143105;140554;141144;135996;143465;144342;135213;137846;139637;139710;144616;144045;140508;133820;139216;134463;144042;137735;142636;141248;133429;142886;136845;133582;141297;144362;134996;136299;141532;134140;134334;144091;133628;137430;135602;140763;140814;139106;142351;135214;144652;134057;133821;141244;137120;133118;137686;133512;140309;139525;139217;142051;135423;144474;139762;143525;141519;141375;136725;136939;143346;142016;138116;136633;141889;141877;141550;144484;140231;136846;136989;136300;138117;133374;143530;141146;134254;139434;144123;136154;137687;144835;140555;139682;142862;133017;138410;138534;144324;136438;137847;137163;144696;141488;138118;137736;140232;134355;143174;140815;133240;138919;134962;133119;139711;142837;144241;136847;136301;139712;142574;138367;135728;133241;144822;133375;136595;136416;134584;142828;145017;138655;140233;132740;140107;143228;144175;137164;141386;139393;144247;141278;142515;143111;140439;137213;137121;140556;142935;136439;139107;133584;143397;135107;143596;139588;137215;139885;136848;133740;143434;139737;138656;137431;136685;136155;144577;141891;137214;144729;133583;135997;135998;143354;141521;139108;138241;135999;138242;133152;142914;133430;139526;136440;133278;138120;141871;138119;144613;134997;133376;142588;138867;140816;140065;136383;136156;144583;141906;141487;142934;140625;135016;133120;138868;140066;138243;141381;142104;142048;138920;143595;139556;137928;137868;137432;138411;136000;137122;137433;135424;138197;144127;142047;134189;134464;143453;138198;135215;137688;137123;142928;143167;144315;133741;143520;142842;139933;138368;138921;137434;141554;142577;144542;133377;136757;139527;144480;142839;133536;142509;143501;141883;144323;137435;139638;140676;138657;142510;137689;133431;137929;138121;134885;140108;143195;142671;132878;140817;133891;136417;134717;144572;143438;144036;138412;135108;133742;134465;141288;137436;138369;140609;137767;133242;133378;141102;134718;138244;137576;139713;134998;141292;133892;133585;136002;133586;136686;144606;133893;133743;139264;137124;135109;138122;136634;138413;143108;133706;136441;142519;143296;138869;137437;140557;144694;142859;143230;138535;142195;135373;136157;134639;133018;137737;133379;141249;135712;142191;139265;141899;133587;136001;143128;139528;146397;153199;145474;145154;147116;144967;153212;138581;137125;146296;148202;146392;146363;154180;145559;146125;147777;146468;146844;147934;147769;148174;148716;144919;146689;148793;146297;148801;147773;146279;146718;148732;146412;145769;145558;147469;148715;146471;148204;146396;148788;144965;148797;146896;146373;148198;147957;147745;148157;148780;147087;145784;147940;145238;147782;147739;148722;145486;148720;148728;146746;144920;146917;146575;145142;148731;148783;147795;145367;145152;146841;146969;146839;148743;147792;148727;147734;146899;147933;147859;148197;145483;148790;146277;144966;147958;145760;145522;147450;146554;147787;145528;148782;148214;146364;155960;145391;145521;148792;146856;146901;147945;147959;146407;146393;146509;146902;148718;148734;146564;146192;148085;146853;148777;147186;146835;147175;147778;145204;146828;148232;148742;145126;146977;146913;147027;149414;148776;145240;146843;148726;148741;153093;146289;148917;148804;147435;149989;147742;146223;147854;148730;148802;146323;144964;146400;154065;147188;148735;145107;146399;146260;146284;147935;145716;146184;148163;148796;148724;147743;145122;146244;146290;144838;146368;145196;146737;144918;145780;147026;146905;148798;152831;146572;145315;145759;146525;145131;145302;148178;154140;145254;146558;147768;146884;146559;147873;154857;148799;145747;147180;147183;147771;146847;147770;146292;148800;145241;148729;148778;148725;147429;146505;146234;145482;145337;148238;144955;148785;146894;148744;146462;146276;146280;146970;145200;148228;147618;148781;146472;148205;170512;147177;144816;153200;144958;146464;147484;147153;147515;147747;147068;144954;146295;146943;144961;154184;148208;145178;146886;148721;147939;148199;147554;146370;148158;147738;146467;148717;146606;154839;146556;146855;144916;146909;146557;147519;146469;146834;146830;145235;146502;146294;147746;147802;148161;147943;147185;147932;146829;147791;145190;148784;148805;145776;146054;147941;146854;148154;146691;146356;146947;145141;148719;147437;148794;148733;148229;148789;147498;144842;145150;148779;145751;146354;146837;145281;146522;146515;148803;145568;146415;145388;145529;148253;148736;146049;147156;144819;148791;147942;147847;147798;147181;146319;145112;146281;146979;146900;147576;148231;145562;146850;145197;148051;145722;148213;148723;145119;145714;148156;146414;148786;148230;145763;146848;149990;146939;146358;146840;146529;146832;147154;146275;146286;148795;146749;146842;146137;146519;146500;147803;145318;147740;145260;148787;147815;145115;147856;169063;144840;146241;169091;147151;169207;169211;169077;169030;146906;145138;169250;169216;169223;169276;169266;169031;169187;169193;169236;162615;169101;169214;169265;161829;169195;166425;169202;169127;169272;169245;169268;169183;169087;169156;169257;169262;169259;169057;169208;169094;169198;169121;169108;169132;169231;169235;169225;169153;169255;169205;169178;169120;169085;164412;169086;169131;169228;164454;169138;169134;169026;163751;169111;169209;169215;169130;165479;169113;159634;166144;169020;162339;169537;169241;169299;169083;169054;166601;169098;169125;169128;169165;169184;169164;169067;169092;169076;169492;161281;169247;158443;169192;169248;169052;166781;169049;169256;169071;169107;169044;169170;169035;169418;169043;162613;169212;169066;169015;168382;169037;169117;169053;168618;169221;169251;169172;169269;169175;169144;160483;169253;169048;169147;169075;169182;169038;169185;169297;158437;158441;169222;169093;169160;169722;169201;169177;169055;169204;169129;169433;169041;169137;169141;169136;169097;169203;169191;169171;169197;169102;169016;158557;169243;169072;169040;169022;169078;169158;169036;169239;169224;169232;156741;164645;169018;169046;158257;169217;169218;169249;169028;169173;169118;169206;169024;169082;169220;169148;169143;169119;169050;169161;169246;169068;169109;169230;169150;169345;163643;166466;161788;169080;169174;159010;169065;169213;169149;169115;169029;169058;169021;169199;169151;169059;169056;169061;169023;169162;169210;169189;169154;169275;169045;169234;169089;169176;169074;168381;169194;169112;169146;169124;169240;169260;169229;169079;169070;169238;169090;169064;169168;169344;169122;169047;163090;169227;169420;169441;169244;169157;169166;161149;169261;169099;169159;169073;169258;169696;169095;169088;169270;169167;157153;169242;169051;169415;169135;169181;158442;169027;169179;169100;169114;169152;169264;169833;169025;169188;169139;169432;161148;169017;169233;169298;169032;169084;169106;169163;148087;160101;169287;134255;169110;169237;169069;169116;169062;169200;169431;169190;169081;169263;169252;134840;169126;169169;169145;169186;169271;169155;169254;169267;169180;169123;169039;175585;169196;157888;169060;169019;169133;181866;169140;169219;178323;177086;186546;169042;185400;171773;182997;179730;172671;185399;182544;169142;176644;181492;185201;175405;170938;185186;174812;173752;174937;179026;185242;187633;179960;173930;170737;176096;180203;182999;176902;172627;187188;173668;174353;175357;182986;176429;186142;185282;185372;172113;184398;186598;174645;170997;170005;182801;182768;170447;175381;183760;170738;185166;179909;174657;185328;174198;185273;182666;176348;187291;178698;175384;179379;173615;174281;185969;172666;177332;182412;181490;186794;185308;180591;180440;170769;179911;170933;180266;187065;185614;174424;179957;176403;169937;181203;186280;172551;185278;172557;185335;185310;173404;185510;184310;170559;181195;184053;170739;173753;183685;186456;173293;174599;175351;183066;175931;181207;178739;182880;185351;187398;173745;186530;185974;174422;182575;185319;177797;171616;185984;180491;179688;183759;185443;179978;178728;174196;173804;174277;174527;179114;170235;185309;182478;179958;186451;175303;177359;186547;185202;185464;175455;185322;174363;181563;174603;173292;185327;177641;185172;186458;187295;174595;181727;174392;176525;185193;170260;177800;172011;183070;186388;172480;185968;176430;178056;187190;180025;185396;185257;186895;185352;184001;171775;187670;180183;185182;182078;182747;182983;180459;174656;186932;174658;186896;187384;185317;172711;169926;184055;187034;176642;174352;172620;170991;174278;185346;185188;185181;179717;185293;187047;173197;177270;175584;186595;185915;170934;179998;187160;180184;171240;174642;186709;185209;179710;170937;172470;183097;184054;182803;178005;172040;185300;180105;172088;183276;173417;185191;180437;178176;170992;185268;183763;179912;182398;183063;175377;178006;185983;176465;185240;174150;180024;182549;175359;177358;171778;186144;174813;175378;186017;174601;181013;173622;187310;170006;179910;172670;185261;171385;175262;171613;170691;185253;186273;179715;173418;177544;175453;185178;185244;187298;185290;176904;179999;176262;170929;177480;176907;172249;170990;185336;174195;181485;186005;182883;176543;183656;176443;185332;170973;173747;186678;181461;174505;175127;173670;170995;181459;174354;177093;181781;174361;178937;185985;176025;177912;173478;177084;174667;187067;178740;176499;186322;178936;176791;185321;175668;177360;185316;177987;187112;186386;174279;170002;180596;171672;171580;184791;173760;174597;177795;181213;181517;172107;171467;187035;185207;185283;178177;185967;185239;170873;185279;180595;185243;177543;171907;170986;185374;174509;170054;176905;185912;182887;177593;187038;172623;181204;181816;186202;169922;182399;173479;177091;185320;187300;172250;174398;182767;186454;186795;174661;174665;172733;173655;170998;185267;185314;171876;175153;172503;177145;171469;175306;186325;171674;178792;186222;185200;185214;181191;179890;178055;185340;170692;185971;186145;185395;182764;182548;179913;186952;170765;170659;185254;174604;174197;172628;185213;182079;185339;185913;181486;175382;185234;178619;178736;185179;180204;183999;170262;171383;186897;183909;179377;183098;171807;185210;177333;183930;186450;184400;185255;174634;172659;186459;171627;174670;174351;185237;174936;185611;186515;178036;182802;177087;171243;172732;176408;185218;186628;185914;186931;174148;171381;186954;184312;176350;187487;185238;170935;172454;186703;180202;171241;175763;187402;186495;172467;185311;180185;185312;172472;171877;183453;187297;187847;181458;183870;179380;174034;170238;171615;170872;177402;175263;171582;177799;176663;173616;182084;171372;186460;182082;183092;186452;175304;170265;174652;184304;174356;173276;180104;171519;185167;186276;182083;172502;174147;182996;187309;173927;186892;185274;173802;186680;176196;174639;177419;178021;174636;185173;178935;169934;179982;181730;177434;178735;180592;172483;182662;179032;174810;173748;184308;182748;174635;178702;176439;187187;185302;183682;177272;174955;174393;175454;175379;185613;187386;178701;172455;183274;186606;180329;174669;182998;185266;180436;174513;176425;177416;178731;172596;181202;171806;185227;178038;175358;177365;171611;174487;186385;185313;184052;183093;180593;179650;171782;172399;174364;183345;185292;176426;170693;176533;185288;176197;180589;171774;186700;186741;180490;177595;186604;180225;180438;186249;182668;171257;178022;178462;184399;174359;185180;174953;185223;179981;183684;172457;185184;185982;173787;183451;177798;178737;174934;185208;185221;171256;185222;178787;176548;170985;177363;180439;179884;177850;182667;174357;179647;170971;177092;173412;174767;185609;186630;185442;181784;185280;177914;177088;185232;187311;182882;174395;185235;172463;185190;170987;182171;185307;173929;183275;170239;180000;173886;171375;172458;179713;174139;185291;180201;171520;174653;171673;177144;177417;172456;186740;169933;182946;183932;174602;185170;187290;185211;185196;174151;178729;174648;182395;187285;178952;178178;184000;185171;180594;172396;173783;185303;174655;175586;174660;172146;182545;173672;183904;185216;180435;174659;185263;187373;172656;187301;174032;187277;171912;173659;186271;173403;173665;185230;182987;175927;182766;186274;177801;172555;173671;180460;178461;176095;184309;172149;185271;175669;175380;187371;176532;185192;185241;185333;177418;173762;173928;172453;185256;185966;186739;176428;172660;171379;187403;182547;182665;180590;178918;185260;185347;178742;185231;187669;172450;173656;175307;178738;186898;182885;173751;174358;186387;183933;187302;173676;185353;174525;185281;182396;176098;185348;175137;187299;170264;179729;185258;181192;185269;182804;183867;187307;174644;173405;179344;174651;179583;174940;186455;182541;183868;185228;172148;182984;174598;170258;180434;174908;177597;185397;183652;185205;181782;187031;186453;175759;172464;176909;173801;185306;182746;173666;174912;174666;185298;182884;174978;170259;181650;172668;185225;177541;185187;170994;181780;187671;183653;181190;171258;171612;187306;187066;171933;186204;171776;183757;185275;183872;176461;182947;181864;174355;179651;185440;176661;176438;186000;175667;170868;172451;186602;182664;185299;173881;170969;173885;187186;170236;186324;179716;179689;176527;182427;174282;186679;181863;174954;176263;170968;171905;185219;170916;176404;185206;182542;186933;174643;187488;185236;172484;182428;170936;181652;183683;171371;178697;177366;174365;187191;186531;176261;186705;180023;185229;179888;177589;174668;180200;180265;178054;178289;185973;173750;179708;172459;180462;178790;185203;177851;187039;172398;187672;185441;185334;182086;186701;176643;174504;179977;171008;176097;184186;183910;177361;185169;172506;179343;185249;172556;174958;180458;173669;183905;171772;174911;185338;185999;174362;185365;179341;185323;172460;174426;174033;172624;183344;181831;186893;186532;187189;174594;183998;179423;183934;174423;180513;178220;179712;184397;174633;173799;185212;173419;185224;178786;181505;172622;185259;174140;174394;181487;181194;181399;179727;187385;185174;173295;186927;177620;173394;176901;179582;181783;179690;177913;186384;185511;172147;185315;181463;175354;176440;172667;180496;172461;173658;177647;173663;177852;182765;180587;177884;171373;172465;176398;173395;171808;181488;185265;175191;176092;174938;185329;180495;187374;181832;179979;176460;183981;185270;174508;174935;185246;181205;180330;179184;186004;170263;181328;181729;186003;174638;177364;186891;185304;176526;174663;185262;179718;186493;172621;171671;186002;185215;173614;173674;182881;173761;186001;179731;177889;185251;181012;186545;177855;183065;176908;173784;185286;179726;185183;176026;177986;186601;178221;186279;187397;185294;185324;174662;186627;173661;182424;174647;177915;172106;181489;179375;185277;176093;182663;180013;177362;186275;172625;181518;179887;181833;172662;187370;174284;184790;181728;182985;172468;183866;185197;174596;174490;170560;172150;182085;172251;183762;175192;185250;183452;174600;183871;173931;173667;173757;185285;171777;183869;181462;178463;181193;185296;174909;180433;187296;172114;172672;179687;177269;182749;171639;181460;174367;171581;186497;177649;187278;172397;173800;170176;184441;185248;185168;173803;182410;186389;183099;174631;185301;178791;171802;176910;170984;186143;185220;179649;174489;173393;176544;172552;171779;174632;172661;185612;171362;179709;187383;187040;176444;172553;183095;174035;178399;174368;175193;177794;183660;172466;178398;176349;186272;186516;172058;185276;183069;180494;186596;185610;178699;185615;180492;172629;170237;187046;174649;174285;171875;175928;187372;179885;181206;179686;173723;179896;176659;179996;179711;176903;177598;172089;178730;185204;170004;186277;171521;174914;173664;174031;171382;179378;184401;176645;183761;187308;178460;172731;173746;185247;185252;174646;174194;182413;185195;171629;176138;174654;178324;178037;173758;170996;182479;185970;180461;185326;174956;179728;185189;171923;182170;185330;180463;170768;176530;186203;173675;185478;173413;172452;172112;185295;179994;173744;174425;179959;185318;172111;185233;187137;170736;185177;174637;177370;177420;185371;179648;170764;171630;179995;187041;183758;181398;177415;185217;181865;185272;174507;184307;185305;174910;183865;186603;181491;170993;176094;186953;170999;175583;178219;170867;176531;183907;186461;173754;171523;186605;174506;179889;185972;171908;170756;186141;173660;170767;182397;186629;183654;185337;186390;180331;174811;171522;177483;185911;173673;185245;186955;186006;178741;186496;184311;177594;183655;175155;179886;183068;180588;173785;174152;170766;171242;180432;185438;187396;180493;172669;182886;174640;179376;172108;182425;183681;185331;179714;185284;183906;173749;180022;185175;178700;174913;173724;184305;177542;177094;185287;174939;176427;187922;185289;173662;183094;173275;185465;180328;187287;177095;175758;179732;173798;174399;172471;170162;183067;186278;182945;174360;177599;173743;177592;182546;171780;185444;182661;176542;173290;171380;170755;185341;172630;185505;173756;181011;173475;185264;185508;173759;176260;185199;183096;185509;176660;186597;182543;185398;177273;174605;170043;174280;172626;185226;177401;183908;181519;170920;173414;181651;183686;174149;170558;174650;173786;170871;170740;185506;175086;185325;185981;187375;185439;179388;186702;179997;185297;173477;185194;170261;185965;186457;174765;171924;186323;174366;174763;171781;186494;171374;177796;172485;185185;179342;175383;181010;170970;175138;172462;170114;173291;174283;180264;172469;173755;185176;183980;178938;178734;183931;179883;185507;187927;184002;189871;189215;189875;189217;189925;189216;187923;189268;187963;185198;189486;189381;189248;187648;189601;189939;189481;189162;189157;189151;188042;189670;189246;189270;189598;189314;187924;189597;189099;189753;189729;187704;188037;189873;189311;189220;189160;187929;189671;187848;189926;189727;189150;189269;189675;189485;189219;189483;189313;189938;189265;189159;189310;187926;189152;187921;189728;187962;189153;189674;189924;189837;189599;189315;187673;188040;189730;189247;189155;189752;189872;189382;189316;189100;189385;189156;189940;189272;187928;189673;189161;189724;189384;189874;189158;189482;189602;189221;187965;189309;188041;189312;189264;189600;189386;187964;188039;189603;189751;189672;189149;189154;187666;189383;189218;188036;187925;62278;188038;22414;62282;62279;52544;62281;34969;69476;24016;62280;69494;73640;23831;21565;21567;25039;45112;69475;32316;144648;12246;32315;25492;80104;80103;65741;23925;66519;22056;59318;62277;21079;80998;83365;81127;106606;170660;29741;25694;23869;48300;35742;34741;40434;43068;31799;49307;46859;50493;51926;54299;53472;58001;54972;58207;55140;56874;58538;62480;56259;59426;63242;64506;55803;61550;61622;58994;64584;63450;62836;67225;44596;65219;70858;66872;69866;65910;72606;71951;71351;76413;66445;72937;73994;72284;73433;74431;77577;79140;73740;80484;77172;79835;79442;84365;80946;82781;81819;84048;84642;86423;85326;86369;86060;84730;87244;88639;87657;86851;78441;92012;90425;91163;93960;64916;93461;95762;94628;97142;96388;91670;94334;102262;99283;105175;100052;104544;103922;103124;108281;100756;109601;101362;97727;118909;108958;110979;117410;111683;125056;119094;123938;125815;141494;122117;133607;28211;110397;20158;128633;119462;105691;60110;59196;11323;11710;59176;137253;60111;59175;41945;25371;62392;89693;58272;24712;58273;62393;27599;25442;50525;11952;89834;123009;76535;56049;155788;125405;131285;122858;174261;165176;162140;177128;93098;31347;174260;159601;76534;174257;137084;52673;171845;148136;65614;139233;157230;132633;144448;152220;176520;154005;169273;164456;172255;164807;170120;125924;189275;167075;189274;160717;163576;174705;181229;172190;125925;186179;65613;139315;178466;169304;144566;177391;172612;155706;181232;152861;141216;164495;149359;158564;162411;86697;49808;119259;119835;119836;119258;147921;185517;119261;119260;102682;90566;119263;124412;130625;119308;104742;102858;101523;127059;111376;104436;119309;109398;121246;119837;121045;118092;131191;182772;140503;124413;133525;119838;126750;141568;49807;144647;135848;154004;144567;141217;149358;147920;119262;131077;182080;157229;152161;139316;170121;163575;178465;160718;174706;181228;55422;167076;172191;45404;32396;48276;49780;55671;52458;62063;57050;182773;62384;186178;102859;112059;90567;72723;86698;182771;104433;101524;131078;111377;121046;125153;118093;129494;126751;128422;109399;62064;64094;133526;43029;39481;35807;131316;131941;32395;131942;133853;92700;58645;139924;139412;132586;14266;12530;110560;15500;12527;110559;15761;12566;33549;14440;12556;12581;12575;12589;135849;140310;12555;14588;170207;37723;117910;134356;107078;37111;64488;109437;34939;122372;100974;170115;92338;53905;88875;86334;135880;117844;110465;133629;37996;156075;18815;18814;91332;170989;21646;78878;102687;21378;151497;66968;18816;86176;86645;18817;40910;132665;44952;177996;90876;83939;43176;33186;57402;84409;158265;31081;143517;91475;21379;74295;37293;95585;174972;18818;18819;103555;74176;164051;30029;72953;35998;18822;96363;144125;153072;18823;92674;18821;84600;91203;36136;55429;164316;57907;18824;164808;78495;18820;65540;67249;142952;14345;106879;86583;57415;18825;69087;165595;99058;70515;92675;46244;42874;100140;87980;32487;53579;137381;109877;161445;168474;47793;80923;99206;88665;127876;18826;100313;18827;70066;58609;87981;126592;55912;133969;122959;99178;128491;37713;153984;42808;18828;124788;18829;180378;92676;177673;146411;78577;23950;18830;159694;88570;51404;111540;86385;34445;33935;117863;117594;36012;31830;97807;109713;129545;133243;88729;61586;81062;23951;18831;36645;91696;97197;84651;144147;31633;86386;34685;142665;35405;21380;111403;162586;92831;182960;108923;111402;25591;18832;93494;37252;101826;166787;135729;72527;139738;139639;86584;21381;133327;105335;134999;112128;63015;134963;91908;90553;149974;21382;145024;167549;32488;76134;56077;180347;148503;104226;139109;21731;148750;69278;139640;45583;144165;85366;18833;62488;58828;158143;73549;156224;165509;92884;21383;174304;171387;44599;22294;66734;92339;167321;149234;57785;119056;145027;25129;165923;92886;150273;35277;92885;157887;21730;92887;138123;74479;55913;94491;21384;21585;101186;174896;73661;22486;55281;92888;96364;21385;144184;60114;18834;174396;94126;58756;84886;85426;21386;66769;100881;80069;37724;71506;96365;100113;136533;91909;92889;36588;91697;18835;57445;106424;168328;92891;134719;40460;86805;59083;92892;18836;104835;84482;187645;58358;37913;173330;127539;126019;92893;90979;18837;84321;91145;78815;92894;50327;185916;156036;34164;87290;159654;84693;18838;134720;51100;92890;50328;178110;38114;25827;92895;34688;35283;92896;146798;86177;151004;119510;91698;138414;153126;24719;56803;61443;86585;85519;84322;25305;81460;128308;187162;18840;61587;157244;158451;94492;34256;36042;135881;159313;168708;63368;18842;18843;101966;106732;146499;35562;185430;58937;58313;103474;18841;21700;21387;106467;18844;103556;88583;129573;87685;57857;84104;79810;137342;104061;150010;84068;189902;125437;94663;122630;93983;139529;128584;87176;18845;72247;41021;121403;21388;124374;184465;181523;142311;25437;87609;84694;87114;18839;72954;83328;139471;169096;184306;137382;51101;54619;149374;161169;26084;125909;166701;103759;166062;66735;31714;152657;24705;25472;18846;176832;37320;127945;37848;95393;18847;21389;63364;34389;65840;25748;125871;24201;76879;63369;121604;187407;122936;148511;66507;145257;35289;89707;169417;18848;35613;87686;62105;145560;47025;147937;65935;128492;118900;104113;99615;18849;52728;54620;186201;38779;26085;51393;65936;127540;153205;96850;34257;84553;59103;87687;40978;62884;177259;34976;100610;36791;161926;26212;153817;103795;174314;161098;84695;182476;118315;21390;136990;28316;48749;63263;134437;149247;167044;33239;18850;104982;100674;88743;61740;58162;22451;142275;132792;103522;69213;174318;110675;26977;60150;125662;57550;160236;62068;180366;72312;22208;72717;180364;122165;76301;63637;59746;95408;37142;121495;165507;149341;18851;86876;125614;88816;22882;50329;86775;156027;36579;126534;58972;22883;23758;47751;142940;37021;44333;61725;95450;144157;18852;66635;73900;18854;21391;18853;138370;126928;102688;182981;119821;126841;95499;22487;180370;104487;21678;36167;57454;51503;174311;123053;137285;22515;36819;136384;72893;44625;97219;93942;91370;157237;45547;91720;176133;30241;106831;18855;57585;63395;54838;90605;131466;174302;173329;31953;187161;23793;63396;96292;43161;56078;63588;21392;67117;18857;173388;122987;151809;189145;153870;146598;18858;126363;18856;104488;118844;22884;134438;21393;57908;166525;81134;58837;51962;64742;129084;132410;163938;133822;47142;76195;93933;127541;54621;108703;88666;18859;158217;51102;18860;184466;65623;91699;80148;143591;89764;63016;152901;102465;33904;106236;19337;21394;54982;59380;152227;138536;171185;111018;21395;138658;180381;18861;83080;156078;84132;106810;86198;132064;59361;133707;104489;133432;187852;33374;18862;25802;148207;38135;169295;25803;144927;56804;183319;37369;36865;89006;35050;38799;105063;18863;22428;112236;21788;90286;56323;109050;18864;148748;140234;87480;161830;107126;111176;65989;61501;37032;36191;36605;58646;18866;62856;129114;70516;27844;21396;150702;18865;37781;138245;72872;26086;51132;131970;35284;83130;84380;135941;87269;87291;64873;171697;78816;164054;21397;149973;184469;107042;59281;22209;87688;106880;34270;35240;21907;91790;96510;121521;189254;119270;140311;131844;180275;21398;21789;102846;183755;133708;82062;84410;18869;89765;85699;18868;18870;18871;21701;142946;118182;21399;117966;87292;79656;118496;18872;108623;55395;140725;126315;35335;158033;84254;18873;140677;99749;40899;175040;40583;96163;106287;84381;174297;72955;126593;159723;112069;21400;81175;94238;34301;21401;22885;180376;90606;34728;136534;166212;47677;42238;153894;174287;84201;47616;162511;35701;21402;78634;38140;58640;110628;106938;90980;137930;119562;18874;36365;166856;36869;48250;160295;82313;94415;97808;21403;104162;18876;135713;18875;129838;28193;38697;37618;149424;83510;66918;18877;138124;144182;122883;79955;104537;21404;37542;163281;171634;94918;158169;106811;159583;97972;48396;83841;35290;136955;106993;46259;47818;104731;18878;168387;63159;37058;35051;188031;86586;158782;174306;94416;85593;86335;71874;21405;92851;18879;144658;180341;84860;104693;119698;36864;35052;29769;85594;58359;90334;142535;18880;180363;44345;137789;62791;18882;105448;18881;35241;51504;93984;137343;86620;154139;119879;119511;159771;44600;121272;81461;99551;96397;156698;174313;49108;62770;117303;96116;108351;59747;57909;69052;69395;180368;170924;87689;107109;18883;133328;51450;18885;124286;91026;18884;61741;62956;186707;132879;26087;21768;35426;51567;103343;154925;37495;182190;96992;87385;55812;25664;18886;84483;22871;85775;18887;140626;103760;140678;96411;140472;28165;58938;93614;89007;86877;130238;18888;86079;95734;111362;106425;88817;22452;25833;21406;34504;180373;124219;147688;18889;18890;19338;94417;21407;21408;117649;110403;58422;37185;21577;91476;88149;53439;56117;51928;37467;141103;64374;110390;21409;139739;81096;176757;82578;147558;69008;178635;86834;76951;66798;185811;18891;42331;171695;146477;60055;85595;43104;150260;104863;62022;35469;57968;71529;173392;37433;186499;50627;55821;84522;170474;57852;86835;107110;55723;18867;36476;68898;136535;31154;29689;28348;33240;36362;18892;171366;145364;101330;112281;177846;88027;108314;97342;91928;88500;55157;29770;46876;149073;92340;29771;106733;147814;21410;164459;18893;37229;42355;146846;61480;28349;76922;37593;185431;85965;83792;91508;18894;37125;181611;174295;117650;137344;18895;159238;137286;53468;18896;119563;93442;57529;22488;25632;118073;58438;45613;82890;167057;154774;37695;117441;22453;87361;126484;182378;18897;37115;138125;57675;68917;36275;61762;87885;109190;178293;118476;25015;84628;103584;19339;23738;22198;102689;54951;53906;157386;105064;22499;25260;48370;18898;153826;119315;85337;35935;112070;145349;167319;36492;59302;66549;22500;99192;21411;61451;33547;62814;88465;18899;18900;88667;91027;83554;77638;81395;150314;181369;88853;77596;164435;180216;84696;105214;125438;51950;134843;88067;91399;50699;118704;73150;76584;83793;125098;84697;51505;38838;174300;136706;153222;23985;21412;81009;34977;109330;53907;84652;35936;135882;106597;37616;59439;77733;121199;145274;85172;111405;130494;186287;56805;144193;37929;34151;136849;151899;51560;183982;127106;83794;21413;85858;173331;139934;159582;18901;111363;28259;18902;64089;38963;122570;37712;86431;43342;45529;108524;62832;56657;130239;25512;37799;169892;34496;126136;66581;147098;63401;110578;144158;27550;159710;96058;81331;119426;96366;25451;49062;108680;186498;59945;18903;18904;88730;87982;21414;81193;103475;127946;105336;163858;37480;71485;105090;125439;18905;67237;158995;127542;87610;125440;18906;36212;45570;134721;21415;70865;177386;100282;100496;43093;177385;139266;96172;111561;126485;144028;59516;136158;77315;85991;24730;57329;111019;64791;104227;92448;149425;36998;53523;18907;26088;93443;25425;170593;127543;83555;106699;168322;18908;134686;85859;130240;84699;135795;171512;23986;86044;96322;132349;84698;153073;103523;92770;23759;71960;126519;85427;62792;86836;21416;180338;146288;85639;124608;18909;106036;122412;71603;149483;72528;36863;127086;106037;99552;18910;131467;25834;92739;59063;62054;146792;37227;58864;53852;57646;86889;152860;87293;142539;76600;39578;106734;171384;101539;120968;35053;55956;103953;159471;187647;174290;172105;23952;53881;102833;18911;124429;65841;57830;156021;18912;134921;139714;87690;180342;19340;49273;21417;181837;92006;87691;85640;18913;181208;105665;50330;83901;55430;87789;18915;21418;18916;21647;18914;80149;100565;148697;125687;133970;65067;35623;117845;100141;71223;18917;56576;121427;63373;64516;38881;104163;121564;150316;151119;161483;109051;24202;130241;122657;180345;178325;137165;56490;97687;96117;103656;131468;173647;171744;137869;18918;37846;182954;86276;96086;145478;58471;72612;141465;171635;89047;110254;92341;36231;76614;136850;87692;138126;21419;84861;85367;168666;42094;47904;158199;19341;21420;94081;103557;174307;22239;84411;93674;186716;156715;29950;18919;27578;121629;18920;85641;88603;34762;125346;118246;32062;36947;84780;93144;71450;51963;93061;22489;35054;21421;136442;43376;81798;25981;89048;21422;138922;34786;130242;141844;40868;130921;28350;101540;179385;18921;159035;112071;110539;125749;95500;85173;150312;21574;64792;18923;123980;63469;52486;58201;58641;104265;127947;122884;93985;148506;92027;121522;34390;102615;99059;126413;110953;42129;85483;71451;103476;103152;59313;156440;21424;95418;21423;90335;153396;66799;50331;21425;124220;146166;83909;70964;109052;146578;38800;18924;25840;21633;105337;95419;38801;22909;18925;59206;95501;85924;90336;96323;36300;56491;27508;63370;61557;109383;130243;149361;83511;161984;18926;153435;100283;119481;126137;58642;77883;175761;87294;40485;131260;66455;76543;25841;136159;38802;18927;51964;35582;105215;29796;49166;78002;183822;185394;95502;53440;83795;134585;61780;18928;56168;50469;69250;121335;34723;156026;156029;87693;126364;38751;105140;26037;57786;169343;35427;62793;62866;96511;175823;119699;87611;137126;166910;96820;95503;51568;65967;181337;18929;21426;59859;51363;163649;188030;92897;87213;140312;118074;151009;61742;99553;110429;136003;84970;51103;25261;61588;103477;69412;55517;131469;61639;36910;96618;140627;136758;130244;34940;90287;35937;91791;62885;78015;158197;32061;18922;171839;70261;63069;174957;23794;95504;86621;110653;36730;72382;21427;91371;71530;70672;57403;131470;18930;84700;86188;182515;124046;66889;136956;42428;180372;73266;167318;145316;126486;80424;87790;164949;40486;174724;162510;184318;153220;177894;182574;142855;118477;119822;61781;103741;33419;124560;39315;101276;45584;141793;153982;175004;97788;109749;52966;104759;130245;181761;66630;186821;164049;147680;142856;21428;106598;22240;171638;88466;168619;83081;95505;94691;37117;103478;149343;147900;84701;88512;36192;121324;45561;100441;130439;86178;95814;87997;59517;78016;156052;88668;18931;40571;18932;45614;179944;100497;38803;27067;88068;174299;32063;95506;23987;109625;63256;149857;85700;104647;76060;122631;103153;100646;146907;149079;50700;18934;62194;33241;144673;95507;169936;110540;56277;18935;88669;56685;53407;87612;18933;169702;164687;130246;84554;91929;173722;71070;120969;153821;61763;119246;78017;87177;86878;56492;65170;65184;63049;81332;35089;128979;19342;124353;84069;51991;103840;95508;32449;185417;88584;18936;102278;34497;92740;152069;107243;167909;55845;61522;95786;64288;107043;59466;29849;143178;162134;18937;18938;85757;18939;73389;25049;127948;179942;88818;79795;148526;43626;148869;95509;45114;70795;86806;36807;135603;82786;90844;149249;55009;18940;62611;180365;100081;153815;133709;35055;127544;111583;55877;62489;83512;153827;36654;32110;106994;109228;24825;85257;96619;136302;19343;58137;51379;81462;91267;66250;81116;35583;73321;181686;35336;60151;149888;126842;31983;150171;18941;21431;157239;103524;64743;18944;18942;18943;134256;21429;21430;95510;180107;179869;137166;169701;21432;59084;150091;84412;95511;35695;40691;89708;127545;165569;66845;73676;87744;136596;22516;84702;133476;111655;102939;18945;110579;117864;148200;108738;23663;56772;37439;99554;71983;71808;162698;74342;51582;158787;96938;21433;109661;63115;79364;109662;144172;137790;105065;173613;145236;126081;147874;185364;169700;109053;36550;136160;146833;23871;162700;167245;85033;62340;70299;27813;57628;134922;90288;25050;69888;93388;18947;96939;108979;35401;84813;111406;176442;162513;88977;87745;55158;18946;36673;55822;18948;89895;100284;35770;19345;106832;88467;143543;19344;18949;88684;45135;121565;68918;146601;58889;99496;145567;90049;80350;158994;96324;158403;18950;62886;38882;18951;124209;126365;18952;152226;174897;133244;164053;122109;97544;32145;87830;102530;36893;168310;22051;97809;141517;43037;150196;82650;170093;149883;18953;65541;21434;180166;95546;124221;133710;58670;24307;169935;122960;18954;99555;61502;104836;101217;35242;59009;88468;87694;29990;83796;58360;73633;21436;127949;21438;167131;117721;21439;58472;21435;73632;62705;29229;37696;73111;21441;71285;21437;137870;92771;59282;27640;18956;143306;92342;88876;35243;160420;37518;91372;128585;144569;144868;136940;18955;135942;71152;131148;85428;82286;18957;66311;87695;37225;88028;34978;92503;83842;39375;25426;18958;189708;145149;96059;149512;99698;134335;65185;26089;32299;184460;77560;25130;18960;81432;87831;38964;105449;120970;21442;138127;52626;56493;56476;171122;42967;160536;18959;141284;18961;83229;18962;108429;96367;74114;22501;156210;59085;35624;176942;157236;89008;62806;53441;139683;62114;19346;165244;93581;18963;61617;38086;21440;18964;36251;22454;91437;22210;153083;66582;52058;34732;158989;23760;83940;18965;88944;47143;137249;59095;35337;42404;106115;156030;87295;132428;91839;18966;73792;21586;165619;146130;150015;35938;21443;144191;156688;136851;100581;21444;58790;48397;172248;189901;137167;37471;18967;22040;84814;140135;87696;135730;122084;21445;32064;129085;49123;99060;86922;19347;139830;87983;180377;102690;69396;167320;37800;74181;104797;57292;42414;65199;85608;166428;42213;111771;18968;180375;69214;77124;48380;149977;46245;166298;44346;51069;150317;65842;96221;35338;105450;102330;123574;105502;94418;103237;37716;92898;18970;18969;86686;38804;25914;145095;53442;21446;35563;144190;138923;53469;137791;87746;88604;136957;18971;96512;121273;130617;87697;61764;144573;131295;167206;76196;89009;107111;65843;18972;44407;71257;18973;86266;62731;134722;89709;91373;173401;87854;66814;127546;139472;92899;35999;136687;87225;77976;173715;137792;117722;176943;57293;180585;87960;18974;100775;153061;56762;72098;49728;66736;86837;88469;36564;111720;29288;168189;144177;18975;86277;171118;106735;56587;140628;140937;90233;108574;92900;35584;145023;23664;58314;21448;89927;182191;92813;91581;21563;103841;92902;90592;22052;87481;91734;61743;182168;21449;172084;179359;21450;18976;127547;92901;124182;135425;101218;62490;37841;25633;96851;57818;32065;102466;88670;92903;50332;29230;30127;66631;91553;159765;103657;167323;40957;130413;174390;90554;88470;126138;168420;118901;29951;149231;167324;100393;78521;73857;36518;37025;139267;139435;92537;178109;92651;95364;92904;42342;106855;66312;18977;132065;164814;187206;92905;159581;37131;90050;34484;38021;86387;72696;39594;119851;18978;25473;153819;96639;40429;93360;89852;36773;105338;152745;122042;21451;48332;25634;138582;46246;139763;18980;86857;51520;26038;70449;58829;77836;43094;141314;35625;120971;88471;59026;34327;156028;92906;58556;103842;147697;21452;122885;92907;25016;69337;66169;18979;35963;21590;87362;92741;18981;92908;128135;56477;18982;92504;84523;181830;105406;66837;85066;84703;51506;87482;92909;29874;97545;82480;152746;153818;100582;151121;110691;82906;166181;35279;31031;92911;92910;62341;177399;38112;128136;40518;34045;88472;38002;18983;24797;82514;172261;92912;27044;162839;106856;36837;21453;81587;71071;34228;92913;60101;18984;70306;133661;36576;189105;36333;92914;140235;26090;89766;22517;43596;46214;106649;37137;50838;119700;36995;108352;164093;154658;51666;105066;179945;18985;148703;104944;34188;137690;55970;34816;151972;37183;37109;86587;139436;140236;81097;158402;64987;97403;36618;94493;141293;88473;37398;149071;22139;34838;187103;147897;78611;103344;50505;18986;18987;50333;149514;143437;122359;170003;133971;105216;102030;82002;177516;181368;96742;102010;153871;134844;110969;23872;137691;111991;72995;140237;104760;18988;47144;89853;77717;42912;36280;73550;18989;21587;170398;185373;123481;74239;18990;89896;66737;103479;84704;88474;85484;90845;57551;136536;37096;23988;34446;92915;56521;59220;175760;24720;170785;71238;91637;118902;18991;129661;108430;83797;35672;18992;176528;128042;26091;69088;92916;92917;125278;104507;66632;93495;179210;117651;97107;38705;159495;86432;21454;84705;92918;62957;106736;148518;102491;171743;183088;88475;92919;18993;65844;50334;92772;38657;171246;32066;18994;79707;128309;54622;92920;96471;92921;106881;36237;100827;97546;109663;140558;21455;92922;132411;169806;37076;18995;24227;57338;153823;89010;80537;79401;92924;61765;118336;65968;92923;56079;18997;97810;148599;92925;35280;18996;117376;92926;151120;87984;25381;57739;73487;99109;185775;57910;92832;166055;57647;92927;102101;153985;18998;73793;34165;92928;128586;96412;89089;93986;102797;139268;22341;91374;88945;70262;176219;21456;55502;102331;18999;186500;53346;94082;122988;73267;110430;53443;151778;89011;90846;144187;124222;19000;89727;19002;86450;58647;21457;121404;57629;149346;163704;56017;25679;110274;135192;21634;127548;19001;56806;97108;64666;93389;100442;95451;33187;93033;69065;37822;19003;95787;91509;22886;49686;37951;51832;45446;25533;89012;164839;66907;31155;84706;40858;84707;72790;38965;148211;36752;57432;19005;99646;19004;67103;108624;126666;72002;19348;78039;70701;81683;91966;44601;95039;85729;24365;97625;76719;164622;106237;129425;62958;83024;47814;38966;91146;21458;96368;19006;29289;84133;125934;86879;19008;86838;86377;187961;37206;162970;159311;37503;19009;21459;64988;35639;84043;55878;181521;19349;144144;180374;77125;84708;109593;85368;42310;21460;83941;64885;19007;168723;105625;77316;34979;36636;86433;56548;64874;40461;87907;37292;19011;36421;61539;81117;168188;174292;87661;65845;170050;123809;21461;118754;87698;19012;25017;34018;81618;21462;40659;86858;37047;144174;165686;152490;93496;158983;44049;19010;101541;158246;42196;87226;101187;104062;136726;34686;88671;106939;25804;37039;63290;19013;159496;135714;22502;84524;132683;19014;21464;91930;47567;96037;45595;61481;32146;37617;183309;40660;122085;87747;55914;163268;21465;83798;21463;138537;109594;32067;25784;36168;34980;21466;131340;101967;87613;127950;152288;55846;42170;25805;129839;19015;91910;139589;47033;36472;181338;153816;159743;136385;19350;119316;102138;34152;145187;19017;74444;130922;178713;19016;73881;97688;87614;79365;32147;156079;144185;142156;19018;19019;65969;89013;156732;109565;152747;21447;72849;43377;84887;164342;76985;21467;29772;175156;119271;157319;87699;49652;174303;77036;19020;128587;45447;133588;84862;189503;55439;88476;132793;152205;87188;35640;106812;81867;148530;111177;21468;66938;117911;163895;52666;21469;19022;100975;118124;19021;151410;84709;90847;35339;37686;147172;57390;64421;19023;35928;51889;90289;70484;48427;97312;66210;186421;134336;21470;88819;51915;38015;105362;143526;158985;63674;174289;31954;106214;168186;21471;135943;154315;91931;46005;19025;139347;95365;139831;19024;125379;94083;170965;95265;47794;25359;61675;133894;78003;24838;72768;27845;163329;179943;171625;82481;121405;37029;178013;106215;107044;19027;102553;146574;123981;36000;89928;164050;88672;143466;145781;35285;85293;21472;181322;171693;186807;109066;84105;21473;85966;119057;150172;97220;19028;49729;25560;111178;70379;66012;111596;183450;70646;76615;174572;167322;32489;89014;94450;72494;76986;99240;56857;51521;182560;19029;19030;87227;22211;39425;34951;19031;103796;93730;187114;61782;21474;26937;57552;103441;37777;96369;21475;40935;73151;23665;19032;34206;19026;120972;19033;180489;130440;160296;136688;84710;86278;180581;118858;108476;42875;84971;28194;81659;99974;65846;90741;126756;21476;101876;106959;106426;152073;36976;23989;57720;184467;34839;19351;57045;174310;159065;87296;22887;153285;24366;22872;89974;100828;19034;95974;184464;105067;85596;151900;119272;21477;58283;65847;19035;83910;88501;109929;58963;131261;70965;21478;42886;174291;142035;171694;123422;86279;90234;109626;189397;86451;184468;33905;110319;103345;63371;141535;148522;99616;177883;170163;63365;79956;88744;93497;160533;84934;21479;19036;152818;73431;84314;141391;37028;19037;146560;91268;163766;80351;175277;97592;173657;50470;22910;111656;19039;94692;129369;186808;158633;100285;36682;180367;137438;19040;109054;174312;19038;142573;21480;90568;86080;154773;19041;74318;50335;90290;146516;134923;63470;91554;180339;76720;102408;21481;56494;19043;62298;19044;19042;124223;21482;73779;111721;170784;136941;25806;81588;81463;49730;126139;82063;47130;19045;36517;102279;58210;85860;165288;180106;73488;54623;19352;19046;69372;19047;134466;88112;70595;156025;139110;148516;45571;55633;76302;180348;154045;112052;87700;47752;151500;153892;68943;173719;110521;21483;125791;85573;97789;28166;153949;56522;62207;130077;163920;85861;103761;73551;146673;94451;49189;21484;32068;105712;27551;21485;78496;64989;131471;35626;91510;84496;156470;80983;167099;142151;19048;81962;171434;45382;31437;34498;133662;21486;186607;84994;135193;86955;119482;170077;84972;72676;151346;160393;22212;127549;84525;66770;94458;109532;58315;183885;76854;19049;88877;112072;125935;111541;93361;128746;147148;87542;19051;148520;156469;136537;19050;151008;139348;105141;85369;100976;31183;169893;95693;137287;51104;135883;19052;38061;37145;180343;149039;73152;160061;55681;35340;177517;93428;178909;83513;45572;128795;26938;101542;85574;86320;88502;37223;34271;123982;58838;81222;139394;58347;174301;189761;22923;34817;83902;96993;61503;66456;164514;90848;124609;84781;36766;184440;106882;59027;184384;19053;27622;146985;124224;161206;95512;21487;56723;90235;84323;139641;141147;36193;189762;63397;133329;85992;135944;141512;159766;36920;19353;144815;104983;45585;87701;38967;162730;19054;111179;45573;96060;36391;136852;94693;65975;84324;79567;185895;174315;137216;50701;170257;85893;66815;141148;90337;144826;53397;84070;19056;61640;19057;105626;122605;84325;60056;146763;36857;45586;57455;103585;57294;94263;27610;96709;64744;19060;19059;72206;163105;84526;63463;36922;126667;133121;156370;62959;176134;97689;88513;118024;19055;125936;70966;180584;21488;19061;92343;150168;19058;161843;87386;31082;38058;185378;108858;80840;159744;66583;82681;91932;19062;66170;100339;184132;26939;91911;79402;85520;28317;186241;127550;90474;19063;173328;153074;38805;35341;104945;179873;86388;117465;141549;90902;84527;90236;104063;132942;124183;100977;81223;22911;19064;90607;73049;19065;124047;103480;84413;37486;37933;171931;21489;28195;88151;97109;87908;62649;19067;153062;103860;148537;89015;154044;19069;19068;19066;149489;58520;22518;160464;19070;189146;21490;69860;184463;180380;56080;35939;129954;65848;61676;23771;152859;99750;21491;23744;106288;128588;22007;88673;56495;183878;59314;122989;84815;94751;21492;79403;87387;85758;106813;92344;96472;130183;139111;154199;125099;145563;19071;56527;131262;83556;138784;93429;87483;63070;22924;59168;56081;94214;109055;102987;129426;109019;64922;180454;177384;151971;50351;125839;94903;159312;178744;106737;19072;136021;79957;25785;104490;58316;93987;101331;96370;180346;73552;22938;19073;19074;24798;136635;19075;128310;102467;56399;103909;66919;145193;37051;117492;61677;37437;109191;35442;85258;94419;95409;91582;84438;61504;50336;160970;177648;106857;35056;85521;58473;93988;19076;37516;84382;132350;77109;19078;88820;143175;91933;31831;86588;19079;36848;125663;88152;159767;93267;183090;19077;162509;135731;70866;162550;87297;19080;89767;138128;52038;22519;94527;174320;21493;85245;60134;66185;87702;144126;69437;97904;58423;37792;21494;107046;182076;19081;103762;59748;21648;135945;165223;36402;25942;84712;93934;35057;104984;84711;21495;118247;93498;107045;147872;19082;159894;103861;74004;119109;56400;24686;22008;176062;19083;153824;21496;37934;87178;157234;141318;131263;52707;156324;62706;93211;148519;22018;83281;96513;167244;129546;170569;84484;25592;172010;179872;157323;39426;32148;19084;84995;152207;121447;123539;85522;19354;31832;22888;66966;187185;29340;87832;129547;161387;101381;19085;156031;103481;162512;90742;53266;19086;50500;120973;166967;19087;153814;36617;24007;22925;52956;100706;146607;171121;130632;140938;106700;174308;144148;58839;59169;45009;40661;139590;134723;31438;108431;69507;19088;135194;66999;144133;87703;63434;169938;25718;108477;72850;88113;46791;152570;106427;130992;36281;19355;40958;133433;58920;19089;166497;96994;91304;57926;64886;162124;177312;174319;111478;118705;181522;61766;138071;91375;104612;87704;159651;189707;85993;85862;83095;48401;21498;103461;165089;93582;21497;92574;19093;19091;134257;78071;144188;118942;21499;86859;19092;178111;168187;22889;128403;87748;65849;170399;157238;174294;133972;153813;21500;84555;126487;124129;26092;144122;48360;70263;103620;122571;19095;25786;19090;101332;72313;19094;108681;151005;93989;132066;86179;126414;105026;119794;82579;147848;170554;87662;21501;103797;139642;59207;19097;105451;23850;59086;32069;99556;180430;139715;162898;110699;35564;53347;118497;156565;21502;160684;22503;143510;86554;163054;58521;103999;111407;41007;36768;65068;36259;71961;108508;83282;168620;58021;41047;39579;82891;19098;93755;21503;47699;35058;159584;179065;117723;119701;21504;85994;58671;88532;87513;174641;170397;57051;87749;185429;189903;19099;87705;140629;93552;186708;35342;57144;95513;163892;19100;33471;44429;56169;83964;125913;139395;87750;146845;178620;35696;140313;91477;19101;87751;148930;84044;40508;111090;77884;100737;111657;36731;182980;80538;19102;144841;141322;51929;154316;19104;39427;19103;122572;36239;172104;117652;56763;65850;134337;31109;109229;86214;148505;60102;19105;52468;39784;104491;87298;105259;21505;35343;55915;64667;90877;175962;140473;43127;180583;135604;172393;84528;104732;182842;53470;73553;41948;19106;86589;110954;91840;176739;38806;27814;52698;37254;55396;19107;19108;106181;21506;117511;91491;59381;76987;21591;149267;95694;108859;19109;148534;96061;72114;86839;103718;81684;111408;96118;25051;35354;133589;73442;45338;138371;26039;102280;22342;39428;174316;153822;111091;70517;86267;88503;156403;96371;79197;122685;37377;86180;62023;59853;94127;127551;50404;96119;165719;92345;166400;180379;124789;24886;39867;48278;21507;85995;103346;87299;37595;134467;78114;21508;107283;164048;19110;63366;33906;74240;80238;130495;25102;35458;96120;151624;90051;83514;170959;85034;103954;152203;19112;84182;39802;19111;89768;82892;129771;89808;137439;86519;171006;36240;148147;37811;33938;69066;19113;50074;33188;36521;102940;80352;36941;21509;107127;111722;23666;152126;128887;133434;35940;106701;117893;36459;94346;57411;106858;102724;136853;19114;19115;61589;51507;33857;171899;174766;99325;128654;138199;21510;53217;108315;83441;96995;141149;84224;150311;178441;111180;21511;110304;66508;96121;72194;19116;119273;101827;36968;150230;118961;161988;60115;110504;21512;19117;133435;136070;42298;84973;90780;33242;58757;85338;87270;64652;154659;76177;46260;51670;146857;45574;19096;153812;93781;22140;173327;154198;84653;180344;102508;61678;65003;26940;122043;180382;43879;91526;117304;26093;50320;81619;128043;90237;79734;111479;128439;35941;84782;151002;146605;92929;77885;37124;44922;68990;131795;92505;137127;36428;182077;80453;31376;156199;38031;133436;37213;19118;95586;63435;71935;94494;92575;44390;19119;92652;127951;148931;93990;90238;165517;36637;118075;83082;84601;91841;144446;52986;84713;160274;37430;19123;77679;35641;19122;152071;80924;152206;23667;19120;157235;136443;19124;19121;70264;152150;19125;19126;71072;136386;19356;90239;151010;103666;140314;139112;110700;108781;65542;180383;146285;176831;51965;101828;25787;19127;38151;31377;84326;128493;19128;55991;60135;36683;100829;66738;56773;74019;61679;34391;136689;51930;137793;60089;152125;65851;84714;105503;92395;19129;37015;137168;104348;99557;86590;29811;61505;24770;142625;52575;180371;36912;144167;35714;36194;83943;178622;153983;19130;179870;96222;56187;82482;78663;93943;84383;81685;141191;137889;83942;112187;148517;83752;144823;151003;123644;178012;110916;119636;187646;150002;162969;122658;94904;72155;21513;71166;56496;35037;139218;110970;136444;37427;76269;156323;184185;152857;90052;174322;23851;183320;19131;62979;77241;25052;174793;25807;27588;132943;54624;21790;84783;152748;56497;21514;19132;86305;152204;22455;21515;180582;79320;169416;64646;121087;85996;78104;121406;77753;144179;57489;134258;165603;46792;82753;84715;99558;156474;19133;133630;85997;35344;19135;151377;96821;21516;19134;84327;165687;159580;125937;136303;135000;91934;96473;19136;108625;106995;91700;80559;35295;175126;87165;127952;84282;51194;136387;40496;103862;63589;164135;182913;38113;91527;21517;119274;87543;166355;64887;144962;34416;166157;139886;92346;85863;55682;123144;89854;106599;132351;37677;104228;49109;84529;85894;58022;56498;104198;174298;170988;176906;103482;109289;37923;178002;83283;65560;19137;34019;135110;119058;19139;62168;22912;56816;177844;21518;19140;157935;80577;121407;127953;25967;128589;25943;72128;71239;83389;21519;99497;168896;39408;25427;153820;103442;66875;91028;19138;58023;138129;56499;103483;106996;169274;85730;73153;100340;19141;123645;103827;36298;39376;87388;34189;34770;36377;65852;61566;87228;85234;65937;79301;142883;89063;104733;117442;128137;27601;143172;167325;81534;61402;64923;87544;80454;59104;183983;173716;108704;170256;95309;111224;133245;19142;22118;55847;101784;171898;71452;92833;99193;108353;88821;54825;57612;125441;49770;21520;19143;127827;51824;43847;180053;105339;31378;19144;122140;94347;31032;25306;86591;59382;61388;85319;81010;118706;19357;174309;148525;105363;82893;173371;121219;180542;38728;62422;126806;90338;104266;77189;37850;92963;97811;163891;21521;87935;68899;99647;95587;25915;55397;64859;87791;62887;36878;186645;88504;123054;45348;154926;121274;90608;118707;49731;21522;47131;40396;158521;62612;158073;90291;70485;168042;102988;25749;183489;40760;106859;51420;163330;64875;19145;104000;48333;139113;174317;83442;102691;21523;93023;87615;70241;37706;27552;69293;117724;150218;90555;59283;135732;127552;106238;93145;22105;54952;143467;33375;95514;186894;172083;52563;84530;159073;21524;22241;164153;135111;111480;36265;91935;80898;187853;22520;96620;133380;156022;21525;106216;139716;139114;86999;146616;45040;71088;110934;19146;86840;122413;67250;91066;148865;110431;180340;64693;156764;135733;57355;66777;91936;107112;56528;38678;82894;56204;165775;89897;128440;109750;54826;99259;92742;149013;86841;95909;164623;96164;22490;51446;19148;49687;132429;96514;151007;50075;50337;106738;37040;57740;87000;19147;70265;56500;57704;122686;97690;81154;21526;92834;24799;95515;91937;174305;30030;134190;96743;56082;182415;31156;21527;96372;171247;77754;22350;69219;70932;62457;164511;66264;36790;84011;54625;87229;19150;140738;91939;19149;76364;103828;95588;111658;91938;124790;128138;105260;19358;93640;86434;111020;184461;106600;96122;140630;56523;127553;43177;88585;84328;73974;48334;133537;93944;87752;57463;180369;152491;103843;35910;21528;91940;157332;101829;19151;112073;136304;31304;88153;88731;36433;174391;174293;22491;129427;56478;21529;23852;22006;122086;104985;119021;182475;89898;111409;152571;19152;22343;126668;86389;64422;43038;57553;158990;181924;80455;85925;65853;95589;139349;35771;96223;43095;91949;103484;59551;21530;23853;121336;108739;73050;58202;144582;39320;82631;176524;57911;84255;19153;42060;37275;62571;67251;86592;32070;62208;21679;102941;100498;118248;119110;102725;35428;62807;187920;85429;19155;19154;175762;131173;76630;148140;85776;45448;19157;85833;19156;33493;119637;101188;171245;50980;129548;132352;36450;22141;23761;128404;103844;127954;131296;57741;56988;22504;184462;47155;56588;139935;65624;40979;34089;90556;127554;61744;79079;85485;21531;37043;19158;19159;19160;157240;170919;140679;56900;25103;139557;147857;111142;21532;137169;104761;23953;92713;19163;87514;19162;62539;148928;19161;84716;111318;72156;36232;140680;66341;117443;36224;137692;177271;73975;85486;122291;61375;93024;153893;172115;133973;56674;131149;86860;147152;38763;19164;76103;86268;162699;31184;87001;19165;29952;47601;164196;88745;25982;85523;110466;97251;63050;25018;34840;35911;21534;50815;139643;21533;90521;84717;28351;164520;19359;159692;165307;126082;90781;151407;19168;37101;51966;19166;186521;137693;34771;24826;178621;19167;108626;91912;21535;87616;85370;145488;164673;19170;29953;111410;19169;104367;97691;148704;67194;174288;185354;59700;151001;179405;161840;141790;59583;94084;111659;82483;21536;32071;174334;85957;32350;94459;97457;154356;152668;165735;69096;36385;51508;174664;21537;117305;93073;84329;153825;100861;100365;63144;64860;63160;106612;127555;80039;140739;131109;32388;57742;39496;135500;167285;26978;25207;34508;139717;33420;127556;21538;153181;58138;32128;104508;19172;94905;59184;72808;19171;127557;148514;89049;45615;22456;21539;82064;19174;85562;89710;35990;50338;119512;97692;150308;124287;97812;22041;19175;29866;19176;174323;64653;21540;19177;164942;81559;104564;87515;90292;149360;63379;138200;138583;81901;172086;92964;177103;21541;19178;96062;54983;44661;33907;91583;19173;86181;89711;153872;19180;19179;23954;69546;49167;138372;148527;27641;78730;183386;86593;119880;26213;102051;21756;90699;19181;166005;95394;76780;183404;149464;132880;70777;119317;117444;136942;72157;80925;51857;31327;35286;103109;62553;93991;165455;57705;106960;140238;104509;29690;89728;19183;179202;87002;100314;119795;77837;85246;21542;152070;118478;124210;88154;19182;145469;34310;37892;175824;31833;97035;156053;21543;32470;148702;34382;139740;36897;36697;77235;86842;144625;38706;83799;108316;85731;73154;19184;59749;38764;157413;34247;150408;22492;36760;25788;130496;46338;149493;43128;22213;64668;46767;129840;150105;160481;130441;96123;77401;69499;19185;187044;171583;19186;55518;66876;176529;138130;59828;177596;177083;36392;37141;79958;58024;159507;123540;21544;30088;57883;111181;117445;19187;52987;137738;111092;112074;189357;57743;22521;182477;184385;32072;83390;23854;121220;85320;89729;31693;44602;157867;38133;76487;127558;88505;59750;91913;29732;152072;139832;131297;21545;144146;28167;28196;92347;83944;51387;37817;112198;14280;131264;104970;29691;104971;99994;125750;14340;125632;119307;102917;22304;12613;126647;168499;128415;12617;17984;128078;12014;15419;126754;12614;182587;26193;21247;45528;35088;38718;76786;31682;182586;76788;21644;20804;138853;11711;58205;57793;73322;129549;148840;88150;34724;11998;34488;34348;14442;14441;14444;14447;14451;14452;14449;14448;14453;14455;14446;14450;14459;14457;14458;14454;14456;14445;14460;14463;14461;14470;14466;14465;14468;14475;14469;14467;14478;14464;14480;14473;14471;14472;14477;14462;14479;14476;14474;14484;14483;14482;14485;14490;14487;14489;14494;14488;14486;14492;14443;14493;14496;14495;14498;14500;14499;14502;14506;14497;14507;14491;14505;14511;14501;14514;14504;14510;14516;14508;14520;14509;14513;14522;14512;14519;14526;14518;14524;14523;14503;14517;14528;14515;14530;14525;14536;14529;14531;14533;14538;14534;14535;14532;14542;14540;14539;14543;14521;14545;14547;14541;14537;14551;14550;14554;14548;14555;14544;14553;14549;14556;14552;14559;14561;14560;14566;14558;14562;14567;14527;14563;14564;14481;14565;14557;14570;14569;14577;14546;14575;14574;14580;14571;14576;14573;14572;14583;14579;14652;14582;14648;14653;14650;14661;14578;14651;14675;14649;14666;14725;14581;14705;14694;14766;14710;14774;14677;14745;14779;14669;14662;14790;14791;14767;14746;14747;14799;14797;15406;14809;15407;14780;15429;14811;15418;15444;15447;15431;15424;14821;15446;15448;15512;15445;15526;15473;14798;15545;15476;15513;15527;15560;15511;15538;15567;15559;15582;15568;15579;15587;15581;15539;15590;15580;15610;15606;15472;15634;15558;15612;15608;15619;15644;15691;15645;14781;15692;15649;15723;15693;15648;15724;15694;15695;15647;15646;15768;15725;15776;15754;15833;15696;15777;15826;15792;15903;15827;15846;15843;15837;15906;15818;15913;15736;15933;15922;15969;15840;16002;15971;15921;15989;16004;16001;15997;15993;16011;15955;16010;16006;16003;16067;16034;16393;16005;16075;16392;16021;16395;16394;16068;16397;16399;16398;16396;16403;16402;15607;16405;14568;16400;16401;16407;15954;16410;16066;16413;16406;16411;16416;16414;16408;16412;16417;16418;16422;16419;16409;16421;16415;16420;16427;16424;16423;16433;16429;16425;16428;16435;16436;16432;16430;16431;16437;16438;16439;16441;16440;16443;16442;16446;16434;16450;16445;16447;16451;16448;16449;16459;16453;16452;17127;16426;17138;16460;17128;17233;16471;16472;16458;17235;17236;17144;17234;17206;17250;17153;17261;17274;17164;17275;17262;17249;17248;16444;17276;17263;17145;17317;17287;17344;17284;17288;17319;17251;17330;17318;17582;17353;17580;17579;17345;17576;17615;17588;17581;17666;17632;17620;17665;17643;17642;17977;17667;18001;18013;17619;17992;17993;17675;17978;18045;18031;18060;17676;18088;18081;18044;18061;18116;18090;18089;18127;18125;18121;18146;18102;17616;18169;18144;18126;18231;18168;18145;18232;18229;18230;18233;18228;18272;18252;18271;18270;18269;18234;18159;18043;18379;17283;18384;18338;18382;18381;18448;18383;18426;18425;18465;18445;18481;18406;18466;18427;18467;18544;18170;18468;18530;18529;18547;18538;18590;18520;18464;18548;18549;18607;18564;18605;18606;18666;18531;18647;18634;19199;18633;18669;18668;18656;19210;19200;18686;19222;19231;19212;19281;18545;19325;19282;19327;19326;19329;19328;19361;19323;19324;19388;19364;19439;19389;19441;19330;19360;19484;19472;19442;19537;19485;19533;19572;19534;19576;19535;19574;19575;19670;19573;19671;19366;19538;19536;19686;19578;19741;19669;19577;19810;19440;19211;19816;19742;19812;19813;19818;19815;19814;19811;19974;19819;19822;19820;19976;19977;19821;20031;19849;20030;20032;20035;20036;20081;19817;20103;19979;20080;20034;20116;19975;20102;20118;19978;20142;20079;21275;20153;20156;20140;20157;20197;20195;20233;20235;20154;20196;20234;20033;20117;20261;20198;20262;20155;20266;20236;20267;20264;20314;20281;20280;20315;20330;20313;20327;20352;20265;20312;20329;20353;19687;20328;16404;20244;20355;18380;20356;20357;20115;20358;20371;20263;20417;20413;20412;20419;20415;20798;20416;20414;20731;20822;20411;20864;20828;20814;20823;20896;20829;20874;20894;20938;20895;20935;20934;20999;20418;20962;20873;20815;20979;21001;20953;21045;21022;20980;21046;21021;20921;21094;21047;21095;21044;21085;21125;21097;21096;21124;21048;21126;21129;21148;21127;21195;21084;21166;21128;21160;21254;21194;21196;21198;21277;21199;21197;21256;21298;21279;21299;21278;21317;21231;21255;21000;21147;21316;21297;21347;21276;21349;21348;21354;21350;21578;21352;21351;21614;21315;21353;21663;21355;21319;21671;21665;21579;21667;21666;21615;21704;21702;21681;21709;21664;21703;21707;21712;21705;21708;21706;21743;21742;21734;21732;21711;21680;21758;21750;21908;21710;21775;21774;21791;22009;22106;22010;22119;22080;22011;22083;22144;22108;22107;22142;22146;22143;22120;22165;21773;22168;22012;22200;22148;22171;22147;22215;22166;22199;22216;22167;22283;22217;22218;22285;22169;22284;22287;22286;21318;22242;22214;22145;22324;22289;22351;22323;22290;22326;21759;22429;22327;22355;22354;22352;22459;22470;22458;22460;22356;22353;22325;22505;22464;22457;22891;22469;22506;22522;22892;22890;22894;22930;22920;22893;22929;22914;23668;23626;22928;22939;22913;22915;23671;22471;23673;23669;23670;23709;23675;23725;23674;23707;23708;23729;23706;23727;23726;23705;23728;23730;23745;23710;23762;23746;23859;23795;23856;23858;23796;23865;23855;23861;23863;23857;23873;23864;23862;23747;23874;23956;23866;23860;23990;23672;24203;23958;24206;23992;23957;24008;23867;24210;24204;23991;24208;24251;24209;24250;24254;24255;24205;24249;24258;24252;24256;24308;24312;24310;24313;24257;24362;24207;24350;24309;24253;24368;24721;24369;24351;24311;24352;24771;24750;24353;24732;24749;24773;24751;24828;24731;24800;24722;24830;24801;24841;24777;24839;24802;24867;24866;24840;24888;24772;24887;24829;24929;24933;24932;24869;24931;24930;24889;24935;24934;25054;25019;24938;25053;24937;25056;25058;25057;24367;23955;25020;22288;24936;24868;25055;25105;25104;25106;25111;25109;25108;25131;25155;25107;25132;25060;25110;25133;25186;25160;25209;25188;25236;25187;25154;25288;25235;25184;25262;25263;25208;25382;25341;25474;25360;25361;25384;25452;25453;25438;25594;25340;25185;25660;25561;25383;25680;25562;25789;25661;25790;25593;25793;25641;25866;25791;25809;25719;25868;25810;25869;25792;25871;25665;25888;25808;25873;25919;25917;25870;25916;26042;25872;25920;25918;25867;25921;26041;25944;26040;26096;25534;26101;26094;26098;26099;26103;26100;26097;26216;26941;26095;26214;26102;26215;26104;26944;26117;26980;26945;26947;27048;26942;27046;27045;26946;27068;26979;27553;27051;27047;27517;27050;27556;27516;27049;27557;27579;27555;27580;26943;27593;27559;27518;27815;27558;27611;27826;27613;27823;27816;27827;27824;27592;27612;27847;27846;28198;28197;28261;28217;28220;28219;28263;28199;28260;27825;28319;28264;28266;28321;28320;28265;28267;28318;28218;27554;26043;29231;28262;29293;28323;29232;27848;29292;29296;29295;29716;29290;29291;29297;29734;29813;29812;29815;29814;29817;29717;29733;29816;29819;29821;29905;29294;29907;29822;29910;29909;29820;29908;30032;30116;30118;30033;29906;30031;30119;30117;30120;30089;29818;30135;30137;30139;30243;30242;30138;31083;31085;31084;31110;31158;30244;31294;31328;31033;31295;31330;31381;31034;31380;31384;31379;31383;31385;31382;31157;30136;31439;31441;31440;31443;31445;31446;31329;31444;31386;30128;31593;31611;31612;31594;31442;31634;31636;31613;31614;31387;31834;31752;31753;31672;31635;31955;31836;31837;31959;31835;31960;31958;31838;32010;31671;31961;32015;31962;32011;32017;32009;32046;32013;32074;32016;32012;31956;32014;31957;32111;32153;32151;32209;32150;32300;32073;32045;32302;32149;32303;32352;32208;32353;32210;32152;32418;32304;32351;32450;32415;33085;32490;33118;33084;33203;32417;33189;32301;32491;33421;33243;33246;33245;33244;32416;33460;33422;33265;33202;20354;32075;33472;28322;25059;33556;31447;33474;33473;33494;33781;33558;33557;33833;33779;33831;33782;33835;33509;33834;33832;33780;33855;33836;33858;33853;34104;34090;33891;34092;34091;34248;34105;34093;34258;33861;34114;34273;34251;34250;34297;34298;34365;34299;34259;34272;34689;34115;33854;34678;35019;35020;34735;34734;35018;34733;35084;34787;35024;35023;35101;35059;35022;35086;35107;35100;35085;35244;35188;35021;35108;35270;35257;35271;35268;35345;35346;35347;35189;35348;35350;35349;35269;35367;34383;35356;35380;35379;35102;35614;35444;35731;35673;35406;35732;35432;35443;35675;35796;35792;35795;35793;35794;35809;35791;35797;35800;35799;35815;35811;35810;35674;35813;35816;35904;35814;35819;35812;35912;35817;35903;35798;35818;35917;35916;35905;36001;35942;35954;35943;36027;35985;35969;36013;35964;36055;36048;36002;36003;36086;36092;36085;36096;36095;36094;36140;36078;36176;36157;36137;36195;36139;38883;36196;36138;38161;36197;38677;36093;38885;35929;38884;38887;36198;38944;36158;35355;38920;38909;39565;39570;39580;39571;39561;39775;39596;39614;39776;39777;39778;39780;39779;39782;39869;39595;39848;39870;39781;39868;40463;40520;40631;40630;40519;40879;40633;40635;40880;40913;40462;40634;40632;40911;40915;40914;40918;40912;40962;40917;40919;40963;40960;39797;40961;40964;42239;41023;42197;41637;40959;42914;42913;42915;42834;42968;44890;42415;41022;44893;43378;44892;44894;42214;46768;44896;44898;44971;44895;42916;44891;40916;46769;46772;46770;46778;46773;46775;46776;46793;46774;46777;44897;46807;47016;46804;46805;46808;46794;46809;46806;46779;49125;49126;49115;49124;49771;49732;49637;49127;51416;49636;51533;51349;51532;51535;51537;51536;51657;51534;56426;56425;49098;56459;50605;56446;56460;56458;56502;51658;56524;56504;56592;56501;56595;56589;56503;56591;56593;56590;56549;56594;56626;56658;56625;56686;56660;56659;56903;56901;56808;56724;56906;56807;56905;56907;56908;56904;56902;56635;57456;57446;57631;56445;46771;57648;57651;57649;57433;38886;57654;57652;57650;57721;57656;57655;57723;57722;58100;58081;57745;58025;57653;58139;58102;58175;58101;58213;57744;58211;58217;58212;58099;58215;58222;58216;58379;58214;58219;58380;58221;58218;58174;58220;59610;58381;58378;59611;59617;59612;59618;59613;59616;59619;59615;59625;59621;59624;59623;59620;59622;59630;59627;59614;59631;59629;59632;59626;59647;59645;59634;59648;59668;59633;59651;59671;59646;59669;59675;59667;59650;59670;59649;59628;59674;58382;59677;59672;59673;59680;59703;59701;59705;59679;59704;59678;59707;59706;59896;59702;59709;59894;59893;59897;59898;59900;59899;61542;59708;59902;61544;62235;59895;61540;61543;61541;62237;61783;62288;62286;61545;62289;62299;62287;62300;62301;62342;62302;62360;59901;62344;62345;62380;62359;62363;62362;62631;62236;62633;62364;62361;62652;62379;62650;62651;62634;62383;62632;63437;62867;63439;63438;63440;65862;63402;69438;63441;69464;69454;69500;67252;69508;69861;69539;69850;69889;69547;69538;69453;69899;62343;70085;63436;69901;69900;70112;59676;70110;70084;70109;70130;70129;70160;70307;70182;70131;70308;70184;70111;70161;70183;70310;70380;70324;70311;70382;70487;70486;70674;70648;70650;70649;70673;70309;70676;70675;70651;70381;70752;70779;70778;70753;70647;70867;70836;70869;70868;71090;70835;70995;70997;70996;70959;71089;71123;71119;71073;71169;71124;71167;71170;71120;71240;71258;71487;71122;71453;71168;71286;71454;71486;71507;71762;71628;71488;71259;71810;70677;71809;71811;71121;71812;71907;71906;72017;72051;72016;72033;72052;72071;72054;72072;72073;72077;72074;72080;72079;72053;72129;72138;72075;72130;74283;72159;72207;72254;72078;72032;72255;72208;72314;72384;72139;72256;72383;72158;72076;72409;72411;72410;72418;72414;72453;72413;72361;72613;72634;72452;72635;72633;72639;72549;72636;72638;72718;72756;72894;72637;72755;73390;72996;72851;73219;72997;73394;73393;73392;73127;73406;69898;73220;73391;72640;73859;71801;73861;57630;73849;73860;73858;74052;73958;72385;74055;74028;74058;74053;74054;74059;74098;74057;74056;74061;74051;74067;74060;74099;74064;74063;74171;74260;74066;74258;74320;74065;74319;74259;76062;74445;74372;82003;76061;76066;74234;74062;76064;76154;74371;76084;82004;76178;76225;76065;76180;76226;76227;76224;76270;76273;76272;76271;76179;76304;76397;76434;76303;76288;76305;76544;76331;76330;76996;76864;77112;77110;77212;77213;77452;76287;76063;77234;77190;77455;77454;76545;77457;77456;77459;77461;77460;77458;77471;77467;77470;77774;77773;77775;77512;78060;77462;78880;78059;78384;77548;79266;79415;79080;78881;78879;79404;79418;79609;77886;79813;79417;79844;79814;79960;79811;79416;79812;79962;79963;79961;79967;79966;79970;79968;79971;77776;79964;79976;79965;79972;79974;79978;79975;79969;79981;79979;80109;80209;79982;79973;79980;80210;80040;80240;80242;80262;80245;80244;80263;79977;80241;80243;79959;80267;77453;80239;80265;80266;80273;80271;80270;80268;81228;81224;80328;81229;81226;81230;81227;80269;81231;81225;81370;81368;80272;81535;81396;81687;81369;81686;82006;81688;81690;82009;82010;81689;82008;81536;82007;82314;82732;82734;82011;82733;81232;82005;84071;82632;83443;83912;83911;84332;84531;84072;84330;84331;84605;84604;84607;84315;84718;86082;84602;86081;86085;84654;84556;84603;84719;86087;86086;86084;84935;84863;84974;86088;86089;86133;86132;84606;86136;86135;91735;85431;86134;85430;86687;86689;82735;86137;86690;86701;86692;86693;86083;86691;87485;87484;87516;87545;87706;87709;86688;87708;86908;87546;87712;87707;87711;87713;87985;88586;88393;88587;88392;88391;103586;89712;89810;89899;89811;89809;87710;88822;89903;89905;89901;89713;90053;90340;89904;89902;89907;89906;90339;91176;90744;91377;90849;90743;91378;91379;91376;90380;91479;91701;91704;91638;103587;91703;91481;91480;91702;91842;91863;91847;91846;91845;91478;91844;91864;91862;80264;91843;92042;91982;89900;86435;92349;92348;92478;92351;92484;92479;92350;92852;92480;93698;92483;92481;92482;92653;93697;92485;92486;93903;93946;93945;94421;93994;94461;94420;94422;93993;94889;93992;94891;94595;95018;94594;94892;94460;93902;94936;95020;94085;94893;95266;95268;95021;95271;95421;95270;95267;95516;94890;95521;95269;95519;95518;95523;95522;95420;95520;95524;95526;95547;95517;95528;95548;95636;95603;95602;95605;95525;95642;95637;95604;95697;95638;95735;95641;95696;95699;95019;95698;95695;95640;95527;95639;95737;95738;95740;95742;96125;95739;95816;95817;95741;96124;96226;95743;96128;95815;96224;96231;96225;96230;96127;96233;96229;96235;96227;96239;96228;96242;96234;96241;96237;96126;96236;96238;96244;96240;96276;96245;96398;96399;96373;96414;96418;96416;96415;96413;96417;96243;96425;96422;96420;96421;96424;96475;96232;96423;96474;96426;96542;96515;96516;96641;96575;96643;96544;96640;96644;96576;96642;96686;96685;96543;96688;96541;96684;96690;96687;96689;96710;96691;96745;96744;96853;96747;96855;96749;96854;96746;96683;96787;96852;96858;96748;96786;95736;96860;96419;96859;96996;96915;96861;96916;97110;96857;96914;97184;97112;97254;97183;97111;97092;97252;97253;97256;97258;97257;97260;97263;97262;97261;97259;97267;97271;97266;97265;97268;97273;97270;97272;97264;97255;97269;97344;97814;97815;97813;99013;99012;99276;99274;100015;100017;100016;99699;99014;99011;100083;100018;99275;100084;100082;100262;100629;100263;100445;100523;100628;100446;100444;100648;100649;100651;100653;100443;100652;100650;100630;100655;97343;100657;100085;100647;100675;101016;100944;100943;101017;101021;100946;101018;100656;101073;101019;100945;100942;101020;101334;101248;101074;101333;101338;101337;101336;101339;101342;101341;102532;101344;101335;101924;101345;102617;102531;101340;101075;102618;101343;102942;102798;102620;103273;102619;103271;103277;102799;103278;103275;103274;103270;103279;103443;103280;103276;103444;103445;103449;103272;103447;103464;103448;103462;103446;103450;103463;103281;103486;103721;103724;103720;103723;103725;103485;103719;103727;103282;102616;103845;103726;100654;103722;91983;73407;103847;33461;96856;103912;103848;104065;104064;103850;103910;103911;104068;104069;103913;103849;104230;104067;103851;104070;104492;104232;104231;104511;104233;104515;104066;104518;104520;104512;104514;104516;104229;104697;104519;104696;104695;104517;105261;105628;104513;104694;105264;105630;105627;105631;105263;105635;105632;105666;105634;104510;106039;105262;106117;105633;105757;106116;105755;106739;106087;106038;106429;106887;106883;106428;105756;106884;107200;106886;107284;108432;107178;107201;108317;108526;108435;108433;108822;108820;108927;108627;108434;108821;106885;108525;108926;108924;108925;105629;108929;108931;108628;109056;108930;109230;109098;109231;109007;109097;109290;109233;109234;109806;109099;109534;109235;109974;109627;109975;109232;109535;109976;110174;109533;110256;110212;110175;110255;110616;110677;110523;110525;110522;110614;110524;109930;111225;112075;110676;112077;117894;110176;112076;110615;111412;112078;117968;111411;118506;118505;118845;118508;118510;118846;117969;124212;118507;117967;124211;118848;119130;124214;124213;119131;119161;119133;119132;124215;119165;118509;119160;119163;119275;119320;119318;119162;119164;119134;119319;111143;108928;119276;118847;119323;119702;119704;119322;119703;119945;119944;122730;119483;119852;122729;122732;122734;122733;122736;122735;122834;122833;122831;122731;122836;122990;123424;122937;123423;123426;123427;123428;123429;122832;123425;123576;123577;123582;123581;123579;123578;123696;123580;123984;123983;123575;124070;123985;122835;124072;124131;124130;124071;124226;124228;124227;124132;127559;125751;127561;127562;127560;124288;124289;124225;127956;127955;127958;127959;127957;127961;127963;127962;127966;127965;127967;127960;127970;127969;127972;127971;127974;127964;127563;123842;128442;127968;128591;128444;128590;128441;128443;128595;128592;130634;130329;128597;128596;128594;128593;130636;130635;130633;134471;131268;131267;134469;134475;134468;134470;134473;134587;134474;134589;131266;134592;134586;134472;131265;134596;134591;134594;134593;134601;134598;134597;134595;134603;134602;134588;134606;134604;134599;134600;134608;134607;134605;134725;134641;134640;134643;134642;134610;134729;134726;134776;134727;134731;134730;134732;134724;134728;134609;134925;134924;134927;134590;134775;127973;134929;119321;134969;134964;134930;134966;134928;135020;134967;134965;135018;135021;135019;135017;135112;135116;135113;135427;134968;135114;135216;135195;136214;135426;135947;135948;136538;136213;135949;136541;136216;136540;136639;136539;136637;136636;135946;136638;136542;136643;137383;135115;136641;136215;136642;137440;137442;137441;137288;137444;137446;137451;137449;137448;137447;137443;137445;137450;137452;137453;137456;137457;137454;138927;137458;138925;137460;138924;137459;138926;138930;138929;138932;138933;138931;138934;138935;138936;138938;138940;138928;137455;138941;138943;138937;138942;136640;138944;138945;138951;138946;138949;138948;138947;138958;138955;138954;138952;138950;138956;138960;138957;138964;138962;138961;138967;138953;138971;138965;138966;138963;139115;138970;138973;138972;138969;138968;138959;139119;139116;138974;139269;139120;139122;139121;139274;139271;139270;139123;139437;139117;139441;139438;139439;139718;139273;161692;139272;139834;139833;139890;139888;139889;139936;139892;140067;139937;140070;139891;140069;140071;140072;139887;140068;139440;140474;140316;140562;139118;138939;140560;140315;141063;140563;140567;140561;140566;141067;140564;141064;140565;141068;141066;141701;141735;141531;141732;141837;141505;142325;142010;141669;142844;142239;142834;142241;142272;141065;142843;142854;142848;142833;142850;142923;142846;143524;142932;143491;142930;142939;143495;142826;143493;142250;143503;142933;143531;144597;144603;144593;144592;144591;144590;144600;144601;144602;144588;144598;143528;150006;144589;144607;144833;144821;144820;144817;144864;144865;144923;144832;144922;145256;145282;144610;145327;145341;145296;145378;145333;144867;144614;143494;145369;145321;145432;145425;145430;145428;145424;145433;145489;145436;145429;145426;145526;145380;145758;145561;145477;145564;145524;145711;145566;149221;148268;149217;145473;148267;149222;148271;149216;149223;149215;149226;150007;149277;149233;150001;150000;149220;150016;150011;149228;148273;150025;150013;156966;150020;150021;150004;156978;157035;150009;156979;156990;150023;157007;156999;156991;156996;156994;156993;157036;157011;157000;157010;157038;156987;157020;157012;157032;157026;157028;156977;157042;157009;156968;157018;140559;157003;157043;157005;134926;157041;157037;156970;150022;145303;157021;156984;157015;156974;157029;157030;156998;157014;156997;157006;156971;157002;156967;156975;157033;157024;157008;157017;157004;156973;157019;156972;156976;157022;156988;157016;156969;157001;156980;156986;156982;157034;157027;156985;157039;157031;156981;157023;156992;156989;157025;154716;157040;157266;157140;154715;163841;158198;159007;163840;163843;163844;163698;157013;157241;163984;163978;163985;164149;163987;163986;163983;163977;163982;164047;164045;164145;164118;164114;164111;164116;164052;164046;156983;164115;163842;164119;164113;164112;164434;164109;164110;164318;164319;164594;164117;164320;164536;164535;164802;164803;164805;165443;165439;165445;164804;165438;164534;165447;165446;165441;165444;165440;165542;164806;165536;165537;165539;165541;165540;165535;165627;165543;166163;165630;166160;165442;166162;166166;165544;166716;166159;166723;166168;166161;166164;165538;166728;166722;166909;166729;166718;166719;166727;166724;166720;166731;166730;166717;166721;166726;166714;166711;166737;166712;166710;166715;166746;166740;166745;166742;166743;167257;166741;166788;166768;166739;166744;166725;166165;168040;164108;168043;168048;166713;168041;168046;168045;168907;168044;168909;168060;168911;168908;169834;169837;169841;169408;169409;169831;169838;169836;168910;169842;175035;169832;175056;175043;175041;175044;175038;175039;175033;175054;175042;175061;175034;175051;175036;175037;175052;175053;175060;169835;175057;175059;175058;175055;176195;176191;176192;176193;176467;176470;176469;176194;176471;176481;176472;181188;181507;176473;176468;181513;181506;181508;178586;176466;182196;181515;182197;182193;182194;181512;182401;182371;182411;182195;182402;182756;182751;182517;181514;182516;175062;182400;182793;182438;182758;182757;184013;183901;182794;182879;183902;183385;184010;183903;184131;184011;184175;184073;184065;186239;184078;186296;186297;186295;184012;186294;186284;186267;186238;186269;186270;186286;186266;186302;186268;187052;187119;187202;187118;187218;187216;187217;187203;187205;186240;186285;187279;187282;187305;187283;187368;187417;187369;187665;187655;187656;187653;187668;187314;187862;187729;187727;188000;187652;188043;187728;187861;187654;187999;188050;188045;189403;188078;188051;188046;189119;189405;189291;189845;189846;189844;189843;34312;189847;188047;189404;189928;188077;187730;187284;24017;168059;182759;181614;100356;177205;186904;177836;117459;117596;109405;139748;130273;119240;167520;167521;167507;165303;100357;102494;167398;80305;184470;125631;80201;110270;80202;80306;156995;20179;20178;186691;177342;181472;180412;183031;178844;174435;186865;173430;186690;181473;175129;34742;159741;34197;159304;159638;161477;160217;159494;163724;163273;162706;164155;160906;166045;164656;165590;162422;165502;165068;167101;168181;166631;166468;168372;164508;161979;168701;169759;52657;170519;171321;181768;173059;52589;169758;168273;174478;173836;172221;176675;175001;175839;178447;52975;176496;177635;180250;179224;176494;180508;180163;174332;182850;181235;182442;179837;183806;181291;183246;182072;184083;185605;185349;177227;54647;53569;187620;53879;186835;186834;187132;188158;187134;187767;186600;168699;189460;189823;188161;55765;54989;55959;55460;56650;187619;56125;56241;57288;187768;56391;56779;56230;57974;57468;58434;57876;58328;58342;58206;56920;56023;57666;58644;58536;39449;35558;59255;38154;59117;59958;38699;61462;35689;62518;38791;62313;62861;61381;62519;65029;59735;63110;63232;66930;61774;65691;64813;63468;67232;66813;63645;65097;39356;69423;70273;69139;39852;66556;40778;70916;39492;70494;71968;63063;58954;73419;72167;72800;71227;73082;72939;74434;72616;77581;76581;77861;74008;74122;77184;73710;78080;77409;80485;79336;79141;41000;79836;41958;79578;42413;81207;42798;81020;81647;82534;83366;82825;84667;84342;84049;83136;80951;78475;85567;83745;86209;84921;85743;86061;86598;86852;86380;87206;88681;88956;88088;87245;89685;44317;89786;90542;87417;46171;45086;45610;90194;91128;91350;91455;91716;92791;92628;93817;90794;94580;94136;95480;94676;93476;96828;97724;99136;99995;99633;84731;100679;44587;70923;93315;47595;47859;46850;48383;47139;101980;46732;103648;105356;103933;102993;106350;106485;105152;104434;103421;107220;106840;109899;109395;111383;117333;117636;110228;119097;49285;49237;118887;119684;49089;119558;118153;106682;117429;131738;122246;122853;121514;125371;124460;127120;125729;127129;125952;126753;129848;131190;128328;124279;131954;130463;130275;133053;132717;128741;133848;135094;50049;133954;50476;132097;134215;131022;134701;122617;136122;135704;137635;135917;135401;137081;129054;138449;137701;139459;139001;136348;140700;136743;140406;142209;139695;143471;142719;142641;144781;142971;148243;141194;146204;146544;147754;141573;148487;51161;51511;145071;50977;146060;146948;139794;148848;148558;150430;148996;151672;151831;149900;152609;153255;152928;152189;154706;153630;156033;153931;153829;153515;150854;158051;154238;158500;155352;157293;51921;159235;156462;156862;52501;158936;51872;65723;24710;34196;24709;42895;42894;66272;53392;136192;155867;45049;149412;100991;133465;186362;66271;136193;52980;45048;71897;65925;66925;19767;62315;56980;56712;17656;66926;56713;18355;49977;69477;58402;62412;58401;22003;77665;58513;50692;25769;38972;62283;62284;38971;56385;51815;93028;64471;33141;86609;50695;85182;62416;56407;62415;158252;11363;81703;147193;159628;26016;33902;26015;87413;21745;72175;72177;55551;49645;58398;58399;38792;170631;55550;57862;141251;141208;29725;55577;55749;55748;25655;76462;47779;54627;59055;100869;47780;152164;54628;93097;76463;179693;70806;83815;77054;97888;59718;59717;91571;97552;83489;87211;85767;96270;56651;51812;46675;46676;69399;42879;101296;79800;70147;79798;101297;77730;70145;79799;33771;52614;79801;88562;88563;74253;85627;36141;81824;93811;74252;96271;97889;187380;93812;35930;78514;84090;90545;78513;124002;90546;171189;77020;72964;59683;72963;59684;78079;73093;29747;77022;32055;77024;77023;77152;85802;77150;77151;76390;96721;77025;35804;76389;77021;73094;46238;53623;53624;56166;84195;97859;84194;57536;45593;97860;33095;46239;55832;16890;16888;69799;68962;16889;17115;17114;16886;16790;16843;16887;16694;16697;17369;16695;16563;16591;16885;16836;17370;16621;16480;26217;16903;16560;16835;26220;26221;16564;26223;26218;17372;26226;16946;26222;26225;17371;16549;17373;16547;26219;16964;16550;16504;26227;16913;26228;16505;16502;16872;16503;16696;16881;16548;26224;103846;16873;89281;126826;16862;16864;55734;111404;17375;16846;16863;17377;17376;26229;16841;17374;16809;16806;17378;16830;17379;16802;16842;16804;17380;16829;16798;16810;16786;16845;16799;16776;16780;16779;16774;16772;16777;16787;16759;16773;26231;16789;16758;16769;16775;17126;16768;17123;26230;16803;17113;17122;17076;26233;26232;17079;17064;17077;21616;17078;16983;17065;17124;16729;17055;26235;16984;16715;17054;16676;26234;16703;17075;16645;16714;16639;16671;16644;16646;16606;16673;16601;26237;16959;16957;16602;16961;26239;16638;16958;16960;16632;16718;26236;16930;17125;16897;26240;26243;16892;26242;26244;26118;26238;26247;26250;26249;16553;26248;26119;16567;26252;26246;26245;16896;16857;16483;26254;26251;16869;16820;16856;26253;16784;17383;26255;16821;26256;17384;26259;17382;26257;16785;16535;17381;16756;16783;17386;17085;26258;26260;16750;16735;26263;17083;17385;17024;26265;17020;17084;26266;26262;17022;16990;26264;16989;17023;16982;16988;17019;16981;26268;26269;16686;26270;16685;16972;16707;16668;26271;21130;16710;26267;26261;16700;16681;26241;16667;16712;16650;16666;26274;26273;16619;18394;17387;16614;26276;16615;26279;16620;16501;26277;26278;16481;21131;26280;17086;26275;26283;17388;26282;26281;26286;26288;20830;17074;26287;16613;26292;26289;26290;26284;26294;16497;26285;21546;26293;21102;28268;21909;26298;16962;26301;26303;26291;26302;26299;26304;26297;21548;18395;21103;26300;26305;26309;26311;21547;18396;20359;26307;26296;22259;26313;26312;26315;22260;26308;26306;20199;26295;21911;26310;21649;21650;22328;21549;20200;21910;21651;26314;26318;21912;26317;21913;22261;22329;26325;26322;26319;26120;26323;26321;26328;26330;26320;26327;26331;26329;26121;26324;33828;26332;32451;39304;26122;26335;39305;26123;33829;26326;32452;38679;33862;36056;38681;38729;38680;38730;36059;38731;43130;36061;36058;36060;32453;49111;49113;43129;56828;41638;56825;56829;49112;56826;56832;36057;56827;72895;56835;56834;56833;79568;56830;72896;26272;79570;56831;43131;16904;16691;33863;16945;16949;16692;17051;16690;16943;26316;16941;76067;17390;16948;16942;16902;16940;17393;17389;16944;17396;17395;17392;26336;26337;17398;16901;26340;17102;17394;26339;26341;17399;17397;17101;16752;16721;17391;16737;26343;16765;16738;16699;26344;26338;16997;16755;16751;26347;26342;26349;26351;16996;16995;26350;26348;16974;26346;26354;26355;26353;16653;16618;16617;26356;26361;26357;26358;26363;26125;26124;26362;16900;26366;16973;26359;26365;26368;26360;26352;17073;26367;26364;26370;16517;26371;16516;26374;26345;26376;17111;26375;26373;17053;26379;17052;17030;26382;26381;26372;26127;26378;26380;26377;26386;26385;26389;26126;26391;26390;16731;26384;26388;26393;26387;26397;26395;26398;26394;26392;26396;19539;17400;26383;26399;26403;26402;26406;26405;19540;26401;26404;26409;26415;26411;26410;26408;26407;26418;26414;26417;20037;26420;26423;26413;26422;26425;19541;20038;26424;26427;26412;26421;21761;26429;26431;21760;21762;26428;26432;26426;22057;26416;26430;26400;35066;26419;36062;26435;26369;51467;36064;51466;36063;56704;45617;26434;21652;45413;51468;86115;56706;56705;40607;86117;17402;17404;17406;17403;53267;17110;17401;17109;17407;17106;17050;17405;17099;17117;86116;17107;17027;17116;17025;16709;16596;16598;16708;16880;17026;53268;16597;16559;16557;16924;16871;17408;16595;16531;16558;16530;16884;16905;16518;16532;16519;16529;17121;16527;16526;16528;16839;17120;16507;16510;16844;16533;16850;16509;16760;16840;17028;26438;16778;26439;16757;16992;16788;16970;17409;16689;26437;26443;16628;16663;26444;16657;17410;26442;16566;26441;18397;16584;26448;26440;16934;26450;26446;16938;17412;16698;26447;16853;17413;17411;26455;26453;26454;16933;26452;26445;26449;16852;26457;26456;26461;26463;26459;26460;16525;26451;16523;16554;26466;16515;26458;26465;26464;26462;16522;16834;16868;26467;16764;16524;16754;26468;26469;17100;16771;17048;16736;16975;26470;16833;17105;17103;16858;16521;16991;26436;17104;26433;79569;16711;16684;26474;16654;26471;16683;26473;16579;26475;16577;16682;16578;16954;26476;16616;16951;16594;26477;16953;16947;16576;16895;16932;16931;17414;16914;26479;16883;16551;16915;26481;26482;26480;16925;16565;16882;16555;16556;26485;16952;26483;16847;16827;26478;26488;18398;16742;18399;16713;17108;26492;26487;16978;16977;16963;26491;26490;16976;16508;17032;26493;26489;16693;16672;26486;16956;16655;16670;16675;26496;26495;16674;17415;16630;16605;16604;26500;17001;26499;26498;26497;26494;16629;26484;16627;16603;16634;17417;16580;17418;26501;16570;16574;26502;16927;16569;17420;16926;16929;16573;16928;26505;16911;26504;16909;16907;16575;26503;16906;26506;16891;26507;16899;16876;17419;16874;16908;26508;26509;16898;16877;16875;26510;16867;16910;16725;16854;16732;56836;56839;26511;22895;56837;26512;16726;26514;16704;16724;56838;17421;26517;26513;16590;16656;26518;26519;26520;16971;16607;20331;26523;26128;26515;26525;26524;26522;17422;16912;26521;17423;26526;17424;26516;26527;17416;16543;21653;26530;26529;26532;19362;16855;16544;18608;26533;20803;17425;26528;26531;19486;26534;26536;20801;26535;19363;26540;26538;26539;22866;26542;26537;20800;20203;22172;26541;26543;20799;20201;26545;26547;20202;21550;22430;22431;26544;22432;26551;21552;22173;22175;26548;26550;22434;22176;22433;26549;21551;26130;26552;22174;26131;26129;26553;26135;26554;26133;26136;26557;26134;27062;26138;26137;26555;26562;29199;22263;26559;32390;32389;26561;26564;26546;26560;29797;26563;29798;26132;34316;26556;31615;26558;26139;34315;35642;40364;39001;33936;41025;43132;33864;46813;41024;35643;40366;46698;43133;53270;40365;63319;41026;72956;56840;53271;57330;82682;82683;72957;88156;88155;66504;17089;17426;46697;53269;16828;16568;16825;17427;16717;16534;16800;16831;16826;78717;17060;17057;17063;17058;17061;17056;16801;16716;17059;16832;17042;16998;17040;17428;16999;17041;16968;17430;17062;16797;16861;17000;17039;16490;16489;17045;16979;17433;17088;17429;26565;22109;17434;17043;17436;17432;16728;16723;17435;16939;16625;17437;16920;26567;16727;16538;16921;26568;16923;17431;16794;16600;16795;16749;16792;16793;26569;17440;26570;17096;17439;26566;17092;17438;17095;17093;26571;16922;17010;17443;16819;17442;17008;26572;17444;17046;17094;16719;26573;26574;17009;26576;16986;17007;16662;16705;26575;16987;17445;16661;26577;16985;17447;16592;16593;16659;16664;17446;17448;17450;16500;16647;16506;17449;16536;26578;16537;16660;16665;16498;26579;26580;26585;26584;16484;16950;17441;26581;26587;26582;26588;16894;16546;26589;26586;26583;16870;16893;16860;17451;26591;16859;26590;16822;16838;16837;16545;16767;16796;16766;16486;16824;26593;16487;26594;17452;16879;16823;17455;17453;17456;17458;26592;17457;16485;17461;17459;26595;17460;16488;17087;26599;26596;17112;17015;26598;17014;17029;17016;26601;26597;26600;26603;26602;26604;51472;16743;51473;17462;17013;16739;51471;16740;51470;51474;51477;51476;51475;16722;16741;16730;26606;17454;26605;51469;16499;17463;16687;16688;16626;26608;16642;16669;26609;17464;16622;16643;51479;26612;16658;16623;16624;26610;16967;26607;16966;26611;26616;51480;16965;26614;51481;51483;26613;16936;16955;16937;16599;26618;26615;51486;26617;26620;51485;51482;51484;16969;51487;16917;17465;26621;16916;16918;26619;26622;16582;26623;16572;51488;16561;16935;26626;26628;16581;26624;16539;26625;16562;16571;26631;16552;16542;16520;26627;17468;26632;17466;17467;17470;16491;51490;26633;26634;26630;16866;51491;51489;17471;51492;26629;17472;51495;17469;51493;16851;16919;26637;26636;21654;16848;17473;51496;16849;17476;26635;26638;17475;17474;51497;16815;17477;16808;16818;16807;16811;16805;16812;26639;51499;17480;16817;17478;26640;51498;17481;17483;17482;17479;16781;16816;17484;26642;16770;16761;17485;26644;16791;26643;26647;16762;26648;17486;26646;26650;26649;16746;17487;26652;16782;17490;26653;26645;17489;17090;17488;26654;17492;26655;17491;26657;26659;26660;17034;17033;26658;17037;17035;17038;26656;26651;51494;17091;26641;17118;26472;51478;26663;17005;17031;17006;26665;17017;17494;26661;26664;17003;26666;26667;17496;17495;16993;17002;17497;26670;26669;17498;17493;17004;17499;16720;16680;16702;16679;16706;26673;26674;16649;16677;26668;16678;26672;26671;16994;17501;17502;17505;16648;17503;17507;16701;17504;16612;26676;16609;16631;26679;16610;26678;26675;26677;16608;17506;26682;16640;17508;16611;16589;17510;26683;16586;16585;17509;26681;16588;16583;16514;16513;16587;16512;17511;16511;17517;17512;17500;26684;17514;17519;17518;26680;16493;16492;16495;16496;26687;26691;17516;26690;17515;26688;16494;17098;26686;17520;26685;17524;26695;17119;26693;26696;26689;17521;17523;17081;17522;26699;26698;26700;17071;17082;17525;17528;17527;26694;17526;17532;26697;17531;26692;17534;17068;17080;17070;26701;17530;26702;17533;26704;26705;17535;17036;17069;17066;26706;26703;26708;26140;26710;17067;17536;17021;26715;26713;26709;17537;26717;26716;26714;26712;17540;17539;17543;26718;17538;17542;26707;17529;26711;17544;17541;17513;17547;17545;17550;17546;17549;26723;26719;17548;26722;16745;16747;16753;26720;26721;16733;16734;26725;26726;16748;16744;26729;16651;26728;26732;26724;17554;26731;17553;17551;16652;17556;17552;16641;26733;16635;26727;16633;16637;16636;17555;26734;26736;17557;26738;26730;26742;18339;26744;26737;26743;26740;26741;17558;17560;16980;17559;17564;17562;17561;17563;26739;26750;26746;18340;26747;17566;26745;26754;26755;26753;26751;22436;26752;18341;17565;26748;22435;26756;17568;18342;26758;18343;20084;18344;26757;26761;26759;26763;17567;26764;26749;26766;26735;26765;18346;26762;23711;18345;26772;26770;26767;26769;26771;26774;18348;26776;26777;26775;26768;18349;26782;26778;22178;18350;26783;26784;18347;26781;26779;22177;26773;18351;26780;26785;26789;26788;19399;26787;26792;26791;26794;21657;21656;22179;22437;26790;26795;21658;22439;22440;19823;22438;22441;26793;26798;22462;22461;26804;26799;26801;26797;19980;26802;26800;19824;26808;26803;26806;26796;26810;26809;26807;16763;19981;26805;26812;26814;26786;19826;20085;19982;26760;26816;19825;20954;26813;19983;26818;26817;26815;26823;26820;20955;19487;20868;21659;26824;20397;26822;21107;26819;21108;21105;21660;21104;21106;26821;26825;21553;26827;20956;21110;21111;20086;26828;26830;21109;26141;21113;26831;26835;26829;26832;26834;26833;21735;21112;34736;26839;26840;26838;21713;21161;26844;26837;21714;26142;26842;21914;23627;23628;26845;26143;26836;26841;26826;26843;26144;26850;26852;26849;26846;26854;23712;23713;26848;23630;26147;26857;26856;23629;26851;26855;26861;26145;26860;26863;26862;26853;22919;28269;23714;26146;23715;22916;26859;23717;26864;23719;22917;23718;26865;23722;23720;23721;26858;26868;38968;26867;26866;26870;26872;26871;26877;26148;23716;26875;26876;26879;56069;26873;56068;26878;26149;26883;26869;26882;26881;26150;26887;26885;26874;26888;26884;26886;26151;26153;26890;26155;26156;26892;26891;38969;43135;26154;26889;26880;26847;23723;26894;43136;43134;26152;43139;26896;43137;27063;27064;43138;26897;26948;28271;28272;26898;28270;27065;29200;30045;26895;30047;31036;31035;29969;31839;43140;29972;29971;32156;32154;32159;29973;32158;29970;32157;30046;39378;33190;39377;43141;35176;35177;32155;39380;39379;35698;35175;39381;35697;34952;34738;44348;39382;39383;44350;44353;44347;43361;44354;41976;44351;44352;47753;41978;39384;43360;34737;41977;44404;47754;44405;44349;43143;43142;46261;46348;46347;52039;47148;47147;47145;56841;51659;56843;56842;47149;56596;52040;56597;56844;63291;47146;58611;56848;61590;56849;56845;61592;56847;63444;61591;86215;63443;63442;58610;73718;58612;68919;16878;16541;56846;16482;86119;16813;86118;58613;17047;17044;17570;17097;17569;16814;17572;17571;16540;17011;17573;17012;17049;26914;17072;30202;17018;23731;10763;44603;26811;73719;26893;12055;77338;77336;77335;76796;77342;77340;77391;77334;83162;77341;76797;89057;80087;80086;76795;117395;77337;117394;42436;34491;82430;77339;18570;10111;33268;20960;72929;72928;65575;65576;77811;72026;90512;72025;72505;72504;72506;74104;74287;72507;80885;76766;76428;72508;67230;72220;64378;64379;70098;186687;120953;149349;100380;77029;70097;97579;103378;120945;103674;97578;101521;97577;155843;148709;66987;72586;74121;77812;66306;81779;172123;66307;66172;81782;61565;81780;81784;62786;81781;61564;81785;63323;81783;59293;100719;66473;73102;72368;66472;101168;25738;53490;29997;55594;35906;186937;57849;38977;127914;138093;138080;138079;138076;125878;138081;138078;138075;34948;58292;18174;69180;138077;11572;77750;47828;51938;76166;55549;36087;20805;11425;24700;51956;62940;59370;59369;59371;38951;91232;72722;59368;30134;78892;180509;70739;96446;72721;91818;95720;26662;95719;164911;90892;91819;91764;91763;96447;95721;147894;95722;97892;95319;124775;100847;127051;122248;126638;124776;97891;139224;97890;171167;182680;164912;179673;174015;178031;183296;38949;182199;179674;33484;152959;31050;31724;88577;180051;171959;186476;88578;186475;136670;103870;180052;189236;62626;62621;62625;62622;62623;62624;141061;12015;76592;84962;72035;72034;90627;14684;90189;90190;25737;24782;27590;20320;21051;62186;15771;82994;25762;97140;88097;62185;22132;22131;11696;57560;63059;72395;58579;60036;66784;63303;68888;60037;57559;59849;59847;72394;59846;45087;53488;52534;49086;56872;59497;58319;62077;70026;70588;56469;74040;72104;131132;132416;134222;135032;153850;152751;84504;161376;78597;158930;91347;86602;87371;86001;149023;92410;59848;94915;95824;66498;101954;100025;96830;100300;104359;103506;106397;105651;111105;118718;117880;126476;110384;121473;158981;21782;119767;108795;25998;34157;127047;38985;47762;35913;45390;25996;58500;20219;41060;47037;187976;187130;187975;177586;187131;15862;148499;18480;118238;15926;16226;130596;143590;94914;129406;129104;11635;186688;11974;70176;70175;71310;77687;77685;68906;68910;70477;69194;68908;68909;70479;70478;68913;70476;68912;68911;70481;10925;72000;68907;70475;71996;77756;71999;71998;73495;71997;76502;73494;72001;73687;77000;73493;76504;76503;73496;78421;73492;76506;76508;78420;76507;78423;78425;78424;80957;80953;80956;80958;80954;80955;82795;85225;82796;82912;82797;85224;82798;82794;78426;85227;70480;86475;85229;84768;85228;86606;76505;86477;88091;86476;88095;86607;88093;88092;86608;92518;90761;86605;92512;88096;92521;92520;92519;92515;88094;92514;94579;92513;96659;94333;96316;96658;96662;94332;96661;91762;102699;96660;94331;99525;101266;102700;102701;102702;102704;102703;102073;99526;102706;102708;99527;102076;102707;102075;102077;102072;102080;102705;102079;102081;102074;104032;104035;104034;104040;104033;104039;106385;106386;104038;104036;102078;99524;106390;104041;106388;106392;104037;106394;106393;106391;109210;106387;109212;109215;109214;111206;109211;111205;111207;109216;137004;178668;111204;109213;118232;178670;126508;125773;178673;121389;118231;126925;121642;178666;121644;125546;122242;121354;122241;121129;121111;121066;121215;121390;124091;178674;121643;121070;124195;178671;124236;124193;124003;121069;124031;125309;124327;124092;134893;124760;124030;130517;125774;130514;126785;124238;130505;127056;124765;130469;130468;127122;132959;132046;130516;130460;130519;132075;130518;130466;131944;130515;130264;130520;133303;130270;130502;106389;130504;130459;140454;132038;121126;133863;130467;133965;133051;130053;133088;140737;136119;133725;133860;133050;146092;136701;178675;137056;133145;138210;136828;135683;136285;139071;138909;140467;139069;138596;139033;138608;138605;140586;138839;139070;138905;138604;138908;141827;151625;139032;143381;178669;141868;138889;138907;141806;138906;142145;141846;143383;141849;141845;144982;146194;145261;150137;144986;146090;145571;143263;144984;144933;144978;145502;146106;148665;144985;148664;145691;149810;143382;148671;178664;149473;178663;178667;148682;149970;149788;148670;148657;148673;148661;148668;148651;149369;148648;149859;144983;141802;149453;148676;148672;148659;148683;148666;148654;148669;148675;178676;148667;148660;148679;149366;148678;148650;148663;148658;148680;148645;148653;149967;149351;148681;151630;151639;153256;148649;153128;153252;153253;164079;151635;151633;151631;151638;158934;151634;151632;151636;151637;151629;148662;161264;154110;151627;151626;154111;154112;154119;154113;154123;160200;154127;161261;151628;154120;154118;154116;154121;159280;154109;161775;159234;159271;154125;154108;154122;154126;154115;158896;156671;165723;154107;161953;154124;156685;161525;159063;156680;158041;156676;156673;156681;156672;156679;156686;156683;156689;156684;154117;155626;148677;130279;156678;156682;156782;156687;85226;156692;156693;156677;156675;156694;156670;161287;160076;178641;161299;161217;160183;178665;163770;160125;163614;178672;178642;178643;166767;164019;164897;163604;163788;163769;178646;163768;163435;178644;163629;164339;166604;163461;178640;166075;166078;168964;166086;166073;166084;166081;166383;160087;166682;166324;163761;166083;166070;166085;166076;166332;166079;166686;166319;166379;166082;166077;166071;169283;166318;166080;166074;166459;169956;172047;169947;178645;169942;173835;170391;177295;169941;169939;178639;169944;169925;169952;169940;174255;169955;169949;169953;169950;169948;174737;166072;169943;169951;174741;174254;174227;174740;174249;174739;174242;174626;174252;178201;178187;174241;174240;177837;174738;179871;178202;178192;174248;179835;178960;182924;183962;180550;180190;177112;178191;183725;182923;178186;182931;184167;183504;183505;183960;187316;182929;182930;182939;182936;182920;182935;182926;183961;182928;182937;182925;189763;183875;182934;182927;178190;182938;70120;189740;189374;182922;70121;55938;55941;55936;55939;56770;55940;57636;56769;55935;55937;56771;55934;57639;57637;58877;174625;58878;58876;59989;59987;58875;59992;58874;59996;59991;62711;59990;182921;59994;59988;59993;62712;59995;59997;62714;66510;66509;70102;63520;66512;66336;141393;63519;66515;66514;77686;66516;66511;66513;80191;80194;80193;62713;126510;80192;80195;91778;91779;121067;80197;121068;131701;80196;104100;80198;77688;108520;126917;104175;85270;91890;55933;151424;151371;25710;40446;25021;77437;20284;62800;55932;23996;33094;62799;43814;24758;26969;181675;181216;141210;141214;141213;141211;23997;141212;137748;50978;51388;51389;57638;62311;137747;11983;99929;25085;99928;34243;38664;92660;83265;77275;77277;77280;77278;176549;177450;167251;167250;168912;167252;31352;65986;11705;85908;65985;85909;189943;83737;83736;182962;73334;58726;59180;55574;61432;73332;73336;76510;80078;86901;80832;80081;86900;88983;80080;97496;91974;121544;133474;122857;122586;133471;80079;125223;127114;76594;165066;163764;176673;176672;55573;122588;186912;129535;80831;180009;181266;181267;11891;20096;11522;11941;49646;58482;20728;55701;35627;53514;163762;88905;122753;34266;122754;122752;40468;12002;74224;100383;83115;72264;74225;71861;74090;55818;71860;83116;63281;70743;61487;73969;73970;66941;61486;66637;59685;66942;70071;72619;66944;66722;72880;59109;59035;70260;70072;59036;159929;34472;57939;57940;63266;70744;95917;94253;99134;103598;108786;96731;110324;105080;100270;106296;93685;104848;118574;121393;111137;118178;119841;104378;127054;130967;130057;173679;129467;131957;133531;137071;125150;136930;143478;123128;141099;144453;143115;141100;134954;146427;147658;149041;149333;149043;149985;149984;149042;149986;152038;152129;153429;154711;153709;154717;154775;152039;157403;152036;156222;156221;153432;159106;157242;157181;161410;159105;158163;158976;161395;164292;161402;164288;164291;159571;165106;163394;156230;146086;166457;167249;168670;166599;168669;170432;170453;168697;171390;173442;174022;173444;174037;174036;176084;173439;177474;176087;177477;177475;170445;181230;178753;178228;178754;181014;181760;181231;183882;189369;183881;181763;178752;186724;176078;186730;189301;186731;189302;123130;187104;123129;125219;122365;189303;129975;124005;127901;133670;139578;136560;134703;132034;164519;146420;149381;154152;144106;150342;151587;153362;156666;163957;163031;169879;166042;179485;185551;181275;185561;142468;183100;174137;154436;186626;159658;181596;171458;177267;164985;185572;147416;147414;147412;162407;147417;151582;154425;152631;148455;185565;185563;171518;165080;183101;181597;152697;182910;172601;185574;186771;174125;161778;160843;183102;179504;162181;162228;186769;178188;156662;169887;181595;171511;109865;186767;185566;185559;132021;112060;118975;156058;147620;134763;150450;127898;145014;154429;146447;148456;152629;147660;157449;122816;153401;158729;163029;171460;164987;159665;164088;144055;185768;127902;185556;182915;172539;129976;158319;151827;122366;124006;125220;186775;165108;133671;136561;134704;142465;146423;149378;139579;144108;163030;150340;156667;151585;153365;154154;159659;166044;174134;169878;185554;181273;162497;187905;186914;179483;166790;160466;181477;181465;162496;174074;163956;176742;162603;180235;175331;164347;161715;181353;177930;165260;166211;168658;167638;164343;171457;165261;163496;163663;172512;170100;179145;167632;171455;170101;168652;177933;176740;178144;179141;175329;174077;172514;186031;180230;181351;181878;183783;187078;178145;166208;189368;181876;182132;183786;161413;181355;187080;179142;189363;180233;186029;108753;108584;108754;108585;109867;121641;182131;122193;122949;123133;121476;125362;126069;126623;109866;110806;117291;128529;121511;122192;122947;123011;125360;122232;128059;126070;128060;138082;117918;125999;126000;139062;126621;128527;139786;131766;132712;133849;132710;136356;135273;134406;137050;130169;135199;129100;131772;132713;132708;135200;134404;136403;135275;133692;138444;138084;151573;128524;153876;149254;152415;148774;150121;139073;144769;139790;145447;142912;140733;142612;146782;141569;137048;130171;186187;144277;141572;153091;139788;139039;145466;140731;142610;144283;142911;144772;149282;146779;148766;150801;150120;162605;161711;163495;152413;152636;151572;155916;153106;154816;148015;153879;157445;159528;158691;158652;156604;157444;160468;153880;153088;154820;156605;158693;158655;155918;125404;155789;164346;97143;161412;124020;152211;95259;122116;131284;189106;95258;181612;157114;174259;173917;189107;185425;182770;186213;152210;178770;157115;144621;154014;139329;186214;178769;146590;139663;154013;139328;146589;144620;122587;176073;189235;100027;189237;97497;122856;122585;101956;139456;96829;176674;163765;129534;186910;127113;159529;186911;111682;176671;163763;153047;186478;109016;118934;108282;110978;118309;106189;131945;119614;121542;109944;130968;124194;122247;135589;145269;125165;127894;128706;125953;132938;133650;138503;134408;141470;136559;156254;139601;117409;152489;151610;127124;144981;152424;147922;147704;150707;153397;149433;149472;159887;159707;155448;157434;157878;154142;157385;151293;159181;162392;163071;168738;166102;168913;171594;166329;161121;178183;169861;165173;186806;179875;172602;177388;132035;174167;158219;148539;121543;148013;156674;185555;144454;182841;181321;172605;168392;189075;187658;173740;93813;172593;142717;143218;103531;160472;160471;99128;105110;174165;105111;163660;146823;177090;178775;180325;179226;177927;164352;164540;165571;165299;170670;167639;168655;168329;170917;166434;181348;171553;172592;169034;175372;183808;179231;181882;181350;182368;186189;186035;183832;123508;180323;189366;121478;122401;126703;123506;121599;125949;126217;128969;125358;187075;129389;128971;139184;133690;131955;130364;138095;132773;136358;139317;139869;138588;149529;149256;151612;150158;137086;128774;153112;152453;173623;139867;135412;144855;148772;143059;143425;141776;152504;146784;145467;148396;161714;148109;144285;162670;164354;165246;163581;155920;154876;156609;156196;154058;158928;158068;159547;152634;158656;95929;161411;137839;184165;105792;108884;139727;135296;119241;158830;105786;160526;126590;132047;157906;82699;165177;79310;164811;81087;78550;86654;85408;86270;88047;84488;92496;122508;90096;107071;18352;18062;91228;18353;20113;18683;28212;25554;21763;21175;87314;22476;28252;38744;30255;34211;24811;45372;35111;40502;32477;42434;40946;20911;33281;135189;51423;154061;55416;52754;57797;50548;62214;66808;56480;65577;59066;69877;76317;70301;70561;22418;19295;24241;15573;20135;77748;72687;18369;22335;62215;25122;25346;21554;27625;25704;31736;30203;29983;33131;34118;24762;29699;18521;40928;38989;95411;55763;51061;95919;35436;93721;101931;100355;103360;99167;96798;109392;104355;106305;105515;105689;126381;111109;118571;108805;31604;31992;121388;40553;34773;33286;39768;49143;42477;46837;39338;47887;56482;53410;45387;52612;50653;119498;45044;55638;59068;58322;62216;65579;60127;66810;70563;71498;62802;66000;74139;73304;77201;80055;83291;76316;82711;81915;85446;77747;84491;88597;81051;91221;86790;12516;92358;72689;12517;12514;93593;12520;12515;87370;16251;14768;18099;14242;12518;17195;15420;15898;12519;19463;17587;86252;20249;18437;20990;14676;22479;21341;19773;22125;25081;23926;24234;24354;23740;30254;25830;25566;21073;29723;32478;33790;33282;35110;34210;34374;38743;40591;25297;40501;31605;42433;44095;45373;40945;47024;49289;53412;50549;55415;56141;48424;45542;52753;18189;35684;54935;57798;69879;56481;62213;47023;66809;67130;65578;69878;72688;77749;76318;73648;81088;85409;81730;84489;81977;88048;87321;93317;82700;78551;91229;86829;106297;99135;95918;108787;105081;104379;92497;111136;101957;119840;118573;125151;84565;100427;86722;127055;119842;110323;80227;90097;109361;77814;60019;121391;79857;71948;118575;121392;87919;74013;89832;83472;84802;91098;96454;77713;92036;102429;86404;109897;99375;104671;111791;111009;106847;117597;70350;120949;119673;70349;73995;122250;74432;73434;94073;160082;117874;100271;77578;78442;62481;79142;58539;59427;80486;65911;56962;62837;64585;61625;65220;70859;69867;66873;63243;84160;70215;66446;63451;84162;71352;84159;84643;86062;84161;86384;87246;56960;85327;93524;91164;86853;56961;88640;89869;88720;88722;69347;71952;87658;123976;152698;127895;160081;91389;78680;155137;72172;72174;97215;153459;93514;89782;148710;102325;100793;121127;118084;152273;109040;95889;109031;72170;153438;88721;153436;124021;104630;62221;84404;109033;57044;55421;62220;62222;56199;140605;137653;137879;153092;99370;77173;61563;64787;79858;91387;69847;63455;74014;77714;66411;84803;83473;71949;87920;94074;89833;96455;91099;102430;99376;92037;86405;106848;111010;109898;117875;120950;111792;55420;119674;125406;117598;100960;63340;77371;56214;137068;100956;56196;77368;71039;77372;93404;139914;122251;93407;186820;148449;71465;80861;148656;133180;61519;78677;85268;59823;104672;81979;76492;85542;59822;175105;137650;88101;106758;70259;85269;109597;58180;82271;47682;104666;58291;109279;110643;84670;83991;55435;57773;62739;62993;63542;59090;58074;58070;58893;148358;61710;71041;62584;110644;62575;60038;61711;59403;58894;59404;62585;63543;62994;62576;70944;70709;62740;64718;60039;65128;66475;69988;69264;64719;63545;65801;66988;65802;66989;69989;69265;66476;70710;73095;72327;71343;70945;65129;76758;74436;70946;63544;70711;71344;77899;77493;74437;76759;73766;73096;77494;79661;78469;82035;72328;82034;81517;78470;84575;83436;77901;77495;81518;82499;82036;80520;77900;82582;82037;83437;82997;82500;58684;80519;73765;58353;59067;85383;84576;79662;85686;87473;88751;86068;55418;89872;84577;90788;57358;86761;85384;56755;57774;88458;86069;58072;86762;85273;58354;86417;88459;88752;56376;95471;90789;94957;91544;89873;87474;93659;96773;95883;90790;99627;91545;92753;97636;85687;92752;94958;117940;96774;95884;97637;95436;94231;95472;99124;99628;103677;104635;100807;108374;102356;110807;99123;105211;99629;100808;103678;105039;104636;106560;106301;117292;102357;117669;110808;106300;93660;119605;55419;105615;108375;117667;119748;118396;119603;56756;56377;54973;117919;55417;55141;53915;56258;55804;58208;58995;58002;56875;61551;57359;63244;59428;62838;63452;61623;62482;64586;65912;65221;67226;64507;64917;66447;66874;70860;69868;72285;58540;73741;72607;72938;73435;71953;73996;77174;76415;74433;80487;78443;79443;81128;80999;81820;79837;79143;80947;84050;83367;77579;84366;86063;84732;85328;87659;106607;86424;86854;84644;87247;89870;91165;90426;88641;86370;71353;92013;118394;94629;93961;95763;93462;82782;97728;96389;94335;100053;103125;100757;103923;101363;108283;104545;102263;99284;117408;109602;108959;110977;123937;111681;110396;119424;125055;105176;137252;125814;128632;133606;118908;53914;59197;119093;125890;141492;34322;59177;58619;125895;125891;128279;135900;125893;76787;51078;125894;125892;41971;105692;135899;76789;59818;54974;51079;64919;72036;71230;73670;74263;84218;76452;50828;81183;92943;87924;93519;99103;95286;97939;103374;55851;118981;58792;59178;105485;111758;104851;105781;110097;94338;123517;118465;111977;124299;131128;118884;130454;127135;129496;139202;134628;143117;119099;150960;134974;143222;140771;144851;174757;169512;89924;80219;157421;89964;159740;80220;40480;158147;159305;159637;160905;160216;161980;159493;183917;162421;163274;137076;162705;164154;164657;166046;164509;167100;165589;163725;166469;165067;168700;166630;168274;168182;168373;165503;169761;174333;171322;173060;173837;176676;175838;177634;177228;174479;169760;179225;180162;180251;178446;182073;183807;179838;180507;182441;181236;170518;103373;176495;161478;183247;91671;185606;185350;188160;187621;187133;188159;186363;186792;186599;189461;189822;70892;70891;71228;70924;70893;72801;187769;73420;72940;73711;72617;70917;74009;71969;73083;74435;77185;76582;77862;79337;77410;77582;79144;78081;79579;74123;79838;72168;78476;81208;80950;82535;81021;83137;82826;83368;84343;84668;81648;84051;85568;83746;84922;86855;86381;86064;86210;85744;87248;87207;88682;88089;87418;90195;86599;84733;89686;91129;90543;91717;90795;92629;91456;92792;89787;93818;95481;94137;94581;93477;80488;94677;88957;91351;93316;97725;99996;99634;100680;100992;103422;102994;103649;104435;105357;101981;109396;106683;103934;111382;105153;107221;109900;106486;106351;110229;106841;117428;117332;119096;119557;118886;122616;122245;125370;119683;124278;122852;125728;124459;118152;127119;121513;128327;125951;127128;131189;131737;130274;126752;128740;130462;133052;131021;117635;133847;132716;133464;129053;134214;133953;131953;135093;136347;134700;135703;135916;136121;136742;132096;137700;139694;139000;137080;135400;139793;139458;138448;141574;140405;141195;142208;142970;142642;140699;144782;129847;137634;99137;142718;146061;146205;146543;145072;148488;147755;148559;149413;146949;148242;150431;148995;149901;151673;153254;152190;151832;150855;152927;148849;152608;153516;153828;154239;153932;156034;156461;155866;154705;156861;155353;158935;110519;157292;158050;159236;100128;70890;104814;21781;16151;100129;24812;158501;153631;110502;66500;56871;15786;74093;72106;45389;30201;25999;35915;59499;58501;38987;25997;55693;41059;55458;127915;47764;39435;35686;40873;46673;103508;43002;50072;52587;61997;64699;43003;64472;65998;65027;70459;50073;46674;66929;56748;55459;62594;34290;18214;58605;59464;56749;58606;59463;64700;61998;65028;62595;66928;29702;78891;70458;65999;39766;35685;130366;19702;70610;55576;58725;70611;59181;73333;76595;73337;76511;80830;61433;80829;88984;55575;91975;54832;86902;73335;99311;71570;34291;71571;139733;50052;50054;129055;86903;50053;56584;50059;50065;56178;58093;50066;59045;58095;65216;59914;50061;58094;69839;66868;65217;50057;73414;70340;67208;82767;79829;83415;82768;70341;78436;85349;84740;85878;72933;85347;87873;86382;87251;86817;83353;87329;88880;135851;62909;87250;52588;182849;87874;143470;85272;91044;93532;92014;91610;94015;90430;94010;94913;93463;97739;99310;101364;105177;104664;99313;100295;103744;104546;100758;21724;105729;146347;22025;152482;95810;57286;150988;50067;53374;50060;50055;50058;103126;50062;50064;24328;50068;50056;50063;25173;22539;50531;156551;59046;86383;187860;65673;142902;81882;72280;142903;81883;40563;71898;72281;138883;65926;91857;65924;61620;99265;50681;70609;117617;62801;128178;12257;69932;58812;131568;77758;78599;77757;78601;74124;125548;78600;83088;64476;61621;55135;86604;70590;80171;50680;86066;77971;80170;80174;80177;80173;80175;80180;80179;80178;80176;80187;80182;80184;80189;80183;80186;80172;84764;80188;80185;53844;58091;58092;54846;53843;54845;86632;124027;62947;77405;80181;103836;103251;77407;140215;85881;63546;58355;62995;58071;62741;58895;61712;60040;58075;59406;60041;62586;59405;62742;61713;58896;62996;71042;62587;63547;65803;64720;64721;62577;65190;65804;66477;65189;62578;66990;69266;66991;69990;71043;70713;57775;85410;66478;69267;69991;73097;72329;70712;74438;73767;77496;77903;81519;77902;76760;76761;79663;78471;84578;83463;87109;80521;82501;57776;77497;57360;58356;58073;96268;105043;96904;95473;101771;111043;97662;108518;117938;56758;56557;57361;118592;111980;65699;56757;130055;84240;65700;100839;76963;84584;77331;139203;76965;93522;99967;77330;84583;78672;94339;176374;78674;176418;176397;103981;90784;85404;176371;93520;97573;100670;103982;93517;121105;89101;99436;124161;90785;105008;96764;129300;126922;119417;89102;125364;101897;107092;126920;129060;103983;110268;131949;121308;134113;140776;136921;119418;121309;124162;124163;125366;129298;126918;121307;134109;121106;129058;131947;148947;140774;133211;125368;135856;147644;155570;151642;134111;133214;139572;136923;144643;140756;136925;156389;138086;155574;142422;144635;164837;157892;151640;146104;148949;147648;169999;176367;154825;144639;182525;156387;164830;158991;178198;185772;185777;174235;187622;172120;176369;169991;187624;170168;172138;166607;180102;174239;178200;170173;142677;70093;71345;81758;106141;82713;61413;84503;77863;90148;86245;187631;87737;56567;91262;103359;93526;142031;118800;94935;56568;28185;61412;142032;11742;86570;23753;117707;21118;20866;20837;19783;20322;19193;23783;20245;23756;20226;23924;23754;21117;17974;15487;21139;26060;15852;20016;83957;83958;83959;121433;156790;155865;148037;61798;61799;61803;61806;61805;61801;61802;61808;61809;61812;61804;61815;61814;61800;61810;61811;61807;182527;61819;61823;61817;61825;61820;61818;61827;61829;61824;61821;61831;61813;61828;61830;61822;61836;61837;61833;61832;61826;61841;61838;61844;61842;61845;61839;61850;61840;61847;61834;61848;61852;61849;61854;61843;61835;61858;61853;61855;61856;61863;61857;61846;61861;61866;61862;61860;61864;61865;61869;61867;61874;61859;61876;61870;61873;61872;61879;61871;61883;61884;61881;61877;61880;61875;61886;61882;61887;61885;61851;61889;61878;61892;61891;61897;61893;61899;61895;61890;61896;61901;61868;61903;14776;61902;61908;61898;61905;61906;61910;61907;61912;61894;13862;13865;13860;61911;13861;13867;13864;13868;61913;61900;13871;13869;61904;13872;13863;13866;61914;61909;13876;13870;13881;13874;13878;13883;13877;13884;13880;13887;13873;13885;13889;13882;13892;13888;13890;13893;13886;13879;61915;14777;13896;13895;13902;13898;13891;13901;13899;13897;13906;13903;13900;13911;13904;13912;13910;13905;13894;13907;13875;13908;61888;13915;13913;13920;13918;13909;13924;13923;13919;13922;13926;13921;13929;13916;13927;13930;13917;13928;13935;13934;13933;13936;13940;13931;13939;14778;13938;13932;13945;13944;13942;13947;13949;13943;13941;61917;13951;61916;13948;13954;13925;13953;13955;13956;13952;13946;13937;13962;13958;13957;13960;13959;13961;13964;13963;13971;13950;13969;13968;13967;13976;13966;13974;61919;13965;13970;13978;13973;13983;13982;13980;13979;13985;13981;13972;13989;13975;13990;13987;13993;13984;13992;13988;13991;13977;13995;13994;13999;61918;13997;14005;14003;13986;13998;14001;14007;14004;14012;14000;14009;14013;14010;14006;14002;14016;14014;14008;14020;14011;14018;14019;14026;14022;14021;14017;14030;14023;14025;14028;14032;14029;14031;14033;14035;14034;14039;14024;14015;14037;14040;14027;14043;14042;14048;14045;14044;14038;14050;61920;14041;14054;14046;14052;14058;14047;14051;14057;14055;14056;14049;14053;14062;14059;14066;14063;14060;14069;61921;14065;14068;14074;14064;14077;14079;14072;14070;14078;14073;14071;14036;14076;13996;14075;14081;14061;14082;13914;14088;14067;14085;14086;14084;14087;14083;14092;14090;14093;14091;14095;14097;14096;14099;14098;14104;14089;14106;14101;14109;14094;14105;14111;14102;14112;14103;14114;14108;14117;14107;14120;14116;14119;14113;14121;14124;14118;14126;14110;14128;14115;14123;14130;14125;14133;14131;14135;14129;14138;14100;14140;14137;14134;14127;14132;14141;14136;14145;14144;14143;14151;14139;14148;14149;14155;14150;14147;14159;14153;14156;14154;14142;14157;14122;14161;14152;14163;14158;14167;14162;14168;14164;14165;14166;14171;14820;14172;14146;14328;14173;14330;14176;14175;14329;14333;14331;14334;14170;14723;14174;14387;14673;14678;14752;14335;14754;14679;14794;14750;14755;14753;14680;14332;14751;15413;14796;15522;14749;15546;15521;15434;14795;15548;15550;15523;15599;15435;15549;15597;15603;24551;15598;15601;15602;15638;15600;15650;15547;15699;15738;15697;15551;15740;15637;15636;15836;15737;15838;15794;15769;15919;15839;15698;15915;15916;15635;15918;14840;14160;15917;15956;15793;15957;16014;15739;16037;16035;16076;15998;16079;16065;16082;16038;16080;16077;16036;15981;16078;16114;16081;16015;16157;16117;16184;16116;16135;16220;16115;16243;16158;16241;16256;16218;16253;16254;16083;16240;16258;16242;16269;16219;16292;16293;16259;16290;16294;16302;16376;16291;16379;16377;16255;16375;16359;16360;61923;16461;61924;17139;16473;61925;17278;61922;17277;17140;17281;17215;16378;61926;17216;17346;17332;17331;17279;17347;17280;17131;17601;17668;17658;17678;17677;18002;16257;17670;17334;18052;17333;18103;18004;18032;18091;18104;18003;18107;18106;18171;18173;18172;18273;18237;18274;18105;18306;18275;18307;18235;18412;18236;18435;18305;18434;18277;18308;18404;18496;18411;18497;18550;18598;18562;18584;18499;18597;18498;18649;18583;18676;18440;18276;18675;18561;19191;18678;18677;19201;19265;19226;19885;19192;19267;19888;19887;19890;19894;19892;19897;19893;19889;19898;19891;19902;19896;19903;19886;19906;19901;19907;19904;19899;19900;19910;19908;19912;19911;19909;15920;19905;17669;18599;90004;19895;61816;19914;19916;14080;19920;19919;20427;19921;20428;19917;19915;19918;19923;20040;19985;20041;19984;20431;20429;20432;20430;20120;20119;20057;19922;20434;20043;20039;20125;20435;20433;20123;20436;20122;20042;20437;20126;20439;20121;20442;20440;20446;20128;20443;20438;20124;20444;20448;20452;20441;20457;20455;20449;20453;20445;20456;20450;20454;20447;20461;20459;20460;20462;20463;20471;20470;20465;20469;20464;20468;20474;20473;20475;20466;20467;20458;20127;20477;20479;20478;20472;20793;20795;20810;20818;20797;20831;20849;20809;20852;20851;20794;20850;20796;20819;20817;20876;20875;20878;20854;20897;20832;20942;20981;20939;20877;20941;21004;21003;21002;20940;21098;20853;21115;21132;21114;21149;21178;21028;21202;20964;21206;21133;21207;21203;21201;21177;21200;21283;21281;21179;21356;21285;21320;21357;21599;21359;21358;21617;21575;21635;21598;21602;21360;21282;21037;21603;20476;21669;21284;21717;21600;21718;21670;21661;21751;21719;21754;21715;21777;21752;21770;21753;21769;21716;22042;21755;22058;22014;21776;22020;22053;23878;23881;23876;23880;23883;23885;23882;23879;22013;23877;23875;23887;23884;22019;21720;23894;23889;23888;23896;23890;23893;23897;23891;23892;23903;23900;23905;23901;23906;23898;23899;23895;23907;23902;23909;24552;24553;24554;23908;24560;24558;24557;24565;24559;24561;24556;24555;23904;24563;24567;24568;24564;24572;23886;24573;24570;24562;24574;24578;24569;24571;24576;24577;24580;24585;24575;24582;24583;24579;24584;24590;24588;24587;24593;24589;24592;24598;24594;24581;24591;24601;24596;24599;24595;24597;24586;24604;24602;24606;24600;24613;24607;24611;24609;24615;24618;24616;24612;24620;24621;24610;24608;24619;24617;24605;24624;24614;24625;24627;24630;24626;24633;24629;24631;24637;24628;24635;24636;24623;24622;24639;21668;24638;24634;24632;24643;24566;24647;24603;24642;24645;24649;24641;24653;24644;24646;24651;24652;24648;24687;24654;24650;24695;24655;24754;24688;24753;24806;24689;24808;24810;24804;24778;24805;24706;24675;24832;24807;24892;24809;24843;24842;24893;24894;37324;24779;24941;24891;24940;24945;37804;24895;24942;24939;24943;25033;24944;37164;24946;25034;25063;25062;25157;25064;37907;25189;25113;37741;24947;25115;25212;24831;25191;25310;25265;25190;25114;25439;25311;25430;25429;25428;25431;25266;25440;25475;25518;25514;25513;25441;25537;25516;37988;25515;25517;25432;25565;25564;25600;25563;25599;25601;37483;25666;25603;25670;25669;25598;25750;25697;25721;25698;38078;25794;25796;25602;37370;25685;25835;25875;25892;36567;37033;36699;25893;25946;25836;25895;37080;25891;25896;25968;25945;25923;25894;25983;26045;26008;25969;26006;26049;26047;26188;26107;26007;26009;26105;26106;26900;25947;26046;26902;25795;26901;25237;27070;27071;26899;27069;36338;27561;27519;27624;27623;37643;27615;26048;27614;27562;27817;27849;37237;37167;27851;28223;27642;28273;28200;27850;28275;27643;28276;37122;28274;28324;37602;37783;29298;29201;29299;28352;29202;29718;36221;38147;36831;29234;29233;38104;36522;29342;37481;38054;36966;36574;36340;29300;37838;36944;37399;37295;37534;37007;37559;37196;36622;36423;36254;37731;37768;37539;37715;37747;36747;37925;37239;36582;38065;38009;36483;37053;37891;36413;38084;37402;37432;36934;36903;37598;37138;36456;37198;37506;37272;36496;37204;36891;37798;36858;37095;36983;37592;37601;36268;36442;37688;36353;37672;36273;37317;38052;37665;37802;36928;36721;37530;36250;36679;38090;38007;36650;36975;37864;36572;38085;36784;37429;36651;37790;37550;36334;36965;36511;36868;37970;36352;37090;37999;37004;37066;38043;37107;37655;37296;36877;36326;36562;37682;38150;36709;37528;37171;36737;36696;37812;37628;36937;37791;37671;37031;36826;38111;36375;37648;36590;37551;37069;37180;37895;37179;36475;36619;37487;24640;37957;36556;37010;37514;38072;37155;37736;36835;26950;37108;36739;37952;36813;37319;37669;37455;38030;37852;37286;36787;38142;37347;37034;36299;37523;37246;37589;36648;37118;37508;37614;36621;36798;36793;36873;37519;36523;36548;36776;37782;37938;36278;37290;37442;37144;38068;37457;37311;38141;37221;37383;38047;37718;37048;37590;37756;36973;36802;37990;36698;36688;36672;37877;36470;36850;37840;37758;36446;37073;38108;36427;37166;38106;37581;36467;38038;37424;37890;36707;37446;38064;36578;36355;37143;36542;38096;37250;37330;38012;37256;36816;36825;36378;37353;36290;37410;37373;37596;36930;37202;37044;37003;36482;36554;37191;37478;37205;36235;37815;36649;43039;38136;37732;36715;36804;37835;37752;37091;37707;38076;36775;37169;36620;37460;37869;38107;37510;37699;37126;37904;37258;36351;37556;37172;38190;37942;38203;38765;38752;38682;38766;37305;38753;38813;47909;47912;38839;47908;47911;47915;47913;47910;38163;37922;38840;38162;38842;38843;47918;38841;47920;47914;38970;36293;47922;47919;47924;47917;39321;39352;38852;39358;39357;47923;47927;38921;47926;47925;39359;39367;39366;39351;39385;38698;47921;39360;39410;39386;40457;39409;39460;38754;47930;39368;39442;39484;39549;47932;47929;47928;47933;47931;47936;39550;47940;47937;47939;39572;47938;47943;47945;47934;47941;40537;47946;47944;47948;47949;47942;47950;40692;40775;40538;39615;40781;47951;40595;40936;40811;47952;41048;47954;41063;40869;47953;47956;40539;41064;47955;47935;41618;41616;41941;47957;41979;47959;47960;47958;42061;47964;47966;47947;47961;47968;41617;47969;47965;47962;47967;47963;47974;47971;47970;42789;42405;47979;47975;47981;47977;42788;47983;47976;47984;47987;47978;47985;47980;47989;42835;47990;47988;47982;47973;42889;47991;42887;47993;47992;47996;42917;47972;47999;47986;47998;48000;42969;48004;48003;47997;43016;48002;43073;43017;48005;47994;48007;47995;43040;48009;48012;48008;48014;48001;43162;48013;43105;48017;48010;48020;43106;48011;48023;48024;48018;48021;48022;48019;48015;48006;42888;48028;41615;48016;48027;48029;48026;43392;48033;48030;48035;47916;48032;48031;48034;48040;48038;48039;48043;48042;43849;43818;48036;48041;48037;48046;43848;43816;44040;48044;48052;48048;48051;48047;48055;48050;48057;48049;48059;48054;48061;44100;48058;48056;48045;48062;48065;48060;44590;44916;48067;48053;44325;48066;48071;44355;48072;48064;48070;44630;44626;44629;48069;48074;44628;44627;44632;48076;48073;48075;44663;48068;44918;44923;44917;44953;48077;48082;44662;48083;48080;44972;48081;48079;48063;44631;45063;45028;48087;48085;48090;48084;48093;48078;48086;48092;48094;45518;48095;48089;48088;48098;48097;45587;45562;48091;48103;45519;48100;48099;48096;45602;45601;48102;45618;48105;46184;48110;48106;46174;48104;48109;46262;48108;48107;48111;48116;48101;48113;48118;48117;48121;48112;48120;49941;48125;48114;48122;46853;48119;48128;48126;48127;46854;48124;48129;48131;48123;48138;48134;48132;48140;48133;48142;48137;48141;48335;48135;48279;48136;48139;48115;45058;48371;48143;49116;48398;49252;48130;49638;49251;49253;49250;49665;49299;49736;49298;49822;49734;49794;49278;49653;49733;49735;50339;49942;50405;50357;50502;50359;50569;50471;50579;50358;50578;49943;50570;50665;50816;50352;50580;50868;50702;50501;51350;51105;51385;50818;50817;51843;51085;51790;51384;51195;52576;51792;51968;51791;53568;51789;54287;53837;52648;52649;55773;56298;53444;56401;52059;56427;56402;51967;56159;50666;55823;56550;55613;56909;51951;57426;56372;57339;57554;57340;57010;57758;56725;58192;57831;57490;56774;57927;58614;58176;58758;57884;36583;57832;59105;36347;59284;58439;38083;59252;36369;37526;37962;36842;59303;36404;36463;38128;37485;37567;36524;36545;37710;36426;37215;36558;36277;58193;36399;36420;36449;38115;37571;36549;37016;36297;36383;36963;38087;37092;36358;37331;37405;36924;36360;37189;37880;37818;36386;37312;36638;36700;37194;36980;37027;37371;36432;36516;56461;37403;48421;37451;48025;36480;36634;37991;37621;36717;37575;36248;37527;38056;36436;37613;37681;37420;36350;36879;37139;36441;36552;37588;36964;37969;37726;36584;36729;36539;37868;37218;37563;37368;37269;37882;37379;36438;37544;37772;36276;36629;36687;37899;36342;37236;36625;38138;37050;37637;36569;37626;37537;36852;37440;36958;37584;37739;36486;38042;37421;37435;37945;37211;36563;37612;37401;36938;36689;37587;36526;36245;37407;36531;37515;36557;36830;36348;37284;36561;38060;36770;37475;36624;36632;37212;37509;36242;36794;37106;36753;38063;36759;36743;37883;36653;36594;37454;38014;37703;36890;37814;36598;37661;38032;37030;36736;36999;37294;36260;37900;37300;36349;37114;36926;37658;37949;36823;37308;36425;38013;36948;37569;37751;36566;36750;36840;36969;37851;37535;36844;37477;37285;38035;36288;36859;38018;36960;37065;37572;38066;36883;38027;36821;37099;37414;36234;36292;37874;36462;36321;37473;37127;37839;37529;36473;38069;37431;36505;36909;36640;36990;36993;37093;36977;36308;36513;36762;37585;37645;36388;37915;36534;36599;36846;36414;36723;38137;37078;36294;37103;36763;37600;37994;37415;36306;36677;37418;37673;43074;37493;37701;37244;37496;38149;36606;37927;37766;36346;37261;36403;36812;37419;36601;36675;36671;37354;38051;38117;38048;37409;37704;36429;37049;36591;37855;37634;36255;37259;37087;37253;37610;36535;37334;36318;37235;37346;36295;36751;36407;36918;37871;37998;38165;36943;37282;38164;37134;48144;37785;38192;38191;38853;38707;38693;38658;38683;38814;38767;38708;38204;38864;38844;48145;38845;38865;39761;48147;38981;39323;39322;39485;39324;48146;39429;39443;38982;39444;39486;39478;39316;39581;39552;39566;38815;39573;39562;39871;48149;39582;39803;39804;39872;39873;48150;40359;40397;42991;40399;40398;41950;39874;40438;43075;40464;40430;39849;40465;41949;40497;40522;40509;40498;40597;40584;40540;40636;40596;40637;40638;36781;40523;40585;36693;40693;40415;40696;40521;40700;48148;40697;40698;40763;40699;40694;40695;40900;40762;40701;40812;40761;40813;40764;40997;40966;40965;41027;43851;40980;40967;40968;41050;48153;48154;41049;43608;41619;48152;43852;40920;41959;41051;41639;41030;41961;42063;42046;41960;42062;42092;42047;42090;42076;42131;48155;42075;42095;42091;42097;42133;42181;42130;42096;42198;42284;42215;42132;42240;42199;42992;42993;42311;43144;42429;42810;42809;48160;48157;42356;48159;48158;42943;42918;42997;48156;41640;42999;42811;43019;42995;43020;43018;42996;42998;43022;43000;43023;43024;43042;43044;43041;43021;43043;43077;48161;43076;43167;43363;43362;43605;43394;48163;43609;46175;43853;43045;48164;48162;43610;43393;43613;43881;48167;44041;43880;44042;48165;48168;48166;44102;44043;44061;44101;48170;44303;44321;44103;44385;44396;48169;44334;48172;44402;44650;44356;44408;44604;48174;44673;44123;44919;48173;44870;44955;44672;48175;44963;44869;44664;48171;43867;44954;44996;44995;42994;45030;44997;45041;45029;45115;45370;45031;45124;48176;45520;48177;45137;45530;45449;45521;45563;48178;45564;48179;44868;45567;46177;45136;46227;45588;45566;48181;45565;48183;48182;48180;46176;46663;46680;46331;46330;46664;45548;46699;48184;46679;46743;46734;46690;46726;48185;46711;47041;46877;46744;47042;48186;47116;47115;48187;46878;48190;47127;47133;47132;46849;48189;48193;48191;48197;48192;48200;48194;48199;48271;48209;48319;48198;48311;48195;48318;48272;48251;48196;48399;46678;48345;48346;48403;48188;48422;48348;48402;49063;48428;48347;49078;49064;49202;49205;49099;49100;48898;49208;49209;49206;48933;49300;49190;49117;49254;49738;49688;49654;49263;49666;49740;49739;49742;49784;49967;49743;49207;49741;49795;49737;49989;50315;50314;49972;50076;50296;50424;50008;49973;50313;50445;50406;50503;50425;50321;50423;50429;50536;49971;50472;50535;50534;50571;50558;50582;50606;50581;50583;50608;50628;50819;50667;50609;50607;50848;50839;48336;44989;48151;50820;50981;50533;51071;49970;51070;51353;51106;51336;51793;51196;51182;51796;51795;51337;51798;51801;50827;51794;51799;51797;51800;51803;51380;51805;51807;51804;51806;51808;51810;51809;51931;51898;51916;51992;52036;51865;52035;51802;52061;51899;51932;51982;52041;52160;52454;52469;52593;52577;52541;52729;52699;52564;52748;52747;52730;53244;53226;52592;53001;52523;53227;52958;52708;53273;53290;53302;53289;53348;53327;53301;53274;52957;53351;53398;53350;53524;53538;53616;53369;53628;53349;53272;53617;53309;53542;53909;53908;54288;53882;54577;53509;54290;52060;54611;54298;53910;54589;54839;54289;54638;54578;54639;54610;54964;55111;54918;54991;54939;54940;55614;55615;55171;55665;55683;55112;55406;55849;54626;55695;54919;55666;55664;55634;55894;55848;55916;56109;56083;56084;56324;61928;61927;56085;56160;56374;55709;61929;56118;56373;56403;56325;61930;61931;56429;56428;56526;56462;56529;56530;61932;56531;56525;56687;56598;56551;56599;56708;56627;56726;56707;56532;56764;56765;61933;61934;53629;55853;56447;61936;61937;56953;61935;56910;61938;56810;61939;57046;57052;57331;57146;57079;56968;57319;57320;61940;56858;61941;57412;57145;57429;57413;57568;57427;57428;57407;57480;57724;57593;61942;57833;57912;57567;57332;58082;61944;57530;58163;61943;58103;61945;58178;58177;58440;58771;58476;61946;58491;58026;58475;57819;58474;58531;58505;58522;58558;58506;61948;58599;58575;61947;58716;58585;58424;58717;58759;58806;58490;61949;58557;58734;58890;58865;58830;61950;59012;59010;58939;61951;57955;59096;59185;61954;59011;59221;61952;59319;59305;61955;59304;59087;59315;59518;59681;59440;59362;59519;59652;59843;59635;61953;59653;61956;59710;61558;61960;59860;61958;61961;61959;61968;61965;61964;61967;59561;61962;61966;61963;61957;61973;61971;61970;61979;61975;61974;61972;61983;61978;61976;61981;61977;61988;61985;61986;61989;61982;61987;61991;61984;62401;61992;62445;62403;62444;62386;62402;62404;62423;62446;62424;61980;62972;62491;62447;62659;61969;62504;62540;56809;62425;61990;62794;63134;63104;58921;63257;63199;63161;63464;63344;63331;63284;64563;64279;64505;64504;63312;64861;64626;64551;63374;64902;66043;66041;64647;66044;64942;66045;66049;66042;66052;66046;66051;66053;66048;66054;66050;66056;66055;66047;66057;66060;64745;66059;66062;66061;66064;66066;66063;66065;66067;66070;66069;66073;66072;66071;66078;66075;66077;66081;66074;66076;66068;66079;66082;66083;66086;66085;66089;66088;66094;66087;66084;66093;66100;66095;66091;66097;66092;66080;66098;66058;66096;66090;66102;66099;66109;66103;66107;66105;66111;66104;66112;66106;66117;66115;66118;66114;66113;66119;66110;66108;66121;66124;66116;66123;66127;66126;66128;66133;66131;66125;66139;66137;66138;66136;66134;66129;66120;66141;66122;66143;66145;66147;66144;66142;66149;66148;66151;66153;66130;66154;66157;66156;66252;66251;66186;66146;66150;66152;66135;66266;66155;66286;66342;66285;66402;66330;66132;66614;66689;66313;66899;66911;66881;66615;66535;66265;66140;66975;66101;66978;67011;67010;67013;67104;67014;67012;67135;67133;67134;67137;67254;67253;67136;69097;69053;69089;69190;69230;66890;67132;69155;69314;69220;69338;69154;69465;69232;69439;69231;68862;69339;69490;69491;69467;69466;69794;69067;69890;69540;69892;69548;69822;69939;70133;70004;69842;69549;69891;70132;70185;69918;70385;70300;70384;70242;70383;70520;70518;70325;70523;70005;70680;70681;70522;70573;70679;70519;70689;69489;70678;70967;70162;71028;70521;71026;70998;70968;71074;71030;71076;71027;71099;71091;71100;71092;71075;71029;71031;71032;71511;71509;71510;71608;71101;71606;71607;71936;71554;72019;72018;72024;71605;71604;71512;72023;72056;72020;71508;72082;72022;72021;71609;72055;72131;72134;72100;72101;72132;72467;72133;72530;72495;72468;72099;72529;72551;72553;72550;72564;72135;72594;72597;72531;72641;72614;72596;72532;72136;72563;72595;72919;73000;72998;72999;72920;73001;72642;72552;73003;73002;63017;50849;19913;37545;72081;178298;66977;73051;72921;73005;70837;73052;73128;73067;73447;73053;73445;73066;73467;73446;73448;73068;73444;73466;73604;73443;73933;73582;73449;73931;74029;73977;74068;73976;74071;73932;74073;74075;74074;74070;73934;74072;74030;73489;74077;74415;74082;74069;74081;74078;74417;74079;74448;74080;74418;74419;74447;73978;74449;74416;74446;74454;74452;74451;76435;74481;74450;74480;76423;74513;76437;76439;76471;76436;76068;76481;76470;76469;76438;76480;76482;76886;76885;76440;76923;74076;76924;76953;74453;77039;76925;76955;77038;77074;77037;77075;77042;76952;77097;77639;77041;77096;77040;77643;76954;77641;77098;77644;77651;77640;77647;77653;77655;77654;77657;77645;77649;77650;77802;77646;77656;77642;77652;77648;77658;77839;77887;77950;78018;78019;77842;77888;77838;77841;78062;78613;78614;77889;78617;78664;78612;78615;78684;78665;78061;78686;78688;78731;78666;79321;78718;79366;77977;79347;79405;77843;78687;79407;79408;78616;79411;79409;78732;78685;79410;77840;79322;76887;79588;79406;79572;79573;79367;79610;79630;79612;79983;79986;79985;79589;79984;79989;79613;79991;79633;79631;79987;79632;79995;79990;80041;80042;79988;79611;80384;80385;80426;80428;80429;80427;80425;80383;79992;80431;80433;80435;80434;80432;79994;80437;79993;80467;80386;80382;80466;80456;80560;81194;80468;80563;80562;81198;81197;81196;80561;80436;79996;81234;80578;81282;81195;81236;81235;81280;81284;81237;81336;81334;81333;81337;81933;81937;81939;81938;81936;81934;81335;80430;81233;81942;81944;81943;82317;81281;82316;81283;81932;82321;82320;82318;82324;81941;82315;82323;82319;81935;82325;82330;82327;82328;82322;82326;82332;82336;82339;82337;82341;82343;82342;82345;82344;82340;82348;82347;82350;82349;82352;82355;82354;82353;82351;82346;82334;82357;82359;82358;82361;82363;82362;82365;82364;82360;82367;82329;82369;82371;82368;82372;82374;82375;82370;82333;82376;82338;82373;82331;82380;82378;82382;82381;82386;82335;82384;82387;82389;82366;82383;82377;82385;82391;82392;82388;82395;82379;82356;81940;79571;82398;82390;82400;82403;82393;82399;82394;82402;82405;82401;82397;82411;82409;82404;82410;82413;82415;82414;82412;82417;82419;82418;82421;82422;82446;82484;82408;82449;82406;82451;82450;82420;82454;82455;82452;82448;82407;82416;82459;82447;82486;82560;82563;82562;82561;82456;82618;82684;82633;82736;82686;82738;82737;82685;82617;82558;82559;83097;83099;83098;83104;82453;83103;83155;83102;83100;83169;83156;83245;83244;83170;83247;82485;83254;83243;83250;83101;83246;83096;82458;83275;83276;83329;83284;83248;82457;83157;83249;167905;167918;167870;129355;129359;167896;167854;84796;167888;87725;91765;83158;93845;86874;93828;167869;93609;167907;167871;167860;96486;104437;121191;129062;167904;167850;167906;167873;167890;175568;129360;125735;95540;83274;185533;93719;72713;87726;99670;93739;93829;93610;95632;167880;185538;167894;91766;95541;167875;93788;167856;167883;121422;167868;167901;129353;167840;125732;131289;138099;133679;141203;84797;142219;148830;128879;105076;93810;93718;167902;167898;105077;129356;167858;167849;125730;167862;129501;167897;167842;133682;128974;96487;167855;132051;121394;148833;141205;128973;157853;157911;157461;142220;138101;152112;96488;167872;167156;167182;129358;154939;167848;132054;133678;105079;129352;105078;149002;93740;141198;167859;128876;148828;157467;154973;142216;138103;149030;160720;125731;175554;152111;138102;148835;149238;148827;142217;157855;163502;157921;141204;152115;148829;154937;185542;161053;175553;133681;128878;132050;152117;162409;149031;157462;157856;157910;160722;163896;157464;157909;141202;160721;154940;129052;148826;185539;142221;148831;175559;154635;157857;157459;160725;157920;157919;160723;152114;157460;157468;175564;164027;185541;187906;185540;185534;64932;63147;175555;185543;72710;64934;63149;64933;167877;164028;157858;164120;175563;175562;82396;167861;167851;167889;167863;167899;63148;63150;164026;167838;65731;167908;65732;167839;72373;64935;79826;148834;72712;121190;129354;72374;167895;93846;87727;72709;93616;91767;87728;87210;167886;167892;167903;167857;167891;167887;167878;167879;95633;93611;167884;167876;84798;128975;129051;129357;133680;132079;173511;96489;173553;138100;130627;130626;172891;173594;173605;172761;64502;172928;173028;172795;172840;172802;173015;173573;172849;173579;173588;172957;184015;173564;173600;172756;172995;172860;172765;172947;172945;172936;172939;172791;172793;122258;172831;173008;174564;172887;172940;172809;174543;174544;172735;172967;173528;183439;172736;173583;172900;174558;173386;173548;172932;172998;173545;189279;173006;173596;174759;173565;173557;185476;182150;182147;182149;173608;173385;183061;172895;173547;172971;174542;172915;172833;172924;172841;173026;173018;172818;173540;172787;172898;173578;172964;173501;174548;172792;173542;173541;172935;172901;172960;172890;172813;172927;180415;172770;172893;173595;185991;172866;183060;189280;185992;172830;176697;172922;172776;172843;172823;182146;182159;172993;176607;185455;173031;185994;172850;179701;172954;172961;179699;173533;173030;172944;172784;172760;173502;172811;172980;172779;173551;172820;172778;172743;173598;172847;173458;173497;173535;173552;172842;172773;173519;173521;173584;172759;172925;182137;173562;172989;173539;173599;172739;173536;172824;172948;172754;172747;172819;172798;172905;172827;173499;172934;173570;173495;172923;173498;172987;173522;173523;173514;172797;172737;172863;172758;172876;172942;172966;172982;173563;173590;173601;172955;172910;172903;173537;173544;173021;172899;172892;173489;172748;173526;173487;173010;173582;173520;173602;172839;172952;173597;173490;172916;173505;172800;172977;173586;172814;172804;172951;172740;172877;172859;172805;176608;172868;172941;172978;172962;174559;173465;173470;177757;176625;172786;185988;176623;176615;173460;173024;172836;173474;172807;172902;173462;174541;173469;177753;176624;173466;177819;180350;173461;179698;179697;180355;179694;179700;180353;180409;180354;180356;180359;180414;177759;179696;182140;182139;185437;182138;172769;185993;185987;185995;180352;185996;173492;180413;185998;182160;173473;182164;172854;177816;177817;172829;172881;173027;173527;172853;173013;172789;182151;173559;172852;173471;185989;173566;173571;172844;172767;172979;172926;172974;172821;173500;172812;172803;173002;173023;173029;173005;182161;172801;182142;173558;172848;172904;173003;182375;172908;172973;172907;172930;173025;172920;173022;172919;172906;172950;172883;172764;172782;172825;173016;172874;172780;173009;172775;172749;172771;172783;173504;172985;173567;173580;172997;172774;185978;172757;177815;172911;172938;172990;182372;177814;172984;172790;173574;172937;172889;173513;182373;173486;173507;173506;173604;172806;173589;172991;172858;172781;172996;172862;172983;172981;172914;172969;172888;173493;172857;172741;172846;172878;173491;172752;173543;172913;179361;172751;172845;172762;173000;173531;172750;172872;177754;172815;172834;172975;172946;172949;172817;180358;172988;172933;173014;177755;173494;172885;182158;173515;172864;172921;183087;173607;173577;173609;189277;172822;172870;173538;172886;185499;173556;172753;172794;172912;177758;180199;189283;185501;173019;189281;174545;172788;172968;172965;173508;173576;173459;173529;172894;179695;173554;172738;176622;187782;180357;173467;173517;172869;173591;173569;176627;172777;172897;172766;181425;172763;173568;172917;172796;174539;172745;172882;172826;172943;172832;172963;182148;172958;173020;172867;172880;172856;172994;172799;172785;172734;172970;172931;185990;172746;173012;184014;172986;172972;172861;172744;173516;172953;172828;172742;173007;172959;185500;173524;172855;172838;173546;173512;172929;173560;173610;173509;173585;173561;173503;172871;172918;173485;172772;173530;172808;172999;172884;172879;173004;172837;172865;172956;173001;172992;173555;173011;172851;173496;172896;172873;173587;172835;172768;173017;173603;173488;173532;173525;173549;172976;173593;172810;172755;173575;173518;173464;173468;176629;172909;173606;176626;173463;173534;172875;182143;176628;182141;182163;182152;173581;182162;172816;173510;182145;184017;182144;173550;63268;177818;182374;173592;180351;181424;153617;163587;169456;95924;87923;87922;83954;31733;182156;73183;70396;73187;70398;157126;184016;173572;189278;72711;153891;155017;185997;155446;139744;127116;175065;127117;150864;153460;139745;148958;81247;29900;164179;163020;157872;165182;124366;100784;111532;81246;135181;143116;25091;141105;135972;152042;146619;160054;145262;87955;146620;136667;150860;134762;67119;128416;81422;72729;88624;67120;81106;100572;97352;148261;82620;144970;141833;154721;130271;166139;72730;95469;141779;95470;77477;12107;152041;156023;69915;57728;103529;57713;69916;100131;42290;100130;50986;65942;61719;65580;72349;170672;102355;148846;173646;100125;87500;72186;72216;91310;89940;144450;91500;136668;110272;137648;72587;72588;70412;38654;159332;31640;45627;72204;11577;66634;25683;11570;66633;19310;14826;20987;14825;14827;11910;19600;21728;24909;176889;102083;187121;104667;11890;101114;167399;166488;164277;167799;164278;185950;127910;102082;180005;59453;140132;122582;108712;123752;136338;159816;159592;162503;162168;161989;159465;162776;164253;160319;162624;104668;73149;161198;136339;163893;165721;165210;164658;166629;167274;163415;168239;161717;168406;164638;166145;168877;22256;171334;171927;166749;170690;171268;170783;171332;170725;171333;170007;174524;172572;173711;175396;174883;176816;177519;180040;179408;178285;181128;178727;180197;181483;176230;180416;174286;177820;183979;185436;184320;182556;187660;189126;186681;186447;181314;185901;187184;138175;189188;189605;182419;176838;138176;186985;138215;138337;139060;139059;189923;138336;136968;141363;141009;139034;139061;142740;142456;143156;142901;144809;146207;146271;145448;143588;141815;138216;183055;147192;148298;187966;147812;148693;149090;148565;140792;150138;150281;150999;152004;148939;151810;152685;138177;138214;150868;152232;138174;153368;150721;149476;153666;153450;154738;153995;156077;155653;154327;153839;153369;157881;156916;156545;159037;158583;156011;159239;136969;71176;49675;112153;88955;93231;93226;157369;72417;171335;56448;109915;112152;155601;72879;56633;154998;77910;68879;125154;68880;109916;158097;162560;100551;108813;105109;51352;51351;174413;93227;56998;97085;179636;140517;139231;138603;171549;84669;138602;92361;93232;174405;130091;176212;146586;93228;93233;136664;81261;133306;186477;136665;101027;135177;104497;144813;62033;175408;118095;50346;144792;179635;187058;93234;92219;93229;76404;74250;92220;74251;148481;151593;147723;150362;148462;147724;148472;139483;122256;141452;158784;142713;147726;151591;149384;136617;147725;146417;88700;131186;129057;136618;137728;178164;156113;187378;138523;92414;92375;92362;92415;92374;103569;92376;92370;92413;92363;92371;122546;92419;92420;92416;162570;92421;162416;92418;131023;92377;92423;92365;92364;187318;112279;92424;92426;92422;92425;92417;92429;92432;92373;92369;132101;92431;92367;92428;92366;92368;92434;92372;92439;92436;93230;92430;92438;92435;92427;93235;92437;186353;176072;122927;151623;164293;92433;34470;31719;59108;88931;126506;126648;67243;122363;72334;135921;154963;149642;65915;81777;81778;35953;18813;18244;17604;57768;15432;57919;58005;19718;62743;63548;61714;58897;62997;58348;60042;18065;17218;160465;17603;14668;59408;88934;122243;161415;175332;176743;180234;181352;62588;177929;163662;174075;164348;166210;168657;170102;163497;18064;171456;167637;161716;18243;179144;172513;165259;165262;166209;62579;29744;167633;19719;170099;168651;175330;179140;171454;180231;181357;178147;164344;178146;172515;18689;176741;174076;181877;186186;186032;177932;183784;189367;179143;181875;181349;189364;180232;187077;59407;187079;182134;186030;58898;60043;61715;25349;24875;21225;22369;21627;183785;21322;23930;62580;24701;70714;22095;62589;63549;20842;62744;70947;182133;65130;23633;69268;64723;63551;66479;65806;63550;31652;66992;33393;65805;30209;34766;31864;28329;62998;35251;25735;27521;66993;25820;65131;26068;69993;70948;73098;72330;66480;74439;34268;69992;73768;71346;76762;33505;70715;69269;35218;77498;70716;38200;40351;70949;39372;73769;71347;72331;33522;42305;45392;34267;44658;40478;35778;35581;34767;76763;74440;43173;73099;40930;36215;77499;79664;36045;82502;77500;84579;79665;78473;78472;77906;82038;83438;35219;64722;77905;80522;82039;47123;162602;77904;50084;49145;50382;81520;40479;40931;52766;44659;42306;51120;50085;80523;51121;52530;47781;53594;45133;56037;43174;53593;52767;45393;55901;55287;52531;58006;56334;47782;58349;57769;47124;56750;45403;56119;47829;81521;49146;82041;82503;50383;84580;82583;82998;85385;83439;86763;85688;86070;88460;88753;89874;84581;90791;87475;86071;57316;86764;53595;85274;88461;86418;85386;93661;90792;88754;91546;95885;96775;87476;94959;99630;91547;90793;117941;93662;97638;85689;82040;55288;95437;94960;89875;95474;92755;92754;95886;99125;96776;95475;97639;85275;100126;99631;100809;106302;102358;104637;105212;99126;108755;108376;103679;102359;110809;109868;99632;103680;100810;100127;105040;55902;105616;106303;108377;108756;108587;105213;106561;104638;109869;117670;108586;117293;110810;56120;118395;121477;119606;125363;128530;122194;122950;117920;126624;117921;118397;117668;126071;126001;110811;123134;121512;122233;117294;122948;123012;128062;138083;128061;125877;130172;132714;131767;126002;139063;128528;126622;126072;139787;133677;125361;134407;56038;94232;128525;136357;119604;130170;132709;135201;56335;137051;131773;135276;136404;133693;129101;138445;135202;137049;132715;134405;135274;149255;151574;150122;139074;148775;153090;153877;139791;142913;141570;152414;146424;144278;146781;144770;139040;145446;138085;142611;141571;148012;139789;142910;142613;145465;146780;140734;146425;148767;148014;56751;144771;144282;150802;151571;150119;57351;162604;163494;161712;152412;149281;155915;153878;153105;152635;161414;158657;158692;154817;160467;153881;156603;157446;154819;153089;156606;158654;159530;158694;15408;155917;12642;159527;15712;14181;20862;140732;40362;164345;57770;63552;57920;157443;62999;16085;58007;14728;58350;59410;14192;58899;62745;61716;60044;62590;177089;163661;174166;175371;62581;179227;180326;164353;178774;181356;177928;165300;166433;165570;168330;171552;170669;169033;170918;17605;173624;168656;164539;179232;180324;19269;167640;19694;181881;182367;181354;186188;189365;183809;59409;186036;60045;187076;24748;22096;61717;20735;23635;62591;23929;29743;22370;63000;62582;58900;183833;70717;64725;21628;63553;65192;64724;62746;172591;71044;132711;25350;34471;65191;66482;65808;31193;69994;39853;66995;66481;69271;69270;66994;33563;14197;34819;34294;35977;35287;25837;40664;71045;45110;32134;39493;69995;25754;70718;72332;71348;73100;44111;51122;45394;74441;44961;47783;76764;47784;50086;47125;49147;77501;50384;28226;56039;53596;56752;56121;49148;55289;58008;52532;52768;57771;77907;51123;58351;77502;77908;82504;81522;87110;84582;79666;80524;83464;96269;78474;76765;73770;97663;96905;108519;105507;55887;101772;50087;50385;99968;109946;105044;111044;118593;111981;56122;117939;123507;95476;55886;123509;126218;126704;138096;56040;128972;128775;139870;128970;122402;125359;139185;130365;129390;133691;135413;132774;121600;148773;56336;137087;139318;131956;152452;154060;136359;149528;149257;150157;138589;153111;143058;143426;146783;139868;141775;152633;148110;144284;56753;152503;151613;57352;148395;162671;165245;163582;154875;164355;155919;144854;145468;154059;158653;156610;156195;157907;159546;158929;160527;161416;158069;59980;79638;90510;58435;103876;97833;12016;57033;100464;59643;63643;82828;161713;125950;51836;62028;161691;62758;33395;55532;175373;12204;18027;15465;11314;11159;11835;11808;125313;10673;108593;29314;10939;11214;11870;91827;10862;108409;10145;10674;11067;64784;102683;11217;73756;18049;72179;17816;17818;17815;17819;17817;17822;17823;17824;30219;17825;17820;17828;17826;17821;17800;17829;17697;17802;17831;17827;17691;17801;32137;17804;17832;25759;17833;17830;42899;29251;17805;17834;34159;17806;17808;17809;17807;29345;42900;35766;34160;57604;25242;46328;47158;17803;46702;17810;49711;48759;50527;17835;62927;17799;62637;58802;59448;62639;62638;68937;65733;71971;70461;63617;66177;57606;59967;59449;66178;63618;65734;62641;58661;71972;62642;71973;70462;62640;77669;73318;71974;88379;86546;85536;73572;76529;89054;87419;86657;90829;88380;86658;68938;91994;90830;84924;91993;93376;93000;95877;93001;94165;93375;101977;99510;101819;94196;106098;104048;99514;17836;109166;109167;103965;106097;95876;118233;66179;68939;73573;111154;71975;73574;88381;78477;70463;86659;77670;99511;80886;71976;82799;82800;85537;111153;85538;88382;76530;84767;85223;86547;90682;87420;86661;86660;89055;90831;88383;90683;93002;91995;91996;93003;93377;94166;93378;99515;95878;101978;90832;95879;94197;106100;101820;104049;103966;111155;109169;109168;106099;124158;118234;145252;121227;132956;111156;138571;126782;141796;135699;130025;88384;99512;91998;89056;91997;93004;90684;93379;93005;90833;90834;94167;95881;95880;94198;101979;99516;103967;101821;106102;106101;104050;93380;99513;118235;111158;111157;109171;124159;132957;126783;135700;83347;130026;148936;141797;151969;145247;138570;121228;163333;109170;170145;154259;183396;159976;156907;17811;17814;17813;87421;178472;17837;111160;17812;85539;36020;174554;111159;124160;121229;130027;118236;135701;148937;126784;141798;34161;138560;145251;163332;156908;159977;154258;151968;178471;170144;189234;21632;183394;189233;174555;61393;132958;166310;14319;10343;17838;183395;96725;96726;101811;96728;96727;96729;64503;96724;133181;174521;99519;99520;189353;99518;189354;189355;183437;96723;189352;99517;124175;71116;138561;11299;61696;183438;29346;14831;88698;34162;10626;19416;32138;14343;15477;15449;91823;11192;71862;11842;34727;25198;24905;10481;129468;57558;17313;187858;17690;146199;64263;10719;57605;17698;166309;147021;108716;10761;110231;165454;25799;11219;89028;108689;99440;25612;43815;42409;118730;10150;15572;11830;81403;140657;29928;58769;102709;58770;102711;102713;102712;102710;31135;19695;19696;31343;28377;14272;50547;25767;182591;70943;178718;163282;127140;127142;127141;127147;127148;127144;127145;127143;127146;127150;127152;127151;127155;127154;127153;127159;127157;127158;127160;127156;127162;127167;127163;127166;127168;127164;127165;127161;127170;127172;127171;127174;127176;127175;127179;127178;127180;127173;127182;127184;127183;127181;127188;127169;127186;127187;127177;127190;127192;127191;127189;127194;127196;127195;127199;127198;127197;127193;127200;127201;127205;127206;127204;127207;127203;127212;127209;127210;127208;127214;127213;127216;127218;127217;127220;127185;127215;127223;127202;127219;127211;127227;127225;127222;127224;127229;127228;127231;127230;127234;127235;127233;127226;127237;127239;127243;127240;127232;127242;127236;127246;127245;127248;127238;127251;127241;127250;127255;127253;127247;127252;127260;127256;127257;127259;127249;127258;127262;127261;127254;127244;127264;127266;127265;127268;127270;127269;127267;127272;127274;127273;127278;127277;127279;127276;127275;127282;127281;127283;127284;127287;127286;127285;127288;127271;127291;127290;127293;127298;127296;127295;127292;127297;127221;127294;127289;127280;127263;127300;127302;127305;127306;127304;127303;127301;127309;127310;127308;127312;127316;127313;127311;127307;127320;127318;127314;127317;127322;127321;127324;127323;127319;127328;127326;127329;127327;127331;127332;127333;127339;127334;127330;127336;127338;127337;127325;127343;127342;127341;127346;127345;127340;127350;127315;127351;127349;127352;127347;127353;127344;127358;127360;127362;127357;127364;127348;127363;127366;127359;127356;127367;127368;127361;127369;127374;127371;127355;127373;127365;127354;127372;127335;127377;127378;127376;127382;127384;127370;127381;127379;127383;127380;127388;127387;127390;127393;127389;127394;127396;127392;127391;127398;127395;127399;127385;127386;127401;127400;127404;127406;127403;127407;127408;127405;127402;127412;127410;127411;127416;127417;127413;127420;127414;127419;127418;127409;127422;127424;127415;127426;127397;127423;127425;127430;127428;127431;127429;127433;127427;127437;127435;127439;127440;127434;127436;127443;127441;127432;127445;127442;127438;127452;127448;127450;127453;127446;127449;127451;127447;127455;127457;127456;128701;128704;128703;128702;127458;127459;127454;127421;127444;127149;127299;128694;128696;128693;128700;127375;128699;128692;128687;128689;128688;129900;128697;128698;128691;129901;128705;129904;129899;129921;129920;129905;129898;129906;129912;129933;128690;129907;129913;129886;129884;129888;129889;129887;129926;129935;129893;129883;129892;129915;129914;129895;129894;129927;129934;129928;129929;129891;129932;129910;129937;129936;129911;129925;130202;129902;129924;129922;129903;129909;129908;129923;130201;129941;129931;129940;129930;129919;129939;129938;129917;129896;131769;131768;129897;131771;131777;131417;131770;131774;129890;131404;129918;131405;131414;131776;129916;131410;131409;131426;131406;131425;131415;131412;131411;131421;131416;131413;131419;131423;131407;132458;131424;131420;132444;132506;131408;132508;132472;132476;132461;132443;132505;132473;132503;132477;131422;132507;132497;132470;132498;132501;132462;132441;132493;132504;132494;132479;132480;132457;132442;132502;132460;132488;132487;132447;132486;132456;132491;132485;132448;132455;132474;132492;132511;132446;132459;132509;132510;132454;132453;132475;132495;132445;132483;132451;132484;132496;132450;132434;132466;132512;132433;132467;132452;131418;132449;132468;132436;132438;132587;132437;132471;132464;132439;132465;132463;132490;132489;132481;132469;133086;132500;132588;133073;133072;132440;132478;133070;132482;133084;133085;132499;133074;133075;133076;133080;133081;134320;133077;133082;134325;134324;134317;135759;133071;133079;133087;135762;135764;135763;134310;133083;134412;134321;134411;134318;134309;134323;134312;135760;134314;134315;134410;134322;134316;136903;134313;136902;136909;134311;134409;136908;136904;136907;138767;136911;138771;136910;138766;138774;136905;138778;138773;138777;134319;138769;138779;137058;138772;136906;138776;138775;138780;138768;135761;140293;140292;140282;140281;141406;141401;141399;141402;140697;140288;141400;140289;140698;140283;140290;140277;140276;140284;141404;141405;140275;140274;140291;140286;141407;140287;141403;141408;143895;143960;140285;140279;140278;143938;140280;143894;143939;143916;143907;143953;143961;143909;143906;143928;143918;143917;143896;143930;143897;143987;143952;143925;143927;143998;143908;143944;143926;143986;143924;143943;143984;143999;143923;143888;143982;143892;143985;143912;143893;143983;143957;143911;143889;143956;143931;143915;144085;132435;143941;143965;138770;144086;143964;143967;143962;143966;144000;143963;143969;143945;143968;143980;143929;143922;143901;144001;143959;143921;143958;143900;143920;143989;143981;143955;143919;144003;143913;143978;143934;143935;144002;143979;143996;143948;143949;143997;143954;143914;143988;144009;144010;143950;143932;143937;143972;143992;143951;144049;143993;143973;145703;143898;143899;145702;143946;143936;143970;144048;143947;143975;143903;144007;143994;144008;143974;143904;144005;144087;143905;143891;143976;143902;143971;144006;143890;144088;143933;143990;143991;143940;147405;147340;147312;147313;147339;147298;147292;147406;147408;147391;143995;147274;147299;147390;147293;147321;147407;147400;147322;147288;147338;147337;147287;147371;147372;147373;147387;147386;147379;147370;147311;147399;147273;147361;147279;147310;147362;147280;147301;147326;147290;147398;147291;147325;149335;147360;147300;147303;147278;149336;147349;147277;147302;147350;147359;147395;147347;147316;147238;147348;147368;149337;147237;147353;147374;147375;147369;147253;147270;147269;147254;147344;147354;149338;147394;143977;147378;147711;147710;147381;147366;147259;147258;147385;147380;147251;147367;147384;147403;147328;147404;147388;147257;147410;147327;147345;147247;147252;147248;147346;147355;147281;147239;147240;147389;147409;147282;147356;147332;147331;147364;147309;147308;147383;147271;147382;147272;147363;147351;147265;147336;147335;147352;147397;147266;147396;147334;147708;147323;147297;147246;147245;147296;147333;147295;147304;147377;147401;147376;147324;147392;147284;147283;147393;147264;147709;147263;147243;147262;147319;147320;147244;147317;147294;147276;147315;147318;147305;147275;147285;147314;147357;147242;147306;147307;147286;147249;147358;147289;147241;147267;147261;147268;154607;154552;147342;147341;154553;147260;154500;154609;154478;154590;154585;154531;154536;154636;154625;154605;154533;154515;154480;147250;154479;154521;154517;154527;154522;154571;154623;154524;154573;154530;154594;154465;154507;154501;154575;154624;154617;154520;154488;154613;154546;154564;154545;154489;154572;154582;154563;154595;154475;154481;154540;154539;154622;147402;147343;154547;154499;154615;154600;154535;154463;154474;154534;143942;154510;154597;154583;154559;154626;154452;154508;154502;154574;154577;154599;154592;154619;154567;154556;154593;154621;154557;154506;154548;154482;154560;154470;154587;154596;154633;154519;154639;154551;154511;154631;154505;154561;154493;154492;154464;154544;154518;154628;154555;154450;154441;154566;154528;154532;154562;154487;154586;154581;154516;154579;154604;154523;154608;154483;154494;154490;154543;154598;154462;154578;154476;154542;154457;154466;154565;154616;154447;154554;154445;154550;154509;154570;154467;154526;154486;154610;154591;154541;154614;154504;154461;154584;154485;154503;154525;154576;154496;154568;154495;154498;154454;154529;154588;154601;154602;154558;154497;154549;154448;154469;154451;154471;154491;154468;154459;154442;154460;154455;154472;154443;154446;154440;154444;154453;154538;154537;154484;160776;154477;154456;160733;160841;160798;160830;160831;160848;160764;160835;160828;160752;160758;160809;160806;160823;160735;160810;160745;160850;160759;160826;160753;160832;160779;160782;160780;160738;160834;160849;160821;160860;154439;160833;154603;160792;160800;160736;160740;160803;160801;160791;160867;160788;160757;160778;160743;160866;160862;160804;160812;160845;160825;160760;160802;160730;160855;160767;160794;160773;160766;160785;160789;160771;160851;160799;160854;160786;160815;160820;160775;160871;160728;160777;160836;160869;160864;160865;160838;160805;160829;160737;160824;160822;160755;160756;160787;160734;160872;160749;160768;160863;160840;160750;160827;160783;160747;160742;160795;160774;160746;160772;160808;160847;160807;160727;160873;160868;160811;160852;160816;160870;160837;160784;160861;160813;160770;160796;160741;160844;160818;160839;160790;160754;160781;160793;160748;160814;160769;160732;160729;160819;160817;160731;160761;160765;167465;160857;167505;167451;167485;167476;167454;167477;167282;167482;167462;167491;167475;167456;167466;167472;167455;160797;167503;167495;167463;167498;167481;167453;167480;167494;167502;167487;167452;167504;167470;167490;167497;167479;167496;167483;167473;167467;167464;167478;167486;167471;167499;167488;167489;167493;168928;168932;167474;168931;167468;168929;171711;171706;167484;171712;168927;167469;168930;171709;160744;167457;160739;171713;171702;171708;171705;171710;174079;174099;171703;174066;174060;174073;174064;174093;174085;174084;174092;174053;174086;174088;174082;174054;174062;174069;174071;174057;174091;174095;174052;174056;174051;174096;174072;174102;174101;174090;174087;174094;174098;174097;174067;174058;174063;174070;174068;174083;174081;174080;174059;174078;174100;174061;187319;174089;187323;187322;187343;187320;187341;187321;187325;187342;174055;187339;187338;187337;187340;187332;187333;187345;187336;187334;187331;187335;187329;187361;187326;187355;187360;187359;187357;187358;187344;187330;187351;174065;187328;187354;187324;187347;187327;187350;187349;187356;187367;187365;187346;187362;187352;187364;187348;185403;185414;187363;185391;185382;187366;185386;185388;185389;185384;185411;185427;185387;185428;185426;185410;185407;185409;185390;185404;185408;185385;185392;185383;185413;185393;185402;185405;185406;185412;174760;185401;187353;185435;66765;66026;66764;66025;66763;147731;23932;19700;25756;35288;25293;21609;21608;47827;110839;179440;181867;27574;47899;27534;181646;54922;23970;72348;69557;55471;53536;48407;48364;66335;63337;57890;43060;34049;71523;31136;51367;54988;171704;154580;34085;128695;25524;56691;65674;47039;65675;74261;36103;29898;40852;25952;33481;56682;25125;65807;21340;23978;65722;23769;23699;58447;45569;66913;58968;50679;58445;72814;56668;32481;25294;26071;26922;56684;64938;64937;67122;57556;82528;83521;142481;146428;72483;157125;151287;171153;63417;133059;133058;122510;133307;126049;138358;152124;145035;149045;158892;163399;87412;155842;174019;163887;177834;185433;93912;90119;94576;168370;95370;97386;134761;102783;100259;103458;10654;105777;111107;27524;27525;26012;26198;31348;26013;96002;162619;77562;176522;77563;111385;77605;176523;74514;111384;74516;74518;74520;74517;74522;74526;74525;74521;74528;74519;74531;74523;74529;74530;74524;74527;74534;74536;74535;74532;74542;74539;74541;74540;74537;74544;74545;74550;74543;74538;74549;74547;74546;74553;74515;74552;74554;74533;74557;74555;74560;74558;74561;74548;74566;74559;74565;74563;74556;74567;74578;74564;74569;74570;74573;74568;74577;74571;74585;74576;74574;74579;74575;74581;74582;74587;74583;74589;74584;74586;74572;74580;74562;74590;74588;74592;74595;74593;74596;74594;74598;74600;74599;74601;74604;74608;74597;74610;74609;74606;74607;74614;74602;74613;74612;74605;74620;74617;74616;74618;74615;74622;74603;74619;74623;74627;74629;74625;74639;74611;74630;74628;74626;74591;74551;74624;74635;74633;74643;74637;74638;74641;74636;74640;74621;74632;74649;74644;74645;74634;74642;74656;74648;74653;74651;74647;74646;74657;74655;74654;74658;74652;74663;74662;74660;74659;74665;74667;74666;74661;74670;74669;74668;74672;74674;74676;74675;74673;74678;74671;74681;74650;74679;74683;74664;74682;74680;74685;74689;74686;74692;74687;74695;74684;74693;74690;74694;74697;74691;74688;74699;74700;74696;74702;74705;74704;74709;74706;74701;74710;74703;74707;74722;74714;74713;74711;74698;74716;74715;74719;74708;74720;74712;74723;74721;74724;74718;74727;74725;74731;74677;74726;74732;74730;74734;74733;74738;74737;74728;74736;74744;74729;74741;74743;74735;74749;74740;74746;74742;74748;74747;74755;74751;74753;74754;74745;74752;74758;74756;74757;74750;74762;74739;74760;74759;74764;74763;74768;74766;74769;74767;74765;74774;74771;74775;74772;74773;74776;74777;74778;74780;74786;74779;74770;74789;74782;74790;74783;74787;74792;74791;74788;74785;74797;74795;74796;74801;74793;74784;74799;74781;74798;74794;74717;74800;74761;74631;74803;74804;74807;74806;74808;74811;74805;74817;74813;74819;74818;74816;74809;74812;74810;74822;74814;74821;74815;74824;74823;74826;74828;74827;74829;74832;74825;74831;74841;74835;74834;74837;74833;74838;74836;74840;74842;74830;74839;74844;74845;74846;74849;74843;74854;74851;74848;74852;74850;74820;74885;74855;74858;74856;74859;74860;74857;74863;74862;74869;74866;74853;74865;74867;74861;74868;74871;74873;74875;74870;74876;74872;74880;74891;74877;74878;74883;74879;74864;74884;74881;74882;74874;74890;74888;74889;74887;74895;74847;74892;74893;74898;74896;74897;74899;74900;74911;74904;74901;74903;74894;74905;74906;74909;74908;74918;74902;74910;74912;74913;74914;74919;74915;74916;74925;74920;74923;74926;74921;74924;74922;74917;74931;74928;74930;74932;74907;74937;74933;74929;74935;74936;74938;74934;74939;74940;74941;74944;74946;74943;74945;74951;74948;74949;74954;74942;74957;74958;74952;74950;74956;74953;74959;74955;74947;74927;74886;74963;74962;74960;74961;74969;74967;74966;74965;74971;74968;74973;74972;74976;74975;74977;74978;74970;74983;74974;74981;74985;74987;74980;74984;74979;74989;74990;75036;74986;74988;74991;74993;74992;74995;75003;74996;75002;74997;74982;75000;74994;75001;75005;75011;74999;75004;75007;75006;75010;75008;75012;75015;75014;75016;75013;75020;75021;75018;75022;75028;75026;75023;75030;75025;75032;75031;75034;75027;75035;75019;75033;74998;75017;75024;75029;75009;75093;75041;75038;75047;75046;75044;75040;75049;75045;75052;75053;75055;75042;75056;75054;75062;75057;75048;75043;75060;75061;75063;75064;75069;75067;75068;75050;75071;75070;75073;75075;75077;75039;75059;75072;75051;75065;75058;75066;75076;75079;75081;75074;75080;75086;75085;75082;75084;75088;75083;75090;75141;75092;75087;75097;75095;75098;75096;75089;75100;75101;75105;75103;75109;75094;75106;75104;75107;75102;75108;75112;75114;75091;75111;75118;75116;75119;75099;75078;75037;75115;75110;75123;75117;74964;75125;75113;75128;75129;75127;75124;75121;75126;75122;75133;75137;75135;75134;75130;75132;75131;75139;75136;75142;75138;75143;75145;75144;75147;75149;75148;75146;75153;75155;75154;75152;75151;75156;75150;75158;75157;75161;75140;75168;75167;75165;75160;75166;75170;75164;75163;75171;75173;75162;75176;75169;75179;75172;75174;75175;75178;75187;75180;75181;75183;75184;75186;75185;75182;75190;75189;75192;75193;75191;75195;75196;75177;75199;75198;75201;75194;75188;75204;75202;75197;75203;75209;75205;75206;75211;75159;75215;75212;75208;75214;75207;75210;75213;75216;75219;75222;75221;75217;75220;75224;75226;75225;75223;75230;75228;75234;75229;75233;75235;75237;75236;75231;75239;75227;75218;75243;75232;75245;75240;75247;75241;75244;75242;75284;75248;75249;75254;75251;75255;75253;75252;75259;75246;75258;75262;75256;75264;75263;75261;75250;75257;75267;75269;75272;75268;75271;75273;75265;75274;75200;75266;75260;75270;75275;75238;75277;75279;75278;75286;75280;75327;75288;75281;75285;75282;75283;75292;75289;75293;75297;75290;75299;75291;75301;75298;75295;75294;75303;75307;75305;75300;75302;75306;75308;75287;75304;75310;75311;75312;75317;75316;75315;75318;75314;75313;75309;75296;75323;75322;75325;75321;75319;75324;75377;75329;75326;75331;75328;75332;75335;75333;75337;75334;75340;75338;75330;75343;75341;75336;75349;75342;75345;75351;75353;75346;75352;75356;75347;75358;75359;75360;75344;75366;75355;75348;75350;75357;75320;75362;75354;75339;75364;75369;75368;75363;75367;75365;75370;75376;75373;75374;75372;75392;75382;75379;75381;75380;75385;75371;75383;76104;76085;75384;75387;75388;76137;76182;75390;76183;75378;76228;75375;76211;76069;75386;76230;76181;76136;76336;76337;76340;76338;76341;76339;76365;76546;76366;75391;76342;76488;76723;76721;76343;76135;76957;76725;76958;75389;76988;76722;76959;76956;76960;77131;76724;77129;77134;77126;77132;77130;77177;77133;77128;76726;76229;77127;77288;77214;77135;77136;74802;75120;77289;77291;75276;77290;77296;77293;77295;77318;77294;77364;77432;77292;77618;77297;77431;77317;77620;77621;77693;77720;77719;77718;77660;77777;77803;77778;77844;77659;75361;77366;77565;77365;77845;77846;78021;78020;77967;75393;75394;78118;77734;78117;78115;77966;77804;77619;78116;78451;78453;77890;78452;78590;78497;78450;75395;75397;78636;75400;78498;78591;78720;78719;78733;78819;78734;78637;75398;78820;78837;78836;79267;78817;79102;79103;79101;77965;79106;79222;78635;79105;79107;79225;79198;78818;79224;79268;75399;79324;79226;79241;79223;79350;79349;79423;79412;75406;79574;79269;79323;79590;79615;79368;79614;79591;79617;75402;79755;79815;79796;75403;79592;79754;79616;75401;79817;79575;79348;79753;79819;79818;80043;79821;79820;79997;79413;80045;79998;80047;79999;80046;80049;80050;80048;75404;80044;80053;80052;80051;80094;80211;75411;80095;75407;80151;80275;80150;80152;80276;80212;80153;80300;80299;80301;75409;75408;80278;80246;75405;80274;79104;75412;75410;80277;80353;75414;81238;81241;75413;81240;80539;79816;81254;81252;81243;80093;81253;81239;80540;81305;81285;80542;81304;81372;81371;81397;81242;81417;81373;81287;81434;81561;81560;81416;80543;81589;81622;81418;81286;81562;81433;80541;81563;80354;81693;81692;81720;81763;81762;81761;81719;81765;81620;81691;81868;81963;81338;81945;81946;81964;81621;81870;82014;82013;82012;81764;82246;81869;81995;82245;82424;82423;82460;82462;82425;82461;81799;82487;81965;81623;82426;82635;82652;82651;82463;82655;82247;80355;82653;82754;82807;82756;82755;82907;83083;83025;82845;82843;80564;82515;82516;83105;83107;82654;83159;83106;80579;83171;83391;83392;83085;83230;83160;83395;83394;82844;83396;83397;83399;83558;83398;83800;83533;83393;83559;83802;83084;83801;80841;83534;83803;83804;83913;83807;83965;83867;83915;83805;83982;83914;83983;84013;84012;84106;80842;84014;80843;84136;83806;84135;84184;84185;84183;84137;84187;84284;84333;84186;84283;84134;82634;84335;84336;84387;84384;83557;84415;84439;84385;84414;83981;84416;84557;75415;84386;84630;84532;84629;84655;84657;84658;84497;84754;80984;80926;84755;84816;84865;84533;84869;84864;84656;80985;84996;84888;84870;84868;84866;84997;84998;84756;84867;84999;84720;85002;85003;85135;85174;80986;85186;85000;80988;80987;85136;85260;85187;85434;85432;85235;85371;85437;85525;85435;85524;85703;85702;85433;85835;85259;85610;85840;85609;85927;80989;85838;85836;85834;85701;85837;80990;85001;86045;85839;86046;85926;86047;86056;86091;86138;86120;86093;86182;86090;80356;86139;86092;86239;86094;86238;86183;86281;86284;86280;86321;86336;86287;86390;86392;85436;86283;86391;86337;86394;86338;86282;86437;86555;86393;86285;86595;80992;86286;86594;86646;86667;86436;86623;86596;80993;86732;86622;86734;86733;86730;86647;86737;86736;86956;86739;86694;86735;86776;86777;86738;86731;86957;86807;80994;86863;86740;86864;86961;86959;86801;86800;80991;85998;86668;86960;86890;86962;86891;86958;86924;86909;87004;81030;86965;86964;86963;87006;80438;87081;86923;81098;87083;87082;81064;87005;87003;87087;87084;87088;87117;87017;81136;81063;87115;87089;87116;87086;87439;87389;87391;87438;81138;81137;87166;87440;87714;87437;87390;81139;87085;87392;87486;87189;87393;87442;87444;87445;87488;87443;87394;81141;87447;81140;87518;87617;87618;87621;87517;87487;87620;87623;81142;87619;87446;87625;87629;87624;87627;87628;87622;87630;87626;87717;87634;87633;87715;87632;87663;87635;81199;87772;88533;87441;87716;87718;93064;93063;87631;81155;93074;93062;93146;93066;93092;88534;93105;93212;93065;93214;93104;93213;88535;93240;88394;93248;93216;93337;93336;93335;93250;88537;93363;93334;93362;93391;93390;93215;93430;93249;90569;93431;93432;93392;88536;93435;93434;93433;93444;93499;93445;93553;88538;93595;93585;93500;93436;93584;93596;93554;93597;93599;93598;93699;93675;93700;93702;88539;93704;93703;93701;86880;93583;88540;84334;93393;93707;93706;81156;93732;93708;93782;93758;93731;93757;93783;93756;93825;93824;93852;93856;88541;93855;88542;93995;93998;93823;93854;94000;93853;93851;93996;94001;94032;93999;88543;94060;88544;94033;94002;94062;94063;94090;94086;94088;94087;93997;94089;94034;94061;94092;94219;94128;87833;94216;94217;94241;94218;94239;94243;94129;94215;94242;94303;94244;94245;94302;94306;94240;94310;94220;94311;94307;94305;94309;94424;94308;88546;94426;94312;94529;88545;94531;94528;94425;94530;94596;88547;94304;94091;94423;94598;94599;94600;94602;94619;88548;94649;94664;94601;94754;94752;94694;94756;94753;94620;94695;88549;94894;88114;94755;94946;88550;94944;94906;94945;88551;94950;88552;94952;94948;94953;88553;95022;94947;94919;94951;95040;95273;95272;94949;95311;95310;95378;95274;95529;95530;88605;95377;95532;95531;95275;95551;95533;88115;95550;95553;95552;95463;95549;95555;95559;95558;95556;95557;95593;95594;95590;95560;95596;95592;95591;95597;95643;95645;95644;95554;95700;94597;95595;95647;95023;95646;95649;95703;95701;95707;95745;95706;95702;95708;95744;95704;95705;95750;95754;95747;95749;95751;95748;95746;95752;95753;95788;95789;95757;95790;95791;95818;95793;96028;96030;95912;91492;96029;95756;95755;95911;95976;95913;95792;96064;96063;88606;95910;88116;96130;96131;96133;96132;88607;96129;96173;96176;96175;96174;96246;96248;88611;88610;96247;88609;88615;88613;88635;88633;88616;88686;88632;88688;88614;88704;88706;88608;88733;88732;88687;95975;88705;88735;88685;88612;88772;88634;88775;88736;88771;88827;88774;88773;88825;88823;88826;88829;88855;88830;88918;88824;88878;93394;88828;88879;88920;88921;88923;88926;88919;94246;88927;88117;88922;88924;88854;88979;88925;88980;88118;89050;89019;89017;94093;89016;88946;94427;89092;89651;89653;89018;89090;89716;95395;89091;89715;89718;88119;89652;89813;89719;88120;88122;89717;89908;89855;89856;88121;89812;88123;89714;89910;88734;88978;89911;89857;95648;89814;89909;89913;88124;89914;89949;89950;89976;89916;88126;90017;89977;89975;89915;90056;88125;90061;90018;90058;90059;90057;90106;90060;90165;90135;90167;90136;90168;90169;90164;88129;90166;88128;90055;90172;88127;90240;90259;90170;90062;90260;90381;90418;90382;90253;90475;90476;90419;90294;90479;90054;90293;90481;90485;90341;90483;90477;90482;90480;90523;90524;90484;90173;90558;90528;90559;90478;90560;90557;90529;88130;90564;90594;90562;90565;88157;90522;90611;90563;90612;90700;90171;90609;90593;90610;90701;90772;90932;90702;90878;90904;90879;90906;90782;90783;90771;90665;90911;90910;91067;90908;90909;90934;90933;90907;91068;90905;90935;91069;90912;90982;90983;90903;90985;90981;91071;91070;90986;91147;91177;91204;91178;91111;91206;91208;91207;88131;91269;88132;91271;91270;87719;91274;91205;91273;91275;91209;91279;91278;91306;89093;91305;91277;91401;91406;91400;91290;91405;91403;88133;91272;91402;91404;91276;91289;91408;91409;90107;90984;91410;91413;90561;91412;91439;88134;91483;88135;91512;91484;91529;91511;91482;91485;91531;91438;91534;91411;91555;91533;91528;88136;91586;91585;91588;88138;91619;91618;91532;91630;91631;88139;88137;88158;91589;91620;91639;91640;91584;91587;91530;91709;91705;91708;91707;91710;91736;91723;91722;91774;91772;91793;88159;91792;91773;91866;91795;88160;91721;91865;91848;91869;91868;91849;91870;88162;91871;91887;88161;91889;91888;87730;91942;88395;91794;91941;88164;88163;91867;91706;91944;88396;91951;91945;91950;91952;88397;90108;90109;91953;91985;91986;88399;88398;91967;92308;91980;91984;92043;92007;92310;92353;92487;92449;92354;92507;92550;92352;92506;92594;92551;92450;91987;92596;92625;92597;92538;92714;92654;92715;92744;88166;92655;92309;92746;92488;88165;92598;92774;92743;92776;92930;92777;92773;92976;92778;92931;92853;92974;92978;92980;88400;92932;88401;92975;92979;92775;92977;92992;92595;92745;89912;91407;93705;75396;92933;92982;92994;92993;93068;96545;102966;96577;102965;93069;93067;91943;103157;103155;103156;102967;96249;88402;103154;96277;103159;103283;103160;96547;103161;103284;96546;103203;103285;96579;103162;103289;103288;96578;103287;103286;103158;103290;103395;103292;103396;103291;103397;103398;103399;103487;103451;96293;103588;96580;103621;103452;103623;103622;103591;103589;96582;96581;103658;103660;103400;103728;103661;103798;103800;103799;103659;104071;96622;103801;104073;96623;103763;104072;103764;103624;103368;104077;96583;103802;104076;104082;104081;103590;104084;96621;104078;104074;104114;104083;104087;104086;96645;104079;104080;104115;104164;96294;104085;104236;104239;104240;104237;96646;104165;104235;96647;104166;104245;104242;104244;104243;104238;104420;104349;104234;104246;104422;104421;104470;104424;104426;104521;104425;104526;104523;104525;104524;104528;104616;104762;104613;104648;104241;104615;104522;104614;104527;96649;96648;104764;104765;104770;104766;104768;104769;96295;104798;96712;104772;104767;105218;96711;105219;104763;96713;105221;105220;105223;105224;105217;105227;105229;105230;104771;105226;105231;104423;105225;105232;104075;105228;105236;105238;105235;105234;105242;105237;105240;105241;105243;96714;105265;105245;105233;105246;105239;105342;105341;105266;96296;105343;105366;105344;105452;105453;105340;105454;105365;105364;105244;105504;105457;96822;105505;96862;96864;96863;96823;105456;96866;96917;96940;96919;96788;96750;96942;96865;105455;96943;96997;96944;97000;96297;97001;96998;96999;96900;96250;97003;97004;97006;97074;96941;97005;97075;96325;105478;97093;97076;96918;97115;97094;97274;97114;97138;97002;97277;97077;97275;97276;97073;97116;97113;97280;97279;97281;97287;97285;97286;97278;97289;97283;97313;97314;97282;97290;97284;97366;97291;97370;97369;97292;97458;97368;97315;97367;96375;97562;97459;97563;97567;97565;97568;97288;97566;97650;97709;97564;97711;97713;97708;96374;97715;96251;97710;97651;97747;97816;97716;97714;97790;97818;97712;99015;99016;97905;97843;97791;97819;99019;99021;99110;99111;99152;99022;99151;99017;97748;99020;99150;97817;97569;97078;96252;99153;99018;99155;99154;105222;99157;99158;99207;99179;99156;99212;99277;99260;99296;99211;99295;99294;99208;99210;99326;99213;99327;99328;99385;99427;99426;96377;99448;99429;99430;99449;99498;99559;99241;99499;96376;99428;99297;99209;96253;99561;99648;99649;99450;99617;99618;99417;99722;99752;99194;99702;99753;99751;99701;99956;99703;99700;99926;96378;100036;100037;99958;100019;99990;99704;100020;100039;100043;100086;100041;100114;100040;99957;100038;100169;99560;99927;100203;100202;100035;100042;96379;100286;96380;100394;100447;100395;100499;100204;100232;100044;96254;100448;96381;100367;96382;100366;100566;100524;100501;100500;100611;100567;100502;100504;100658;96383;100659;100708;100707;100712;100709;100612;100503;100715;96385;100752;100738;100799;100832;100831;100830;100753;96384;100713;100862;100710;100711;100863;96427;101127;101128;101126;100883;96400;101130;103163;101132;101133;101131;101135;101189;101137;101136;101134;100676;101191;100882;101219;101277;100885;101281;100884;101125;101278;101284;101220;101279;101283;101285;101190;101129;100714;101287;101347;101348;101288;101346;101282;101280;101517;101349;101785;101516;101759;101515;101543;101760;96549;101761;101758;101830;101968;96548;96550;100170;101972;101971;102052;102054;102056;102011;102055;96553;102057;102053;101969;102217;96551;96552;96555;96554;101970;102335;102333;102249;102058;102334;102332;102336;102470;102468;96278;102469;102337;102471;102555;102557;102509;102510;96558;102560;102559;102563;102562;102565;102564;102556;102561;102558;102216;102554;102472;102566;96556;96557;102338;102621;102809;102567;102810;102811;102812;102771;102568;102622;102943;102847;102848;102849;102945;102947;102946;102948;102944;102834;105558;117516;102969;117519;117518;117517;102968;117520;117521;117522;117523;117525;117524;117526;117613;117656;117659;106431;117658;117685;117687;117657;117536;106432;106430;102949;117686;106523;117689;117691;117690;117789;117693;117794;117790;117796;117688;117819;117793;117692;117791;117854;117795;117856;117852;117853;106543;117797;117857;117798;117928;117898;117930;117931;117929;117897;117855;117792;117655;96559;117976;99112;106544;117977;117982;117979;117975;117980;101286;117984;117978;117986;117981;117985;106545;117987;118109;117988;118110;118066;118112;118114;118111;118113;117983;106546;106547;118116;118169;106549;118170;118192;118191;106548;118195;118219;106550;118194;118221;118196;118220;106552;118193;118317;118340;118339;118337;118342;118343;118345;118344;118378;118115;118197;118250;118380;118338;118379;118383;118341;106551;118382;118384;118385;106570;118447;118445;118444;118386;106569;118449;118448;106601;118452;118450;118453;118451;118446;118249;118482;106613;118481;118480;118381;118483;105713;118484;118487;118489;118488;118486;118563;106614;118817;118562;118561;118818;118870;118868;118871;118876;118485;118873;118869;118875;118874;118881;118879;118878;118872;118880;118867;106663;106664;118877;105714;118951;119022;119023;119025;119026;119078;119030;119028;119024;119077;119029;119027;119080;119081;119114;119084;119083;106666;106667;106668;119135;119079;119082;119137;106669;119139;119295;119140;119138;119141;106703;119297;119296;119493;119491;119492;119298;119495;119136;119494;106665;119490;119537;118479;119539;119538;106702;119542;119544;119569;119546;106705;119541;119545;119540;119641;119549;119547;105715;119570;119642;119550;119670;119548;106741;106742;106740;119708;119711;119706;119713;119714;119543;106743;119715;119738;119737;119759;119739;119717;119712;119643;119804;119854;119805;119856;119671;119710;119855;119858;119709;119707;119860;106785;106814;119861;119859;119716;119866;119868;119863;119865;119948;119857;119947;119864;119862;106833;119867;106860;119950;119952;119951;119946;106864;106862;106861;119953;106891;106890;106895;106889;106863;106892;106917;119949;105716;106916;106744;106893;106894;106921;106924;106961;106888;106922;106940;106919;105741;106923;106963;106920;105740;105597;106997;106966;106964;106999;106965;105742;107000;107001;107047;106962;106998;107050;107049;107128;107181;107179;107113;107180;107185;107183;107182;107202;105758;107244;107245;108271;107285;107246;108270;108272;108355;107286;108356;107048;107184;108357;108392;108436;108442;108444;108443;108441;108446;108478;108391;108575;108440;108437;108445;108438;108439;108527;108447;106059;105636;108630;108577;108632;108631;108634;108633;108638;108635;108629;108641;108640;108741;108740;108639;108682;106061;108636;108354;106060;106704;106918;108782;108637;108783;106063;106062;108860;108784;108933;108932;108576;108935;108936;108861;108937;106064;108934;108742;106065;108785;108980;109067;109022;109020;109101;109068;109023;109069;109102;109100;108981;106066;109236;109103;109238;109237;109294;109295;109291;106067;109296;109239;109292;109293;109385;105637;109521;109424;109021;109536;109522;109425;109541;109539;109538;109595;109537;106068;109714;106069;109717;109540;109715;106070;109716;109719;109664;109751;109720;109718;106072;109878;109753;109931;109880;109936;109932;109933;109879;109934;109384;109904;109935;110064;110066;110063;109752;105638;110105;106071;110067;106217;110107;110068;110069;110180;110104;110177;110065;110178;110179;110257;110182;110275;110214;110213;110181;110336;106218;110106;110334;110407;106219;110335;110408;110337;110392;110433;110434;110435;110470;110437;110472;110436;105639;110409;110441;110439;110471;106221;110309;106222;106220;110440;106223;110543;110442;110530;110586;110587;110589;110591;110590;110588;106224;110609;110593;110633;110529;110680;110801;110634;110829;110802;110681;110831;110610;110833;110832;110830;110592;110062;110937;110955;105640;110658;110957;110678;110960;110438;110962;110964;110679;110956;110834;110961;110963;110958;110959;111037;111093;111096;111094;111095;110965;111099;111100;111097;111098;106289;111195;111194;111193;111196;111198;111417;111416;106290;111419;111414;111421;111199;111197;111420;111418;111345;111423;111424;111428;111425;111192;111427;111426;111430;111422;111432;111415;111431;111502;111545;111542;105641;111544;111564;111501;111565;111543;111567;111568;111566;111571;111570;111573;111584;111572;111586;111563;111587;111569;111589;111624;111588;111597;111625;111598;111590;111628;111629;111627;111630;111631;111585;111632;106324;111634;111626;111429;111633;111636;111779;111637;111661;111670;111638;106325;111671;106326;111738;111669;106357;111810;111809;111808;111780;111811;111739;111812;111998;112003;111999;112001;112000;112002;106359;106358;112031;112006;112005;112007;112004;105642;106360;112009;112008;106362;112138;112141;112140;112144;106361;112262;112142;106363;112182;112181;112264;111997;112266;112265;112268;112139;112285;112143;117330;112286;117352;112270;117329;112263;112269;117380;106434;117353;106433;117382;120981;117384;117475;117477;117383;117381;117379;112137;117476;111635;110835;117974;121459;123149;112267;123153;123148;123151;123152;108743;123158;123156;123155;123150;123157;121536;123159;123154;123160;123161;123162;123165;123166;123167;123164;121537;123440;123492;123439;123493;123495;121538;123542;123544;123438;123541;123632;123545;123163;123543;123494;123654;123652;123655;123653;123656;123661;123658;123659;123663;123665;123657;123666;123668;123669;123667;123664;123662;123772;123770;123771;123660;123775;123777;123776;123670;123813;123779;123773;123814;123774;123816;123819;123815;123818;123817;123778;123919;123769;123821;123918;123651;123991;123921;123920;124051;123992;123922;124017;124052;124081;124054;124053;124016;124103;124141;124102;124104;124106;124144;124108;124107;124142;124143;124105;124147;124050;124187;124189;124146;124188;124264;124216;124265;124263;124186;124145;124101;124291;124267;124309;124292;124312;121588;124313;121589;124311;124356;124358;124310;124359;124357;124402;124401;124579;124400;124399;124360;124583;124581;124585;124584;124582;124639;124640;124355;124642;124707;121590;124643;124641;124709;124708;124706;124710;124711;124580;121591;124712;124713;124266;123820;124755;124756;124850;124754;124849;121608;125019;124848;121609;125210;125018;125021;124851;125020;125017;125022;125242;121633;125241;125212;125213;125243;125303;125305;125327;125306;125304;121634;125324;125331;125329;125302;125330;125326;125325;125332;125349;125328;125211;125450;125453;125452;125451;125455;125454;125532;125456;125534;125617;125618;125668;125669;125619;125533;125671;125693;125717;125667;125697;125718;125695;125696;125700;125699;125694;125701;125757;125719;125843;125758;125795;125794;125350;125793;125698;122088;122089;125670;125807;125797;125810;125808;122091;125844;125919;125941;122090;125809;125942;125983;125982;126059;125943;125918;126033;126036;126037;126035;126039;126038;126042;126041;126060;126043;126061;126040;126147;126146;121146;126227;126230;126229;126228;126148;122144;126232;122145;126233;126034;126236;126235;122177;126327;126326;126330;126234;126328;126332;122178;126333;126329;126324;126335;122179;126368;126369;126304;126456;122180;126371;126437;126325;126370;126490;126438;126522;126372;126491;126373;126883;126334;125796;126885;126231;126886;126331;126888;126887;122220;124714;126891;126890;122221;126893;122222;126894;126895;126889;126899;126523;126897;126900;126896;122223;126898;126903;126902;126904;126906;126892;126909;126908;126912;126905;126911;126977;126978;126907;126980;127036;126979;126975;127088;126910;127037;127732;126976;127731;127737;127734;127736;126901;122224;122225;127733;127739;127741;127834;127740;127835;122226;127735;127836;127743;127738;122227;121147;127742;127833;127996;127883;127994;127997;127999;122293;128003;127995;128001;128002;128005;127998;128006;128004;128000;128007;128008;127035;128010;127837;122294;128014;128012;128013;122296;128015;128016;128011;128047;128045;128046;122298;128070;128139;128110;122295;122300;128044;122299;121148;122297;122301;128143;128453;128141;128455;122302;122304;128454;128142;122303;128457;128458;128460;122305;128140;128456;128465;128463;128462;128503;128537;128538;122394;128464;128539;128459;128409;128602;128541;128519;122338;128606;128540;128607;128605;131991;128604;128671;128672;128603;128670;128863;128865;122395;128668;128669;128869;128867;128864;128866;128868;128964;121149;122396;128986;128461;128009;122339;128608;128987;129094;129280;129095;129279;129337;129336;129343;129342;129281;129339;129338;129340;129377;129379;129397;129341;129380;129378;129345;129376;121150;129400;129399;129346;129459;129398;129344;129456;129461;129457;129455;129335;129462;129458;129485;129463;129464;129487;129484;129524;129486;129483;129482;129481;129579;129525;129665;129580;129664;129663;129667;129662;129522;129671;129668;129523;129670;129706;129704;129672;129708;129669;129709;129744;129710;129707;129743;129805;129460;129806;129843;129711;129705;129666;129877;129745;130000;129998;129999;129842;122417;122416;130081;122418;130083;130082;130080;130086;130159;130143;130335;130085;130049;130084;130333;130334;130339;130337;130355;130336;130338;130357;130359;130360;130356;130358;130387;122443;130448;130420;130160;122444;130576;130578;130577;130501;130580;130582;130581;130936;130579;122445;130887;130888;130886;130890;130893;130938;130937;130889;130885;130895;122492;130939;131008;130940;131057;131058;131010;131009;131059;130891;122493;131060;122470;130892;130500;129807;131063;131064;126884;131066;131062;128965;130894;131061;131116;122494;131117;131179;131155;131157;131156;131181;131115;131277;131219;122495;131220;131278;131276;131275;131279;131282;131280;131382;131383;131301;131533;131158;131534;131384;131180;131537;131536;131540;131535;131542;131538;131543;131532;122496;131541;131381;131539;131682;131544;131684;131683;131689;122497;131686;131687;131690;131721;131685;131692;131688;131993;131994;131992;131691;131997;122498;131922;131281;131995;132032;132069;131693;122529;132086;132087;132385;122578;132515;132516;132068;132517;122579;122642;122607;132386;122644;131996;131720;122714;122660;122580;122741;122661;122662;122743;122742;122746;122849;122772;122847;122745;122942;122941;123169;122848;123171;122963;123172;123170;123441;122888;122744;123175;123176;123173;123178;123168;123179;123177;123180;123183;122943;123174;123187;123182;123184;123185;121152;123186;121153;123189;121151;123190;121154;123191;123188;123192;123195;123196;123197;123194;123199;123198;121155;123205;123202;123203;123201;121156;123207;123206;123204;122643;123200;123193;123211;123181;123209;123213;123212;123215;123210;121157;121281;123216;123214;123217;123220;123222;123221;123219;121282;123223;123225;123224;123218;121283;123230;123232;123228;123235;123229;123226;123234;123233;123231;123242;123239;123238;123241;123240;123244;123243;123237;123247;123227;123246;123248;121285;123249;123236;123251;121284;123253;123252;123250;123255;123258;123257;123256;123261;123442;123262;123265;123264;123259;123254;123266;123260;123268;123267;123270;121286;123443;123269;121287;123272;123274;123277;123276;123275;123245;123273;123271;123278;123279;123280;123263;123282;123286;123283;121289;121290;123287;123284;123292;123281;123288;123294;123291;123289;123293;123285;121291;123290;123296;123297;123298;123300;123303;123302;123304;123299;123306;123311;123301;123309;123308;123305;123317;123313;123315;123307;123295;123319;123323;123314;123322;123320;123316;123312;123321;123325;123328;123326;123310;123327;123324;123332;123336;123334;123337;123335;123330;123329;123340;123341;123331;123343;123333;123338;121340;123344;123339;123345;123342;123347;121339;123349;123351;123348;121411;123354;123353;123352;121288;121089;123318;123350;123346;123208;123355;123357;121414;123358;123356;121413;123360;123363;123359;121428;123361;121090;123365;123362;123364;123367;123366;121429;121415;123371;123368;123373;121430;123372;123374;121431;123369;123380;123376;123375;123381;123379;123377;121460;123383;123382;123378;123385;123370;123387;121461;121462;123388;123384;121463;123391;123393;123392;123389;123390;123396;121464;123399;123394;123397;123401;123403;123400;123395;123404;123398;123405;123406;123408;138674;138670;123407;138668;138672;138669;138673;138785;123386;133251;138786;138675;138671;123402;138790;138828;138789;138978;138977;138982;138979;138829;138983;133252;138987;138986;138989;138981;138984;133253;138985;138980;138788;139013;139016;139014;139015;139019;139018;139168;138988;139280;139021;139020;139302;139017;139303;139281;139221;139022;139304;139305;139012;132904;133288;139355;139356;139357;139443;139445;139446;139401;139448;139447;133340;139444;139451;139450;139478;139558;139477;139561;139560;133341;139564;139562;139563;139645;139646;139649;139651;139647;133342;139650;139648;139644;139449;139652;133343;139559;139765;139591;139655;139654;139769;139653;139565;139306;138787;133345;139896;139898;139900;139901;139766;139903;139902;139899;140022;139897;140023;140024;139767;140074;140075;140073;140020;140021;140079;140171;133344;140170;139768;140173;140077;141904;140081;140175;140367;140368;140366;140172;140370;140076;140371;140369;140240;140078;140174;140376;140372;140373;140375;140080;140377;140365;140442;140444;140445;140681;140511;140570;140573;140569;140443;140571;140683;140610;140510;140509;140574;132905;140572;140682;140685;140689;140686;140687;133346;133347;140688;140691;140741;140692;140727;140726;132906;140743;140797;140374;140764;140744;140742;141070;140684;141071;141072;141151;141152;140690;141153;141073;141154;141075;141156;141155;141078;141076;141077;141081;141157;141161;141080;141074;141079;141158;141162;141160;141163;141166;141165;141168;141164;133488;141167;133490;141281;141169;133489;141390;141294;141279;141387;141382;141529;141276;141462;141409;141159;133492;141507;141411;141534;141513;141523;141525;141530;141514;141528;141559;141560;141504;141533;141506;141925;141893;141839;141662;141388;141840;141890;141884;141927;141929;141905;142039;142135;142114;141719;141924;142078;141888;142044;133491;141898;142095;133519;139780;141069;141926;142042;33227;131065;121412;73004;142183;121088;142165;142188;142185;92981;142207;142162;142194;142196;142149;142186;142097;142178;142150;142324;142540;142163;142522;142572;142190;142181;142560;142537;142550;142575;142628;142526;142506;142583;142115;142615;142627;133592;142836;142638;142630;142852;142829;142831;142524;142838;142555;142620;142629;142840;142853;142631;142549;142915;142925;142950;142956;142921;142938;142944;142929;143141;142949;142948;142922;142937;142941;142942;143134;142917;143145;143101;143146;142953;143143;143144;143100;142945;143179;132907;132763;143168;143181;143190;143182;143180;143184;143001;143289;143352;143295;143298;143343;143333;143338;133593;143192;143290;143320;143340;143301;143314;143316;143299;143335;143327;143303;143345;143321;143304;143341;143302;143355;143322;143324;143318;133645;143331;143348;133666;143310;143312;133644;143297;133667;143342;143319;143328;143339;143311;143292;143317;143508;143496;143337;143462;143507;143521;132908;143457;143452;143499;143398;143455;143460;143504;143492;143514;143497;143522;143511;143529;143498;143550;143523;143545;143513;143506;143456;143463;133669;143225;143357;133668;143547;143540;143539;143549;143347;143536;143538;143537;133714;143542;144033;143548;132909;133757;144020;143592;144316;144309;133758;144313;145279;144317;145358;144321;145351;144312;145338;145313;145353;145334;145277;144308;145382;145335;145307;145297;144120;133759;133760;145329;145331;145294;145360;145362;145332;145323;145280;145372;145326;145345;145293;145368;133827;145389;145359;145301;145350;145324;145400;145347;145317;145322;145375;133828;145348;145385;132910;134153;134152;134155;134193;134073;134279;134197;134195;134156;134198;134196;145374;134281;134194;134154;132764;134284;134157;134283;134282;145285;134349;134347;134397;134362;134618;134617;134619;134398;134559;132912;134851;134696;134823;134755;132911;134933;134348;134932;134935;132913;135006;134936;134822;135005;135007;135009;135003;134934;134620;135004;135161;135010;135022;135162;135220;132914;135221;135163;135384;135265;135383;135264;135446;135263;135451;135385;135222;135448;135450;135449;135452;132915;135386;135453;135454;135670;135749;136004;135577;136008;136009;136007;136005;136006;135008;134280;143546;135578;135750;136023;135447;136011;136306;136010;136073;136307;132919;132917;136072;136012;136308;132920;136313;136310;136309;132848;136311;136315;136314;136317;132949;132918;136450;136312;132951;136454;132950;136456;136449;136457;136453;136451;136460;136458;136488;136452;136461;136490;136316;136489;136492;136455;136872;136691;136875;136873;133031;136877;136876;136459;133130;136881;133131;136880;136879;136882;136878;136874;136883;136885;136884;136887;136888;136959;136889;136961;136962;136963;136992;136995;136994;136996;136960;137131;137227;137229;137228;137132;136997;136993;133132;137231;136491;137392;137251;138676;137350;138677;133133;138682;138681;136886;138683;138684;138680;132849;137351;138686;138679;138678;138688;137349;133170;138690;138694;138692;138691;138687;138698;138689;133171;138697;138696;138695;138702;133172;138701;138685;138699;138700;133173;138693;138705;133174;138709;138710;138706;138714;138713;138704;138716;138712;138717;138711;138720;138715;138721;138990;138722;133198;138724;138726;138718;138723;138725;133199;138732;138708;138991;138733;139307;138731;138728;138719;138703;138707;137230;138730;138737;138735;138739;138738;138727;138736;138741;138742;138740;133200;138729;138745;138744;138747;138753;138748;138746;138751;138749;138752;138756;138743;138755;138750;151526;138757;151525;145336;151528;151527;145370;151806;151619;151818;151814;151816;145395;151824;151823;151702;151615;151853;138754;151822;151937;145278;151840;151936;152057;152017;151938;152008;152219;152058;152063;152064;152262;152065;152257;152471;152009;152474;152470;152394;152456;152463;152466;152473;152467;152460;152477;152462;152261;152392;152515;152472;152647;151841;152692;152696;152563;152391;152694;152457;152736;152722;152730;152756;152755;152769;152840;152758;152852;152469;152839;152731;152835;152844;152738;152770;152838;152719;152837;152841;152561;152896;152956;152876;152942;152875;152958;145284;153005;153029;153114;153113;152895;145377;153000;153108;153025;153251;153218;153394;153415;153395;153393;153392;153455;153116;153452;152900;153457;153530;153414;153195;145344;153454;153533;145356;153578;153537;153453;153783;153669;145295;153778;145330;153667;153847;153875;145354;154007;154008;154006;154012;154079;153782;153796;154009;154010;153529;153107;138734;152693;132916;154191;154192;153874;154209;145361;154228;154215;154213;154207;154284;154282;154513;154612;154214;145306;154211;154216;154759;154770;154206;154762;154761;145383;154767;154769;145314;154768;154763;154765;154764;154748;154756;154766;154757;154755;154865;154867;154863;154952;154760;154866;154822;154975;154860;154946;145311;154976;154978;155345;155355;155358;155356;155362;154864;145339;154951;155583;155657;155621;155652;155662;155726;155714;145273;155660;155859;155823;155860;155871;145305;155886;155872;155879;155875;155887;145376;145399;154758;156130;156146;156144;145394;156131;156138;156142;156135;156151;156150;156179;156192;156185;156217;156216;156218;145435;156274;156273;156270;145431;156317;156279;156316;156152;145434;156276;156436;156395;156340;156433;156426;156437;156215;151688;151685;156319;145485;151712;151747;156341;145729;151704;145525;151710;156434;145530;151684;151739;151709;151722;151736;151706;151726;151717;151707;151729;151724;151719;151728;152119;151683;145775;151699;145735;145710;151735;145720;151693;151752;151718;151714;151708;151753;151749;151692;151721;155873;145762;151713;145736;151731;151737;151725;151746;145423;151711;151716;151705;151741;145767;151751;151730;151756;145746;151734;151732;151694;151698;151686;151755;145768;151703;151742;151695;151700;146162;151750;151743;151720;151696;146513;151733;151687;151748;151754;151691;151740;146144;151727;146274;151697;151820;151817;145381;151819;151745;146293;151838;151738;151715;151851;151723;146287;151847;151939;152013;151860;152011;151839;151940;152007;151935;146282;151941;152166;152118;152154;152147;151701;145355;146298;152010;152263;152179;145365;152196;151866;152256;152255;152250;152218;152393;152249;146325;152260;146317;152553;152259;152554;152258;152459;152562;152569;152552;152644;145310;146503;146524;152679;152624;152733;152695;146518;146510;152645;152734;152721;152732;146506;152726;146355;152725;152646;152727;152728;146508;152724;152768;152735;152729;152767;152757;146507;152799;152848;152849;152850;152962;146528;152798;152771;152894;152963;152960;153004;152941;153009;153008;153003;153007;153030;153006;153002;153001;152998;153117;146501;153115;153187;153188;153186;153250;153118;146320;151744;153244;146662;153413;152897;146745;146715;152999;146676;146688;153451;146649;153543;153479;152720;153599;146858;153594;153598;153579;153595;153780;153790;153597;153596;153912;146750;153792;153541;153901;153914;153911;146851;153909;153968;153913;154011;154069;154091;146836;154103;154064;153771;146852;154104;146908;146831;154193;154208;154187;146918;154285;154243;154286;146888;154289;146897;154290;154186;154283;154288;146898;154606;154281;154287;154661;154611;154664;154589;154512;154743;146911;154665;154892;154889;146916;154890;154660;154280;154105;146914;154896;146938;154945;155010;155012;155008;155299;155191;155380;155379;155383;147158;147161;155381;147157;155177;155382;147159;147149;155357;155664;155665;155009;155663;147150;155696;155701;155744;155771;147160;155777;147174;155775;155772;155779;155770;155656;155773;155778;155776;155826;155857;155697;155825;155824;155888;147606;155883;147184;155877;155876;155874;155885;155880;155881;155882;147178;156145;155932;156143;155934;156154;147173;147799;147189;147779;147783;156136;145304;155878;156149;147563;147774;147776;156153;145308;147794;156139;156140;156137;147780;155884;154898;156141;156219;156181;147845;156252;156268;148839;156271;156269;147844;155774;156275;156339;156177;156277;156435;156272;147846;147853;147860;147858;156447;156278;147929;147852;147924;145325;147850;147930;147931;148159;145290;147927;145357;148066;148148;148141;148045;147925;156448;148179;148153;148203;148315;148210;148321;148324;148385;148209;148308;148176;148310;148384;148309;148409;148411;148325;148431;148313;148435;148417;148432;148438;145390;145298;148535;148606;148436;148614;148439;148759;148588;145379;148763;148696;148152;148513;148412;149605;149627;149564;148699;149634;150114;149555;145340;149548;145320;149613;149553;149616;145283;149628;149589;149545;149637;149554;149533;149536;145275;149640;149557;149534;149562;149598;149573;149570;145299;149577;149629;149580;145286;149558;149569;149590;145371;149636;149614;149594;149603;149549;149541;149579;149596;149612;149537;149571;149550;145396;149530;149584;145312;149566;150103;149600;149641;149560;149542;149639;149884;150090;149572;149539;149567;149886;145287;149890;149892;149602;149891;149881;149896;149882;149895;145292;149887;145387;148746;149611;154196;156180;153245;149893;145373;145392;149885;150087;150089;150094;150098;150003;145398;150113;150206;150104;150269;150088;150256;150261;150183;145342;145393;150304;150276;150319;150466;150474;150248;150259;150471;150315;150461;150275;150455;151079;150457;151076;151073;150452;151072;150251;150754;151071;151075;151080;151083;145366;151062;151078;151077;151024;151081;151067;151060;151082;151066;151058;151074;151023;145328;151022;151069;151070;151061;151055;145288;151053;151065;151063;151054;151199;151059;150755;151198;151057;151064;151056;151280;151278;151358;156450;151068;145346;156761;156781;156637;145289;151282;153967;156467;157096;156956;157348;157082;157416;158131;158130;156649;158240;156593;156721;156779;156647;156723;156648;156722;156643;158507;158617;158629;158642;158639;156747;158689;158508;158883;158650;158575;159049;158150;156780;159454;156778;156850;159456;159458;159616;156844;159393;156849;159078;156852;156851;160972;156904;160973;156938;156937;156939;156943;160016;161246;161430;156959;156942;156957;156845;157081;161509;161762;161508;157110;157113;159453;156958;156940;159075;157104;157088;157093;161654;157092;157198;157147;157399;157148;151283;157232;157326;157107;157325;157938;157890;158224;158058;157225;158236;157889;157398;158234;158223;158235;158232;158220;158239;158231;157400;158340;158241;158392;158237;158578;158577;158576;158626;158218;158627;158641;158624;158635;158636;158628;158222;158449;158623;158637;158632;158638;158640;158631;158630;158643;158774;158779;158777;158778;158773;159044;159054;158775;158776;159048;159040;158742;159042;159050;159053;159039;159043;159036;159045;159046;159124;159074;159056;159126;159180;159051;159038;159047;158625;159225;159219;161749;159276;159211;159224;159223;159277;162518;162400;162481;159125;162551;162476;162616;163014;162617;163078;162949;162490;163516;163094;163757;163758;162606;163682;162322;163910;163827;162618;164446;164134;164107;164144;164255;163911;164473;164474;165222;164951;164476;164494;164952;165225;165251;163447;165240;165237;164475;165611;164254;165500;165238;165586;166126;166107;165432;165922;166112;166205;166203;166308;166198;166202;166100;166206;166754;166294;166361;166760;166763;166766;166756;166757;166758;166762;166761;166753;166900;167344;167328;166899;167204;167511;167510;165221;166896;167338;167348;159221;157084;168006;166362;168003;168158;168157;168004;168155;168156;168393;168202;168610;168336;168241;168493;168622;168005;168539;168394;169346;168897;169285;169443;168203;169442;169347;159327;159326;169444;159460;168898;159394;159459;159457;159392;159455;168621;159461;159325;159477;158634;159621;159503;169485;169927;169481;170267;170057;170098;169478;170095;170494;171001;170772;170493;170741;170266;171422;170038;170122;171480;171632;171533;171421;171476;171764;171686;172016;172066;171935;172422;172569;172568;172507;174156;174256;172560;173449;174713;173828;174494;172176;174145;171414;173383;159478;174927;175812;175128;176545;177405;175027;176441;177098;176223;177821;177701;177804;177993;177813;178226;178227;178403;178175;178113;179374;179289;178921;177676;179391;179373;179420;179421;179389;179390;180002;179894;179895;179422;180012;179956;179980;181333;180580;181400;180001;181649;179831;178812;181860;181834;181861;181862;180287;181920;181921;181859;181919;182394;182482;182481;181922;181918;182677;182994;183658;182676;183657;181923;183064;183362;182483;183993;183383;183956;183955;183659;184347;183954;183676;184007;184437;184439;184436;185536;184435;185461;181493;182995;185711;184438;174915;184008;185712;185713;185537;185934;186350;185880;185986;186507;186506;186523;186504;186683;186583;187042;186749;186582;187113;187138;186748;187292;187401;187634;186505;187392;187404;187391;187405;188004;187399;187649;187942;187400;187855;189103;189203;189251;189104;187650;189492;189890;187043;189889;189493;189250;33589;58727;26064;25552;31968;29218;34510;44597;40826;51773;148707;33129;25004;69185;61731;173707;164180;59191;154167;187659;77408;94199;154166;104351;21784;142882;25551;122033;86904;46814;185535;167519;125643;128776;125261;128773;125260;103701;125226;79746;125257;125259;125263;154346;154347;73667;125356;73668;125262;42291;40827;49174;45121;48317;47583;51343;46204;42892;49964;55506;44960;54587;51774;56042;58583;57039;56585;59555;57751;59089;62984;61732;55470;70217;64363;63301;62821;65927;70532;73764;47113;74362;72372;72884;19312;21221;69541;21786;72371;25036;73942;23977;29742;19766;25900;25755;33168;25290;27506;35185;31129;33396;14235;33949;31734;34459;35761;34368;65742;22875;14247;34680;66520;21746;11922;14246;11578;11900;13844;14336;14245;14261;14248;14638;18503;14346;32479;10855;14249;11404;14250;11081;10851;10849;10854;11226;10850;10852;10848;10840;11224;11225;11452;11227;11918;11223;14244;11076;77421;178712;174745;170495;174744;189737;183413;166338;73825;18204;16209;14641;22074;51873;10808;73826;22075;17654;17586;71643;18205;123686;62819;61414;149894;18181;45544;61746;65050;57290;65052;73570;65995;61681;63521;82820;90625;109202;135592;124198;99588;148960;65048;159975;64454;57959;71966;62820;96628;88045;121231;156887;145218;132992;106190;92516;101843;84824;126821;138522;76532;54997;111163;64790;59462;49996;45379;62593;70472;78481;86542;80908;52002;66932;118228;130011;103963;152020;56566;65743;71462;94138;55958;88755;141800;25951;90828;82830;99521;90604;80890;109207;96627;78086;106139;88041;154344;84808;92492;76590;86474;76883;69304;103932;78478;111214;69305;91825;18034;101839;118572;11563;73612;139874;156885;76683;154655;174466;148977;174518;135172;160088;135204;189238;154253;150416;78773;56056;56064;56060;58798;53897;56052;65997;82903;99480;124155;73576;174470;160079;56055;56063;56059;45626;148894;90762;57589;63623;96611;56051;121253;51573;88146;45625;106188;135585;109205;80906;71970;156822;55632;56065;56061;56053;68934;170192;170191;56057;101836;84822;189165;76531;145266;111219;92522;178468;126830;163408;138528;152026;56058;56050;56653;56062;60048;94201;86576;78540;118230;130058;56054;103971;62662;56066;141829;50652;70766;47718;70460;70765;166370;55786;45624;72981;111680;183503;71644;17614;72982;154332;133047;185085;74467;185086;74466;185087;76576;186692;69552;12047;10660;26192;110053;80915;73577;10658;12126;12067;18175;71537;83469;109209;136998;135676;174615;160034;189232;170197;135237;72776;136091;88044;86577;72778;104051;166377;145244;138590;154418;10594;67396;110054;67398;10613;67400;67399;67406;67401;67404;67397;67402;67405;67408;67403;67407;67410;178706;67412;67414;67413;67411;67421;67416;67417;67418;67420;67424;67423;67425;67428;67427;67430;67429;67422;67435;67433;67419;67432;67438;67437;67436;67439;67442;67426;67443;67446;67415;67449;67447;67440;67445;67441;67431;67453;67434;67455;67450;67454;67457;67460;67452;67456;67458;67463;67464;67467;67468;67448;67465;67444;67471;67462;67459;67473;67470;67466;67474;67475;67479;67481;67478;67476;67484;67486;67488;67461;67487;67480;67472;67451;67490;67492;67491;67494;67482;67496;67495;67485;67493;67499;67497;67483;67477;67469;67501;67506;180614;67504;67505;67508;67498;67503;67507;67500;67510;67513;67502;67519;67517;67516;67514;67512;67521;67511;67523;67515;67518;67525;67524;67522;67529;67526;67528;67530;180626;67527;67520;67533;67535;67536;67538;67537;180616;67534;180606;180618;67509;67531;67542;180623;67539;180622;67540;67545;67541;67549;67543;180605;67550;67544;67551;180613;67556;67548;67555;67547;67553;67552;67559;67565;67554;67562;67558;67561;67546;67560;67532;67489;67564;67567;67572;67563;67568;67569;67575;67571;67574;67570;67579;67557;67577;67573;67581;67578;67580;67586;67576;67582;67583;67584;67588;67589;180607;67595;67585;180601;67596;67593;67591;67601;67603;67602;67600;67605;67594;67607;67606;67604;67598;67587;67609;67592;67590;67610;67611;67613;67597;67616;180597;67612;67619;67599;67615;67621;67618;67622;67624;67626;67628;180615;67617;67620;67627;67614;67631;67633;67625;67632;67623;67637;67635;67634;67639;67642;67641;67643;67645;67636;67638;67629;67648;67640;67647;67608;180621;67630;67650;67646;67653;67652;67659;67658;67654;67662;67655;67661;67664;67665;67663;67668;67671;67670;67669;67667;67660;67673;67675;67644;67678;67651;67666;67677;67656;67679;67674;67676;67683;180602;67682;67657;67687;67685;67684;67672;67689;67680;67688;67692;67691;180627;180600;67681;67686;180609;180598;67697;67693;67695;67696;67694;67701;67699;67703;67700;67706;67707;180599;67698;67702;67708;67711;67713;67710;67712;67705;67716;67715;67721;67709;67719;67725;67718;67723;67722;67704;67690;67649;67720;67724;67714;67566;67726;67717;67730;67728;67729;67732;67736;67733;67738;67741;67739;67744;67740;67735;67734;67742;67745;67731;67737;67743;67747;67746;67749;67751;67753;67752;67750;67755;67756;67759;67758;67764;67754;67762;67761;67767;67766;67763;67765;67757;67760;67748;67773;67768;67777;67770;67771;67775;67776;67772;67774;67779;67781;67780;67782;67778;67784;67783;67786;67785;67793;67790;67791;67789;67794;67792;67796;67797;67802;67799;67804;67805;67803;67800;180612;67787;67769;67795;67798;67807;180610;67808;67811;67801;67814;67810;67815;67809;67813;67812;67816;67820;67788;67821;67817;67819;67824;67823;67826;67828;67831;67818;67822;67829;67830;67836;67833;67834;67839;67835;67825;67843;67837;67844;67838;67840;67827;67847;67848;67851;67842;67850;67854;67856;67855;67852;67858;67861;67860;67859;67832;67863;67865;67864;67862;67857;67868;67871;67870;67869;67874;67853;67873;67875;67872;67878;67880;67879;67882;67884;67883;67845;67886;67841;67885;67881;67867;67846;67849;67877;67888;67889;67891;67893;67896;67895;67894;67892;67806;67898;67899;180617;67903;67902;67897;67905;67907;67906;67909;67901;67900;67908;67913;67912;67910;67915;67917;67916;180603;67876;180611;180625;67866;67914;180608;67904;180604;181105;67918;181082;67911;180619;67921;67920;67919;181076;67890;67927;67929;67931;67926;67928;67925;67922;67924;67936;67930;67938;67934;67933;180628;67940;67941;67923;67939;67937;67945;67946;67935;67949;67951;67942;67952;67953;67948;67932;67947;180624;67943;67955;67950;67944;67957;67963;67958;67956;67965;67959;67960;67961;67962;67967;67968;67966;67970;67964;67971;67976;67969;67973;67977;67974;67979;67978;67981;67972;67983;67982;67988;67986;67985;67994;67987;67980;67991;67989;67993;67992;67990;67998;67975;67996;68001;67984;68000;68002;68004;68006;68003;68010;68009;67997;68012;67999;68007;68011;68014;68013;68015;68005;68008;68017;68022;68018;68021;68020;68019;181087;68023;181100;181112;68025;181113;181070;181061;181079;68016;181029;67887;67995;67727;67409;180620;67954;68030;68032;68024;68029;68027;68031;68036;181057;68034;68042;68038;68037;68041;68033;68039;68028;68035;68040;68047;68045;68044;68046;68050;68049;68052;68053;68051;68048;68058;68057;68061;68056;68055;68062;68059;68064;68063;68060;68054;68069;68066;68043;68071;68068;68072;68074;68073;68067;68070;68078;68076;68079;68077;68081;68083;68082;68084;68085;68089;68075;68087;68080;68088;68091;68090;68095;68093;68098;68094;68092;68099;68101;68096;68100;68102;68097;68086;68105;68104;68108;68103;68107;68114;68065;68111;68109;68116;68113;68119;68110;68117;68112;68118;68121;68125;68122;68120;68115;68123;68126;68128;68131;68130;68132;68135;68134;68136;68133;68129;68127;68139;68138;68141;68142;68140;68145;68144;68147;68146;68143;68151;68124;68149;68137;68150;68156;68154;68157;68153;68159;68158;68155;68164;68161;68162;68163;68152;68166;68168;68167;68170;68169;68165;68175;68172;68173;68174;68178;68160;181032;181017;68180;68176;181073;68177;68183;68182;68179;68181;68185;68186;68148;68187;181052;68171;68184;68106;68189;68191;68193;68194;68195;68196;68192;68190;68198;68200;68201;68199;68205;68207;68206;68203;68204;68202;68211;68213;68210;68197;68215;68214;68216;68219;68217;68221;68212;68222;68225;68227;68223;68226;68209;68224;68229;68220;68230;68218;68232;68234;68231;68236;68235;68233;68208;68238;68240;68242;68239;68243;68245;68244;68241;68237;68247;68249;68248;68256;68250;68252;68253;68251;68260;68254;68258;68265;68259;68262;68246;68255;68264;68228;68263;68267;68257;68261;68268;68273;68271;68272;68275;181049;68274;68270;68269;181063;181090;181051;181099;181054;181101;181056;181026;181059;181039;68279;68277;181074;68282;68276;68284;68278;181062;68280;68283;68287;68281;68289;68288;181064;68293;68291;68295;68285;68294;68292;68301;68299;68286;68297;68300;68298;68303;68305;68307;181078;181107;68306;181121;181019;68308;68296;181045;68302;68304;181038;68312;68311;68314;68317;68315;68316;68313;68319;68309;68310;68321;68320;68322;68323;68325;68327;68326;68324;68318;68266;68328;68329;181031;68290;68331;68188;68338;68333;68334;68340;68336;68339;68344;68345;68343;68347;68332;68337;68335;68349;68346;68351;68341;68355;68353;181021;68354;68348;68357;68359;68361;68360;68363;68365;68362;68364;68342;68358;68356;68350;68367;68370;68368;68372;68352;68375;68371;68369;68379;68377;68374;68373;68378;68381;68383;68384;68380;68387;68376;68382;68391;68394;68388;68390;68389;68393;68385;68392;181108;181122;181065;68397;181034;68395;68386;181093;181024;181089;181119;68366;181047;68399;181103;181018;181053;68402;68401;68405;68404;68403;68407;68398;68409;68408;68400;181094;68412;68414;68413;68411;68418;68417;68415;68406;68423;68416;68421;68420;68422;68425;68396;68426;68428;68427;68429;68424;68431;68410;68419;68433;68432;68438;68434;68436;68437;68440;68442;68435;68447;68445;68439;68449;68443;68450;68448;68444;68454;68441;68452;68458;68453;68462;68457;68446;68460;68456;68461;68459;68455;68467;68469;68468;68464;68465;181060;68463;68466;68471;68470;68451;68475;181091;68473;68479;68474;68477;68430;68478;68476;68481;68483;68485;68484;68482;68491;68487;68489;68480;68490;68488;68495;68494;68497;68496;68493;68501;68486;68499;68504;68492;68500;68505;68506;68502;68503;68512;68508;68511;68509;68510;68514;68515;181058;68517;68516;68513;68507;68521;68519;68520;68527;68523;68525;68498;68526;68532;68522;68529;68524;68531;68536;68534;68533;68528;68530;68535;68539;68538;68540;181109;68541;68543;68542;68550;68545;68547;68546;181028;68549;68544;68551;68548;68518;68554;68537;68555;68552;68557;68563;68560;68559;68556;68562;68567;68558;68565;68571;68566;68569;68561;68564;68574;68568;68570;68573;68576;68575;181092;68577;68578;68580;68579;68582;68583;68585;68584;68587;68592;68588;68591;68589;68590;68586;68594;68572;68581;68595;68597;68598;68599;68596;181081;68601;68600;68603;68605;68604;68607;68609;68606;68608;68614;68616;68611;68602;68613;68612;68615;68620;68617;68618;68622;68621;68625;68626;68593;68553;68623;68619;68472;68630;68330;68610;68632;68624;68629;68628;68631;68634;68633;68636;68640;181075;68638;68643;68639;68635;68646;68644;68647;68641;68645;68651;68637;68649;68653;68650;68654;68642;68655;68652;68659;68657;181043;68658;68660;68661;68663;68662;68668;68656;68664;68666;68665;68669;68670;68671;68675;68667;68673;68648;68674;68677;68679;68676;68681;68683;68672;68678;68687;68685;68688;68684;68680;68689;68690;68686;68693;68695;68694;68692;68697;68700;68699;68698;68696;68704;68682;181116;68702;68706;68703;68691;68710;68707;68711;68708;68709;68716;68712;68713;68705;68720;68714;68718;181050;68715;68722;68717;68724;68725;68719;68723;68728;68727;68730;68729;68733;68726;68732;68735;68734;68738;68739;68740;68736;68731;68744;68721;68737;68742;68745;68743;68747;68751;68748;68752;68749;68750;68746;68755;68754;68757;68756;68761;68759;68762;68760;68758;68765;68764;68766;68773;68768;68767;68770;68772;68776;68771;68769;68775;68753;68777;68780;68779;68763;68741;68774;68778;68701;68783;68781;181120;68785;68784;68786;181088;68788;68790;68787;68789;68792;68795;68794;68796;68793;68791;68797;68802;68798;68799;68801;68804;68803;68806;68808;68807;181115;68809;68805;68813;68814;68812;68820;68819;68818;68817;68816;68811;68810;68823;68815;68822;68800;68826;68828;68827;68830;68825;68829;181068;68832;68835;68834;68837;68824;68838;68833;68836;68839;68840;68831;68842;68844;68863;68976;68843;68864;68920;69156;181095;69158;69157;69221;69009;69159;69455;69340;68841;69456;69252;69251;69010;69776;68821;69492;70006;69253;69501;70009;70007;70187;69806;69941;69940;70008;181096;70283;70186;70347;70346;70287;70284;70113;70285;70326;70288;70286;70465;70363;70450;70575;70574;70596;70524;70386;70551;70552;70691;70598;70690;70692;70535;70702;70770;181097;70597;181015;71103;71102;70754;71105;71125;71127;71129;71126;71108;71107;181104;71128;71111;71106;71104;71130;71110;71114;71113;71112;71186;71251;71252;71187;71131;71241;71288;71387;71289;71287;71333;71334;71366;181055;71109;68782;181086;71388;71368;71555;68845;71513;71610;68846;70693;71611;68850;68848;68853;68851;68856;68849;68854;71556;68977;68855;68847;68852;69509;70525;70526;69942;69510;70599;71514;71132;71515;71133;71489;71876;71875;71984;72057;71908;71985;71134;72227;72160;181118;72228;72272;72195;72315;72419;68978;72496;72316;72271;72470;72471;72734;72565;72566;72362;72735;72791;72792;72697;73007;72469;72852;73008;73070;72922;72677;73006;73069;73009;73089;181048;73173;73172;73112;73088;73279;73280;73196;72058;73197;72809;73323;73395;73324;73583;73662;73584;73605;73450;73794;73720;73795;73721;181023;74143;74100;74202;73936;73935;73677;74344;74298;74297;74296;74345;76728;76727;74343;76732;76730;76733;74299;76731;76735;74505;76737;76736;74455;76734;74203;74456;74483;181114;76729;76738;76155;76232;76739;74457;76231;76740;76443;76442;76631;76547;76742;76741;76548;76695;76441;76746;76743;76856;76744;76855;76747;76748;76888;77009;76745;77008;77010;77011;181071;77044;77043;76694;77137;73294;77076;74482;77077;77191;77192;77270;77242;77463;77550;77549;77513;181085;77515;77517;77516;77514;77622;77597;77694;77385;77736;77738;77847;77739;77805;77951;77737;77735;77848;77978;77849;78005;77740;78004;77566;78072;78524;78523;78404;77952;78526;78525;78499;78522;78618;78500;78454;78638;78528;78501;78639;78531;78527;78592;78640;78529;78754;78593;78882;78721;78755;78753;78619;79201;78908;78883;79199;79369;79227;79200;78838;79372;78022;79371;78530;79424;181041;79594;79708;79373;79681;79680;79593;79846;79756;79757;79845;181022;181040;80000;80001;80070;80003;80002;79847;80112;80111;80110;181067;79709;80114;80113;80155;72472;72535;72534;72533;80154;73222;73607;73606;73959;73243;73960;74101;73961;73221;80071;76184;74377;74484;74378;76603;76186;76601;76602;76185;76926;76928;77138;76927;77140;77625;77355;77891;77623;77894;77624;76781;78579;77893;78839;78578;77953;78756;79243;78757;77139;79242;79375;79374;79376;80006;79735;80005;80156;78580;79758;79325;74376;79370;77892;80004;71367;68627;77045;68026;80158;80387;80503;80407;80877;80900;80329;80504;80901;80927;81065;81031;81066;81011;81067;80899;81307;81099;181025;81044;81464;81306;81466;81288;81289;81467;81538;81465;81721;81802;81800;81801;81723;81724;81804;81803;81722;81537;81807;81157;81805;81806;81660;81766;81902;81749;81808;82287;82065;82288;82015;82016;82464;82489;82517;82488;82689;82289;81947;82690;82465;82757;82789;181080;82808;82688;82787;83026;82980;82788;82981;83400;83402;83401;83131;83447;83404;83446;83444;83445;83403;83985;82687;82982;83984;81725;181042;84107;181084;84073;84003;181035;84074;181066;84256;84202;84352;84354;84353;84351;84418;84463;84464;84417;181083;84757;84534;84608;84138;84659;181016;84785;85096;181117;84817;84784;85102;85100;85099;85098;85103;85105;85104;85101;84889;84485;85110;85097;84890;85108;85107;85112;85113;85109;85115;85111;85035;85067;85036;84975;85137;85294;85247;85116;85395;85114;85117;85487;85492;85491;85489;85488;85490;181102;85526;85611;85614;85710;85642;85679;85339;85106;85613;85612;83535;85711;85778;85780;85779;85782;85777;85865;86095;85781;85959;85864;86487;86199;86096;86240;85958;86360;86359;86522;86557;86521;86714;86624;86741;86556;86715;86743;86892;86925;86927;86843;86926;87020;87019;86612;87018;86742;87090;87023;87022;86520;87029;87024;87027;87025;87091;87093;87026;87092;87028;87030;87095;87094;87033;87032;87034;87039;181077;87036;87031;87038;87037;87041;87040;87096;87042;87118;87097;87230;87119;87272;87271;87301;87300;87021;87231;181027;87363;87365;87035;87364;87547;87395;87448;87396;87451;87450;87449;81102;81100;81564;82518;81871;81873;81101;81872;83046;87636;82491;83448;83045;83449;83776;81966;181036;84108;84389;83047;84819;84388;84419;84818;84110;85175;85118;84786;85261;82490;85177;85263;84109;85262;85178;85439;85967;86395;85440;86779;86778;86780;85438;87332;87098;86881;87792;87795;87794;87793;86438;87753;88030;87797;87936;87798;88029;87799;181037;88071;88070;88069;88031;88403;88443;88444;88168;88477;88167;88674;88478;85732;88445;87796;88778;87302;85176;88782;88780;88779;88777;89064;88856;89094;89769;88781;89815;89065;89816;89770;89859;89952;89953;89978;89951;89981;89095;90111;89980;90074;89858;90075;90113;90110;90174;90175;90137;90176;89979;90295;90383;90296;90486;90112;181020;90177;90488;90487;90489;90613;90666;90745;90667;90614;90850;90880;91029;90747;90746;91150;91032;91030;91152;91148;91210;91031;91151;91414;91113;91112;91072;91212;91211;91417;91416;91493;91418;91797;91535;91796;91641;91737;90384;91494;91149;91415;92489;92008;92028;91799;92396;92577;92576;92397;92689;92688;92687;92716;92690;92934;92835;92747;93034;92599;93035;92936;93093;92937;93147;93501;93268;93447;93338;93759;93641;93791;93790;93842;92935;93804;93947;93446;93760;93949;93948;94221;94264;94247;94222;94149;94699;94495;181110;94697;94698;94429;94696;94496;94703;94702;94701;94428;94705;94707;94709;94708;94713;94704;94711;94706;94715;94714;94712;94718;94719;94720;94717;91798;94716;94710;94700;94722;94724;93857;94727;94726;94621;94723;94895;94908;94907;94622;94725;94928;95276;95041;95379;95410;95561;95464;95977;94927;181072;95978;95277;96067;95831;96065;96066;95979;87835;87834;95980;88032;90936;88033;90178;88981;88857;90342;90938;90987;90937;90297;87836;95598;91293;91291;91213;181033;91592;91294;91292;92657;91590;91850;92780;92779;92656;91591;91738;92781;92984;181030;92677;93448;93148;93676;93449;93678;93904;181069;93677;94225;94094;94064;93906;94224;94533;94532;181111;95042;92983;94223;93905;95759;95043;95617;95044;96070;96069;96068;95758;96298;96327;96326;96299;96476;96329;96584;96401;96328;96587;96586;96588;96945;96751;96692;96752;97036;96279;96753;97007;97008;97293;97139;97346;97347;96970;96585;97345;97371;97404;97372;97485;97198;96789;97506;97507;180782;181098;97405;97627;97626;97821;97765;97820;99062;97547;99063;99061;97593;97749;99066;97508;99068;99070;99072;99069;99071;99074;99067;97906;97907;99754;99065;99299;99298;181046;99075;99073;94721;99064;88776;99330;99332;99333;180776;99386;99331;99451;99334;99562;99500;99452;180854;99564;99563;100088;99565;100045;100087;99566;100046;99567;99755;100341;100343;100342;100171;100368;100505;100369;100344;100506;100507;180812;100396;100776;100613;100527;100526;100528;100525;100089;100397;100800;100886;180785;100887;100888;100889;180820;100947;101138;101097;101139;101022;101076;180809;101249;101251;101250;100978;102031;101877;101798;101383;102281;180805;102511;101878;102283;102339;102284;102340;102287;102286;102285;102282;102289;180758;102291;102293;101382;102292;102298;102295;180851;102290;102297;102296;102294;102303;102302;102341;102300;102342;102301;102343;180871;102344;102346;102473;102347;102299;102512;102533;102409;102513;102514;102534;102516;102571;102515;180872;102851;102633;102570;102569;102850;102970;102904;102772;103166;103164;103165;103489;180830;103347;103491;103488;103238;103559;180878;103558;103525;102345;103626;103490;103625;103684;103729;103829;103803;103955;180756;104088;104002;103914;104200;104617;104199;104368;104698;104001;104089;180814;104618;102288;103204;104247;104248;104799;104837;104948;104838;105016;104946;104864;105068;105015;105142;105027;96479;104947;97117;96589;97057;96477;96478;105028;97406;97408;97407;99161;99388;100233;99159;99160;100450;100235;100583;100234;99387;100584;100449;97118;99389;101098;101193;101192;102059;102061;180864;102623;100451;102624;102060;102773;103560;101194;103402;103401;103348;102572;104169;104168;104167;104371;104370;105143;104565;104369;105145;105598;105600;105599;105247;105668;105669;105671;105670;180860;105667;105601;106240;103765;106119;106365;106366;105144;106364;106239;106368;180777;106572;107014;106327;107079;107206;107203;107204;107015;107205;106571;107080;108319;108273;108479;108318;108321;108393;108358;108359;108394;109104;108863;108862;108938;109108;109107;107247;109106;109105;109111;108642;108320;109109;109113;109112;109438;180829;109024;109192;109155;109298;109331;109297;109025;109440;109153;109542;109665;109666;109808;109332;109439;109807;109629;109811;109154;109193;109809;109826;109978;109977;109980;109981;109982;109333;109810;109110;109984;109827;109986;110108;110070;109979;110276;106118;110505;110278;110109;110702;110704;110701;109983;104773;110707;110749;110703;110629;110750;110705;110277;110917;110752;110996;110995;110918;110706;111025;111253;111252;111320;111024;111483;110582;111319;111484;111482;111481;111485;110751;111254;111724;111801;111800;112025;112129;180788;117466;117624;117766;117768;118025;112130;117815;117767;117623;118076;118026;118027;117765;112103;118368;118184;118161;117679;118762;118765;118766;118764;118768;118183;118767;118125;118763;118770;118769;181044;118709;117970;111723;118773;118771;118775;181106;118776;118774;118780;118779;118784;118777;118783;180807;118811;118859;180762;118810;118781;118812;118849;118813;118860;119111;119247;119278;119166;119293;118850;118511;119755;119757;118778;119329;105759;119796;119328;119756;119248;118512;106225;106241;106242;105520;106670;118782;106328;106468;107052;109008;109386;109156;105760;107051;109630;109543;109632;109631;109524;108939;109829;110404;110071;109523;110583;109881;110997;110585;110584;110527;111144;111562;180867;111622;111726;109828;106040;118772;111725;111993;117513;180816;117514;117378;117769;117446;117848;110998;180810;117847;180831;117770;118053;180819;118105;118106;117493;118055;118441;118054;118107;180863;117849;119279;118852;118851;180858;180778;119534;118814;118861;180865;119639;119638;180842;119567;180765;121172;120975;119535;121496;121279;121408;180821;121499;121498;121500;121378;121526;121523;121497;122326;121584;121583;122327;122460;122328;121524;122325;121525;122633;122575;122574;122462;122801;122864;122863;122838;122632;122992;123055;122991;123430;123483;123431;123122;123646;122461;121200;122938;124097;123986;123960;124229;123485;124133;124253;124135;124014;180825;180799;124254;124134;127568;127570;127571;127573;127567;127575;127569;124230;127572;125107;127576;125108;125106;127578;127577;127580;127581;125110;125109;127583;127584;127579;125187;125188;125112;125111;127582;125189;127585;125191;125442;127586;127574;125444;125443;127588;125689;125589;127587;127589;126024;126022;125914;180757;127594;127590;127592;127591;126142;125688;126141;126023;180761;126083;126300;126317;126316;126249;126318;127595;126451;127597;126671;126708;127596;127599;126672;126609;125190;127598;123484;126807;126450;112283;127593;109985;127600;126938;126937;127601;99329;127604;126971;127602;127606;127607;126936;127603;127031;127976;127609;127608;127977;127605;127611;180866;127612;127610;180763;180804;180783;180775;180764;180836;180768;180835;180770;180767;180796;180800;180505;180780;180855;180787;180808;180840;180786;180845;180755;180834;180811;180784;180822;180841;180826;180838;180876;180793;180868;180833;180795;180861;180760;180832;180792;180790;180856;180789;180801;180852;180844;180759;180827;180772;180873;180803;180848;180849;180837;180847;180869;180771;180791;180853;180850;180859;180798;180875;180797;180843;127980;127978;127981;127979;180773;128598;128298;127984;127983;128512;128513;128514;128494;128845;128405;127982;128655;180815;128846;128847;128656;128445;128748;128961;129087;129086;129328;129036;129138;128747;128980;129263;129264;129139;129088;128848;128599;129262;129514;129987;129988;130039;129574;130139;180862;180774;130138;130414;130442;129329;130184;180779;130415;130040;129989;180781;180806;180846;130497;180817;180874;180828;180870;180818;180794;180802;180754;180753;180739;180813;180824;180769;180823;180632;180661;180672;130247;180698;180857;180727;180659;180766;180877;180650;180839;180746;129330;180662;131269;180674;180675;180654;180663;180673;180726;180642;180742;180678;180725;180697;180668;180751;180664;180655;131270;130737;131110;131272;131271;180691;131273;131113;131111;131518;131274;180734;131112;131373;131519;131520;131828;130993;131973;180701;131971;131915;132221;180656;132667;132304;132303;131974;131521;132380;120976;120977;131972;180641;180644;132412;132381;121566;132668;121202;121630;121201;180717;180712;122141;122045;180741;180750;122044;122802;180708;180683;123145;122803;123631;122805;180638;180666;175049;131829;123962;122804;125114;125113;180740;124048;125115;125235;180647;125116;123961;125237;125380;125238;125236;125665;180724;125755;125804;124231;125965;125938;125792;125963;125964;125966;180687;180738;126610;126488;180633;126144;126143;126557;126673;180646;180703;126674;180737;180714;127613;127614;127617;127616;127985;128600;180652;129515;180680;129140;129141;127615;128981;129575;180634;129551;128601;129955;129841;129990;180704;180695;130994;130997;131174;131209;131175;130995;130996;131918;180692;132067;131744;132305;131743;180657;180728;180722;180635;131916;180643;133020;131917;133153;133021;132881;180631;133182;133154;132944;133184;133185;133220;133019;133155;133183;133187;133330;133279;180690;140038;133332;133123;140032;140033;133515;133591;133331;133590;133514;180677;129956;180640;133186;133122;180732;133513;133444;133781;180682;133823;133631;133782;133745;180729;134020;134058;180689;134021;134059;134141;140036;140035;134191;134022;180685;134340;134338;134341;134143;134357;134339;134687;180710;134644;134556;134388;180715;134690;134689;134688;134142;134752;134751;134750;133780;134691;180713;180636;134753;180736;134886;134846;135001;180686;180649;180660;134887;180679;180681;134970;134931;180637;180665;180671;180744;180720;180670;180653;180700;180645;180733;180709;180743;180705;180752;180651;180718;180748;180723;180658;180719;180693;180667;180699;180716;180735;180694;180629;180745;180730;180676;180749;180707;180706;180684;180721;180630;180747;180669;180731;135217;135663;135218;135428;135374;135375;135376;135377;180639;135573;135431;135378;135664;135430;135665;135429;180711;134821;180923;135379;179931;135748;135951;135950;135747;135952;135953;135884;135955;135957;135380;135956;180947;135885;180931;180688;180995;180976;180907;135715;180882;180981;135958;180937;180887;135954;180911;180978;180957;180963;180894;180998;180939;180968;180953;180892;180961;180883;180884;180940;181003;180905;180973;180906;180936;180888;180880;140034;180901;180927;180987;180915;180648;181001;180920;180910;180909;180946;180991;180982;181000;180958;180997;136445;136598;136597;136161;180967;180897;136447;180959;180988;136419;136418;136644;136543;136599;136446;180972;180989;136645;180985;136601;136602;136600;136646;136647;137345;137037;137218;137221;137219;137129;137171;137289;180930;137223;137220;137385;137695;137250;137222;136958;137694;137224;137529;180956;137346;137387;137531;137530;137769;138201;137768;137386;137820;137740;137771;137770;137696;138202;137871;137819;138246;137384;137532;138204;138481;138483;138485;138486;138484;138482;138661;138660;138662;138659;138664;138666;138665;138663;138487;140037;180898;180924;138976;138975;139396;139275;139163;139351;139276;139473;139277;139352;139350;138667;139162;139397;180918;139219;180702;138203;180696;139530;139475;139278;180955;139613;140042;140436;149376;140205;139909;140455;140395;140437;140497;140486;140524;140483;140498;142897;140613;180895;140783;140482;140614;141228;141257;141221;180984;141234;141215;141239;180994;141218;141241;141236;141252;140525;141258;141229;180979;180925;141235;180900;141242;180922;141253;141232;141237;180913;141223;141256;180964;180893;180962;141254;180992;141220;141219;141209;180999;141250;180904;180941;141225;180983;141255;141227;141226;180990;180969;180986;141240;180977;141222;141224;141053;141238;141259;141233;180975;141310;141313;180949;141414;141308;141309;143210;141130;141637;141261;180903;141813;141777;141312;141855;141311;141856;141933;141935;141912;141413;142005;180891;142786;142752;142785;142744;142763;142791;142755;142789;142743;142780;142811;141857;142797;142764;142770;142812;142751;142814;142750;142796;142997;142760;142769;142804;142748;142774;142782;142754;142813;142805;142773;142800;142801;180934;180971;142794;142768;142759;142749;142775;142802;142756;142783;180926;142777;180950;142771;142899;180889;142803;142753;181002;142798;142762;142772;142781;142792;180917;142776;142778;141120;142787;142766;142795;142747;142767;142815;142482;180899;142761;142758;142487;142895;142488;142900;142486;142484;180890;142962;142485;142745;142799;142793;142898;142779;142784;142788;142757;142746;142965;142877;142896;142963;142961;143118;143201;143197;143372;143377;142996;146197;142964;142790;144216;143534;146200;143378;144209;144208;144206;144213;144332;144330;144331;144338;144329;144212;144336;144335;144333;144508;144563;144373;144372;144371;132945;132762;144562;133381;132946;133663;134023;133632;133711;134024;143368;134061;144375;180960;134343;133382;134342;144340;134358;144374;144561;180896;134645;144339;134359;144564;135381;144457;135433;135432;144565;136448;180948;135574;144447;180921;136388;180938;136485;137172;137225;137173;137290;137226;136727;137388;180916;180944;137821;180886;180966;180996;137697;180932;138417;180943;136022;180912;138418;138488;180954;137291;180942;180914;180974;180945;139167;139166;139541;139165;139531;139476;140082;139771;180929;140496;139164;140208;139398;140499;140789;140588;140500;140926;141395;141364;140930;141207;141365;142024;141396;142483;142676;180881;142222;141367;142765;142867;134060;143067;140084;146201;142905;146198;142868;143486;138247;143427;143535;144210;142869;144014;144711;144748;144207;144844;145012;143207;143451;144853;145006;145075;145086;145036;145539;145461;145540;145508;145462;145080;146078;146046;146077;146083;146195;146546;146441;146438;146101;146636;144940;146640;146568;146583;146638;146580;148551;146565;146768;146585;146637;146933;146867;146934;146868;147165;147141;147166;146865;147195;147167;147170;147641;146866;147213;147655;147169;147656;147861;147646;147888;147712;148183;148421;148181;148219;148035;148547;147168;146639;148343;148127;148371;148134;148423;147863;148382;148571;148398;148644;148446;148997;148713;149000;149021;148883;148998;148862;148556;148861;148884;149056;149001;162817;149059;162816;151113;149914;149213;149316;149947;149909;149943;149931;149915;149969;149922;149941;149928;149958;148999;149954;149966;149937;149964;149965;149929;149935;149936;149962;149955;149959;149924;149942;149940;149963;152764;149939;149917;155318;155325;149916;155323;149948;149968;149913;149956;155324;155348;149946;149938;149911;149923;149912;149961;149960;149918;149933;148359;149910;149790;149994;149995;149996;149927;149932;150060;149785;150133;150142;150345;150238;150349;150282;150242;150063;150153;150348;150496;150425;149993;150500;150447;150145;150426;150429;151217;150494;150725;150495;150498;150693;150449;150493;153180;150428;150344;150748;150497;150794;151150;151218;151359;150724;150723;151450;150779;151279;151284;151353;151152;151430;151432;151449;150747;151682;151926;151918;151928;151984;151982;152095;151917;151681;152184;152264;151148;152177;151925;152365;152493;152509;152496;152366;152498;152538;152494;151505;150499;152495;152512;152513;152511;152548;152549;152510;152614;152625;152616;152687;152686;152795;152617;152623;152979;152622;152907;152615;152626;153110;152978;153109;152981;152980;153241;153419;153531;153239;153240;153534;153236;153565;153765;153575;153574;152911;153237;154106;154066;154085;154097;154341;154128;154176;154353;154835;154096;153566;152093;154270;154277;154236;154433;154859;154782;154780;154271;154164;154268;154837;154844;154833;154850;154905;154902;154808;154934;154886;155978;155986;180980;155390;155969;155987;180902;155984;155967;154848;154269;153997;162815;155568;127030;149934;139474;155403;155412;155398;155406;155407;155405;155437;155387;155428;155413;155434;180919;155391;155395;155410;155396;155417;155429;155392;155415;155408;155388;155427;155397;155394;155424;155425;155421;155419;155426;155430;155422;155436;155389;155438;155400;155402;155435;155409;155420;155393;155423;155418;180952;155431;155416;155623;155399;155411;155432;155608;155617;155611;155569;155404;155610;155606;155298;155572;155563;155565;155433;155695;155567;180885;155693;155847;155564;155958;155694;155566;155845;155609;155636;155957;155844;155846;156120;155401;155993;156045;156206;155692;156243;156244;156156;156397;156147;156398;156123;144904;144907;156119;144802;146045;144905;144903;146196;146376;146096;145505;144906;146300;145700;146377;146269;148549;146299;148550;156399;146305;147804;148546;146352;148548;146534;146304;146047;146993;146989;147202;146588;146988;147205;147621;147642;147811;147203;147862;148545;147767;147840;147864;147869;147839;147865;146549;148544;147966;148258;148036;148133;148458;147204;147967;148380;148453;148642;148459;149245;149296;149049;148452;148259;148383;148088;149214;149356;149420;149421;150061;150722;155991;150299;150062;149822;150688;150778;150784;150782;150783;150941;154915;150843;150689;151281;151112;151114;151529;151948;151690;151944;151943;151954;151689;152094;146587;152195;152018;147965;152267;152382;151506;152268;152265;152744;152464;152049;154917;152598;152389;152266;152597;152465;152618;153172;152912;153210;152578;153390;180951;153558;153442;180928;153567;153559;152754;153837;153550;153665;153557;153992;153964;153443;153991;154146;154163;154145;154165;154746;154970;154845;154916;155245;155638;155616;155674;155673;154885;155615;155680;152601;154971;155869;155011;156205;155926;153838;180993;155889;155742;156116;156204;156664;156458;156663;156706;156708;156797;156876;156936;157060;156265;156800;157061;156459;156700;157121;157275;157122;157223;157159;156875;156705;156652;157277;157333;157161;157368;156910;158101;157317;157123;157335;158726;158103;158098;158108;158113;158110;157316;158099;158118;158114;158267;158332;158350;158307;158732;158796;158268;158467;158794;158881;158269;158903;158959;158956;158984;158884;158999;158998;158962;158904;158968;158797;158882;158305;157274;168074;158104;168198;168238;158970;168277;168276;168283;168426;168425;168407;168640;168645;168641;168644;168632;168278;149357;168634;180970;159212;159540;168881;159295;168197;159608;155679;159655;159607;160051;160050;159294;160186;160052;160245;160246;160212;161946;159209;159641;168633;160191;160272;160311;160413;160510;159293;160312;162798;162812;161947;161302;160310;160504;161277;160463;161275;160633;161294;161274;160632;161289;161284;161316;161310;163027;163040;161306;160379;161314;161286;161319;161293;161301;161321;161298;161276;161300;161313;161290;161304;161324;161283;161309;161297;160383;161322;161296;161318;161280;161279;161295;161305;161291;161312;161323;164330;161315;161308;161288;161278;164791;161317;161320;161307;162797;161311;161382;164801;161377;161055;161303;161379;161285;161378;168484;161066;161380;162781;168151;167054;162810;165612;162789;162809;162801;161282;161489;161381;161385;161507;162808;162793;161657;163256;161767;162787;161680;162799;161765;161771;161658;161766;161722;161792;161764;161681;162800;162803;161791;161973;161896;162814;162788;161929;162306;162332;162401;162717;162489;162587;162790;162792;162526;162676;162802;162588;162589;162307;161805;161292;162794;162811;162791;162166;162795;162783;162796;162680;162684;162804;162807;162685;162696;162677;162675;162626;162806;162716;162708;162627;162786;162784;162880;162679;162678;163261;163025;163397;162968;163448;163441;163470;163442;163513;163505;163396;163474;163471;162687;163674;163702;163810;163738;162686;163809;163742;163707;162681;163859;162683;163743;163808;163744;163929;163828;164035;164084;163854;163857;163894;164137;164436;164032;164383;164432;164004;164404;164437;163730;164427;164033;164420;164419;164394;164423;164424;164429;164826;164491;164799;165166;164518;164797;165168;165169;164142;163705;165012;165017;165172;165095;165170;165218;165203;165314;165272;164415;165519;165171;165298;165273;165309;165516;180879;165515;165318;166568;165689;165279;165713;166563;165698;165697;165699;165733;165736;165742;166104;165661;166050;166051;166090;166229;166571;166176;166365;166387;165734;165518;166368;166278;166369;166067;166363;166364;166367;166388;166570;166349;166366;166347;166512;166489;166506;166472;166438;166435;166274;166519;166513;166610;166611;166515;166573;166553;166575;166517;166518;166594;166557;166928;166953;166927;166938;166516;166565;165167;167841;166520;166937;166935;166801;162805;166936;167560;167574;167524;166609;167558;167545;167584;167561;167539;167594;167537;167581;167586;167550;167579;167559;167589;167646;167562;167547;167527;167556;167528;167592;167536;167531;167529;167575;167573;167522;167548;167577;167551;167538;167555;167563;167565;167526;167546;167585;167580;167564;167783;167553;167552;168133;167784;168056;168109;168066;167557;168070;168068;168080;168075;168064;168101;168114;168119;168069;168058;168110;168105;168067;168111;168083;168097;168120;168106;168095;168063;168108;168107;168127;168077;168086;168065;168073;168118;168076;167533;168085;168088;168102;168061;168104;168082;168071;168090;168087;168084;168100;168113;168079;168094;168115;168062;168098;168093;168078;168117;168170;168174;168235;168096;168132;168129;168164;167782;168130;168035;168179;168177;168036;168037;168257;168125;168491;168162;156476;168427;168225;168538;168236;168703;156572;156571;156574;156573;156859;157137;156858;168226;156570;168856;168839;168836;156707;168852;157164;156740;168834;158112;157291;157359;168841;157387;158471;158107;158171;168858;158492;158100;158475;158740;158359;158463;158738;158474;168237;158734;168116;158102;158795;168851;158800;158767;158792;159015;158997;158793;159016;159066;159123;159070;159071;159057;159011;159067;159117;159186;159187;159173;159184;159381;159633;159383;159553;159359;159610;159382;159587;159519;159644;159588;159604;159642;159605;159609;159183;160271;160189;159728;160495;160190;161195;160858;160681;160898;160859;160985;160983;161420;161418;161426;161417;160856;161419;161444;161488;161485;161487;161399;160917;161484;161623;161622;161649;161939;161895;162213;161648;161927;162186;161928;162219;162216;162210;162217;162218;162178;162214;162334;161486;160385;162391;162525;162423;162333;162331;162661;162813;162397;163008;162660;162886;162527;162837;163013;162732;163011;176376;163038;163039;163278;163037;163097;163114;163731;163279;163668;163036;163286;163675;163813;163807;163677;163277;163890;163966;164041;163965;163968;163969;163010;163967;164158;164136;164259;164141;164300;164299;164257;164258;163970;164297;164301;164589;164790;164537;164298;163928;164895;164893;164629;164892;165087;164286;165209;165208;165317;165315;165663;165296;165297;165243;164894;164296;163856;162220;166111;165638;158739;165639;165985;166348;165712;165984;166003;166436;163971;165088;166774;166738;166437;167630;167199;167040;167198;166702;167543;169463;166346;166797;169713;167203;169719;169982;170117;169746;169576;169977;169527;169995;169993;170044;170042;169994;167587;169988;169985;183775;167629;170045;170464;170091;170637;170158;170715;169996;170509;170092;170487;170700;170507;170469;170467;170154;170460;170537;170148;170520;170516;170484;170510;170489;170483;170488;170477;170620;170486;170498;170517;170476;170588;170461;170666;170041;170596;170499;170699;170481;170636;170521;170667;171067;170482;171071;171069;171075;170890;171221;170676;171220;171115;171112;171114;171665;171068;171666;171797;171676;177224;171754;171747;171677;171675;171840;171787;171783;172026;172000;171784;172037;171995;171801;171800;171799;171678;171997;171994;171991;172260;171992;172129;172244;172128;172245;171993;169714;172242;172257;172247;169912;169716;169914;169717;169923;171966;169910;169924;170255;169998;171219;171230;171104;171222;169715;171397;171398;171393;171396;171391;171395;170462;172035;170515;171953;171998;172674;169911;172633;172038;172663;173257;172240;173974;172679;173057;173830;173617;173266;173058;174038;173833;174419;174416;174721;173972;175006;174904;175919;175108;174905;176255;175398;176254;180935;176421;176420;180908;176423;176424;177213;174039;176893;177651;175287;177898;177129;172585;177931;177258;177895;177257;178262;178585;177935;178580;178263;177897;178261;178906;179069;178908;178905;177899;179068;179067;179071;178907;179846;179853;179844;179847;179862;179070;179854;178685;176634;179851;180456;179841;179858;180455;181226;181551;181253;181180;181323;181252;181553;181179;181251;181557;181815;181813;181555;181554;181844;181811;181392;182443;181556;181814;182698;181812;182611;181552;182795;182576;182978;182790;183270;183057;183034;183840;182977;183083;183432;182741;183249;184356;183986;184789;185497;183062;182192;184527;186625;186180;183838;185571;186181;185889;186668;186669;186693;186694;186670;186924;186671;187192;186752;186960;186926;187193;173035;186964;173258;186962;173038;173259;173048;173264;173973;173194;173049;173876;173261;173880;173859;173840;170177;173898;173848;173879;185570;173832;171798;179842;165711;166934;173456;173036;174020;173895;174143;174158;174234;174231;174417;174383;174385;174159;174431;174502;174503;174433;179867;172239;174550;174761;174551;174432;174501;174678;175009;174573;175151;174583;175008;175123;175023;175687;175010;174789;175717;175716;174753;175678;175701;175686;174762;175720;175685;175140;175721;175682;175683;175692;175695;175698;175719;175705;175694;175691;175677;175704;175697;175681;175700;175699;175684;175680;176419;175712;175696;175690;175710;175709;175703;175729;175715;175693;175702;176422;175726;175713;175679;175728;180933;175707;177896;175706;177905;175688;175986;175987;175725;175727;175708;175718;175689;175991;175724;175711;175714;180965;176306;176305;176300;176315;176297;176294;176304;176298;176276;176302;175990;176301;176303;176313;176295;176314;176292;176273;176275;176274;176309;176308;176285;181324;176272;176312;181326;176281;176286;176318;176280;176277;176311;176287;176283;176288;176317;176319;176293;176316;176462;176299;176360;176359;176358;176344;176284;176279;176107;175992;176135;175985;175993;176335;176982;176339;175978;176343;176253;176236;175994;186673;176389;186672;176337;176307;176637;176282;176734;176747;177113;175995;176733;177131;176399;177130;177357;177280;177373;176887;177331;177339;177338;177413;177336;177412;177337;177638;177344;177411;177410;177343;177498;177508;177521;177493;177335;177496;177341;177481;178265;178267;178264;177506;178266;177773;178034;178756;178708;177936;177774;178686;177835;178577;177414;178575;178584;178327;178341;178579;177845;178343;178338;178339;178035;178576;178340;178578;178715;178342;178582;178911;178683;178581;179027;178716;178839;178810;179843;178975;178583;178714;178624;179204;179066;179239;179245;178811;179234;179330;179240;179241;179244;179238;179235;179243;178684;179205;178033;179371;179852;179850;179856;179372;179865;179839;179370;179860;179859;179236;179855;179845;179866;179861;179849;179857;179864;179840;179891;179242;179878;179848;180196;179863;180228;180284;180263;180215;181124;181550;181123;179892;180349;179877;179868;181127;181325;181366;180504;181478;183884;181332;181367;181549;181365;181331;181421;181442;181441;183059;181572;181569;181568;181643;181420;181571;181330;181645;181570;181644;181754;181653;181684;181773;181642;181683;181755;182088;181774;182518;181685;182847;182610;182652;181787;182737;182846;181895;182738;182087;179237;176746;181391;182736;182609;182735;181654;182869;183235;182739;182868;183058;182796;183029;182959;182911;183084;182867;183085;183289;183389;183250;183323;183354;184314;183233;182979;183974;182912;183353;184057;183352;184317;184092;183234;183387;183322;183978;183433;183388;183742;183431;183518;183740;183290;183321;183741;183744;183739;183774;183756;183841;183973;183821;183820;183911;184059;183839;184163;184058;183819;184090;184089;184091;184316;184382;184187;185368;184381;185813;185878;184313;185822;185860;184450;185850;185823;183743;185868;184315;185851;185838;185821;185818;185845;185870;185871;185827;185877;185879;185829;184093;185875;185866;185849;185836;185865;185835;185824;185817;185848;185852;185844;185826;185872;185815;185858;185841;185876;185825;185831;185814;185843;185853;185816;185819;185828;185833;185830;185846;185854;185862;185837;185867;185834;185864;185840;185863;185857;185842;185855;185869;185856;185890;185832;185873;185847;185891;185892;185893;185894;185874;185424;185518;185861;185422;186107;185839;185496;186134;186123;186108;186125;186116;186127;186113;186122;186112;186091;186120;186110;186140;186099;186121;185820;186097;186092;186104;185423;186106;186128;186102;186103;185859;186096;186135;186114;186124;186090;186109;186136;186105;186130;186095;186129;186089;186111;186131;186098;186115;186117;186126;186100;186119;186139;186132;186133;186101;186137;186199;186197;186393;186118;186196;186094;186138;186242;186198;185956;186356;185955;186292;186355;186182;186377;186422;186354;186378;186184;186423;186522;186736;186509;186357;186376;186185;186957;186753;186965;186840;187094;187270;186839;187029;186838;187030;186959;186841;186925;186961;186200;187032;186963;187026;187089;186735;187049;187095;187092;187093;186958;187617;187183;187091;187618;187615;187483;187484;187628;187629;187979;187486;187485;187638;187863;187616;187953;188024;187907;188026;187931;187951;189142;188027;188035;187932;188033;187952;187640;189141;189164;189252;189089;189480;189166;189307;189200;187930;188074;189253;189167;189378;187980;189591;189376;189379;189202;189380;189359;189589;189590;189760;189516;189515;189862;189628;189918;189863;189864;189754;189838;188034;189865;189919;189927;188028;189920;189900;189861;189606;68857;189180;79445;187968;189839;189666;79446;189921;189201;79452;79448;79450;79451;79449;189517;79454;79453;79456;79457;79458;79460;188025;79462;79461;79459;183086;186093;79464;79447;187090;79467;79466;68878;79471;79468;79465;79469;79470;79474;79455;79472;79482;79475;79479;79478;79481;79484;79480;79476;79486;79488;79485;79473;79490;79477;79492;79491;79489;79497;79494;79495;79496;79504;79499;79501;79500;79487;79483;79503;79502;79498;79509;79513;79507;79515;79514;79508;79511;79506;79493;79518;79512;79517;79510;79523;79525;79519;79522;79527;79526;79529;79521;79530;79532;79528;79534;79535;79536;79531;78236;79539;79537;79516;78234;78235;79533;79520;78238;79524;79538;79541;79540;78239;79544;79546;79545;79505;79550;79552;79542;79549;79554;79553;79551;79548;79547;79556;80279;79543;80007;80247;80248;79557;80394;80280;80929;80439;81118;80008;80395;81103;81119;81012;79555;80928;81903;81695;81948;81726;81967;81904;81696;81768;81767;81968;82983;82691;81874;82066;83108;83483;84004;83484;83485;84140;83966;84141;83967;84390;84139;84891;85038;84440;85140;85139;85037;84203;85142;85141;84257;81694;82692;83482;85145;78237;85147;85148;85143;85188;85146;85493;85138;85528;85340;85236;85783;85733;85968;85784;86802;85237;85527;86216;85529;86669;86782;86613;87232;86670;87273;87801;86882;87303;87167;87333;87800;88169;87803;87802;87489;88446;88034;86781;88170;88171;88689;89066;89020;87366;89982;90019;88858;88783;89860;89817;90138;89818;90298;90139;90988;91153;91155;91154;90989;91295;90076;91741;91740;91739;91742;91316;90385;91747;91745;91744;91750;91743;91753;91751;91749;91748;91752;91755;91754;91419;91756;91746;91280;91800;91776;88737;92600;92691;92602;91777;92659;93036;92601;92783;93395;92854;93038;92658;93679;93037;92782;93709;93761;93680;93397;94065;93908;93907;94229;93793;94497;93792;94227;94095;94430;94228;94534;94535;94650;94226;93396;94498;95045;94931;94930;95380;95280;95279;94929;95278;95618;95046;95619;95794;95621;95620;95760;95795;96073;95796;95366;95599;96071;96517;96074;96519;96300;96591;96520;96521;97058;96947;96518;96522;96946;97120;96590;97410;97079;97409;96072;96790;97316;94909;97412;85144;97119;91775;97908;99080;99077;99078;97486;99082;99079;99081;99076;99391;99113;99390;99164;99163;99568;99976;99569;100090;99977;99975;99162;99392;100238;100236;100205;100398;100116;100948;100399;101040;100237;100529;100585;101196;101140;101195;101199;100115;101252;101198;101197;102064;100530;100586;102062;102835;102906;102573;102063;102907;102625;102905;103830;102065;103404;103403;103593;102908;104201;102774;104138;104203;103592;103627;104454;104137;104453;104249;104204;105249;105146;104202;105147;105248;105718;105251;105644;105717;105521;105643;105250;104136;105762;101200;106243;106120;106226;104619;106469;106524;107129;108360;108823;106291;107248;106121;106706;109157;108940;108941;109334;109114;108864;107130;107249;109668;109426;109667;109544;110072;109830;109545;110580;109987;110791;110110;109989;110526;110305;110581;110884;109988;109158;111021;111022;111023;110306;111772;111992;112282;111049;112170;117377;117764;117512;111773;117846;118052;118962;118050;119010;118963;118051;118708;119566;119484;119292;122087;121605;122573;124638;124013;123482;125104;125664;125615;126020;119823;126669;122837;112024;125105;124637;126140;119277;125754;110792;127565;105761;129370;129550;127566;129137;130884;130923;129986;131150;131208;134611;135572;137170;137128;137739;136071;138416;132666;138415;140168;140018;126021;137217;127975;141383;140361;142884;142943;140169;144837;143454;143132;140019;146248;141374;147899;150463;145565;143148;139442;150986;150906;150475;151464;150180;152398;152045;151049;153582;154016;154858;154015;156595;155945;156598;156597;159526;153221;162772;159525;164040;155946;158127;160508;164039;164818;164020;160505;168722;166048;164817;172364;168501;172363;179927;174014;179928;179930;168502;169515;150464;173270;179926;181504;158121;184349;184449;183198;186732;86316;10170;181126;126670;97411;79463;155414;174005;80157;108803;11024;31467;49806;10171;138072;134709;138222;134708;134710;136817;136825;138034;136818;155598;153136;137242;142873;138035;136810;136824;138042;136816;142874;136819;136823;136811;138041;136813;136812;136762;136815;136822;138036;136821;136814;142876;137880;137899;137904;138221;138220;137900;140502;140530;140529;140526;140527;141350;140528;138331;140516;140522;142875;148574;144932;148560;152506;144930;152505;153140;152507;152523;153141;142872;153146;153135;140576;153213;155592;155596;155594;155595;157862;155307;155597;161056;159713;175374;155593;174512;159362;164071;177330;166087;158760;186890;174515;186889;186913;72817;186837;72820;72821;72824;72826;72825;72823;72819;72822;182189;155591;186909;186905;175386;138038;72883;72818;78586;81167;80281;73138;83816;78587;89687;86906;91673;90775;92942;85535;95478;99438;93125;122348;122822;123512;123557;89688;124009;122757;123079;129502;129302;137279;126786;128413;128414;126787;128508;133266;148123;134305;136826;126819;176474;148845;137355;148974;122259;132040;135904;176475;138335;135903;135755;157876;135898;72828;135756;100419;105295;91969;72829;91971;93126;91675;105297;105296;105298;103222;91674;111065;95925;101164;96531;91970;138334;138037;105299;112161;106143;135690;80888;86186;133858;91676;20283;47697;31462;38914;70683;25768;183241;25764;183242;182808;182807;19944;35976;66334;72827;104811;159591;20743;65549;44048;44047;11693;64853;73689;24246;64852;26025;26063;36162;55928;59317;58410;78689;21697;72282;59969;97947;57318;47802;40663;38866;34205;91784;59194;40986;59195;55436;52042;50706;43862;10180;187379;18591;137326;137327;137632;64670;156380;31410;10183;99727;130024;63349;104031;168365;130127;63353;63350;63354;65854;63351;64669;83818;63348;81300;63352;88808;86422;94610;100260;102527;97435;107226;106842;118936;111966;127905;93050;110288;137078;125264;133966;148419;126309;104574;149850;164433;144060;152683;179922;127906;63355;173964;161801;175601;65856;18202;90423;179921;139746;65857;65855;185732;16309;91826;40947;63347;168364;15417;110976;11456;11916;10483;63346;73380;90797;23976;72659;73379;18616;151440;81497;150850;59114;150958;81496;176567;178016;177082;181880;25344;189183;186483;177371;177756;187209;53916;146386;146582;166980;142056;144327;137857;184141;148406;184145;184151;184148;184155;184159;148407;184160;184139;184135;184147;184138;69318;82297;57365;123418;105154;81669;71156;12018;57364;180273;180578;156198;150162;139240;145534;181215;139241;138897;138898;179667;118333;177307;179666;186698;186697;186699;65810;65811;143479;168861;164121;182514;56044;10931;168008;65930;65929;58847;20395;26061;58848;24761;25347;22336;25123;21556;30204;26916;29698;27626;29982;33130;34119;38988;35437;31735;45388;48323;49260;51062;40929;59113;55764;25703;66636;56667;84505;69422;72706;87848;12226;78678;21561;85662;11506;24268;17637;90544;20136;11999;86148;62890;50434;48907;50612;51814;44119;57863;62065;57025;59173;76458;71772;63289;14278;27591;65630;69472;21140;20183;25573;20184;17254;55908;18558;27522;15395;50022;31418;15789;12044;34461;32195;11496;33744;53409;12635;88862;12633;12303;178961;12302;12631;12305;12309;12306;12304;12632;12313;12307;12310;12317;12311;12318;12312;12315;12319;12314;12321;12322;12323;12320;12316;12308;12329;12327;12326;12332;12325;12331;12330;12328;12338;12336;12335;12333;12334;12340;12339;12337;12346;12344;12343;12345;12351;12342;12349;12348;12347;12354;12352;12355;12358;12357;12359;12361;12353;12360;12356;12350;12364;12324;12363;12366;12370;12365;12368;12371;12369;12341;12367;12373;12377;12374;12378;12380;12382;12379;12376;12375;12372;12386;12388;12383;12392;12387;12394;12390;12384;12391;12393;12389;12381;12398;12395;12385;12399;12400;12396;12404;12401;12405;12403;12408;12407;12409;12402;12411;12413;12412;12410;12406;12415;12417;12416;12419;12421;12420;12418;12426;12423;12422;12428;15652;12414;12397;12424;12431;12425;12430;12427;12436;12432;12439;12437;12433;12440;12443;12435;12442;12441;12434;12445;12444;12438;12451;12449;12448;12447;12453;12452;12450;12459;12457;12456;12460;12455;12462;12446;12464;12458;12454;12466;12461;12465;12467;12470;12469;12472;12468;12474;12477;12476;12478;12473;12475;12484;12480;12482;12483;12471;12481;12487;12485;12491;12488;12489;12493;12486;12497;12499;12492;12495;12500;12494;12498;12496;12429;12502;12504;12503;12506;12479;12463;12508;12490;13658;14625;12507;14595;13854;12505;14311;12509;14215;12636;12511;13653;14624;14211;14212;13846;14696;13652;13853;14698;14310;15427;14240;14326;14213;14802;12510;14739;14623;14309;14697;14380;14239;14737;14596;15411;15412;14736;14735;14740;15410;14801;14738;15440;15537;15409;15426;16016;15959;15958;15943;15535;15428;15441;14734;14214;15700;15630;15629;15944;15633;16017;15632;15960;15536;16018;15533;16009;15741;16019;15631;15945;15532;15995;15990;15702;15947;15991;16039;16041;15992;16145;16053;15701;16109;16221;16040;16108;16054;16295;15946;16144;16147;16366;16244;16148;16159;17338;16110;16149;17168;17166;16222;17169;17171;17170;18017;16211;17167;17165;17173;17172;16263;17174;16297;17994;16296;16298;17176;17178;16384;16264;16146;17177;15534;17179;12501;17175;16160;17181;19827;17146;17182;17185;18309;16361;17186;17180;18441;17184;16367;17183;16385;17188;17187;17189;16368;17190;17148;16370;16369;17207;16386;17192;17149;18310;18442;17265;17129;18443;16371;17147;17340;17252;17310;17191;18311;17622;17264;18312;17589;17266;19542;18160;18018;17270;17267;17269;18128;17644;18313;18161;17624;17365;17995;17623;17591;17268;17590;17645;17625;17339;17646;17660;17979;17366;18093;17626;17628;17659;19828;19672;19986;17980;17680;18108;17627;18469;18278;18019;17679;18095;19283;17981;18129;19829;18110;18109;18196;18147;18130;18094;19691;18163;18111;18280;18197;19988;19987;18198;18500;18148;18162;18385;18253;18444;18239;18238;18408;18470;18240;18407;18390;18241;18409;18422;18389;18421;18387;18472;18423;18554;18388;18473;18279;19688;18475;18386;18474;18471;18510;18476;18501;18556;18555;19989;19990;18557;18512;18511;19543;19390;18648;18635;19830;19380;18688;18657;19296;19285;19213;19268;19422;19409;19673;18594;19381;19331;19332;19831;19284;18687;19410;19277;19832;19286;19412;19411;19994;19993;19991;19424;19297;19992;19490;19544;19674;63829;63828;19675;20044;19491;19488;19677;19425;19833;19834;19413;20047;19714;20046;19713;19489;20045;19676;19423;19835;19837;20050;20049;20051;20059;20107;19836;20238;20204;20104;19995;20058;20060;20106;20141;63830;20206;20146;20208;20360;20105;20270;20362;20361;20269;20207;20144;20268;20143;20364;20366;20237;20365;21086;20205;21031;21088;21030;20732;21089;20367;21032;21087;20145;21029;20752;21033;20922;20398;20751;20753;20482;20481;20965;20399;20856;20855;20899;20857;21042;20400;20480;20733;21034;20048;17621;19712;20898;21005;21043;12362;20886;21090;21135;63832;21134;21181;21362;21232;22084;21180;21363;21287;20858;20363;63831;21286;21288;22085;22219;21365;22086;20966;21592;21366;21594;21721;22068;21367;21257;22220;21637;22043;21683;21636;21915;21638;22044;21682;22069;22221;21722;21672;22045;21916;22110;22054;22111;22015;22222;22330;21593;21364;22070;22071;22291;22112;22149;22223;22113;22150;22122;22151;22121;22114;22202;22293;21595;22264;22292;22224;22331;22088;22265;22243;22345;22346;22443;22463;22344;22358;22266;63833;22359;22360;22442;22347;22472;22474;22444;22473;22523;22525;23676;22940;22918;23678;23631;22896;23680;23677;22357;23683;22524;23681;23797;23684;23682;23993;23961;23960;23798;24010;24009;63834;23959;23962;24211;24676;24315;63835;24363;24212;63836;24259;24896;24317;25312;24316;24364;25313;24318;25238;23679;22201;63837;24314;24319;24696;24320;63838;24677;63839;24833;24707;25315;24708;24774;25317;24678;63840;24724;24697;25316;63841;24775;25319;25318;24949;25321;25320;25066;25065;25322;24951;25323;25325;24950;25327;24897;24948;40703;25326;25324;40702;25068;25139;25136;25140;25138;25145;25142;25137;25158;25141;25143;25329;25328;25330;25135;25331;25213;25332;25144;26903;25333;25193;25362;25269;25192;25538;27828;25239;25334;25146;25067;28235;25268;25267;25364;25363;25365;25404;25270;25366;25604;25477;25519;25367;25476;25479;25478;25539;25481;25605;25482;25480;25520;25607;25540;25523;25722;25522;26189;25606;25609;27830;25608;25984;25521;25723;25610;25611;27831;27832;25686;25622;27829;25724;25725;63842;25624;25876;40704;25727;25726;25924;25828;28238;26050;28236;25751;25815;25752;25818;25817;27834;25816;25829;28237;25797;28239;25877;25985;25878;25986;28241;25753;25819;25454;27833;25314;40706;40705;26108;25623;28240;40707;25948;25987;26190;26109;63843;25970;25988;26051;26191;27564;26052;26110;26112;43833;26951;27035;25989;26906;26954;26953;26952;26905;27565;40709;40708;26907;27036;26955;28201;26111;27645;27052;26904;27616;27567;28202;27570;27568;28242;28243;27569;28244;27566;36860;28246;28363;27571;28168;37484;27602;36380;27835;27840;27839;27852;27853;27646;28247;63845;28245;40710;27837;27838;36457;28248;63844;27836;27644;28366;28364;28169;43834;28353;28367;29302;28354;28368;29301;29774;29235;63846;29203;63847;29303;29204;29775;29692;29736;29693;29778;29777;29875;29975;29776;29773;29737;30002;29974;29977;30003;29976;31448;29876;40711;30034;29956;30035;29955;30090;30001;30140;30004;30245;32419;30247;31086;31159;30246;40714;31305;40713;40712;30091;31162;31306;31984;31185;31160;63848;31161;31307;31163;40715;40716;31985;33247;31616;31308;29954;31186;28365;31389;31617;32018;63849;32019;63850;31388;31754;40717;31755;31618;31619;31757;31756;32160;40718;31694;32420;40719;32354;31987;31986;32161;32162;32021;40720;31695;63852;40721;32022;32163;31988;31840;43836;32020;63853;32355;32421;63851;32391;32112;32356;32472;32424;63855;32422;32426;63854;33783;32471;32423;33096;32429;32428;33248;33086;33151;33098;33376;63856;33377;33087;33097;33153;32427;63857;32425;43835;43838;33154;33156;33510;33152;33192;33191;33157;43837;33512;33462;33250;33423;33511;40722;33579;33425;33578;33495;33497;33580;63858;34953;33528;33424;40723;33249;33530;33529;33463;33830;34954;63859;33496;34955;34057;33475;43841;40724;43840;33581;33583;33585;33582;40725;33865;33586;43839;33784;33884;63860;63861;33584;63864;63866;33570;63865;34023;34058;33892;34063;34054;34065;63862;33893;63863;40726;33571;33155;31595;27563;34288;63867;34274;34034;34064;34190;40727;34328;34466;34191;34333;34275;63869;34329;34465;34330;34464;40728;34384;34690;34751;40729;34696;34505;35190;34841;34763;34691;63870;34764;40730;43842;34229;34811;34842;34956;34467;35179;35038;35180;35182;34752;35181;40732;40731;35191;35183;40734;40733;40736;40735;35323;35316;35300;35315;35357;35317;35318;35192;35652;35381;35358;35302;40737;35324;35319;35551;35434;35433;35429;35586;63871;35653;40738;36014;35645;35178;35615;35301;35721;35654;35617;35605;36029;35722;35772;35919;35616;35774;35757;35918;36015;36069;35775;63873;38870;63872;36098;35776;35970;35944;63874;35972;35971;36099;35773;63876;63877;35946;35945;36097;35947;40740;40739;36031;36030;36065;36111;40742;36044;63878;36113;36115;40741;36032;36043;36178;36160;36177;36213;36159;36180;36114;36181;37605;36214;38193;38660;38659;40743;35585;38709;36112;63875;38710;38768;43843;40744;36179;38819;38769;40745;38818;38816;38820;38732;38874;38872;38871;38945;63879;38922;63880;38873;39307;39370;39306;39411;39412;38821;38817;39369;40746;39431;39432;39413;39526;39461;38983;39430;39529;39527;39528;39525;39531;39597;39583;39530;39599;39598;39798;63885;63883;63882;39850;39799;40340;39770;39584;40341;40401;40400;63884;40432;40431;40433;40440;40342;63888;40441;40439;63886;40541;40487;40749;40747;40748;63887;40402;40510;63889;40543;40544;40609;63881;40640;40766;40765;40639;40814;40795;40834;63891;40837;40836;63890;40608;63893;63892;40782;40835;40901;40840;40839;63895;40922;40921;40923;63894;41032;41942;41008;41031;63897;40902;41620;63899;41065;40998;63898;41951;41962;42064;42077;40838;42065;42160;42161;42134;42162;42135;42159;41963;42165;42164;42285;42216;42430;42287;42286;42312;42357;42313;42359;42360;42358;42288;42431;40542;38661;42469;42455;63896;63900;42456;42790;42163;42828;43844;63902;42890;42944;42470;42850;43046;63903;42945;63901;43047;42946;43846;43078;43048;43079;43080;63906;63905;43845;43169;63909;63908;63907;43168;43170;63910;43178;43081;43180;43627;43179;43819;43821;43820;43628;63904;53539;63912;43882;63911;44029;44062;44030;44104;43883;44063;44386;63914;44105;63916;63918;43868;43597;44605;63917;44634;44652;44633;44635;44430;43171;44651;63915;44666;63919;44973;44956;63920;46263;44924;44957;46267;46266;46270;46269;63913;63922;63921;46268;46264;46271;46273;46276;46272;46278;46277;46275;46282;46281;46265;46286;46284;46285;46274;44974;46283;63924;63925;46288;46290;63923;46280;46291;46279;46293;46292;46289;46295;46300;63926;46298;46299;46296;63928;46294;46302;46297;63927;63929;46304;63932;63931;46305;63930;46306;46308;46307;46309;46310;46303;63933;46287;44665;46301;46684;46681;63934;46833;46835;46683;46834;79274;46780;63935;63936;47027;47034;47044;47043;47118;79275;46735;47869;46682;47871;47017;47872;47117;47873;47877;63938;47870;47874;63937;47879;47119;47875;63939;47882;47881;47884;47880;47026;47885;63941;48210;48212;48232;63940;63942;48231;48211;47886;48257;47876;48312;48258;63944;47883;79276;79277;63943;48313;63946;63948;63949;63947;48314;48423;48252;48751;48934;47878;48935;48400;48899;49128;63952;49130;49131;49129;63951;53540;49133;63945;49232;49301;63950;49640;63953;47905;49744;49233;49639;49132;49785;63955;49747;49796;49745;49749;49748;49800;49797;49799;49798;50037;49974;50009;49746;49802;49990;63954;49786;49801;50040;50077;50039;50297;50078;50340;50341;50079;50361;50363;50362;50446;50447;50473;50408;50407;50360;50630;50537;63957;50629;50631;50632;63956;50635;50636;50639;50634;50638;50641;48750;50637;50640;50633;50474;46665;42432;50620;50644;63958;50038;50647;63959;63868;50643;50648;50646;50841;50703;50645;50840;50853;50851;50869;50871;50850;63960;63962;63963;63965;63964;51072;51108;51110;51153;51155;51109;51056;50870;51107;63961;51133;51197;51157;51183;50852;51354;51355;63966;51410;51357;51500;51154;51452;51523;63968;51524;51522;51432;51417;51358;51563;51562;51570;63967;51589;63970;51571;51671;51569;51811;51825;51672;51561;51827;51867;51866;51869;51826;51590;51918;51156;51917;52487;51993;51952;51933;63969;51995;52007;63971;53535;52020;63972;52009;52008;51994;63973;52064;52063;52062;52488;52492;52496;52490;52495;52491;52021;52493;52489;52065;52494;52161;52524;52542;52594;52607;52596;52605;52578;63974;52595;52709;52606;52700;52628;52627;52750;52749;52608;52764;52701;53206;53207;63975;52761;53205;53291;53204;53246;53293;53292;53329;53311;53328;52763;53310;52497;53352;51868;53400;53399;53445;79278;53245;53483;63977;53371;52762;53525;53580;63978;53500;53482;53583;53582;53630;53631;53584;53370;53819;53646;53821;53853;53867;52760;53874;63980;53911;63979;53820;53581;54591;54593;54592;54596;54595;63981;54594;54600;53873;54599;54926;54941;54597;54601;54928;54930;54929;54932;54984;54933;54931;55012;55011;55013;54598;55014;55016;53526;55160;63982;55010;54590;63984;55159;54927;55398;55400;63986;55450;54925;55399;55452;63985;55401;55015;55539;55519;55451;55598;63987;55597;55520;55584;63989;63991;63988;55626;55616;63990;55643;55644;63992;55645;55635;55646;55684;55642;55585;79279;63993;55685;55726;55727;55756;55724;55809;63994;55755;55667;55647;55710;55725;55854;55824;55825;63995;55856;55879;63996;55855;55882;55964;55917;55965;55966;55880;55999;63976;56110;56001;55813;55636;63983;63997;55881;56031;56029;56030;56027;56028;56047;56086;76632;56111;76634;56113;56188;56205;56032;76633;56170;64000;63998;64002;56112;64001;56252;64003;56250;56251;56304;56254;56278;56255;56253;63999;56383;56114;56405;56327;56411;56410;56329;56328;56534;56235;56505;56533;56404;56553;56561;56560;56552;56463;79280;56579;56628;56661;56578;64005;64004;56741;56709;56636;56743;56740;56745;56698;56699;56326;56577;56744;56811;56866;56859;56742;56927;56867;56989;56942;56974;56991;56990;56975;57013;64006;57011;57012;57015;64007;57016;64008;57019;57018;57017;57036;64009;57022;57021;57020;57014;57037;57023;64011;64010;64013;64014;64012;57081;57295;57054;64015;57312;57311;64016;57391;57310;57408;79281;64017;76635;57356;57296;57464;57409;57492;57482;57481;57494;57594;57493;64020;64019;57491;64021;57676;57657;57677;57746;64018;57679;76636;57678;56766;57759;64022;57053;57595;57789;57761;57748;57787;57788;57760;57821;76637;76638;57823;57822;57870;64023;64026;57820;79282;57929;57928;64027;57871;64024;57957;57991;57956;57992;57931;57969;57930;64025;64029;64028;58027;58054;58053;58052;58055;58057;58056;58060;58059;58062;58061;57993;58064;79283;57995;58067;58066;58083;58085;58058;58084;58065;58068;58194;58111;76639;64030;58284;58086;58261;58063;57994;58361;58338;58339;58262;58285;58407;58394;79285;58508;58507;58510;64031;58523;58509;79284;58672;58674;58673;58441;57885;58718;58676;76640;58442;58772;58675;79286;58719;58773;64032;58867;58840;58866;58868;58841;76641;58586;64033;76642;58882;78922;58940;64034;76643;64035;59030;59029;76644;59028;59106;64036;59031;59223;59253;59222;78924;59224;78923;59392;59306;78925;59363;59307;59383;59424;59490;59468;59467;64037;59423;58869;58298;56000;57747;59492;64039;59584;59489;59564;64038;59562;59586;59563;59585;59592;59593;64040;59590;59595;59587;59591;59588;59598;59597;59637;59594;59596;64043;59600;59636;59638;64042;59589;59751;59712;64044;59721;64041;59752;59753;59844;59599;64047;78926;59711;59947;64045;59946;78927;64048;59982;59952;60058;60011;60010;60009;60008;60076;60057;78928;64050;60124;61376;60160;60159;61390;61378;61403;61389;61377;61405;61546;76645;64051;61452;76646;78929;61454;61559;64049;64046;78930;61604;78931;61404;64052;61618;61654;61691;61603;61768;61690;61653;61689;61705;61767;61704;78932;61770;64054;62001;61793;64056;64053;62056;64055;62055;78933;62069;62070;62089;62088;62093;62024;76648;62091;62087;76650;61769;62092;76651;76649;62209;62169;62195;62170;62303;78934;62405;62406;78935;62196;62471;78936;76652;64057;62472;62542;62541;62473;62505;62572;78938;78937;62544;62613;62615;62614;62543;64058;76647;64059;62090;62407;62755;62636;62732;62771;62833;64060;62916;62772;62834;62923;62922;62897;62917;62931;64062;62932;62857;64061;76653;64064;78940;62981;64065;64063;78941;64066;78942;63105;63162;63152;78939;64068;63182;63190;62930;63258;64070;78943;64069;63292;64071;63293;64072;119427;63404;62980;76233;63405;63406;63408;64074;64073;63409;63407;63412;63411;63415;66879;63445;63413;63416;63414;63410;64075;64067;63403;119429;63465;119428;63534;78944;63466;64076;63590;63641;63662;63675;64077;63676;64079;63663;64280;78948;64388;64387;78947;64281;119430;64392;64390;64391;64466;64080;64465;64479;78946;64468;64393;119431;64498;64520;78945;64517;64519;64564;64627;76234;64696;64695;64694;64628;64389;64565;64746;64518;64747;76235;64748;64751;65171;64754;64756;64750;64755;64758;64752;64761;64760;64749;64757;64467;64697;64759;64753;63446;64765;64763;64768;64769;64767;64771;64766;64773;64764;62635;64772;64770;64794;76654;76655;64775;76657;76658;64774;78949;76656;65172;78950;64943;64924;64945;65004;64903;119432;64793;64944;64904;65007;65041;65006;65071;65069;65070;65082;78951;65075;66880;65084;65083;65074;65073;65200;65072;65203;65085;65205;65207;65202;78952;119433;65204;65544;65201;78953;76659;65543;65173;65238;65562;65005;65237;65206;65625;78954;65626;65651;65697;65728;65677;65698;65678;65605;65652;65781;65729;65714;65779;65905;119434;119435;65863;119437;65922;119439;65938;66192;65976;78955;119436;119438;65992;65780;66013;66015;65990;66030;66014;66211;66029;66212;66225;78956;66331;66403;66213;66440;66437;66370;66438;66489;66457;76660;66971;66488;66458;66459;66523;66522;66525;66537;66536;66524;65561;78958;66439;65991;76236;66659;66690;78957;66660;66662;66705;66661;78959;66771;78960;66707;66772;66706;78963;78961;66773;66882;66949;66883;66939;66853;66948;66980;66979;66940;67184;76661;76238;76237;67219;67239;67238;66981;78964;68865;67240;68866;79288;68900;79287;78962;68944;68901;68921;69110;69011;68922;78965;69161;69111;69012;78966;78967;69162;69222;69255;119341;76239;69341;119342;69413;69256;72261;76662;69315;76289;69254;76664;78969;78968;69160;69778;69777;119343;69493;69882;78970;69502;69883;78971;69823;69795;72238;79289;69851;76665;119344;78972;69944;70013;70010;69943;76667;70163;70114;70244;70011;70243;70246;70012;76290;76666;71188;70247;70250;70248;70387;70371;70249;70466;70451;78973;72237;70488;70327;70348;70536;78974;70553;70555;78975;78976;70695;70601;78977;70602;70694;70554;70600;70489;70696;70245;76663;66550;59491;64762;50642;70697;20900;76669;70792;70771;70793;70871;70755;70870;78979;78978;71000;71001;70999;71004;71002;71005;71003;71006;70791;70913;71008;71009;71013;71012;71015;71010;71018;71011;71017;78980;71014;71019;71093;71189;78982;78981;71225;71007;78983;71016;71224;71900;71243;71290;78984;71242;71292;71389;71291;71335;71293;71369;71337;78987;78986;78985;78988;72390;71336;76670;78990;71516;78989;76671;71612;78991;76187;71613;71878;71909;71962;71877;71557;71558;71190;71390;71370;71987;72060;78994;71986;72161;72059;78992;78993;72209;72196;72274;72273;72317;72318;72319;76672;72320;72363;78995;72364;78996;72454;72420;72499;78997;72474;72498;72497;72568;72643;72678;72567;78998;119345;78999;72321;72736;72473;72737;119347;72793;72810;72698;72853;72794;119346;76673;79000;72975;72923;72976;73071;73011;73010;79001;72854;73090;79002;73091;73174;73113;73198;73199;73175;73281;73283;73295;73284;79003;73326;73325;73396;79004;73282;71963;79006;72679;73072;73586;73451;79008;73452;73585;79009;73608;79010;79007;79012;79014;79013;73587;79011;73678;79015;119348;119349;73705;76675;79016;76674;73780;73782;73781;119350;73901;119351;79017;76676;73663;74005;119440;74020;73796;79019;74032;79018;74031;74102;119352;79021;76240;74144;119353;76241;79023;79022;74204;74206;79020;74300;74207;74205;74346;74303;74304;74301;74348;74347;74302;79026;73937;76677;76889;79028;79027;79024;76893;76890;79029;76891;76899;76894;76897;76895;76898;74460;76892;74458;76896;74459;74485;79030;119354;74486;74461;119356;76244;76156;79031;76243;76901;119355;76242;76274;76900;76293;76292;79290;79032;79108;79034;76902;79033;76398;76444;76678;76401;76679;76399;76446;76903;76549;76445;76550;76400;76516;76585;79035;76515;79109;79110;76696;76698;76697;76680;76904;76291;76447;79025;79005;76700;76905;76749;76751;79036;79111;76750;76906;79112;79038;76908;76997;77012;79037;79039;76907;77014;77016;79113;77079;77046;77080;79114;77015;77082;77078;77141;77193;77142;77013;77083;77143;77195;77243;79040;79041;77178;77081;77271;77298;77386;77464;77519;79043;77518;77356;79044;77523;77522;77357;79042;79047;79045;77626;77561;77567;79046;77628;77696;77661;77627;79049;77521;77695;79048;77698;77697;77520;77806;77741;77826;77194;79050;77815;79051;77828;77827;78007;77979;78006;79052;77896;77895;78023;78008;78073;77980;79053;79055;78408;78405;79054;78406;78414;78407;78412;78409;78410;78413;78411;78009;78415;78457;78456;78459;78503;78502;79057;78533;78535;78534;78532;78458;78594;78595;79056;78621;78620;79058;78722;78735;79291;78736;119441;78759;78758;79060;79116;78760;78884;78840;79061;79115;79059;78909;78455;77699;79117;79205;78867;79204;79303;79228;79207;79203;79302;79327;79206;79378;79328;79352;79377;79351;79329;79326;79380;119357;79426;79425;79597;79596;79684;79685;79595;79682;79711;79848;79710;79737;79736;79850;79849;80012;79683;80009;80010;79379;80011;80013;80097;80074;80073;80159;80116;80072;80115;80098;80161;80213;80160;80214;80216;80215;80096;80505;80440;80469;80408;80470;80396;80506;80544;80507;80508;80930;80878;80879;80881;80882;80880;79851;80509;80388;81014;81013;80932;81032;81035;81034;81033;81069;81068;81070;81104;81143;81159;81158;81071;81036;81244;81203;81202;81292;81290;85712;81293;81201;81204;85714;81340;81468;85713;81339;81291;81471;81470;81472;146265;81474;81475;81200;81626;81504;81506;81624;81473;81625;81539;81628;81630;81629;81627;81636;81633;81632;81505;81635;81634;81639;81638;81661;81640;81637;81728;85704;81664;81663;81727;81905;81750;81769;81662;81469;81631;76699;81907;80931;79202;81969;81908;117467;82492;82018;82291;81949;82290;82017;82427;82493;82292;82467;82494;82495;82519;82496;82466;82619;82636;82637;82067;82758;82790;82656;82693;82791;82846;82810;82811;82896;82895;82909;82809;82564;82984;82812;82910;82908;82897;82986;82985;83027;83161;83028;83172;83343;83173;83132;83048;83424;83407;83406;83410;83409;83412;83411;83408;83426;83428;83427;83430;83432;83431;83429;83425;83753;112239;83536;83537;83405;83754;83844;83843;83808;84076;84005;83987;83986;84111;84077;84075;83968;84188;84204;84142;84355;84143;84258;84225;84189;84391;84359;84358;84357;84420;84392;84360;84356;84466;84422;84112;84467;84465;84535;84610;84660;84486;84609;84787;84631;84789;84788;84871;84872;84873;84758;84936;84820;84911;84937;84940;84942;84941;84938;84945;84944;84946;84892;84939;84893;84948;84947;84943;84912;84950;83433;84952;84421;84953;84951;84976;84977;84955;85040;84978;84954;85039;85041;85069;85068;117306;85248;85149;85238;119358;119359;85715;85249;84956;85341;85705;85372;85441;85442;85342;85716;85396;85295;85494;85496;85373;85563;85495;85530;85070;85531;85497;85615;85617;85616;85643;112240;85645;85644;85680;88636;85618;85717;85971;85969;85718;85970;119360;85975;85973;85974;85976;85999;85972;85443;85978;85619;86000;117307;119361;85979;85981;86097;119362;86200;86702;86099;119363;85980;86844;86306;86098;117308;86242;86201;86412;86396;86411;86414;86362;86439;86361;112241;86523;86526;86241;86525;86597;86561;86524;86413;86614;86562;86625;86488;86560;86717;117309;86745;86716;86719;86718;86845;86559;87043;86744;119364;86893;86966;86746;86910;86862;86929;86968;86930;86967;86928;86931;86932;86973;86933;86934;86970;86558;86971;86972;86969;86935;85977;84949;86936;86861;86937;86978;86975;86979;86977;86981;86980;86976;86983;86985;86984;86987;86989;86986;86988;86982;86991;87044;86990;87046;87048;87047;87045;87179;87100;87099;87102;87050;87191;88571;87190;87837;87049;87101;87193;119365;87194;87195;87233;88572;87234;87274;88573;87335;87334;87275;87305;87306;87307;87304;87397;87452;87337;87399;87454;87453;87398;87458;87457;87490;87664;87637;87455;87519;87336;119366;87192;87754;87805;87804;87807;87456;87806;87811;87855;87812;87856;87937;87808;87886;87999;87810;87809;88036;90077;88035;88073;88075;88074;88072;88077;88173;88172;88404;88574;88405;119442;88076;87998;88447;88449;88448;88506;88481;88480;88479;88557;88555;88554;117310;88558;88618;88617;88556;88482;88588;88785;88746;88675;88690;88787;88786;88784;88793;88791;88790;88789;88859;88794;88406;88792;88788;88890;87665;89068;112242;89069;89067;89070;89072;89071;89096;89720;119367;89097;89771;89772;89819;89774;89773;89073;89820;89983;89821;89862;89955;89954;89985;89984;89986;89917;90079;90114;119368;90078;90140;89861;90116;89956;90117;90141;90181;90180;90179;90302;90261;90184;90182;90300;90183;90301;90299;90386;90388;90387;90990;90391;90390;90389;90494;90493;90492;119369;90491;90496;90495;90530;90498;90343;90115;90490;90615;90499;90500;90668;90616;90570;90672;90671;90748;90818;90750;90819;90670;119370;90669;90852;91034;90853;90882;90749;91033;91074;117311;91073;91075;90881;91036;91076;91037;91035;91077;90851;91114;91115;91079;91078;91116;91080;119371;91118;91156;91157;91214;119372;91246;91245;91179;91117;91381;91317;91307;119374;91383;91382;91380;91440;91536;91449;119375;91495;91497;91496;88889;91420;119373;91038;86974;81906;91621;90497;91711;91642;91757;91805;91801;91724;91802;91804;91852;112171;91872;91988;91851;92399;91803;92030;112243;92398;92044;92400;92451;92401;119376;92490;92509;92508;92578;92579;92552;92510;112244;92604;92580;92029;92603;92692;92695;92694;92693;92697;92718;92717;92814;92837;92836;92856;92858;92855;119377;92696;117312;92938;93039;92941;92940;92939;93043;93041;93040;92748;92995;92857;92553;93070;93044;93042;93119;93095;93149;119378;93094;93364;93339;119379;93450;93269;112246;93365;119380;93451;93502;112172;93555;112245;93556;93452;93504;93586;93642;93503;93762;93763;93681;93784;93805;93826;112173;93785;93858;93951;93950;93891;93843;93764;94066;119381;94103;94035;112247;94104;112248;119382;94130;94131;94150;94189;94191;94190;94188;94265;94105;94314;119383;94230;94316;94315;94313;94318;94462;94348;94453;94431;94192;94452;94454;94317;94499;93118;94500;93952;94502;94501;94538;94536;94537;94503;94540;94542;94541;94545;94544;94547;94543;94546;94539;94549;94551;94550;94553;94555;94554;94559;94552;94558;94557;94560;94562;94564;94548;94563;94568;94561;94604;94567;94603;94566;112250;94605;112251;94606;94556;94569;94623;112249;94624;94626;94666;119384;94651;94667;94625;94897;94911;94910;95047;94912;94937;94920;94896;119385;95291;110330;95024;95465;94565;95381;94665;95562;110331;95382;95820;119386;95622;110332;95600;95981;96038;95983;96039;95563;95982;96267;110333;96306;96309;96308;96403;96307;95819;96312;96310;96402;96313;96480;96311;96040;96523;96428;96593;96560;96524;96592;96595;96972;96596;96594;96597;96971;96650;112174;96652;96754;96651;96693;96598;96825;96756;96920;96867;96949;96791;96922;96824;96948;97011;96826;97010;112252;96973;96921;96755;95292;97009;94463;97013;97060;96525;97062;97095;97121;97061;97199;97200;97059;97348;97294;97350;97374;97373;97349;97414;97413;97460;97487;97462;97463;97185;97461;97491;97490;97488;97489;97509;97465;97492;97464;97511;97375;97514;97512;97513;119387;97596;97595;97594;97548;97930;97928;97630;97929;97629;97931;97717;97628;97766;97750;97767;97844;97769;97871;97792;97768;97823;97878;97872;97875;97873;97877;97876;97880;97882;97822;97874;97718;97510;97881;97884;97932;97885;97886;97883;112253;112254;97911;112256;97910;97909;112255;97933;99338;117313;99337;99336;99339;117314;99344;99340;99342;99341;99346;99345;99501;99348;99335;99453;99455;99347;99343;99431;99502;112175;99571;99574;99570;99504;99503;99650;99682;99572;99684;99651;99683;100142;99573;100047;99652;100095;100143;100093;100091;100144;100092;100094;100118;100239;119388;100172;100119;99454;100021;100315;100117;97879;100240;100317;100316;100318;100287;100346;100345;100288;100371;100455;100400;100453;100401;100454;100508;100370;100457;100452;100532;100531;100533;100631;100534;100587;117315;112259;112258;100660;100777;117316;112176;100716;100456;100892;100890;100801;100778;100893;100979;100891;100899;100897;100896;100895;100901;100900;100898;112260;100980;100981;100894;100949;100950;100983;100982;101077;101099;101078;101101;101103;101102;101100;101253;100902;100833;112261;101255;101360;101254;101023;101385;101799;101518;101786;101384;101386;101880;101882;101881;102140;101939;102012;112177;101879;102139;102142;102141;102090;102147;102145;102102;102144;102146;102143;102104;102105;102148;101883;102109;102107;102106;102103;102112;102111;102110;102108;102115;102114;102113;102154;102153;102151;102152;102150;102155;102156;102118;102119;102158;102157;102117;102187;102348;102306;102304;102349;102305;102250;102149;102350;102159;101141;112257;102116;97012;102492;102412;102535;102519;102518;102517;102536;102574;102411;102538;102634;102537;102520;102692;102575;102813;102727;102951;102971;103038;102775;102950;103040;102909;103042;103043;103039;103349;103045;103119;103167;103046;103169;103044;102726;103171;103041;103170;103205;103239;103206;103172;103242;103208;103350;103240;103453;103241;103243;103209;103207;103352;103406;103493;103492;103407;103408;103497;103405;103465;103495;103496;103499;103526;103494;103498;103351;103561;103562;103168;103630;103628;103633;103686;103527;103632;103687;103629;103631;103805;103804;103915;103766;103956;103685;104006;104004;104090;103916;104005;104003;104091;104092;103957;104139;104267;104140;104250;104251;104170;103958;104372;104116;104457;104205;104458;119389;104456;104620;104538;104493;104541;104539;104568;104567;104622;104566;104800;104700;104540;104802;104840;104774;104621;104775;104801;104865;104839;104949;104987;104950;104951;104988;104842;104843;103500;105018;104841;104986;104699;119390;104455;105029;105209;105092;105091;105069;105367;105252;105267;105268;105369;105368;105479;105345;105407;105210;105269;105523;105522;105524;105560;105525;105527;105526;105530;105529;105561;105531;105562;105533;105532;105559;105528;105563;105565;105564;105566;105568;105674;105569;105673;105567;105607;105605;105606;105609;105603;105675;105610;105602;105604;105677;105679;105645;105676;105682;105681;105743;105678;106089;106088;105672;105646;106182;106244;105680;106183;106248;106247;106245;106250;106246;105608;106256;106252;106254;106255;106249;106251;106253;106329;106330;106334;106333;106331;106525;106332;106574;106335;106573;106553;106651;106671;106616;106615;106650;109427;109428;106925;106336;107053;107082;107019;107018;107016;107017;107190;107114;107188;107186;107287;107187;107081;107207;108324;107189;108323;108325;108322;108277;108276;108328;119391;108326;108327;107208;108329;108274;107058;106122;105017;108331;108275;108395;108361;108362;108332;108397;108448;108643;108480;108865;108396;107191;108869;108868;108866;108644;108982;108983;108867;108986;108985;108989;108987;108988;108984;108990;108994;108992;108999;108993;108995;108997;108996;108998;108683;109027;109026;109160;108942;108991;109117;109116;109194;109009;109299;109195;109115;109302;109300;109303;109301;109336;109305;109339;109337;109307;109338;109306;109335;109387;119395;119398;119399;119397;119392;119396;119394;109070;109304;109390;109389;109443;109388;119393;109441;109566;109567;109546;109568;109570;109633;109444;109391;109569;109634;109442;109636;109638;109640;109754;109831;109637;109670;109639;109641;109833;109669;109835;109834;109755;109832;109837;109635;109905;109642;109838;109906;109907;109843;109840;109839;109847;109845;109844;109841;109842;109909;109992;109990;109993;109846;109908;109996;109994;109997;109991;109995;110073;110218;110217;110216;109999;109998;110219;119400;110001;109836;110215;110074;110003;110002;109910;110007;110075;110004;110011;110009;110008;110005;110013;110012;110010;110018;110015;110016;110076;110006;110017;110080;110078;110081;110084;110077;110082;110079;110083;110086;110085;110112;110114;110113;110116;110111;110014;110120;110118;110117;110087;110280;110220;110119;110405;110281;110406;110221;110467;110506;110468;110279;110603;110541;110600;110507;110602;110605;110604;110608;110607;110632;110601;110630;110708;110618;110631;110115;110692;110654;110606;110711;110710;110793;110713;110469;119401;110712;110795;110715;110714;110796;110885;110798;110797;110716;110755;110794;110758;110756;110754;110799;110800;110759;110757;111027;111026;110999;111028;111001;111030;111029;111000;110753;110919;111033;111032;111145;111146;111148;111147;111034;111256;111342;111257;111322;111324;111323;111321;111327;111326;111255;111364;111486;111487;111365;111490;111515;111491;111366;111492;111493;111489;111516;111514;111488;110000;108330;111325;91632;102410;110709;111031;111774;111729;111728;111727;111731;111733;111732;111730;112027;111775;111736;112028;111735;112029;111776;112030;112026;111734;111804;111994;111805;119403;111803;112131;112104;119402;117317;112178;112134;112133;117319;117318;117321;117320;112179;112284;111802;117323;117447;119404;117324;112132;117470;117469;117468;119405;117494;117535;117587;117398;117625;117680;117626;117773;117771;117774;117471;117775;117772;117776;117780;117777;117778;117784;117781;117783;117816;117818;117681;117817;117322;117782;117912;118028;117779;117972;117895;118029;118127;118030;118126;117971;119407;118128;118077;118163;118185;118165;118164;118162;119406;118513;118187;118370;118369;118371;118374;118372;118373;118375;118377;118515;118514;118517;118519;118516;118376;118186;118520;118518;118521;118523;118524;118525;118529;118527;118526;118528;118533;118532;118535;118536;118531;118537;118534;118530;118539;118726;118544;118545;118540;118543;118541;118542;118552;118547;118548;118551;118553;118546;118554;118550;118549;118522;118538;118558;118557;117865;118560;118556;118583;118582;118788;118559;118787;118789;118785;118786;118744;118793;118815;118943;118862;118945;118816;118791;118944;118790;118745;118864;118865;118946;119408;118947;119410;118948;119112;119409;118964;118792;118950;118863;119076;119075;119167;119411;119412;119170;119169;119172;119171;119175;119294;119413;119174;119330;119168;119415;119487;119416;119485;119489;119486;119331;119568;119443;119705;119173;119734;119797;119736;119799;119735;119488;119758;118949;119414;120979;119803;119802;121173;120978;119801;121337;121280;121203;119800;121380;121338;121448;121379;121325;121143;121454;121452;121451;121450;121528;121501;121453;121502;121530;121529;121531;121586;121585;121606;122112;121449;122110;121527;122142;122111;122329;122332;122175;122330;122292;122333;122335;122337;122336;122334;122331;122463;122442;122465;122636;122635;122637;122464;122606;122526;122737;122638;122739;122441;122639;121587;122634;119798;118555;122525;122738;122711;122713;122712;122840;122839;122806;122841;122807;122843;122886;122939;122866;123056;122771;123123;122842;122993;123146;122865;123432;123486;123434;123433;123916;123914;123647;123488;123964;123987;123989;123963;123915;123487;124049;123990;122994;124015;124136;124099;124098;124255;124233;124232;124138;124257;124258;124256;127087;124137;124665;124838;124261;124662;124260;124664;124663;124668;124669;124671;124667;124673;124672;124670;124691;124259;123988;124841;124693;124692;124666;124840;124752;124842;124845;125011;124847;124846;124839;124844;124843;125014;125034;125012;125013;125033;125036;125039;125038;125015;125037;125118;125041;125042;125040;125045;125044;125047;125046;125043;125051;125035;125049;125117;125050;125120;125119;125122;125123;125192;125121;125193;125127;125126;125125;125195;125194;125128;125124;125197;125052;125199;125198;125054;125201;125200;125053;125382;125240;125383;125239;125322;125347;125048;125196;125381;125384;124690;125445;125590;125446;125691;125712;125690;125711;125756;125713;125616;125842;125692;125714;125841;125806;125939;125840;125872;125969;125970;125967;125915;125940;125968;125973;125976;125972;125978;125974;125977;126057;126026;125975;126027;126030;125971;126058;126028;125805;126084;126087;126086;126029;126250;126301;126251;126252;126088;126089;126085;126319;126321;126320;126323;126452;126489;126322;126675;126558;126521;126520;126677;126676;126453;126559;126594;126679;126025;126302;126612;126611;126681;126709;126682;126680;126712;126757;126759;126761;126711;126758;126710;126941;126940;126939;126943;126973;126972;126942;126760;127033;127619;127622;127618;127623;127621;127032;127620;126762;127626;127628;127627;127633;127632;127630;127631;127629;127635;127625;127638;127637;127636;127640;127643;127642;127641;127634;127647;127639;127645;127646;127648;127651;127650;127649;127653;127655;127654;127657;127659;127658;127656;126678;127652;125385;127624;127644;122659;127661;127663;127662;127665;127667;127666;127664;127674;127670;127669;127671;127673;127672;127676;127675;127680;127668;127682;127679;127683;127678;127681;127686;127688;127687;127690;127692;127684;127691;127685;127689;127694;127696;127700;127677;127695;127698;127699;127697;127702;127703;127706;127710;127705;127701;127708;127704;127712;127707;127714;127709;127716;127715;127713;127717;127718;127722;127719;127720;127828;127986;127878;127832;127831;127721;127877;127830;127829;128068;127693;127987;127992;127988;127990;127711;128106;127989;127991;128069;128406;128515;128109;128108;128107;128205;128407;128299;128408;128446;128448;128450;128449;128447;128498;128496;128495;128452;128658;128657;128516;128497;128659;128300;128451;128660;128849;128536;128664;128661;128627;128662;128853;128665;128852;128850;128855;128851;128663;128859;130185;128857;128860;128858;128856;128962;128985;128666;128982;129143;129142;128983;127879;129037;128854;128984;129089;128517;129038;129266;129039;129040;129145;129041;129331;129092;129091;129265;129147;129148;129090;129268;129149;129396;129270;129267;129272;129271;129269;129146;129275;129332;129274;129372;129273;129333;129150;129374;129479;129276;129519;129480;129517;129371;129518;129516;129576;129740;129804;129742;129741;129738;129862;129520;129860;129739;129957;129861;129863;129865;129864;129867;129992;129958;129991;129959;129994;129859;129993;129960;129996;130044;129866;130042;130043;129373;130140;130046;130141;130041;130045;130190;130187;130188;130331;130189;130155;130249;130186;130250;130154;130330;130354;130251;130248;130375;130372;130376;130373;130374;130371;130382;130380;130379;130381;130378;130377;130384;130417;130418;130416;130332;130445;130443;130444;130383;130529;130527;130526;130419;130528;130531;130530;130533;130446;130535;130532;130537;130540;130539;130541;130536;130538;130546;130545;130547;130543;130551;130549;130544;130552;130550;130548;130385;130542;129144;130534;130554;130556;129995;130555;130557;130559;130561;130560;130558;130567;130565;130564;130563;130569;130568;130566;130572;130571;130573;130562;130575;130739;130738;130741;130745;130574;130743;130740;130746;130744;130742;130747;130749;130748;130570;130929;130927;130926;130925;130931;130935;130928;130933;130930;130934;130998;130999;131001;131000;130932;131005;131003;131049;131004;131051;131053;131052;131050;131212;131152;131211;131153;131210;131154;131151;131176;130924;131214;131002;131216;131217;131298;131215;131374;131218;131299;131376;131300;131177;131378;131524;131522;131377;131525;131379;131375;131527;131380;131528;131523;132223;131529;132224;131677;132226;132225;131530;132222;131676;131675;131975;131976;131678;131526;131747;131919;131746;131748;131719;131920;131978;131749;131981;131921;131980;131979;131985;131983;131984;132031;131977;132228;132227;132230;131982;132232;132231;132234;132235;132229;132392;132669;132382;170322;132330;132393;132331;132233;131986;132882;132685;131213;131745;132883;132686;132687;132701;170311;170331;132948;132700;132887;132885;132947;132884;133022;132886;133023;133025;133027;133026;133124;133156;133158;133157;133125;133028;133127;133164;133159;133162;133160;133163;133166;133165;133168;133126;133024;133161;133189;133246;133191;133221;133188;133222;133190;133249;133248;133223;133281;133280;133247;133283;133285;133284;133282;133336;133334;133337;133333;133287;133338;133383;133335;133386;133385;170326;133477;133446;133478;133387;133445;133480;133286;133167;133384;133485;133481;133484;133482;133487;133633;133483;133634;133486;133636;133712;133639;133638;133664;133516;133635;133747;133637;133640;133751;133748;133713;133750;133749;133753;133752;133784;133786;133785;133824;133825;133942;133746;133787;133783;170285;134025;133943;134028;134026;134029;134027;133944;134031;134033;134032;170351;134034;170321;134062;134065;134068;134067;134066;134063;134030;170354;134144;134192;170341;134147;170312;134145;134146;134259;134064;134148;133941;134098;133479;132684;127660;134262;130553;134390;134261;134264;134389;134557;134263;134391;134267;134558;134392;134266;170307;134271;134269;170293;134272;134344;134360;134270;134268;134265;170343;134393;134361;134827;170292;134615;134439;134613;134666;134394;134838;134612;134665;134670;134667;134345;134614;134676;134671;134673;138073;134826;134672;134832;134668;134674;134833;134669;134834;134828;143082;134831;134830;134675;134869;134867;134868;135230;170353;134829;134837;134860;134857;134895;134870;170339;134939;134858;143006;134861;170334;134943;134836;134941;134859;135035;135052;134825;135044;135073;135080;135070;135066;136321;135075;135058;135076;135049;135077;135061;135038;135064;135069;143095;135079;135047;135054;135055;135063;135040;135034;135036;135042;135043;135059;135062;135060;135051;135068;135074;135056;135046;135048;135057;135078;135072;135037;135067;135053;135095;135045;135065;135041;135033;135050;135081;135085;135082;135088;135071;135087;170306;135083;135090;135089;135086;135091;170348;135174;135092;135184;170287;135175;135185;135173;135259;170290;135176;135084;135183;135258;134940;170305;135039;135256;135233;135234;135242;135232;135236;135231;135253;135254;135241;135240;135244;135272;135239;135250;135243;135245;135235;135247;139382;135248;135246;170288;143039;135249;139381;137244;135414;137246;135415;135251;137245;135252;136038;135288;135459;135460;135456;135457;135458;143035;135769;143038;135687;135689;135686;135461;135685;135684;135688;135876;135691;135767;135788;135776;135772;170323;135905;135768;135774;135775;135908;135861;135875;139379;135773;135862;135909;135910;135692;135912;135915;135913;135874;135770;136045;135911;135914;135927;143041;143040;143032;143042;143037;136044;136058;143018;143019;136116;136053;136040;136042;136050;136048;136117;143008;143016;136059;143015;136041;136057;143029;143031;136039;136114;136052;136113;143011;143023;136054;136115;136049;136118;143004;136046;136051;143009;136043;143010;136056;136055;136047;143012;143020;136062;136063;136112;136320;136060;136102;136101;136065;136319;136064;136061;143013;135257;170300;136111;143034;170352;136181;136188;136185;136184;136344;136585;136351;136342;136322;136354;136343;136187;136350;136353;136352;136470;136477;136471;136476;136498;136495;136480;136186;136479;136500;136478;136499;136494;136349;136518;136519;136526;136475;136525;136517;136496;136521;136516;136523;136582;170313;136522;136558;136520;136524;136609;136584;136611;136583;170329;136717;136610;136713;136718;136976;136714;136738;170299;170344;136739;143017;136977;136586;136737;136736;136735;136740;170315;170318;136497;143003;137062;170330;143022;136900;137061;137060;136899;170357;136912;170335;136913;136898;139378;136974;139380;143021;136975;170294;137059;137069;137082;143075;137063;137083;137186;137139;170355;139384;137070;137881;137066;137140;137237;138387;137064;137239;137240;137278;137236;137204;137273;137275;137276;137561;137313;137305;137274;137238;137277;137306;137562;137727;137315;137309;137314;137307;137667;137312;137395;137311;137396;137324;137668;137394;137333;137325;137334;137414;137331;137308;137310;137138;136820;137412;137363;137393;137335;137360;137359;137409;137330;137410;137560;137411;170314;137726;138026;138029;138032;137413;137666;137704;137665;137664;137756;137709;170350;137707;137669;137708;137705;137710;137755;137706;137715;137832;137563;137830;137829;137833;137831;137895;137834;137750;170356;137711;137751;137894;143005;137749;137759;137752;137760;137882;137775;137885;137896;137884;137897;143027;137883;137893;138022;138013;138217;137892;138020;138021;137828;138023;138033;138028;137758;138031;138030;138089;137898;170308;138142;138027;138145;138090;138144;138141;138146;138143;138157;138162;138155;138154;138160;138161;138159;138169;138158;138173;138156;138384;138171;138170;138178;138185;138186;143086;170284;138153;138383;138447;138386;138388;138450;138451;138765;138500;138382;139455;138505;138172;138504;138609;138502;138556;138557;138565;138558;138842;139006;138606;138566;138559;138803;138806;138802;139041;138764;139383;138187;138805;170327;170295;138807;136103;138798;138809;138801;138799;138810;170319;138804;138811;138843;138800;138808;138849;138846;138847;138850;138844;138886;170336;138879;138845;139042;170333;139072;138885;139038;139194;139187;139198;139199;139188;139195;139183;139192;138848;139200;139332;139197;139190;139234;139191;139189;139331;139201;139186;139196;139285;139286;139289;139288;139294;139287;139283;139296;139292;139291;139293;139321;139322;170289;139290;139295;139320;139193;139284;139323;139335;139376;139319;139334;139375;139385;139467;139462;139336;139460;139463;139461;139465;139482;139481;139511;139508;139464;139466;139620;139537;139616;139617;139538;139618;139621;139622;139670;139623;139669;139674;139671;139673;139672;139772;139807;139515;139619;139919;139809;139854;139808;139920;139811;139851;139810;140110;140083;140120;140121;140127;139860;140124;140130;140129;140204;140489;140407;140389;140579;140394;140393;140399;140400;143033;140461;140390;140392;140128;139333;140397;140396;140391;140490;140488;140398;170309;140485;140484;140493;140435;140492;140494;140434;140523;140581;170320;140582;170316;140602;140487;140746;140598;140597;140750;143030;140594;140745;140747;140599;140780;140781;140779;140748;141125;140782;140749;141042;143088;143077;140778;141041;143068;141028;140587;141015;143078;141029;141047;143089;141024;141044;141025;141016;141056;141050;143092;141048;141051;143080;141060;141058;141013;141017;141010;141021;141040;143079;141031;141023;141033;143073;141037;143087;141018;141038;141020;141027;143074;141043;141039;141035;141055;141012;143091;141022;141032;141014;143096;141030;143094;143072;141036;141045;143028;141011;143007;143014;143024;143026;141046;141128;141034;143025;141026;141057;141306;141059;143069;141019;141088;170317;141089;141049;141086;141123;143085;141087;141129;141127;141305;170347;141124;141126;141085;143070;141196;170286;170349;141174;141184;141200;141197;141201;141265;141199;141264;141454;141814;141453;141307;170297;141457;141455;143084;141260;140460;141458;141536;141175;141052;141540;141628;170296;141582;142034;170304;141577;141547;141580;141606;141581;141548;141627;141546;170310;170302;141826;170303;141811;141774;170324;141812;141816;141817;170291;142002;141819;141911;141818;141603;142004;142009;141823;142006;142003;142007;142025;142452;142028;142030;170345;142008;142400;142392;142429;142430;142396;142418;142385;142436;142404;142029;142426;143093;142378;142432;142399;142393;143090;142448;142428;142433;142389;143071;142379;142391;142380;142414;142440;143076;170325;142384;142403;142377;142382;142398;142441;142413;142381;142442;142427;142417;142401;142407;142383;142387;143083;142434;142431;142394;142402;142435;142416;142449;142405;143081;142451;142439;142445;142408;142437;142446;142397;142395;143097;142444;142443;142375;142386;142438;142415;142388;142410;142374;142447;142409;142406;142390;142454;142450;142463;142458;142453;142459;142476;142460;142455;142474;142469;142461;142478;142479;142477;142475;142480;142471;142457;142470;142412;142376;142643;142674;142672;142705;142707;142675;142696;142704;142699;142708;142709;142700;142703;142698;142715;142906;142710;142702;142697;142701;142714;142863;142706;170342;142871;170332;142864;170301;142982;142907;142973;142992;142994;143054;143162;143364;143161;170328;143164;143240;142716;143199;143198;144199;143213;143235;143163;143212;143209;143208;142972;143211;143205;143236;143239;143237;143202;143238;143203;143200;143281;143241;143279;143369;143276;143365;143278;143277;143280;143370;143204;143275;143160;143366;144200;170346;170338;145070;170337;170340;143469;143474;143472;143473;143604;143606;143442;143605;143602;143607;143601;144116;144113;144115;144410;144114;144201;144205;144203;144553;144204;144382;144399;143603;144420;144273;144389;144202;144276;144281;144274;144414;144404;144552;144280;144402;144384;144421;144275;144380;144400;144551;144392;144390;144423;144415;144393;144418;144385;144379;144377;144409;144391;144383;144378;144381;144406;144422;144396;144412;144401;144403;144397;142673;141456;143036;111623;144419;170298;134260;70703;144398;144376;144387;144407;144408;144509;144405;144394;144416;144413;144417;144395;144604;146810;144411;144386;144505;144522;144506;144512;144507;144511;144510;144556;144557;144560;144554;144555;144550;144559;144548;144605;144558;144705;145089;144753;144765;145049;144754;144942;144846;144848;144845;144850;145229;144847;144872;144941;144871;155786;144937;144939;144931;144934;144996;145088;145087;145082;145079;145083;145085;144935;145042;145044;145067;145068;145077;145227;144706;145226;145074;144936;145076;155781;145243;145500;145406;145493;145498;145497;145494;145495;145496;145499;145492;145242;145403;145405;145408;145404;145701;145440;145443;145407;145543;145506;145507;145503;145545;165124;145541;145544;145788;145536;145790;145704;145786;146076;146082;146072;146073;145789;146075;146055;146081;146074;146093;146095;146071;146079;165149;146080;146210;147015;146566;146379;146382;146381;146316;146378;146434;146383;165165;146492;146439;146491;146094;146432;146380;146431;145787;145043;165111;146532;146541;146533;146536;146537;146545;146551;146584;146542;146540;146535;146547;149504;149507;149503;146550;147013;146801;146793;146809;146815;146813;146803;146816;146817;146822;146930;146821;149506;146929;146811;155780;146812;147018;146820;147011;147014;147010;147016;146932;147017;146955;146959;146961;146957;146960;146953;146951;146956;146952;146954;147707;147009;147140;147012;147139;147138;147199;147142;147143;147198;147200;147196;147023;147197;147201;147208;147209;146931;146950;147215;147214;147232;147194;147207;147365;147210;147212;147234;147809;147233;147706;147235;147643;147808;147805;165113;165133;165112;147236;147841;147807;147806;147833;147827;147835;147810;147828;147836;147837;147829;147838;147842;147832;147834;148117;147866;147830;147826;147867;147879;147886;147881;147831;147882;147880;148247;148032;148018;148118;148019;148016;148122;148017;148224;148119;148121;148116;148114;148215;148316;148115;148888;148113;148490;148886;148893;148887;148890;148246;148889;148020;148120;148249;147868;147211;146493;148256;148319;148331;148390;148329;148317;148332;148328;148369;148330;148370;148379;148394;148368;148852;148397;148572;148333;148489;148566;148540;148460;148564;148561;148570;148542;148543;148569;148568;148562;148684;148567;148685;148393;148771;148808;148770;148769;148768;148857;148807;148876;157845;148877;148851;148858;148806;148892;148860;148854;148879;148878;149063;148881;148880;148903;148943;148950;148942;148981;148983;148985;148982;148906;148945;148989;148993;148853;148563;149024;149028;149258;148988;148990;149235;149029;149060;149243;149027;149240;149091;149025;149236;155782;149239;149242;149319;149317;149435;149444;149445;149441;149318;149442;149321;149695;149793;149876;149978;149241;149664;149698;149677;149443;149670;149705;149657;149686;149680;149703;149690;149679;149706;149678;149682;149693;149652;149692;149697;149687;149676;149655;149654;149683;149671;149712;149662;149702;149691;149710;149656;149660;149658;149674;148984;149701;149669;149688;149653;149694;149684;149659;149672;149696;149709;149713;149663;149689;149700;149708;149667;149665;149675;149714;149685;149707;149681;149760;149668;149792;149711;149721;149726;149724;149735;149723;149720;165164;149816;149811;149841;149722;149980;149817;149813;149666;149725;149840;149839;149835;149998;149997;165147;149904;149898;165116;165129;150075;150433;150118;150289;150117;150295;150296;165153;165118;150125;150701;150135;150123;150124;150126;150700;150136;150147;150127;165127;165126;150149;150146;150128;150290;150294;150148;165139;165144;150291;150293;165137;149815;165121;150161;165114;150323;150321;150326;150785;150322;165150;150786;150375;165132;150346;165122;155785;150389;150829;150350;150392;150808;150810;150393;150388;150379;150378;150391;150390;150381;150347;150382;150377;150376;150383;150387;150818;150421;150820;150386;150825;150422;150812;150817;150827;150813;150826;150819;150434;150816;150815;150432;150757;150759;150828;150501;150758;150795;150756;150822;150766;150792;150776;150781;150790;150823;165130;148257;155783;149673;150814;150775;150380;150780;152103;155784;151290;150821;150844;150853;150824;151276;150852;151018;150951;151117;150845;151115;151426;150991;150963;151149;151140;151116;151135;151136;165162;151142;151141;151143;151153;151139;150950;151427;151138;151289;165143;165131;151445;151454;151446;151428;151846;151579;151580;151493;151453;151857;151578;151864;151862;151872;151854;151856;151871;151886;151850;151845;151843;151887;151863;151867;151889;151842;151858;151888;151855;152003;155787;151929;151671;151668;151669;151670;151137;151811;151914;152080;151908;151913;151912;151911;151852;151675;151844;151849;151927;151865;151861;151848;152001;152074;151910;152077;152097;152440;151909;152133;152076;152347;152355;152005;152132;152585;152354;152348;152346;152350;152353;152447;152446;152438;152740;152444;152351;152445;152449;152439;152442;152443;152451;152448;152450;152605;152584;152441;152590;152586;152604;152606;152593;152592;152595;152600;152352;151859;152589;152603;152577;152579;152580;152602;165128;152621;152627;152613;165159;152832;152661;152620;152599;152968;152678;165160;165148;152619;152688;152689;152778;152779;152874;152828;152781;152863;152829;152902;152862;152903;152975;152660;152906;152926;152908;152904;152965;152934;152932;152939;152935;152923;152924;152955;152964;152925;152938;165136;152922;152972;152940;152931;152937;153102;152933;153098;152929;176330;153099;152977;152930;152905;153096;153095;153097;165115;153100;153094;153103;165119;165138;165158;153104;165163;153228;165146;153233;165135;153231;165156;165154;153235;153238;153229;153234;153371;165151;153370;165123;153404;153230;165120;153242;153523;153403;153513;165157;153405;153525;153518;165141;153524;153834;153552;165125;153522;153232;153553;153832;165142;153777;153833;153764;153887;153803;153873;153886;153776;153940;154019;153835;153804;154024;165134;154018;154022;154071;154072;154084;165140;154077;153902;154046;153517;152581;154023;154076;154086;153101;154075;154048;154074;154083;154078;154080;154136;154049;154070;154135;154081;154082;154170;154134;154313;154169;154168;154311;154293;154294;154307;154143;154310;154320;154251;154252;154260;154737;154255;165152;154669;154667;154261;154254;154324;154335;154333;154309;154334;154312;154419;154306;154420;154670;154668;154437;154938;154421;154856;154784;154781;154855;154832;154830;154838;154666;154847;154834;154831;154836;154843;154846;154854;154842;154840;154887;154893;155292;154910;154891;154909;154295;154849;154947;154841;154943;155105;154942;155151;155132;155172;155058;155197;155085;155193;155201;155200;155168;155178;155217;155090;155152;155194;155210;155169;155110;155091;155073;155224;155181;155089;155159;155112;155167;155080;155190;155209;155094;155165;155171;155160;155216;155072;155207;155144;155059;155092;155212;155079;155111;155155;155100;155219;155093;155170;155133;155208;155150;155122;155153;155211;155101;155179;155185;155103;155071;154944;155225;155214;155126;155146;155086;155106;155082;155114;155087;155192;155203;155088;155148;155096;155107;155206;155202;155204;155081;155102;155164;155158;155218;155182;155108;155183;155104;155149;155109;155115;155021;155023;155074;155022;155335;155113;155223;155334;155332;155333;155612;155215;155368;155364;155360;155371;155359;155386;155336;155367;155366;155361;155385;155599;155378;155376;155384;155618;155544;155542;155377;155654;155613;155684;165155;155689;165161;155691;155365;155075;155614;155685;155686;155688;155831;155690;155728;155720;155755;155858;155682;155719;155718;155725;155743;155765;165117;155763;155764;155756;155746;155762;155745;155833;155891;155830;155835;155832;155937;155941;155820;155927;155741;155931;155736;155868;155955;155928;155956;155940;155971;155968;155950;155988;155951;155985;155983;155954;155995;156005;155977;156037;155966;156003;156038;156004;155976;156109;156107;156111;156106;156127;156134;156126;156129;165145;155184;156044;155974;150777;156201;154047;155890;156108;156247;156202;156225;156128;156249;156248;156251;156246;156250;156452;156454;156465;156453;156463;156261;156726;156464;156548;156716;156655;156659;156632;156658;156653;156730;156656;156657;156905;156696;156728;156729;156727;156735;156739;156660;158870;156736;156737;156774;156734;156792;156788;156738;156733;156874;156798;156873;156819;156865;156866;156878;156869;156872;156912;156793;156913;157045;157044;156909;157046;157051;157056;157054;157052;157099;157100;157089;157049;157053;157133;157111;157095;157071;157135;157132;157091;164873;156731;157106;157136;164872;164870;164852;164861;157904;157166;157134;157183;157264;157168;157226;157165;157167;157265;157270;157269;157268;157296;157880;157309;157311;157267;157314;157331;157313;157163;157312;157285;157363;157384;157362;157376;157364;157336;157337;157417;157411;157374;157412;157375;157451;157418;157414;157466;157420;157465;157366;158119;157454;157415;158066;157875;157874;157861;157854;157455;158047;157873;158056;157295;157097;158055;158075;158096;158071;158057;158082;158077;158093;158074;158120;158076;158078;158080;158132;158106;158070;158129;158356;158326;158368;158116;158215;158260;158248;158323;158266;158264;158261;158347;158262;158322;158216;158324;158325;158321;158333;158115;158327;158351;158334;158360;158263;158353;158349;158556;158354;158504;158464;158505;158735;158555;158727;158741;158565;158355;158674;158745;158811;158814;158993;158812;158804;158813;158805;158803;158806;158822;158802;158808;158810;158873;158809;158736;158341;158815;158816;158924;158918;158913;158912;159185;158907;158914;158950;158807;158942;159165;159168;158948;158906;159114;158923;158943;158947;158949;159030;159000;158951;159119;159041;159108;159121;159122;159120;159214;159213;159118;159216;158952;159201;159194;159195;159215;159199;159196;159197;159169;159166;159218;159198;159210;159289;159226;159167;159296;159200;159291;159301;159282;159288;159285;159290;159284;159287;159275;159298;159297;159286;159299;159217;159292;158048;159283;159274;159222;159310;159319;158895;159398;159399;159314;159470;159467;159660;159469;159520;159508;159521;159468;159489;159531;159539;159538;159533;159552;159551;159622;159596;159595;159603;159597;159613;159635;159612;159646;159623;159664;159653;160020;159691;159649;159614;159731;159999;159724;159688;160030;159727;159669;159912;159908;159901;160033;160015;160255;159913;159903;160055;160021;160022;160238;160031;160039;160032;160192;160187;160037;160231;160229;160226;160454;160215;160210;160198;160023;159650;160240;160227;160224;160243;160228;160237;160241;160225;160288;160242;160313;160455;160512;160321;160378;160320;160256;160244;160230;160414;160415;160417;160418;160476;160515;160416;160503;160509;160534;160514;160539;160513;160541;160624;160384;160634;160635;160520;164866;160966;161052;164869;161045;160637;161023;161046;160996;161051;161035;161036;161003;161021;160994;161019;161017;161050;161000;161009;161001;161028;160998;161026;161027;161044;161030;161040;161041;161018;161042;161024;161010;160621;161005;160232;161033;161032;161014;161008;161006;161022;161029;161011;161012;161048;161047;161039;161034;161015;161049;161020;161037;164859;160999;161013;161016;161031;161072;161083;161152;161073;161038;161079;160995;161074;161076;161068;161069;161070;161067;161071;161355;161081;161082;161078;161168;161077;161080;161161;161155;161216;161084;164858;161215;164875;164845;161151;164847;164851;164876;164863;164844;161354;161358;161366;164868;161368;161361;164853;161240;161619;161462;161443;161475;161075;161620;161490;161641;161491;161471;161631;164862;161511;164856;161625;164849;161635;161638;161632;161642;161637;161643;164874;161678;161673;161675;161662;161679;161677;161709;161676;161705;161674;161639;161704;161719;161718;161672;161640;161710;161720;161708;161779;161776;161783;161770;161726;161782;161769;161781;161784;161772;161763;161780;161815;161835;164860;161816;161985;161795;161832;161987;161814;161817;161898;161925;161818;161897;161905;161911;164855;161796;161910;161923;161965;161706;161963;161964;161621;162135;164878;160997;164848;161967;164854;161966;164865;162158;162299;162149;164850;162161;162160;159390;164857;162298;162231;164877;162229;162230;162165;162300;162297;162326;162304;162302;162325;162305;162327;162329;162487;164846;162478;162164;162303;162581;162301;162486;162575;162477;162580;162573;162571;162583;162666;162584;162578;162652;162654;162649;162582;162653;162663;162572;162658;162651;162479;162632;162644;162630;162646;162574;162637;162634;162647;162643;162579;162655;162328;162638;162657;162622;162640;162633;162629;162631;162665;162639;162645;162641;162628;162642;162668;162659;162667;162656;162662;162664;162825;162704;162826;162829;162828;162650;163260;163077;163076;162986;162827;163290;163300;163291;162636;163303;163297;163340;163296;163284;163295;163444;163338;163393;163446;163336;163438;163439;163339;163337;163463;163452;163464;163443;163465;163462;163472;163466;163503;163524;163654;163652;163655;163670;163653;163666;163671;163669;162635;163667;164871;163445;163269;163678;163673;163695;163676;163703;163664;163793;163696;163795;163791;163792;163697;163665;163706;163693;163729;163794;163694;163796;163916;163845;163797;163960;163936;163937;163962;163963;163850;163709;163732;163964;163972;164130;164014;164009;164123;163961;164152;164038;164867;164128;164385;164126;164129;164151;164322;164864;164391;164389;164407;164127;164399;164406;164393;164405;164380;164388;164395;164400;164390;164396;164401;164409;164413;164414;164403;164398;164498;164402;164411;163973;164397;164513;164516;164615;164512;164620;164408;164616;164626;164507;164631;164788;164794;164789;164793;164679;164792;164832;164833;164835;164836;164824;164879;164842;164618;164975;164962;164957;164959;164960;164958;164974;164973;164834;164971;165008;165010;164964;165014;165009;165093;165092;165094;164972;165091;165195;170386;165090;170368;165187;165236;165429;165267;165274;165264;169721;165190;165013;164843;165270;164410;165271;163672;165460;165475;165472;165263;165268;165467;165462;165266;165458;165473;165468;165474;165464;165522;165471;165469;165628;165567;165553;165552;165640;165637;165644;165635;165643;165645;165665;165652;165655;165636;166475;165720;165657;165724;165646;165696;165980;165981;165728;165959;165738;165737;165673;165730;166009;166022;166011;166007;166148;165729;166019;165739;166056;166151;166152;166149;166150;166180;166207;166171;166170;166200;166201;166204;166197;166173;166018;166196;166199;166275;166280;166287;166231;166327;166279;166284;166285;166282;166288;166283;166273;166326;166221;166217;166281;166290;166218;166223;166225;166342;165649;166220;166344;166345;166263;166340;166476;166341;166444;166464;166431;166479;166224;166271;166430;166259;166478;166474;166480;166445;166473;166343;166541;166543;166484;166564;166542;166540;166470;166539;166483;166463;166482;166486;166465;166485;166490;166477;166700;166471;166699;166491;166776;166823;166802;166521;166789;166886;166771;166887;166775;166882;166883;166884;166878;166903;166880;166885;166492;166888;166881;166328;166947;166481;166946;167128;167146;167077;167145;167095;167153;167127;166948;167087;167080;167148;167125;167083;167079;167085;167082;167097;167194;167150;167151;167084;167090;167102;167173;167124;167091;167089;167088;167129;167193;167081;167165;167136;167152;167155;167093;167169;167074;167141;167073;167137;167132;167139;167167;167179;167123;167130;167142;167138;167078;167205;167458;167501;167597;167215;167544;170379;167595;167600;167571;167623;167644;167578;167590;167540;167086;167126;167593;167591;167618;167642;167607;167570;167643;167605;167569;167613;167588;167566;167628;167603;167621;167624;167641;167617;167554;167568;167572;167604;167610;167596;167626;167523;167619;167627;167620;167609;167599;167622;167616;167614;167636;167534;167601;167606;167625;167583;167612;167598;167602;167645;167567;167608;167635;167741;167651;167535;167611;167832;167576;167749;167742;168014;168013;170372;168012;168026;168033;168025;168047;168027;168031;167582;168024;167525;166879;165269;167788;156133;161924;168032;168030;168016;168136;168212;170373;168131;168218;168211;168214;168210;168213;168219;168209;168324;168028;168221;168220;168323;168259;168266;168268;168271;168258;168384;168267;168272;168217;168411;168383;168409;170376;168377;168265;168414;168412;168413;168415;168421;168473;168416;170385;168498;170377;170369;168423;170370;170366;170374;170375;170378;170359;170363;170388;170358;170387;170361;170382;170364;170381;170360;170365;170384;170380;170362;170367;170383;168497;168667;168410;168698;170371;168668;168674;168638;168695;168672;168709;168711;168702;168706;168713;168925;168704;168710;168707;168847;168735;168675;168923;168843;168835;168838;168831;168850;168846;168924;168844;168712;168922;168845;168837;169449;168833;168849;169493;169448;168848;169708;168842;169718;169882;169920;169886;169709;169706;169704;169918;169710;169526;169970;169921;169961;169885;169973;169959;169969;169965;169966;169958;169967;169960;169957;169963;169964;170070;170027;169981;170075;168476;169919;170069;170068;168830;169971;170072;170141;170073;170277;170133;170104;170405;170128;170071;170132;170138;170142;170134;170139;170456;170490;170129;170687;170454;170463;170130;170392;170423;170393;170274;170275;170389;170429;170390;170402;170283;170394;170278;170686;170276;170131;170279;170426;170424;170282;170408;170414;170281;170427;170406;170407;170403;170425;170418;170422;170420;170410;170419;170416;170401;170468;170421;170455;170404;170449;170435;170465;170446;170475;170480;170500;170531;170479;170508;170466;170491;170511;170470;170400;170532;170522;170530;170529;170535;170534;170411;170629;170634;170645;170649;170635;170641;170633;170630;170856;170685;170869;170874;170865;170852;170876;170855;171037;170914;171024;170909;170853;170648;171057;170911;170870;171028;171036;171035;171025;171034;171030;171033;171031;171095;171029;171027;171023;171026;171021;171098;171091;171093;171089;171022;171111;171097;171101;171110;171208;171210;171207;171223;171224;171209;170074;171094;171032;170533;171234;171231;171235;171232;171644;171647;171435;171640;171648;171236;171113;171668;171645;171662;171661;171649;171641;171653;171660;171655;171722;171723;171721;171725;171724;171651;171727;171700;171720;171715;171719;171652;171717;171646;171701;171794;171977;171726;171718;171984;171982;171796;171971;171978;171983;171974;171987;171976;171981;171975;171963;171972;171973;171962;171980;171968;172041;171970;171996;172119;172118;172039;172116;172182;172211;172117;171979;172042;171699;172212;172220;172232;172225;172371;172373;172226;172369;172370;172374;172548;172547;172501;172543;172400;172372;172546;173045;172544;172587;172549;173043;172586;173041;173316;173042;173306;173315;173308;173324;173046;173314;172542;173305;173323;173322;173318;173311;173309;173313;173325;173304;173332;173320;173307;173321;173319;173310;173317;173426;173421;173422;173312;173453;173423;173690;173420;173435;173427;173691;189647;173796;174029;173777;189648;173872;173877;173857;173303;173428;173692;173860;173871;173875;172224;189668;173864;189669;173851;173868;173845;173870;173878;173847;173869;173841;173867;173873;173852;173925;173846;173850;173921;173926;174176;189659;174004;174030;173924;174387;174131;174130;174129;174132;174133;174128;174127;174389;174178;173862;174180;174268;174229;174269;174270;174346;174267;174343;174341;174347;174342;174408;174420;174345;174348;174349;174414;174411;174415;174407;174563;174702;174406;174676;174561;174687;174690;174699;174671;174562;174693;174412;174181;174629;174688;174675;174483;174628;174514;174703;174689;174714;174717;174710;174712;174732;174951;174587;174588;174952;174729;174516;174619;174733;174692;174691;174592;174730;174735;174725;174727;174728;174734;174731;174755;174950;174754;175000;174726;174992;174756;174999;174995;174590;175026;175112;174993;174998;175118;175114;175116;175119;175117;175421;175113;175024;175120;175460;175478;175445;175483;175420;175410;175430;175443;175480;175399;175465;175404;175479;175111;175419;175122;175444;175458;174482;173844;171225;174994;175422;175333;175466;175448;175411;175442;175446;175482;175423;175463;175474;175475;175457;175464;175456;175435;175452;175400;175436;175477;175468;175471;175469;175472;175461;175462;175459;175426;175449;175476;175481;175447;175403;175438;175439;175470;175467;175486;175489;175558;175485;175401;175431;175556;175828;175864;175872;176147;175866;176146;175862;175834;175825;175840;175854;175557;175871;175874;176145;175881;175832;175870;175879;175878;175903;175865;175830;175833;175861;175867;175863;175829;175437;175836;175882;175900;175826;175857;175902;175831;175844;175853;175855;175843;175899;175849;175827;175901;175851;175894;175895;175880;175846;175908;175932;175841;175938;175842;175930;175934;175936;175924;175873;175943;175941;175922;175933;175875;175921;175923;175935;175937;175920;175942;175940;175979;175917;175983;175982;175984;175980;176065;176068;176202;176204;176201;176205;176250;176232;176246;176233;176203;176245;176247;176321;176320;175918;175859;176391;176322;176357;175981;176655;176656;176392;176654;176650;176651;176652;176538;176541;176653;176537;176536;176683;176682;176680;176722;176727;176728;176723;176738;176718;176737;176721;176720;176681;176535;176719;176748;176891;176749;176751;176983;176770;176760;176768;177288;177285;177291;177286;179874;177287;177284;177290;177096;177292;177301;177308;177316;177321;177303;177322;177299;177304;177310;177309;177320;177302;177313;176750;177311;177315;177319;177289;177298;177318;177425;177428;177306;177432;177300;177348;177473;177452;177530;177424;177524;177494;177531;177527;177525;177528;177526;177534;177614;177535;177533;177666;177655;177662;177665;177664;177663;177658;177529;177661;177670;177637;177660;177671;177656;177672;177768;177737;177765;177657;177767;177785;177762;177786;177738;177760;177787;177764;177788;178112;178099;177763;178232;178118;178119;178121;177761;178182;178104;178235;177766;178120;178234;177659;177314;178236;178246;176256;178239;178270;178250;178269;178233;178247;178238;178248;178273;178255;178274;178251;178249;178252;178258;178257;178256;178253;178271;178259;178254;178268;178421;178333;178431;178427;178332;178422;178335;178429;178433;178435;178272;178334;178430;178336;178424;178428;178434;178425;178432;178634;178570;178571;178564;179054;178573;178574;178426;178682;178568;178561;178563;178569;178567;178633;178632;178565;178572;178631;178440;178439;178438;178423;178681;178630;178733;178562;178768;178949;178767;178766;178904;178732;178765;179051;179057;179059;179055;179058;179056;179060;179053;179165;179161;179156;179316;179155;179147;179157;179149;179159;179148;179150;179154;179153;179162;179152;179181;179158;179160;179151;179052;179163;179182;179206;179179;179180;179323;179307;179215;179216;179201;179324;179308;179327;179322;179320;179326;179325;179397;179404;179403;179402;179392;179398;179400;179401;179411;179439;179410;179409;179399;179450;179452;178566;179321;179164;179456;179458;179454;179455;179451;179508;179457;179453;179438;179879;179475;179507;179817;179474;179812;179809;179810;179818;179506;179816;180020;179814;179815;180037;180026;180028;179811;179813;180032;180030;180031;180033;180036;180210;180027;180212;180209;180214;180035;180239;180211;180242;180213;180238;180243;180240;180241;180246;180247;180237;180208;180248;180244;180281;180262;180245;180419;180418;180470;180282;180327;180482;180483;180417;180249;180034;180476;180486;180475;180480;180487;180478;180484;180477;180474;180498;180500;180485;180579;181233;181234;181240;181243;180481;181241;180499;181242;181284;181285;181286;181244;181287;181282;181280;181245;181283;181279;181281;181239;181372;181374;181371;181545;181537;181373;181528;181546;181539;181527;181520;181530;181538;181526;181529;181531;181544;181548;181534;181536;181605;181533;181535;181524;181532;181573;181606;181604;181608;181609;181525;178237;181370;180479;181600;181547;175473;181622;179437;181610;181599;181601;181602;181618;181617;181621;181623;181619;181633;181624;181632;181607;181620;181631;181694;181695;181891;181892;181889;181693;181890;182537;182166;182551;182429;182536;182439;181616;182533;181893;182554;182552;182539;182538;182540;182600;182603;182601;182532;182534;182553;182595;182608;182607;182555;182606;182598;182592;182605;182602;182597;182599;182593;182596;182594;182622;182683;182621;182780;182779;182623;182684;182783;182604;182781;182786;182535;182785;182775;182778;182776;182777;182832;182782;182822;182788;182834;182829;182827;182837;182787;182839;182836;182831;182830;182835;182840;182833;182821;182825;182828;182993;182838;182824;182826;182823;182990;182992;182989;182991;183191;183184;183183;183082;183190;183188;183187;183194;183192;183203;183186;183189;183373;183364;183185;183202;183370;183369;183376;183371;183329;183327;183326;183332;183334;183201;182784;183331;182988;183333;183204;183339;183374;183335;183328;183336;183340;183222;183221;183224;183200;183220;183363;183228;183229;183225;183223;183261;183227;183253;183254;183255;183262;183251;183303;183301;183260;183256;183304;183305;183302;183365;183226;183337;183377;183367;183372;183401;183368;183375;183252;183399;183400;183436;183403;183402;183435;183733;183732;189654;183366;183995;183737;183971;183736;183734;183730;183729;183731;183972;183772;183782;183922;183781;184021;184022;184039;184020;183883;183764;184040;183330;184044;183735;184050;184048;184042;184051;184045;184049;184038;184046;184077;184047;184133;184171;184134;184076;184043;184208;184207;184202;184174;184172;184203;184276;184204;184205;184206;184201;184275;184277;185088;184200;185104;185092;184173;185124;185136;185120;185100;185130;185150;185139;185112;185099;185109;185153;185106;185127;185129;185097;185096;185134;185093;185152;185126;185132;185113;185156;185110;185155;185103;185102;185117;185108;185098;185105;185125;185107;185154;185123;185146;185115;185133;185128;185119;185121;185149;185148;183338;184041;185131;185122;185138;185095;185141;185091;185111;185140;185144;185089;185137;185145;185135;185101;185142;185094;185147;185114;185157;185118;185367;185143;185158;185090;185419;185358;185375;185376;185357;185370;185361;185151;185363;185359;185116;185356;185369;185379;185362;185360;185381;185495;185492;185494;185498;185666;185686;185655;185699;185493;185675;185653;185684;185691;185380;185657;185656;185685;185702;185658;185683;185652;185690;185692;185659;185355;185694;185660;185688;185700;185687;185665;185661;185695;185676;185678;185668;185705;185654;185664;185669;185697;185704;185679;185670;185662;185650;185681;185663;185673;185703;185706;185672;185696;185707;185677;185674;185680;185682;185773;185671;185693;185698;185774;185689;185803;185651;185701;185806;185794;185796;185802;185799;185807;185810;185797;185800;185798;185805;185801;185804;185809;186074;189638;185795;186053;186057;186041;186044;186033;186034;186064;186063;186062;186042;186073;186066;186048;186075;186056;186060;186072;185808;186061;186059;186050;185905;185667;186054;186049;186067;186065;186045;186051;186058;186071;186055;186052;186069;186046;189664;186070;186194;186195;186068;186043;186248;186313;186246;186314;189657;186320;186311;186318;186316;186315;186309;189650;186317;186371;186319;186308;189667;186310;186247;186312;189651;189642;189645;189660;189637;186373;186370;186372;186369;186374;189639;189661;186392;186431;186439;186383;186391;189653;186432;186434;186433;186435;186484;186437;186436;186542;186538;189640;186438;186674;186544;186620;186621;186618;186729;186543;186665;186728;186664;186727;189656;186675;186726;186721;186375;186764;186763;186725;186761;186802;186760;186801;186799;186619;186796;186805;186797;186759;186827;186804;186800;186853;186798;186829;189655;186852;186851;186803;186849;186847;186848;186854;186842;186846;189641;186939;186938;186930;186940;187083;186929;186850;186828;187082;189663;187086;187084;187088;187087;187126;187125;189662;187408;187414;187069;187413;187425;189644;187426;187411;187422;189643;187420;187124;187423;187482;187412;187481;187421;187418;187409;187428;187419;187424;187632;187675;189649;187784;187744;187674;186762;187614;187410;187427;187085;186047;187851;185159;187882;187850;187786;187894;187898;187849;187893;187887;187883;187889;187877;187892;187878;187881;187888;189658;187879;187886;187880;187891;187896;187884;187885;189665;187914;187911;187890;187915;187910;187913;187909;187912;187967;189174;187897;189079;189173;189082;189083;187895;189127;189078;189133;189084;189135;189140;189134;189122;189136;189129;189081;189139;189121;189123;189138;189120;188057;188059;189137;189080;188060;189085;189132;189191;189530;188061;189131;189130;189193;189128;189175;188058;189526;189271;189524;189285;189522;189528;189488;189527;189525;189523;189487;189554;189521;189529;189539;189553;189555;189646;189566;189543;189569;189558;189542;189541;189574;189582;189560;189573;189557;189565;189549;189562;189556;189578;189585;189652;189544;189567;189577;189538;189579;189570;189571;189547;189564;189581;189563;189575;189552;189587;189580;189572;189584;189548;189568;189561;189588;189545;189551;189586;189869;189550;189576;189741;189744;189742;189743;189790;189559;189540;189546;189816;189807;189787;189779;189583;189802;189808;189788;189821;189791;189797;189804;189811;189809;189795;189818;189813;189805;189778;189812;189820;189806;189814;189786;189803;189815;189798;189800;189789;189793;189792;189794;189810;189819;189783;189801;189799;189780;189817;189785;189828;189855;189858;189796;189854;189853;189826;189857;189781;189905;189852;189856;139374;90250;149983;189859;105412;189827;12512;14657;138374;179396;189784;59189;189782;33126;152610;125835;39808;39807;39809;33562;10392;10204;18559;21141;189418;189409;189448;189432;189438;189415;189421;189451;18560;189429;189457;189426;189440;189411;189433;189416;189449;189435;189446;189430;189447;189417;189413;189414;189412;189450;189434;189427;189407;189410;189439;189444;189420;189456;189452;189441;189423;189454;189431;189443;189428;189408;189868;189437;189436;189458;189445;189425;189455;189453;189422;189424;189442;34030;189419;189750;189192;54602;66317;148695;70352;103221;95950;155127;162320;163098;150716;33476;66316;35737;51461;51462;90712;51463;66315;59607;185948;58171;187059;185070;184893;184504;184549;184881;184639;184894;184542;184906;184969;184596;184908;184748;184867;184636;184780;185084;184561;184689;184840;184484;184556;185056;184733;184988;184768;184994;184510;184480;184706;184904;184824;184858;185038;184508;185061;185013;184890;185023;184911;184555;184503;184876;184778;184681;184918;185067;184543;184655;184535;184919;184516;184957;184678;185032;184573;157830;185006;184927;184832;184607;184619;184729;185029;185072;184986;184608;184872;184972;184534;185054;184961;184545;184499;184570;185004;185028;184572;184781;184669;184660;184708;184770;185040;184895;184653;184747;184677;184985;184953;184491;184870;184489;184930;184835;184909;184773;185064;184582;184691;184825;184538;184855;184912;184929;184759;185009;184662;185080;184764;184826;184633;184860;184892;184679;184896;184877;184949;184700;184732;184711;184539;185039;184967;184786;184968;185047;184724;184836;184488;184782;184686;184690;157809;184978;184490;184687;157789;184501;184948;184471;185011;184755;184588;184966;184869;184550;184771;184715;184629;184853;184937;185079;185045;184935;184740;184568;184659;184922;184767;184838;184965;184668;184546;184506;184744;184868;184761;184575;184746;185015;184742;184991;184816;184723;157816;184983;184760;184946;184477;157734;157782;157744;157768;157793;157731;184496;157769;157800;157760;157779;157747;157835;157732;157827;157749;157733;157836;157774;157799;157811;157762;157772;157797;157803;157834;157825;157806;157748;157798;184646;157763;157817;157804;157764;184821;157767;184558;157742;157785;157794;184784;157771;184626;157745;157838;157808;157792;157776;157750;184704;185012;157784;185025;157766;157759;157775;157752;157821;157781;157756;157765;157743;157773;157758;157818;157730;184945;157810;157812;157755;184756;157802;157746;185033;185048;157783;157829;157788;157795;184785;157839;157828;157824;185021;184695;157741;157826;157837;157777;157791;157736;157814;184847;157787;157740;157820;184665;184562;185065;184505;184763;157757;184693;184871;184701;184766;184515;184819;184637;157751;184667;185037;184602;184583;185043;184888;184975;184996;185024;184684;184696;184851;184751;185007;184822;184971;184774;184604;185083;184750;184828;184902;184938;157761;157815;157813;185051;184618;184889;185030;184532;157801;184578;184845;184666;184674;184873;184548;157823;184958;184765;184600;157737;184910;185001;184941;184731;164488;184915;184738;157735;157739;184960;184970;184962;184531;185082;184710;184537;185055;184928;184551;184944;157754;181603;184648;184641;187785;185017;168029;157770;184850;157831;157805;157833;184843;184862;184485;184699;184610;184727;184541;184597;184473;184530;185066;184933;184998;184649;184685;184974;184698;184925;157822;184577;184533;184921;184977;184625;184642;184611;184644;184481;185008;184979;185075;184643;185035;184901;184829;184813;185044;184688;184697;184664;184565;184609;184647;184736;184963;184936;184566;184658;184595;184814;184536;185058;185042;184981;184749;184487;184585;184924;184650;184852;184623;159611;184645;184476;160293;184952;184886;185036;185022;160291;184694;184627;157832;160292;160669;184859;184956;184718;184630;184992;184982;184839;185019;184950;184964;161343;184776;184897;161341;184593;157796;185081;184762;161338;184483;184743;184616;161340;157738;167826;184615;184735;184584;184898;184621;184613;157819;184552;161346;184553;184775;184882;184973;184954;184728;184683;161333;184841;161349;184486;161342;161208;161344;184734;161339;161351;161334;184865;161345;161348;157780;161347;157807;184757;161350;184905;184866;157753;184479;184920;157844;184472;184492;157786;157790;162845;162846;184833;184758;184875;184651;184554;162850;184848;162841;184478;185049;162853;162847;184692;157864;157863;184717;184923;185014;162851;162852;162848;162838;184820;184917;184834;184567;184654;184769;184726;184863;162849;184856;185034;184739;162982;184564;184652;162843;162978;184590;162840;184599;184605;162842;184817;163135;163479;163478;184702;184932;184818;163477;184907;184657;164132;164133;184557;184563;171016;184624;185071;184730;185063;163215;185018;184656;185003;184926;184672;184772;184987;184547;185031;184591;164649;164650;184500;184990;184580;167797;167825;164489;167804;164490;184628;184671;184612;184879;167791;184675;184878;167800;184569;171017;184783;184571;184899;184741;184997;167805;167802;167795;184509;184830;184581;184752;184663;184815;184885;167824;184719;167808;167815;167801;171018;184720;167827;167818;184574;185046;167816;184916;184493;167817;167796;167810;167813;167823;184823;184980;167807;157778;164131;184880;185002;184900;185077;184529;184705;185005;184831;185069;184887;167798;167803;184594;171546;184995;184601;167822;184779;184883;184513;167790;184857;184842;168481;167828;184725;170776;170777;167820;184640;170775;167789;167809;167830;167793;184714;184661;167792;167806;167831;184576;184993;184989;167821;184603;184586;167814;184846;167811;167812;167829;167794;184474;185050;184614;170780;170705;170774;170782;184482;184475;184507;184673;184864;184498;170703;184620;185074;184913;170778;184497;184716;184984;170713;170646;170640;170647;184709;184560;184703;185052;185059;185076;184849;170714;184631;185020;185041;158842;184638;184544;158877;185062;158867;158868;185027;184682;158876;184540;184680;184592;185000;184622;184511;184837;184939;185078;168134;184754;184606;184579;184635;184617;168128;168482;170773;168480;184934;184777;158965;170781;184589;184827;184943;185010;170051;168884;184891;170052;184854;184861;184745;184844;184737;184947;184712;184495;184514;184598;185057;185026;184632;184559;170779;184502;185053;184976;184940;184931;184874;184753;184519;171015;184903;185016;184713;184587;184721;184787;185068;184951;184512;184722;184959;184528;184914;184999;184942;184634;184955;184676;184525;184494;184517;184520;184523;184526;185073;184884;171559;171096;171100;171092;171541;171755;171099;171540;171751;171543;171745;171758;171746;171748;171759;171750;171542;171762;171760;171945;171757;171763;171756;173999;173982;173993;173996;173987;171752;171950;173989;173651;172046;185060;173990;172618;172318;172338;172327;173480;173984;173484;172325;173992;173991;173482;173483;173476;173986;173994;173995;173981;174169;173997;173983;174794;173988;174802;174799;174171;174797;174800;174803;174796;174808;174795;173980;174809;175145;174801;175286;176395;176400;176081;176077;175146;175139;176086;176085;176082;176080;176083;177619;176079;176396;176393;180387;177255;176386;184522;177262;177618;177261;180404;180395;177601;177604;175965;174798;177617;184707;167819;180384;177602;180401;180386;177603;180390;180400;173985;177613;180407;180399;180398;180388;180385;184521;180405;180403;180393;180397;180396;178048;178051;184518;180391;178491;178049;180402;184524;180392;180408;179448;179464;178490;180394;178050;179465;179471;179467;179470;179444;179445;179466;179473;179468;179472;179447;180218;182733;180156;182728;182723;182721;180154;180217;182734;179469;180161;180159;179449;183080;182720;180219;180158;182722;180406;180155;180157;182726;179446;180160;182727;182729;181887;181627;182724;181628;181886;181629;181630;182618;181884;181885;181888;182730;182732;182731;182617;182620;182619;182719;183815;183081;183796;183079;183814;183078;183813;183816;183797;183812;183817;183794;183795;183793;183792;183818;182725;185475;185471;185469;183791;185468;185470;185472;186399;186405;185467;185466;183811;185473;186401;186400;186404;186398;186402;185474;186394;186396;186632;186633;187716;186634;186397;187719;186395;186631;183810;180389;187705;187717;187720;187718;188021;187715;186403;187714;188019;188023;188020;188017;187713;188016;189074;188018;188022;189073;70144;70143;69428;62438;70745;69427;70746;69515;108889;57348;57347;57349;99476;50000;99477;26062;31993;35687;33226;34772;38745;39767;42478;40554;46838;47888;52613;45045;49144;55639;53411;58323;31788;12000;71616;59069;56483;50654;39339;187706;147022;65612;170271;170272;171438;171439;170269;171437;159761;166123;159760;164072;169747;169745;179663;168749;174174;182509;176210;172581;146444;170270;179661;168363;176208;175670;176207;176209;146443;166121;172580;55650;63686;166122;55651;40617;40618;72211;32194;36073;29924;36163;31122;67129;24236;25734;69956;21725;12001;176206;177605;162508;109143;109144;19506;11561;144104;144105;20863;22371;22097;23928;24735;33394;21629;25351;23634;34269;35220;40874;39494;34768;36130;33506;27536;25842;35978;42307;30210;31653;25765;28374;52533;51124;50386;52769;45395;53597;43175;45111;44660;21226;47785;50088;60046;57317;61718;62583;59411;62747;49149;63554;65809;63001;64726;65187;55884;69272;62592;70950;56041;71349;70719;56337;57772;57353;56123;55885;58352;73771;58901;72333;58009;80525;77909;77283;15820;57921;15822;73101;69996;38687;82042;47126;183689;26921;107268;39564;88907;11583;107267;20975;51936;42369;46329;44094;50387;55833;48436;55142;61536;57941;59047;40421;62702;67233;65913;85882;71342;86633;72435;84765;69844;97835;80169;104628;56734;124028;64621;72983;187943;179637;181417;145549;151666;177369;174522;150863;168748;152522;162727;150140;152659;164063;162726;66840;145491;66839;167278;100806;175628;51894;51895;149326;42399;58134;23969;35327;21576;30206;50598;50597;33125;66695;45061;45060;101084;20090;42148;21209;60165;60164;60167;60168;60162;60173;60163;60170;60169;60175;29250;60172;60166;60171;60182;60176;60178;60181;60177;60180;60185;60179;60184;60188;60189;60191;60186;60193;60187;60194;60174;60190;60198;60183;60201;60199;60195;60205;60197;60208;60202;60204;60206;60211;60207;60213;60200;60215;60210;60196;60217;60203;60218;60216;60212;60224;60220;60227;60221;60214;60225;60209;101085;60226;60219;60192;60231;60222;60232;60230;60223;60238;60229;60234;60241;60236;60240;60233;60237;60243;60242;60247;60235;60245;60246;60244;60239;60253;60251;60250;60254;60249;60256;60255;60260;60259;60258;60261;60266;60263;60265;60267;60248;60264;60269;60272;60257;60252;60262;60271;60270;60274;60276;60279;60273;60278;60282;60275;60281;60283;60280;60285;60284;60288;60287;60294;60292;60290;60277;60291;60297;60293;60296;60299;60289;60298;60301;60303;60302;60305;60304;60268;60308;60295;60309;60286;60300;60314;60310;60312;60307;65042;60313;60311;60321;60315;60319;60318;60317;60323;60325;60320;60316;60329;60327;60326;60330;60322;60328;60332;60334;60333;60338;60336;60337;60342;60331;60335;60341;60343;60339;60340;60346;60345;60347;60349;60324;60351;60350;60348;60354;60353;60357;60356;60355;60359;60361;60360;60365;60367;60363;60366;60358;60369;60352;60371;60373;60362;60370;60372;60378;60368;60375;60377;60376;60381;60380;60382;60374;60364;60383;60379;60385;60344;60386;60388;60393;60391;60387;60392;60389;60396;60390;60397;60395;60399;60306;60400;60403;60398;60394;60407;60409;60405;60401;60411;60404;60408;60410;60414;60418;60416;60406;60420;60417;60413;60422;60412;60424;60415;60421;60419;60427;60426;60425;60428;60402;60433;60431;60440;60435;60429;60434;60438;60430;60439;60437;60444;60432;60446;60442;60449;60443;60447;60436;60448;60453;60452;60451;60454;60445;60458;60457;60441;60456;60455;60450;60463;60423;60461;60459;60464;60465;60467;60466;60472;60470;60469;60471;60475;60474;60476;60473;60462;60480;60478;60481;60468;60479;60487;60485;60488;60482;60483;60494;60484;60491;60490;60489;60496;60486;60493;60477;60492;60498;60497;60500;60502;60501;60508;60504;60506;60505;60499;60503;60507;60510;60511;60517;60513;60518;60514;60521;60523;60519;60515;60516;60526;60524;60522;60509;60520;60528;60527;60525;60228;60512;60460;60384;60530;60531;60495;60536;60535;60537;60534;60532;60539;60541;60543;60542;60533;60540;60545;60547;60546;60544;60538;60549;60552;60551;60550;60554;60556;60555;60559;60558;60560;60553;60562;60561;60557;60566;60565;60571;60564;60548;60568;60563;60570;60572;60577;60578;60573;60575;60574;60583;60579;60581;60585;60569;60576;60584;60589;60587;60582;60593;60591;60590;60588;60597;60595;60594;60598;60602;60600;60599;60592;60580;60586;60604;60567;60601;60606;60603;60596;60609;60607;60608;60614;60611;60612;60617;60610;60616;60620;60613;60618;62808;60619;62809;60615;60628;60624;60623;60626;60622;60631;60625;60630;60632;60635;60634;60636;60627;60638;65043;60629;60643;60633;60639;60641;60645;60642;60640;60649;60621;60646;60651;60647;60650;60655;60644;60653;60659;60654;60657;60661;60658;60656;60648;60666;60668;60662;60660;60663;60664;60667;60665;60670;60637;60605;60652;60672;60671;60673;60678;60676;60683;60674;60679;60684;60675;60677;60687;60685;60688;60689;60681;60682;60690;60680;60693;60691;60697;60696;65044;60700;60698;60692;60702;60695;60701;60699;60705;60686;60704;60694;60707;60712;60710;60709;60717;60711;60708;60715;60719;60720;60706;60714;60721;60718;60713;60723;60725;60716;60724;60727;60733;60729;60728;60734;60726;60732;60730;60735;60739;60738;60737;60736;60731;60743;60703;60745;60722;60742;60746;60741;60748;60747;60744;60751;60752;60753;60750;60758;60757;60759;60755;60756;60763;60749;60766;60754;60764;60762;60765;60769;60768;60767;60761;60776;60773;60772;60777;60771;60778;60774;60780;60775;60770;60760;60781;60787;60784;60786;60782;60785;60793;60783;60789;60791;60790;60795;60794;60792;60800;60797;60799;60788;60801;60802;60804;60808;60798;60806;60812;60807;60810;60803;60811;60779;60805;60814;60809;60669;60796;60740;60818;60816;60815;60823;60819;60817;60820;60822;60825;60824;60827;60829;60831;60830;60828;60826;60821;60833;60838;60835;60834;60836;60841;60840;60847;60837;60843;60851;60849;60844;60850;60839;60848;60842;60832;60853;60845;60855;60846;60856;60854;60861;60860;60865;60862;60858;60866;60859;60871;60867;60857;60863;60868;60864;60869;60875;60873;60870;60874;60878;60883;60880;60879;60884;60876;60877;60882;60885;60887;60889;60888;60886;60891;60872;60852;60881;60897;60892;60895;60896;60893;60894;60899;60901;60900;60903;60905;60904;60902;60908;60907;60909;60913;60911;60914;60898;60917;60910;60916;60921;60915;60912;60920;60906;60924;60918;60928;60922;60926;60927;60925;60919;60930;60932;60929;60934;60933;60936;60938;60937;60941;60931;60940;60942;60935;60944;60946;60945;60943;60949;60948;60951;60952;60953;60939;60954;60950;60947;60955;60923;60959;60957;60960;60890;60958;60962;60964;60963;60961;60971;60968;60967;60970;60966;60969;60973;60965;60979;60975;60977;60976;60983;60981;60986;60978;60988;60972;60989;60982;60985;60984;60990;60980;60987;60974;60992;60997;60993;61000;60998;60994;60995;61005;61003;61002;61006;60996;60999;61008;61007;61001;61014;61010;61012;61013;61004;61015;61016;61018;61017;61021;61020;61011;61023;61029;61025;61027;61026;61022;61028;61024;61019;61033;60991;61031;61036;61034;61037;61009;61041;61038;61032;61042;61045;61043;61035;61039;61040;61047;61052;61051;61049;61044;61046;61053;61050;61054;61056;61055;61058;61060;61059;61062;61064;61063;61066;61061;61069;61048;61074;61057;61068;61071;61076;61073;61072;61070;61067;61081;61078;61077;61075;61082;61083;61080;61079;61088;61085;61087;61086;61090;61089;61091;61094;61093;61092;61102;61098;61097;61100;61096;61101;61099;60813;61095;61065;61104;60956;61109;61106;61111;61105;61110;61108;61030;61112;61084;61116;61107;61115;61114;61117;61119;61118;61121;61120;61123;61127;61113;61125;61122;61126;61129;61131;61130;61128;61140;61135;61134;61137;61132;61139;61138;61144;61133;61146;61142;61136;61145;61143;61124;61150;61147;61148;61155;61151;61154;61156;61152;61153;61149;61159;61160;61162;61158;61164;61161;61163;61170;61172;61168;61165;61166;61157;61171;61169;61174;61178;61141;61179;61175;61167;61180;61182;61177;61183;61176;61188;61184;61187;61181;61185;61189;61186;61191;61193;61192;61195;61197;61194;61196;61199;61201;61200;61202;61203;61205;61207;61206;61190;61198;61204;61209;61213;61210;61211;61215;61220;61212;61217;61222;61214;61216;61223;61219;61221;61224;61218;61226;61228;61229;61232;61227;61237;61230;61235;61231;61236;61234;61239;61233;61173;61225;61243;61238;61246;61241;61244;61240;61250;61245;61248;61208;61255;61251;61252;61257;61249;61254;61262;61259;61256;61258;61261;61253;61264;61265;61268;61266;61247;61260;61272;61269;61267;61270;61278;61273;61271;61263;61280;61276;61281;61282;61277;61284;61275;61274;61285;61287;61286;61289;61283;61290;61294;61293;61288;61297;61292;61301;61299;61303;61298;61302;61295;61291;61305;61300;61306;61307;61308;61309;61304;61296;61310;61311;61313;61315;61314;61317;61279;61320;61319;61324;61321;61322;61318;61316;61328;61325;61330;61326;61329;61323;61334;61332;61327;61333;61336;61338;61337;61335;61344;61342;61341;61340;61346;61345;61343;61349;61339;61331;61354;61350;61352;61358;61353;61351;61359;83916;61348;61357;61361;61356;61360;61366;61364;61363;61369;61365;61368;61370;61372;61355;61409;61367;61428;61408;61371;61407;61427;61362;61406;61347;61242;61456;61426;61560;61410;61656;61312;61655;61693;61605;61606;61786;61694;61657;61692;61784;61726;61785;61727;61794;61796;62059;62095;62058;62057;61795;62107;62106;62171;62109;62218;62094;62304;62172;62173;62174;62346;62427;62175;62197;62432;62071;62554;62108;62493;62506;62492;62556;62555;62428;62617;62773;62653;62774;62616;62618;62775;62859;62858;62933;63018;62919;63019;63071;62918;62924;63020;63294;63592;63191;63313;63106;62934;63192;63591;62898;63593;63595;62426;63599;63183;63598;63314;63602;63600;63596;63472;63594;63605;63597;63604;63601;63664;63603;63677;63607;63606;64090;64091;64424;64423;64425;63679;64426;64282;64605;64429;64428;64489;64523;64522;64499;64427;63678;64521;64779;64776;65563;64946;64778;64949;64777;64947;65010;65011;64951;65008;64950;65012;64948;64956;64954;65013;64953;64957;65015;64958;64952;65009;64960;64959;65014;64962;65017;65021;64961;65019;65018;64955;63471;64964;65016;65020;64566;64963;65086;65076;65088;65093;65090;65092;65087;65174;65242;65239;65243;65091;65094;65564;65241;65089;65627;65565;65240;65653;65654;65715;65679;65606;65864;65782;65762;65761;65957;65977;65906;65783;65716;66017;66214;65993;66018;65244;66227;66441;66226;66019;66229;66371;66490;66551;66461;66491;66708;66665;66462;66228;66778;66460;66884;66664;66779;66891;66780;66952;66951;66709;66774;66982;66663;66016;66984;66950;67220;66885;67241;68867;68945;68868;67185;69165;69163;69164;69167;69013;69258;69068;68946;69440;69257;69504;69279;69166;69945;69342;70015;69946;69503;70016;69796;70115;70017;70389;69786;69223;70391;70014;70388;70393;70364;70394;70390;70467;70537;70491;70392;70576;70490;70468;70603;70705;70604;70365;70605;70578;70756;70707;70706;70704;70772;71295;71296;71294;71191;70757;70188;70577;71192;65022;66983;70708;61455;71298;71490;71193;71194;61103;71299;71198;71195;71197;71200;71196;71201;71202;71302;71305;71300;71301;71303;71338;71199;71340;71306;71491;71339;71341;71517;71371;71424;71629;71372;71641;71391;71632;71373;71989;71893;71894;71910;72210;71988;72084;71304;72322;72275;71631;72162;72197;72083;72421;72323;72475;72276;72699;72476;72569;72501;72477;72680;72570;72739;72811;72795;72796;73012;72924;73013;71630;72500;72738;72365;72855;73116;73114;73074;73115;73201;73286;73285;73176;73368;73177;73369;73200;73454;73408;73589;73588;73706;73798;73679;73296;73797;74172;74103;73664;73073;74306;74209;74208;73938;73453;74308;74305;73590;73907;74487;74350;74490;74349;74489;74492;74491;74488;76197;76245;76551;76449;76681;76157;76448;76701;76552;76450;76703;76246;76753;76702;77017;76783;76782;77047;77144;77084;77216;77465;73014;77272;77215;77018;76752;77552;77553;74307;77954;77598;77700;78417;77554;78416;77629;78460;77956;77865;78418;77955;78843;77957;78844;78842;78419;78642;77981;78847;78845;78846;78641;78643;78645;78644;78849;78850;78646;78537;78647;78848;78649;78648;78851;78536;78841;79082;78853;81294;78855;79231;78852;79331;78854;79081;79229;79427;79230;79330;79304;79713;79658;79657;79712;79305;79715;79714;80014;80017;80016;80015;80018;79759;79381;78622;80100;80099;80164;80117;80545;80163;80902;80020;80904;80397;80933;80162;80409;81015;81037;80019;81073;80905;80546;81308;81477;81160;81074;81479;81478;80903;81541;81072;81476;81751;81310;82248;82251;82250;82253;82252;81309;82255;82249;82259;81038;82256;82258;82257;81770;81540;82260;82263;82261;82468;82265;82264;82293;82262;82294;82266;81809;82520;82521;82522;82638;82760;82813;82815;82988;83029;82987;82989;82694;83450;82759;82814;82816;83452;82469;80075;83174;82254;77551;83454;83456;83451;83453;83538;83459;84015;83457;84113;83460;84114;83458;84144;83969;84226;84078;84538;84536;84259;84393;84542;84540;84539;84541;84790;84611;84537;84791;84792;85189;84543;84894;84895;84394;85191;84661;85194;84793;85193;85192;85196;85198;85197;85195;85204;85202;85199;85208;85210;85209;85201;85119;85200;85071;85205;85206;85150;85004;85212;85211;85397;85296;85072;85343;85203;85264;85207;85500;85190;85564;85502;85120;85503;85499;85622;85501;85760;85786;85646;85759;85621;85706;85623;85790;85788;85960;85785;85866;85787;85867;86101;85620;86243;86202;85961;86489;86100;86527;86364;86671;86528;86563;86529;85789;86363;86615;86846;86626;86749;86751;86747;86748;87548;87551;87549;86939;86750;86938;87553;87556;87550;87638;87552;87561;86894;87557;87559;87555;87562;87563;87560;87568;87565;87566;87567;86992;87558;87572;87571;87570;87573;85498;87569;87575;87554;86564;87576;87580;87577;87564;87062;87103;87121;87120;87578;87579;87308;87583;87582;87584;87581;87235;87400;87402;87585;87586;87459;87403;87639;87492;87491;87813;87838;87773;87840;87587;87460;87841;87843;87401;87938;87839;88079;88037;88078;88175;88080;87844;88451;88407;88000;88452;88450;88483;88676;88484;88174;88800;88798;88797;88796;89075;88801;88799;89823;89099;89098;88860;89825;89824;89822;89957;88795;89958;87842;89074;89988;89959;90080;89864;90020;90144;90142;90145;89987;90143;90241;90243;90242;90146;90081;90344;90345;90393;90392;90503;90618;90504;90751;90674;90673;90753;90502;90501;91039;90939;90617;90854;90244;91042;91041;90752;91643;91540;91538;91542;91537;91081;91296;91421;91215;91541;91216;91644;91646;91539;91543;91513;91648;91712;91853;91807;91647;91806;91809;92031;92404;91514;92032;92402;92581;92582;92491;92403;89863;87574;83455;92720;92698;91808;91040;91645;92719;92749;92722;92996;92859;93072;92997;93071;92998;93150;93096;93454;92965;93340;93366;93557;93796;93795;92721;93797;94004;93643;94005;94194;93794;94266;94248;93892;93859;93453;95832;95835;95834;95833;95837;95839;94003;95838;95836;94571;94151;95841;94193;95843;95844;95842;94432;95845;95848;95847;95851;95840;95857;95852;95855;95850;95859;95846;95856;95854;96386;95853;95860;95862;95864;95914;95861;94570;95849;94652;95049;95858;94653;95865;95293;95052;95863;95870;95871;95050;95869;95866;96041;96043;95985;96042;95867;95872;96302;96301;96332;96331;96481;96333;96330;96561;96563;96562;96280;96757;96759;96758;96599;96526;96044;96792;96975;97038;97122;97039;97037;97295;97377;97376;97379;96600;95984;97415;97378;97201;95051;97516;95868;97632;97597;97751;97631;97846;99214;97770;97493;99217;99218;97845;97515;96760;94627;97517;99221;99222;99225;96974;99227;99219;99223;99215;99216;97935;99228;99300;99224;99226;99301;99351;99349;99505;99229;99506;99575;99456;99577;99621;97934;99576;99353;100120;99354;100049;99622;99619;99352;100173;100347;100372;100350;100403;99350;100402;100373;100349;100535;100536;100802;100048;100779;100537;100348;100903;100458;99620;100568;100906;100096;100904;101256;100984;101104;101388;101105;101884;101925;101800;101257;100905;100097;102636;102639;102638;101041;101258;102641;102642;102640;101387;102645;102647;102646;102651;102652;102650;102648;102644;102654;102656;102655;102658;102660;102643;102657;102659;102663;102665;102664;102637;102667;102521;102666;102662;102661;102653;102670;101079;102671;102676;102649;102675;102672;102776;102972;102668;102032;102853;102673;102576;103175;102852;103173;102677;103501;103594;103409;102674;103634;103174;103411;103244;103806;103595;103959;103688;103730;103502;103353;103635;102635;102669;99220;104093;104206;104269;103831;104623;104207;104268;104803;104866;104804;104868;104990;104007;104989;104867;104701;105030;105070;105031;104624;105387;103960;105535;105534;104373;105071;105570;105611;105573;105683;105536;106227;105572;105537;105019;106257;106338;106337;106258;106341;106369;106340;103410;106123;106339;107021;105571;107020;106575;107209;107084;107083;106554;107212;107250;108364;108278;108363;107210;108399;108645;108365;108943;108398;108333;108334;108366;108870;106124;108481;109010;107211;109450;109445;109447;105032;109454;109446;109452;109449;109448;109457;109456;109458;109455;109453;109451;109057;109463;109460;109308;109196;109340;109462;109571;109671;109465;109644;109464;109461;109459;109851;109848;110019;110021;109849;110023;109643;109854;110022;110020;110026;110024;110028;109853;110283;110088;110027;110122;110508;110282;110121;109852;110886;110025;110542;110891;110889;110890;110888;110971;110720;110893;110719;110887;110718;110892;110307;109850;108944;110920;111003;111002;111113;110717;110655;111258;111260;111344;111495;111497;111777;111050;111496;111343;111807;111523;111806;111259;112053;117474;117473;112135;112105;111494;117628;117785;117682;117788;117973;117851;117850;117472;117787;117627;118056;112136;118058;118217;118167;118442;118166;118057;118108;111778;119178;119180;119182;119179;119176;119183;119177;119181;119184;117786;118443;119188;119190;119193;119192;119191;119195;119197;119189;119186;119196;119201;119200;119199;119194;119185;118218;118031;119203;119187;119198;119205;119204;118727;119206;118866;118585;119249;119209;119250;119207;119210;119208;118853;119445;118584;119883;119881;119252;119446;120980;119251;121409;119882;121205;121457;121326;121204;121455;119444;119884;121533;121535;121456;121607;121532;121504;121410;121534;121631;122391;122392;122467;122390;122641;122468;122845;122389;122640;122527;122961;122844;122962;122887;122846;123147;122995;123435;123058;122466;123489;123491;121503;123490;110935;123057;92605;122528;119202;60529;123436;184670;123965;71297;124139;124100;104008;123966;123917;124262;124235;124185;124234;124184;125016;124704;124753;125203;125202;125206;124290;125205;124705;125448;125207;125591;125447;125449;125716;125208;125715;125129;125916;125980;125979;126763;126090;125204;126091;125531;126303;126455;126366;126436;126454;126145;126435;126713;126683;126714;126434;126684;126715;126944;126613;127034;126945;127724;126946;127723;127726;128207;127727;127725;128211;128209;128208;128213;127728;128212;128215;125981;128210;128217;126974;128206;128220;128216;128219;128221;128218;128223;128225;128224;128222;128227;128229;128228;128231;128234;128233;128236;128238;128232;128235;128237;128240;128241;128244;128247;128245;128242;128226;128243;128249;128246;128250;128253;128254;128239;128257;128251;128260;128259;128258;128252;128255;128265;128264;128261;128269;128256;128271;128263;128270;128268;128273;127881;128311;128499;127880;128272;128667;128230;128501;128502;129093;129042;128500;128861;128266;128214;129152;128262;129277;129278;129577;128248;130048;130078;130156;130142;130191;130252;130192;130498;130157;130386;129997;130447;130618;130047;130750;131054;131056;128862;131055;131531;131831;131830;131987;131832;131989;132085;131990;131988;131680;130499;132307;132332;132889;132888;131007;131006;133030;131679;133029;133193;133129;133195;133196;133194;133339;133447;133517;133388;128267;133197;133192;133518;133754;133756;133641;133789;133788;133755;134072;134070;134071;134069;133128;134151;133826;133538;132306;134273;133169;134149;134275;129334;134150;134395;134346;134650;134646;134652;134695;134440;134651;134648;134647;134692;134649;134693;134847;134849;134848;135261;135262;135796;135800;135002;135797;134694;135803;135802;135806;135805;135801;135804;134754;135799;135810;135278;135279;135812;135813;135811;135815;135818;135816;135817;135820;135821;135814;135798;135819;135822;135827;135824;135826;135825;135831;135807;135836;135809;135835;135838;135830;135833;135834;135828;135829;135841;135839;135840;135832;135808;135823;135837;134274;129151;135575;135844;135845;135842;135887;135886;135960;135382;135716;135889;135891;135959;136389;136391;135890;136162;135888;137040;137038;136487;136603;136486;137039;136690;137041;137175;137174;137292;136390;137348;137176;137389;137294;137742;137533;136991;137698;137741;137293;138205;137390;137772;138489;137773;137743;138419;138586;137534;139300;139353;138827;138538;139220;139399;139301;138206;139893;138585;140239;139895;138584;137347;139400;141748;140440;141104;139894;141710;141691;141649;141677;141686;141754;141707;141746;141753;141687;141760;141681;141736;141747;141711;141703;141664;139354;141690;141761;141720;141694;141743;141652;141727;141657;141734;141650;141702;141679;141698;141667;141695;141729;141688;141683;141661;141685;141728;141744;141689;141696;141770;141654;141663;141767;141709;141755;141708;141723;141704;141762;141648;141680;141653;141699;141656;141412;141150;141759;140441;141741;141713;141738;141716;141838;141842;142556;142014;142015;142570;142548;142810;142821;142012;142822;142823;142999;142816;142563;142817;143243;142818;143000;143361;143371;142819;143246;144211;143533;143359;143044;144215;144295;144294;144214;144293;142820;144296;144367;144292;144368;143360;144843;144744;144987;145442;144369;145504;145460;146062;146063;146064;145697;145438;146270;148973;147135;148971;147206;147136;150710;150159;150760;150160;148972;150448;150479;150800;150446;147714;150711;150761;144297;151503;152087;146065;150789;152088;151447;152192;150768;152364;152952;151678;152949;150478;152089;152867;152951;152950;152946;152866;153168;152086;154132;153227;154202;154131;154275;153225;155949;154130;156176;154412;154276;154821;155953;154201;152948;159006;156719;154823;156757;155972;156717;156718;156720;155948;156456;157050;156803;157227;157131;157859;156799;157247;158330;158054;158079;158922;158328;158875;159554;158331;159648;160259;160059;161409;160643;160543;161383;158348;159640;161758;161510;161506;161106;141410;135843;161803;156178;161974;162480;158329;162592;162323;162595;163710;162593;163708;162723;150709;164010;163726;162594;164480;164008;164485;162725;164889;164487;165740;164011;165683;165607;166333;166334;166780;165741;165606;166778;164479;166415;166416;167255;166413;167258;168455;168629;168879;167259;170452;167745;170643;170457;168878;168734;170428;170639;170642;171654;170892;170754;172009;171259;171664;169875;172357;169876;173720;172289;171076;172290;124650;61373;172359;166777;50575;170638;160486;50574;40887;10396;11709;17212;42411;105613;23974;33852;11777;99364;108810;48763;10398;93962;106716;26918;56954;87013;23973;63080;58181;18585;62042;178102;35730;58452;60119;44401;10395;20811;103871;72367;22313;22024;66350;10902;10901;10908;10456;10905;10907;10859;10903;26919;65791;10904;63155;18602;13855;44676;65057;76056;48762;51587;133147;56824;10906;99439;52977;70395;53830;72909;59915;62466;59916;62468;52456;53503;63231;49274;63372;62467;55286;63380;64508;64587;63426;66870;65222;65692;66869;69333;62224;69332;66425;64918;73990;70855;69334;70856;70854;71323;71945;65884;71265;66448;69840;71322;71325;71324;73992;72608;73418;72936;74429;74154;78446;73989;73865;76416;76123;73742;73991;77161;72286;67216;79145;76464;77170;77580;78447;79839;81209;80948;80489;79444;83359;83369;81732;82823;82075;81046;84737;84645;84367;81884;85880;82779;84052;85329;81731;84809;87875;86818;84763;86371;86469;84058;86149;87252;86856;84742;87893;87313;86065;87671;87249;90511;92818;12209;100051;135901;122484;91045;101113;18502;20368;18680;21193;19408;20006;21334;19407;22194;16337;20008;22034;25699;29855;34311;20928;34477;25700;21696;18028;34412;78444;21655;56210;87876;47556;48761;72908;35362;47045;34413;58335;59044;35635;62045;33881;106298;66423;55802;42443;43089;39350;47750;39622;44045;39783;10397;63478;38689;10911;10913;148541;10394;10915;46017;10404;34414;161502;10914;11454;10912;134420;35634;66424;10916;38153;134421;134942;42410;11818;10893;10892;10894;10785;12298;88699;17607;10910;10434;10433;18085;10499;15996;10504;11330;10555;10509;10525;10485;18491;10482;10615;10519;10603;10668;10632;10693;11309;10486;10734;10861;10926;10866;10806;10865;11326;10945;11307;10619;10943;11366;10964;11325;20885;11143;11322;11304;11029;11091;11306;11301;11144;11146;11145;11300;11286;10944;11194;11336;11147;11215;11148;11212;11191;11433;11423;11413;11231;11485;11683;11178;11541;11534;11878;11528;11789;11787;11792;11774;11790;11803;11886;16299;11802;11804;11177;11832;11831;11928;11885;10563;11921;11887;11595;11920;11992;12052;11990;12092;12208;12091;12051;12205;12206;11989;12235;12267;13638;13639;13643;14732;13637;14254;12090;13642;15467;15456;15455;13640;15458;17976;15459;12207;13641;15714;15965;14724;15963;16123;15962;16333;16124;15964;16324;16325;16328;16125;16330;16327;16332;16329;16326;15894;18022;15966;15460;18023;18026;18024;18020;18215;18021;18484;18482;16331;18483;15457;18485;18489;18025;18492;19403;19402;18682;18681;18488;18487;19405;19406;18679;20001;19997;19401;19999;20000;20005;20004;20299;20382;20172;20003;19404;20002;19998;20390;20905;20907;20909;20908;20906;21210;18486;20904;21077;21078;20298;21332;21685;21212;20910;21687;21211;21690;21688;21695;21331;21693;21692;22027;21689;22029;21691;22028;22033;22030;21694;22032;21213;20389;21686;22031;22183;11888;161804;22184;22185;22187;22189;22186;22191;18490;22193;22192;22333;22188;22190;22530;22449;22534;22532;22535;22533;22536;22538;22531;34821;23644;23643;23647;22332;22537;22529;23833;23835;23646;23837;23834;22334;23838;23645;24329;23839;23999;23998;24331;24330;24334;24000;24335;24332;24333;24338;24339;25022;24911;24337;25026;24340;25162;25025;25024;25165;25164;25168;25167;23836;25484;25166;25163;25023;24336;25486;25488;25485;25688;25487;25690;25691;25687;25881;25883;25882;25880;25692;25689;25901;25902;26017;25885;26018;26963;25886;26961;26022;26962;26964;28183;26966;26019;26965;29311;29307;29309;29310;29308;25884;29894;29312;31038;29313;31041;31040;31042;31037;31039;29893;31413;31046;33107;31044;31415;31414;31791;31047;31793;31792;31795;31797;31796;25489;31794;31416;28184;32312;32311;32310;31043;33134;33133;33132;33138;33136;33137;33444;33442;33441;33443;32313;33870;33871;33873;33875;33874;33135;33877;33879;33878;34122;34120;34123;33876;34121;34401;33880;34403;34402;34404;33872;34410;34408;34407;34406;34744;34411;34409;34476;35074;35069;35072;35070;35073;35361;34743;35076;35071;35221;35630;35823;35633;36149;36147;35824;36150;35632;36151;35631;36148;35822;35075;38742;36153;34405;39342;39341;39347;36154;39340;39349;39343;39346;39345;39792;39791;39348;39795;39794;40407;40556;40555;40557;39344;40561;40565;40560;40559;40435;40889;40888;40562;42106;39793;40891;40558;42110;42108;40892;42109;42107;42112;42114;42113;42116;42118;42115;42111;42117;42438;43061;42442;43065;43063;43865;42440;42439;44415;43066;42441;43062;44413;42437;40890;36152;31798;44414;44418;44421;44423;44422;44420;44419;44417;45020;44110;45506;45508;45507;44424;44425;45378;45510;45512;43064;45511;45021;46313;45515;45514;46840;46843;46844;45516;46839;46842;46846;45513;47710;46312;46848;46841;45509;46847;47712;47711;48286;47713;48288;48285;48216;48290;48292;48287;48291;48294;48289;48296;48295;49219;49221;48284;49224;48297;49948;49225;49222;49220;48293;49227;49223;46845;49695;49226;49956;49952;49951;49958;49950;49955;49953;49954;50528;49959;49962;49960;49963;51163;49961;50530;49957;51164;51162;51165;51170;51167;51166;51168;51172;51171;51175;51177;51176;51174;51173;51454;51169;50529;51906;51907;51455;51904;51903;51905;51909;51911;51910;51913;52583;51914;51912;52585;53375;53376;51908;53382;53380;53379;53377;53378;53384;53383;53386;53388;53387;49949;53385;52584;51178;53381;53390;53391;53858;55117;55119;53859;55118;55121;55123;55122;55125;55127;55124;55126;55130;55129;55131;55569;55120;55571;55570;55132;55788;55790;55789;55787;55791;55794;55793;55797;55572;55128;55798;55796;55799;56449;56174;56176;55792;56173;56177;56175;56452;56451;56454;56456;56453;56737;56736;56455;56450;57274;56739;57273;57275;57278;57277;57276;57280;57282;57281;57284;57285;57283;57414;55795;56738;57279;57470;57472;57471;57474;57942;57475;57946;57947;57949;57944;57945;57473;58329;57950;57948;57943;58331;58333;58334;58332;58656;58658;59038;58659;58655;59042;59037;59039;59040;58657;59454;58330;58660;59043;59041;59456;59457;59458;59906;59460;59910;59913;61528;61527;59908;61530;61532;61531;59907;61534;59909;61535;61533;62460;62459;62223;59912;62462;62464;62463;62044;59911;62461;61529;59455;57469;53389;62903;59459;44416;62043;62904;62908;63225;63227;62906;63229;63419;62905;63421;63228;63420;63230;63226;63224;63423;63425;63424;63522;64570;64574;64576;64575;64579;64572;64578;64577;64580;65210;64573;63422;65212;65214;65211;65877;65875;65215;64571;65213;65881;62907;65882;65876;65878;66413;65880;66415;66417;65879;66414;65883;66419;66418;66866;66864;66416;66422;66863;66421;66867;66865;67211;64581;67213;67215;69325;69324;67214;69329;69327;69328;69828;69331;69827;67209;66412;69326;69330;69830;69831;69832;69835;69927;69833;70332;69837;69838;70336;69834;67212;70334;70337;70335;69829;69836;70846;70847;70339;70333;70849;70848;70850;70853;70851;71312;71315;71316;71311;71320;71313;71319;71314;70852;71941;71318;71943;71942;71321;72429;72428;72434;72430;72432;72433;72431;71944;70338;71317;67210;72931;73413;73415;73416;72934;72935;72932;73805;73982;73985;73984;73417;73986;73981;73988;74423;74422;74425;73983;74424;76406;74426;74427;76408;76407;74428;73987;77163;76411;76409;77160;77165;77166;77573;77167;77575;77168;78432;78433;78431;76410;77164;77574;78434;77169;77572;78437;78439;78438;79125;79128;79127;79133;79134;79132;79130;79129;79311;78435;77162;79138;79131;79136;79827;79831;79828;79137;80491;79832;79834;79126;80495;79833;80490;80493;80497;81263;79830;80492;80494;81267;81265;81266;81270;81264;81269;81262;81757;81735;81736;80496;81734;81268;81738;81739;81740;81742;81733;82770;81743;81741;82773;81744;82769;82774;82771;82793;82772;82778;82776;82777;81745;83358;83362;83440;83416;83361;83355;83354;83356;83360;83363;83357;83370;83364;79135;81737;84054;72930;82775;84055;84738;84059;84057;84060;84056;84761;84743;84736;84739;84744;84734;84762;84735;84741;84745;84748;84085;84882;84746;85348;85333;85332;85335;85321;85346;85334;85406;85330;85331;85845;85322;85350;85540;84747;85324;85846;85884;85876;85879;85843;85844;85849;85883;85877;85847;86372;86365;86373;86374;86366;86821;86367;86823;86825;86826;86824;86822;86819;86820;86830;86828;85848;85323;87255;86849;87256;87253;87261;87257;87254;87877;87263;87264;134204;87262;87260;87259;87258;87879;87890;87892;88642;87882;87880;87881;88643;88644;88647;88645;88649;87878;87895;88648;88646;88651;88653;89748;88654;88652;89746;89750;89752;89751;89754;89779;89747;89757;89753;90431;89755;89749;89835;90433;90435;90434;90437;90432;90439;90443;90442;90438;90441;90440;88650;89756;91002;86827;90436;91004;91006;91005;91007;91003;91008;91010;91014;91012;91011;91013;91009;91015;91596;91611;91597;91598;91600;91602;91601;91599;91604;91605;91606;91607;91608;92015;91016;91612;91603;91609;92017;92016;92019;92021;92020;92018;92023;92025;92024;92820;92821;92843;92819;92823;92822;92022;93465;93464;92825;93466;93468;93467;93469;92824;93471;93473;91672;93470;93472;93481;92839;93651;94011;93475;94014;94017;94016;94340;94013;94630;94009;93963;94008;94631;93964;94012;94634;94633;94635;94637;94640;94636;94639;94638;94642;95764;94643;95811;95766;95809;95765;94632;95767;94641;95769;95768;95771;96392;96390;97325;95772;95770;96393;97731;96391;97729;97745;97730;97744;97743;97794;97732;97733;97736;97734;97741;97754;97735;97740;97742;100054;97738;97737;99285;93474;84053;22182;95813;91001;104043;104044;99306;99365;62465;99305;99307;99287;99286;99309;99308;99312;99289;99304;99288;99282;104889;104665;99314;102267;102265;102266;104382;102270;102272;102269;102271;102264;99290;102268;102273;122485;104890;105179;105181;105183;105180;105185;105188;105184;105187;101522;105189;105192;105191;101367;105182;105190;105186;101369;104891;101370;101372;101368;101373;102035;101375;101366;104383;100760;100759;101371;105178;101374;100767;101365;100762;100761;100764;100763;100765;100766;104892;100787;100782;100788;100768;100783;100785;100055;100786;100061;100056;100058;100060;100057;100059;100062;104893;100103;104547;104549;104548;104045;104553;104551;100791;104555;104552;104556;104554;104558;100063;104894;104570;104559;104561;104560;103745;104562;104557;103748;103749;103747;104384;104895;103786;103750;103751;103785;103754;103753;103924;103752;103816;103746;133048;104550;103784;104385;103129;103131;103130;103220;103132;103128;103133;103139;136946;103138;103137;104896;103141;103134;103192;103136;103456;103123;108960;103140;108966;108962;108964;103122;108963;108968;108967;108961;108965;103135;108970;109036;108971;108974;109029;108972;108973;108976;105796;108975;111685;111684;111688;111691;111695;111690;111692;111687;111786;111686;111755;111693;111756;111696;122486;111698;111694;111699;108969;112116;111689;111973;119582;111697;111700;119584;119586;119583;119585;119588;119590;119589;119612;119594;119592;119591;119587;162063;136616;119595;119686;119596;119597;119609;162079;119771;119769;119772;119770;119774;162073;119598;119773;162017;119593;119611;119768;106795;106797;106799;106798;106796;106801;106805;106803;106802;106807;106806;106804;105731;106800;106655;106817;105585;105693;105546;105548;105547;105550;105552;105551;105554;105730;105549;111787;119599;105694;105553;106818;103127;105699;105697;105696;110980;105695;105698;105700;110982;110984;110983;110986;110988;110987;110985;110981;111070;110992;111071;111008;110993;110990;110991;111042;110994;111007;110485;110486;110487;111045;110989;110484;110491;110490;110489;110492;110494;110414;110493;110500;110498;110496;110497;108284;110501;110499;110495;108286;108288;108289;108290;108291;108407;108292;111072;108294;108296;108293;108287;108336;108295;128764;108757;108408;108285;110488;108300;108298;109652;108299;109603;108301;109604;109608;109606;109610;109607;109731;109609;109605;109611;109612;109613;109684;109615;109618;109616;109617;109614;118910;123513;118911;118912;118913;123514;109651;118917;109732;118915;118916;118918;122819;118919;122818;122820;119463;118921;118979;119095;118923;118978;162094;118958;118922;118920;118926;162032;118925;118928;118929;162091;118927;117999;117997;162034;118930;119017;118924;108297;118914;118003;118000;117998;118001;118006;118005;118149;118004;162084;118007;118148;118009;118011;162056;118010;118013;162081;118014;118012;118016;162098;162021;118008;118094;110642;117413;117412;117419;117420;117417;117416;117481;117411;117415;117418;118015;117414;117421;117460;117422;119239;117458;117423;117424;117426;123942;123940;123939;123944;123943;123947;117425;123941;123948;123946;123949;123975;123952;123974;162036;162071;123953;127842;123950;123955;127841;117431;123951;123945;127846;127851;127850;127849;127848;127844;127853;127860;127855;127861;162075;127852;127845;127909;162072;127854;131928;127847;131932;131930;131926;131933;131925;131927;131937;162041;131929;162031;131936;162090;131939;131935;162033;127856;132020;122118;131940;131934;122121;122119;122123;131931;122124;122125;122127;122120;122126;122122;122128;162062;122130;122154;122131;122155;122129;122132;122317;122974;122133;122185;162029;118002;122255;122234;105728;127843;121011;121013;121017;121016;131938;121014;121019;121022;121018;121109;121015;123131;121021;121035;123132;121025;121020;121023;162100;121044;121213;121027;121189;121026;121028;162092;126569;126572;126571;126573;126570;121024;121065;126574;126576;126578;126577;126601;126602;126579;126600;126581;126631;126584;126582;126583;162101;162078;126630;126641;126628;126580;125818;125817;125822;126604;125816;125821;125823;125819;125825;125881;125826;125824;126585;125828;162082;125829;126575;125820;125831;125834;130260;122782;125833;125830;122779;122780;122784;122783;122787;125832;122859;122781;122789;122788;122786;122790;122778;122869;122792;122791;125059;125061;122975;125060;122785;125058;125063;125067;125064;125066;125164;125217;125074;125068;125065;125069;125070;125149;162118;125071;125227;125225;126634;125057;125163;125072;125255;130901;125073;130902;130903;130905;130906;130907;130904;130909;130910;130261;130911;125827;130908;125062;130913;130969;130912;130914;162111;131025;129718;129721;129719;130915;129723;129717;129722;129720;129716;129725;162121;129727;129729;129726;129730;129885;162108;129728;129731;131318;128635;128634;129724;128639;128637;128641;128638;128742;129715;128770;128642;128771;128636;128772;128643;128644;162049;128646;128707;128647;128648;128767;131567;129166;162102;128708;128686;128645;135463;128649;129167;135465;135471;135466;135467;135468;162077;135473;128640;135464;135469;162052;135474;136425;135475;135470;136474;137399;135590;162026;135476;135477;135587;135478;135682;135675;135462;135758;162087;162070;135718;162027;135480;135719;135481;162109;139489;139487;139488;139486;135482;139485;135479;139484;139491;139493;139496;139495;162053;139492;139598;139497;139499;139701;139494;139501;139500;162024;139498;139504;139505;140595;139507;139506;139584;143561;139503;143570;143559;143558;143569;140596;135472;143571;139502;162040;143560;162105;143564;143562;143566;143565;143557;143608;147956;162119;139490;144057;162086;143556;164176;144056;144059;143555;143567;162104;143568;133608;143573;144058;133610;133612;133613;134863;133615;133609;133614;133616;162065;133719;133716;143563;133618;134864;133619;133620;133718;133611;133622;133621;162106;132862;132860;132859;132858;132864;132863;132861;132857;133049;132867;132866;132994;162074;132993;132999;132869;132870;162115;138454;132868;133617;138453;132865;138455;138456;138458;138460;138459;138462;138464;138600;138466;138463;138461;162028;138467;138468;138469;138471;138465;138470;138512;138473;138452;138472;162050;137254;138474;137304;137256;137258;137257;137260;137262;137261;137259;139314;137255;137264;137265;162088;137266;137267;138088;137269;162039;137270;137369;162093;137272;137271;134372;137268;134369;134371;134368;134866;134865;134373;134374;134375;134376;134377;136472;136473;162025;134379;134416;134378;138457;162067;134428;137263;134381;134382;134370;136502;136504;136503;136501;136564;136527;136507;136510;136506;136508;136509;136566;136505;136511;136512;162099;136514;142684;136515;142681;142693;142680;142687;142683;136513;142690;142679;162018;142691;142685;136565;142682;142689;142888;142808;162068;142692;142807;162058;142809;142694;143043;142695;142688;142806;141433;141423;141427;141420;141422;141426;141416;141424;141431;141432;141417;141503;141493;141491;162085;142686;141429;141430;141425;162022;141418;141419;141434;141436;141428;141415;141435;141931;140414;162120;140420;140415;140418;140416;141421;140424;140423;140421;140419;140422;140501;162083;140428;140426;140430;140429;140427;140425;140519;140518;140520;140417;140432;140534;140431;140465;140521;162069;148466;149259;148468;148486;148473;140433;148461;148465;148480;148467;148471;148477;148485;148482;148479;148469;148476;162035;148470;162117;148739;148737;148474;142595;148475;162038;143572;148463;134380;121012;149367;148738;148464;148553;148538;148484;148714;152435;148483;152436;152430;152434;162061;148552;152422;152528;152425;152433;152488;152428;152524;148478;152520;152431;152525;152526;152432;152429;152669;152423;162016;152426;152437;156063;152521;152427;162055;156072;156071;156064;156068;156070;156069;156067;152421;162116;156066;156074;162020;158167;156227;156062;159064;158206;156073;158165;178436;158166;156194;158251;146326;146345;146329;158205;146337;148979;146342;146327;146338;146344;168396;146341;146335;146339;158164;146346;156065;162048;146330;146343;146336;146332;146457;146419;146418;146426;146454;146456;146340;146331;146334;146479;146455;146333;144884;144887;144873;144882;144874;144888;144880;144877;144879;144878;145039;162113;145040;144889;144886;145041;144881;162047;144885;145093;153214;145091;144883;145092;145094;151604;162057;144875;144977;144876;151606;151592;151588;151599;151601;151598;151471;151473;151472;151479;151475;151477;151476;151474;151609;151478;151488;145033;151596;151664;146328;151611;151597;162023;151607;162089;151608;151589;151595;151603;151647;151605;151602;151594;151590;150353;150354;150369;150374;150363;150370;150365;150708;150368;150357;162114;162043;152587;150352;150356;150373;150361;150351;150371;150358;150367;150372;150366;150364;150355;150359;147226;147220;147230;147224;147229;147217;150418;147221;147231;147223;147024;147225;162066;147222;147227;147218;147003;147228;147750;147638;147753;147752;161755;147751;164177;161756;147946;150360;149383;147657;147219;161753;149396;149382;147749;149391;149440;149390;149389;149438;149392;149386;149398;162042;149394;149385;162095;149393;149479;149401;149387;162122;149400;149395;149388;149436;154989;149402;154994;149399;154987;154990;154997;154984;149397;154993;154982;154999;161757;154983;154985;154996;155000;155020;161754;155174;155306;154995;155018;154033;154991;155962;154037;154029;154988;154042;154034;154041;154040;154035;154036;154043;147216;154026;154986;155143;162107;162064;154032;154175;154171;154028;162080;154172;154038;162059;154051;154173;154030;153383;153381;154039;154031;153372;153386;153377;153384;162103;153380;153379;153375;153374;153382;153385;162054;153378;153388;153387;160641;153470;153428;153373;153376;159671;159677;159682;159685;159684;159679;159675;159680;164503;159672;168395;159681;162076;159676;159683;159732;159674;162037;159670;159686;159678;159763;159916;163951;163943;163946;159733;153389;163940;162669;163942;159673;163952;163941;163974;163948;164502;163947;164044;163945;164007;164147;163944;163950;164080;164042;163949;168688;168694;168685;168679;168686;168690;164043;168683;168680;168736;168693;168745;168827;168737;168687;168826;168689;164090;168681;168682;168747;168677;168731;168730;169003;168684;168691;168692;169974;157432;157435;157429;168678;157440;157426;157442;157437;157441;157428;157427;158037;162110;157879;157431;157433;157850;157439;157851;157852;157438;168729;162096;163953;157849;157436;156622;156620;156617;156618;156621;156713;156624;156625;156626;156619;156628;156627;162045;156745;156623;168397;156771;162044;156630;156641;156642;156639;162019;156631;156640;163048;163049;163052;163045;163041;163050;163053;156714;163046;156629;163044;163073;163043;164501;163042;162205;163047;163080;162188;162201;162189;162206;162191;162202;162193;162194;162196;162197;162190;162314;162204;162311;162312;162200;162195;162393;162547;162198;162317;162192;158716;158717;158703;158701;162203;162199;163051;158704;158713;158712;158700;158702;158718;158786;164504;158707;158714;158927;158709;158706;158818;162112;158710;162060;158715;158759;162030;160927;160929;158708;160928;160930;160932;160938;160926;160931;160937;160946;167885;158705;160934;160936;162046;160942;161054;160945;161089;162097;160943;160939;160941;161118;161087;162051;167105;167115;160933;161119;160935;167107;167112;176328;167104;167113;167103;167111;167109;167106;167108;167281;168223;167116;157841;167118;167254;158711;160940;154027;167117;167269;167267;167266;168224;167114;168503;167268;167110;167246;168222;167265;166039;166034;166028;166032;166025;166035;166555;166038;166029;168665;166024;166030;166054;165705;166027;166536;166026;166023;166031;166061;166033;166116;166037;166769;164994;166060;164997;164998;166036;164996;165006;165004;168398;165002;165007;165000;165336;165005;165072;165076;165211;165077;165212;165214;164993;165174;165001;165175;165003;174107;164995;165107;174111;174106;174118;174108;174113;174120;165213;174121;174110;174103;164999;174175;174119;174109;174116;174114;174115;174220;174104;175450;174105;174163;175440;174222;174162;179487;175441;174117;179498;174221;179497;179495;179494;179491;179489;179499;179664;179492;179488;180502;179490;179502;179501;174112;179613;179486;180501;179632;179500;179614;179640;179641;179642;179836;179671;179643;179668;179612;179925;179496;179670;179493;179645;179615;179644;186777;179675;186778;186789;179672;186782;186788;186785;186790;186791;186776;186781;186787;186779;179669;186786;179633;186907;186783;174219;186780;171448;171450;186903;171445;171547;186906;171447;171451;171446;171610;171452;171444;171598;171442;171441;171545;171544;171453;171440;171555;171506;171604;171608;171508;171607;171636;171609;178029;171602;171509;171507;171599;171556;171505;169782;171554;171449;169788;169779;169777;169784;169787;169781;169786;169775;169789;169785;169783;169776;169895;169898;169891;169896;169778;169780;169897;178166;178159;178152;178150;169968;169890;169860;178154;171443;178151;178168;178158;178297;178155;178163;178193;178245;178206;178157;178205;178204;178171;178169;178275;178160;178167;178244;178170;178243;178203;178241;178161;178242;177246;178162;178153;178184;177241;177247;177238;177244;177251;177252;178165;177242;177235;177248;177265;177393;177237;177239;177297;177245;177396;178852;177236;177243;177317;177383;178851;177249;177240;177392;177353;177296;172520;172529;172533;172532;172531;172521;172525;172535;172611;172517;174991;172519;172518;172606;177253;177250;186784;172537;172524;178156;172523;172530;172526;172536;172534;172607;172577;175347;172528;175350;175339;172527;175345;175340;175348;175349;175344;175334;175338;175343;175392;175369;175393;175336;175368;175342;175341;175370;185582;175364;175391;185585;175337;185588;185587;185576;185583;185589;185579;185577;185593;185884;185592;185951;185887;185580;185883;185886;185959;185958;185591;185742;185769;185586;185770;185741;185594;185735;185578;185900;185885;185581;182855;175346;185590;185584;182854;182865;182851;182862;182853;182864;182857;182856;182852;183025;182859;182863;182917;183024;183033;182956;183032;182957;182861;182968;181298;181303;181297;183020;181307;181302;181313;181299;181311;181306;181308;181406;182860;181305;181312;181277;181375;181343;181309;181340;181304;181345;181310;181346;181294;181443;181341;181301;181296;181295;187798;187797;181292;181342;187795;187794;187800;187790;187789;181344;187799;187901;187802;181293;187805;182858;187801;181300;187900;187803;187792;187899;187973;187791;187806;187796;187804;123460;18592;124120;187793;123461;119150;152100;123458;11867;123459;162529;17651;87734;11459;11457;10413;10427;35453;10412;10431;48405;11458;11460;10426;10430;11110;61647;10531;11119;160576;10401;46742;17662;12028;10553;52459;50859;10429;11868;38912;10432;10449;10428;72543;48942;160511;10400;56211;73026;126527;24786;16314;81425;10457;10458;10860;10895;26917;10897;11562;10567;10399;10899;10898;97086;100871;80333;11329;10900;118716;118715;103877;137754;144952;149377;157063;124117;144951;170963;182964;170962;100064;88561;47709;19699;84729;154955;122614;164073;154957;154959;154958;157062;182966;154956;122615;21626;161921;73182;10835;23979;35352;55046;24755;31856;25663;55047;40870;27586;40871;97996;10896;187859;148740;167247;107195;172522;72604;72603;25424;32081;14274;22941;24952;107294;22945;22942;22946;22943;107295;41066;22944;22948;38010;20332;19202;22951;25194;22949;19443;24370;19444;107298;22950;21259;19214;39387;19367;36851;107297;36284;107296;107300;23914;21792;24844;21258;107299;36847;107304;130508;107302;22952;107303;107305;40924;107301;22953;82536;19838;22954;37385;22955;19743;107309;107307;107311;67145;107310;107312;107313;109882;109911;107308;107314;107315;29719;42066;22244;47891;107318;25385;107316;46333;105346;107319;107317;46745;107306;22956;107320;25456;22947;20052;20739;19446;107321;19203;107324;19579;33791;107328;107326;107322;107327;107330;107329;107323;107325;19204;138420;107332;61391;107337;107331;107333;22958;107341;107334;107339;107338;107340;121174;107342;107335;138421;107336;129870;149794;129869;140363;31596;156785;172380;107346;25541;107347;135434;24371;107343;107350;107349;107344;107345;19368;148754;107352;107348;71645;25271;22959;24343;21006;43884;107354;24373;24372;26157;107355;19215;107356;22960;107357;111114;107358;107359;107353;22961;107360;126716;107351;107361;25386;25272;107362;71813;30165;19449;20943;107363;41952;19447;25069;30164;19448;19369;36541;22962;19744;37052;22445;107367;107366;20740;107365;36389;26981;107369;32361;19839;107368;107370;20271;22963;36756;107372;20859;107371;22965;22967;22968;107364;107373;107375;25728;22969;107374;38854;22059;107376;25070;22966;25388;43885;33204;53510;37663;26982;107377;33908;35407;26983;37390;24953;107378;20380;71646;22957;20273;25387;107380;20272;22970;41981;22972;39487;25071;107382;107384;154221;35408;21260;22971;39488;107386;107385;107381;107387;22060;22973;23685;107388;22975;107383;23686;107391;30166;22061;22301;109855;107390;25273;107389;25643;76070;22974;107393;107392;24845;107397;73908;37632;24374;107395;107396;23915;24375;107398;107401;25642;33909;22897;28278;107399;71814;107400;25274;107404;43886;23994;107403;71647;23916;47892;24377;107406;107408;107407;107402;23748;107410;24376;35193;132890;107405;24846;24213;24379;47156;27072;24380;107394;107415;107411;107413;107412;107414;24954;26984;24378;37310;107418;107417;107419;26985;37997;107421;30005;107422;107420;135435;26956;25644;42970;132891;26986;129871;107424;148760;107423;107425;109883;107429;24847;107426;107427;26987;107416;26158;107430;107431;107432;107433;29826;30006;46317;41943;107434;26159;107428;107435;107436;26988;107439;26989;130509;25276;71648;107437;107442;107438;107441;30167;126717;25275;25433;107445;107443;107440;107409;27073;32492;71650;107444;107449;26990;107448;31989;117683;71649;107450;26160;42171;107447;107446;26161;26991;26957;107454;30007;107453;107452;107451;36604;97123;107458;26162;107456;107455;62305;41052;32164;107457;71651;77913;107459;107461;35195;31758;107460;107462;26958;36895;27075;45450;37884;67147;31759;29205;35194;26908;107465;27617;27076;36551;36474;32165;32166;107464;32168;107466;32362;32167;32493;27074;36856;29206;32169;107468;107471;31187;107470;36336;37316;107469;107473;107475;36313;107463;107472;62507;107474;107477;32494;107479;33205;107480;35409;107481;107478;30169;32495;126718;107482;121175;31331;81875;107476;31333;30168;32364;32363;107483;33206;107485;107486;31332;62508;34789;34788;107484;107489;38169;43145;38167;107493;107491;107488;107487;107490;33207;107492;107496;107498;107494;58842;107499;32365;107501;38168;32496;33910;67146;107467;107500;107379;34066;107497;34790;35196;34792;33911;77466;34795;107495;96564;107502;34791;34797;34794;33793;34796;35197;34793;35410;107503;36396;35578;107506;39554;107504;38822;39553;35198;107505;34798;107507;111115;48917;71652;51969;39555;35199;107510;107509;107508;36623;35200;107512;40610;58843;37547;37954;37958;58844;107511;107513;35201;37522;36656;36339;107516;35411;107514;107517;35202;38711;36600;38118;35203;107518;71815;35579;107515;71653;41053;67148;36814;38771;38736;38770;38780;44387;38781;107519;35569;107520;107521;34106;38756;107523;35568;38737;38738;55063;39414;38783;35412;39317;49787;71816;38782;36806;39325;107524;107522;42182;39574;107526;37667;36861;42137;107525;42183;42136;38824;59285;42184;42098;42185;42138;40586;107527;42218;107529;42219;42217;39762;60090;39326;42099;39763;39002;42139;107530;39309;107532;107528;40969;39532;42220;42140;107531;40776;107533;43343;39308;38823;107534;39415;135436;40367;107535;42241;172385;42078;42221;107536;107537;107538;40937;49134;43096;45603;71655;71654;71818;107539;67149;71817;107541;67150;71656;107540;107545;107543;67151;71657;109856;132892;107547;42919;107542;107544;107546;107548;50041;138422;49136;107550;49750;49135;107552;49079;44925;107549;135437;107555;107553;107557;44926;107554;107559;145192;71819;46318;46319;71820;107562;107556;107560;124073;52470;107564;107561;49991;107565;99432;49080;107563;71658;51877;45116;107567;107551;55477;107558;107568;56430;132893;48936;56675;107566;107571;50364;66188;107572;66187;126615;107574;49234;107570;46320;107575;132894;53275;50572;47100;48937;55478;107576;50622;107577;107569;107578;107582;50621;71662;71659;71664;107580;71661;107579;93710;107586;71660;107587;107573;71665;107583;107585;51878;71666;107588;50521;56432;64249;71663;107589;56431;57632;87367;51881;107584;51880;71668;110656;107590;51879;46666;107592;57834;71667;107581;56676;64654;107596;107593;71669;54965;107594;45596;107591;53276;107597;53247;71671;107598;107600;52967;71673;107599;71676;71135;71675;107595;59979;107601;71670;71674;107602;64655;59441;59049;107604;71677;54992;71672;107605;107606;107603;55479;56435;71678;107609;71679;59601;107607;56434;93798;107612;107608;107611;107610;71680;107614;71681;107619;107613;107621;71682;107617;107620;107615;107623;58643;57392;107618;107626;107624;107625;58477;107628;56433;107627;124074;107616;71683;107632;107630;69902;107622;107631;107635;56976;107637;56464;64656;59286;107634;59051;107639;107641;107640;107636;107644;59050;66739;107642;57835;107633;124075;107647;68869;71684;57680;107643;107649;107646;107638;66352;107648;107650;107645;121176;107652;64657;111116;64606;107653;107656;59287;58735;107657;83539;107654;107655;64607;107661;107658;58028;71685;66353;172377;64608;107660;79428;107663;107664;83540;58559;107665;107666;107667;107651;68870;58127;80844;107659;59963;107670;107668;107671;107669;107629;65208;107662;66710;58736;107675;73054;107674;62450;72003;107673;107672;64610;65628;107677;107678;63217;107682;107679;61482;64612;64611;71686;107681;107680;156786;107676;71687;59442;107686;106090;107687;69903;62433;71688;61593;71689;107685;107690;107688;71690;71455;107691;74083;107684;107689;107694;80845;107693;65638;109071;107696;121177;126719;107698;91593;65681;107699;65680;107692;107700;107683;107697;107704;107702;172384;107703;77721;107706;107708;107707;107705;183293;66800;72165;107712;107709;107711;174326;107715;107695;107710;107720;107719;107714;107718;107722;107716;121178;118060;107721;107717;129872;69904;90082;111117;132895;107724;107723;107726;107713;77680;69905;107727;84721;107725;70442;107731;70443;107729;107730;107733;107728;107732;76517;80076;74084;107737;107738;107735;107740;76086;73055;79306;107736;107742;80846;107743;82761;85734;107741;107739;71691;107734;107745;64609;62110;87493;107746;80847;107744;90083;107747;107750;107749;107753;118061;111118;107752;107748;107751;33792;107701;172379;154224;183291;174327;107755;107756;138423;84205;107759;90084;87640;126720;107757;107754;159890;107758;86452;107761;107760;124076;109073;107762;111119;107764;90571;107769;107767;111120;107768;107765;107771;107772;107773;118129;92405;86453;90572;107763;118130;126721;107775;146233;107777;87520;107776;132896;87521;107774;107778;111121;107766;90704;107779;107781;107770;87986;109074;107780;90085;90573;118062;109072;107783;107786;107784;107785;107782;93587;135438;154226;109075;138424;126722;107788;107789;107790;97124;109076;126723;135439;107787;97125;97693;156749;107791;159889;107793;107792;100145;145191;138425;100146;111122;118131;99756;118133;118132;118134;172378;126724;126725;111123;141557;174329;141558;107795;151901;22977;22976;107794;22980;22978;22979;41067;90703;154225;121179;22982;22981;23688;20333;19205;23687;20053;19206;23763;172388;21261;107798;19450;107800;39388;107799;107797;21007;19370;21262;22983;22984;22154;36952;107802;107804;22245;22985;107805;19580;24848;107806;24381;107807;107803;107808;20054;19745;22986;22987;130510;107809;41001;107810;107812;107811;107801;22988;107815;107816;107813;107817;109884;107814;107818;20055;107819;46334;42067;67152;22302;25389;25457;22989;105347;47893;107821;107820;82537;29720;107823;109912;22990;19451;19581;107825;33794;107822;107826;107829;107824;107830;107828;107831;129873;107833;107832;107827;107834;19207;107835;107837;107836;61392;107843;107839;107841;107842;107840;138426;107838;22991;126726;107844;135440;107845;138427;129874;107846;156784;149803;25542;140364;31597;107847;107849;148765;107850;107852;107848;19371;107851;107853;107854;24342;172381;24383;25277;107856;22992;24384;26992;19216;71692;107796;46746;24382;24385;107855;121180;107858;22993;107859;71693;111124;107863;107860;107864;22994;25391;25390;107862;20944;30171;71821;19452;19453;107861;19454;19372;107865;22995;107868;107866;19746;36725;107870;32366;41953;20741;107869;107867;22996;26993;25392;22446;107872;38126;19840;20274;30170;107874;20742;20860;25072;107873;22999;107875;38855;107877;20275;43887;20381;22998;107876;107878;35413;33208;20276;22062;53511;21008;26994;24955;33912;107879;36931;107881;107871;107880;23000;25393;39490;154219;35414;23001;107883;36329;39489;25073;107885;107884;107886;107888;23689;107889;22063;23002;107891;107887;23004;107892;107893;109857;24849;41982;21263;71694;30172;25646;107895;23739;107890;107897;107898;23003;25645;107901;107894;24386;22898;107899;107896;107900;107904;107903;107902;107905;73909;25394;33913;23917;107906;23918;71822;132897;24387;71695;107907;107911;24389;107912;47894;24388;107910;107913;107909;23749;43888;67153;47157;107882;107908;24214;23919;24391;27077;107916;107917;24850;24392;107918;107914;26995;37742;107915;26996;107920;107921;24390;24851;129875;30008;25543;132898;42971;107924;25647;107919;148764;107922;107925;25434;107923;107928;107927;26997;109885;46321;107926;26998;107930;135441;37070;107929;27001;107932;24852;27000;25278;41944;30009;107934;107936;29827;107935;107933;130511;107939;107940;107941;107943;25395;107938;71696;30173;26999;126727;25729;27078;27002;107942;107944;69906;107937;107947;32497;107931;107949;107945;107948;31990;71697;117684;28279;107951;41054;27079;30010;42172;27080;27004;107952;107950;62115;27003;107953;97126;107954;107957;77914;27082;107959;107956;27006;27081;25648;27005;107958;71698;32170;35206;107955;107961;35205;31334;31760;31761;37728;38004;27084;107960;45451;107963;107962;36874;32367;27085;27086;107965;107964;32174;62509;32175;32172;37278;32176;32171;29207;43889;27083;107946;32498;107857;32173;29721;29208;35204;37825;107967;107968;35415;31188;107969;107972;107971;107973;107970;121181;107975;30174;81876;107976;107977;37188;107974;107979;32499;30175;32501;107978;31336;32177;107982;32368;107983;32500;107981;31335;107984;31337;107980;107986;107985;43146;34799;33209;38171;107988;126728;107987;107992;62510;34800;107994;107991;107995;107990;33210;38170;71699;107998;107997;34067;107989;107999;32370;58760;33915;33795;35207;33914;34802;34803;107993;34805;96565;34804;34801;108000;35208;32369;107996;34808;33796;34807;37639;108001;35570;108002;38825;108003;35209;51970;108005;39556;35210;108004;39558;40368;35211;34809;111125;34107;48918;108009;108007;108008;39557;58762;35212;36795;35416;58761;108012;108006;108010;35417;36512;37702;35213;38712;108014;35214;36555;108011;37287;108013;71700;41055;71701;38772;108016;38784;38773;38785;55064;35572;108017;38757;38826;44388;37456;35571;108019;108015;108018;38740;108020;108021;38787;38786;39327;49788;34806;35418;108022;38827;36559;108023;36337;35573;39575;42186;59234;39318;42141;42142;39416;108024;108026;42100;42187;40587;42188;42258;108025;37297;42223;42166;40777;39764;39003;39310;108028;42101;42224;40343;39765;108029;108027;108031;108032;39417;40970;60091;42225;40938;108030;40925;42226;43344;40750;172383;42143;42242;46322;108033;40369;42222;43049;108034;135442;108036;71824;108037;71702;49137;46667;109858;67154;108039;108035;108038;71704;132899;108040;48938;138428;71703;67155;49081;108041;49751;108046;108048;124077;108043;50042;145172;108044;108045;108042;49138;108047;135443;108052;108051;108049;108055;108050;46323;108056;44928;108053;71825;108054;44357;108059;108057;71826;49082;49992;45117;46324;108060;108061;99433;108063;52471;45597;108058;50365;108064;108062;132900;50538;108065;56677;44927;71823;38739;71705;65978;46325;108067;53277;55480;49235;65979;56436;108070;50623;108071;108073;108074;55481;108069;108072;48939;108068;108075;108076;126616;132901;71707;108077;108079;93711;108080;108081;71708;71713;71709;108078;50624;71706;71710;108082;71712;50522;57633;53822;110657;108083;71711;108084;51882;56437;108087;87368;108085;51884;64250;57836;108086;51883;56438;64658;108088;54966;108089;53278;53248;108090;108092;71718;52968;71715;108091;56678;71717;71720;59443;56700;71721;71714;108093;71879;64659;71716;108094;55017;108098;108096;108097;55482;56439;108095;59013;71722;93799;71723;108099;56440;108100;108102;108105;108104;108109;108106;108107;58737;108103;71724;108108;108112;108101;108115;108113;71725;56441;108114;108117;108111;56465;108120;108121;108118;108116;108122;124078;108123;108126;58478;108124;71726;108127;59014;108119;57837;108125;56977;59235;108128;108133;108130;59052;64660;108131;108135;108134;71719;66740;108129;92406;69907;108110;108137;108132;108138;108140;108139;124079;64661;108141;64552;108143;71727;108142;57681;108145;66332;68871;64524;108146;83541;58738;108147;111126;64525;172382;108150;108148;108144;66333;108152;59236;121182;108149;108153;108151;58029;83542;108154;79429;64526;58587;58128;108157;108159;108156;59953;108160;80848;108155;108161;108158;68872;108163;64527;108162;108164;58739;108165;108166;62451;108169;58763;63218;108167;108168;73056;66711;65595;64528;65186;72004;61457;108170;108175;71728;64529;108172;108176;156787;108173;71730;108174;108178;108177;106091;108179;62429;59444;71729;108181;108180;108182;91594;64530;71731;69908;71732;71456;65665;108184;108187;108183;74085;108186;71733;108185;80849;121183;77722;65639;61594;109077;72166;108188;108190;108189;126729;108192;108194;108193;108196;108197;108199;108198;108195;108203;108201;108191;108202;121184;118063;132902;91595;129876;111127;90086;108204;108205;65672;69909;108206;69397;68873;108200;108136;108171;82762;108066;107966;108207;108208;84722;108209;108211;108215;108212;76518;108210;108214;108216;108213;74086;70445;108218;80077;108220;108219;87494;79270;82764;108224;108221;108226;82763;108227;108217;108225;108222;118064;108228;126730;108223;172386;90087;154223;124080;80850;87641;138429;90088;108230;183292;108229;174325;108233;108231;109079;159891;108237;86455;108232;111129;86454;108239;108242;108241;108238;90575;108234;108244;90574;108236;109078;108235;111128;108243;108240;108246;118136;111130;126731;92407;108247;87523;118135;111131;146247;108249;108250;108248;87522;132903;108252;108254;108251;90675;87987;90089;109080;118065;108255;109081;108260;90576;108258;108256;108257;108259;135444;154222;90676;108263;108262;138430;108253;108261;93588;97127;97128;109082;135445;126733;108264;145096;97694;154220;108266;156750;108267;118137;138431;99757;100148;111133;118140;118139;118138;108265;100147;126734;121185;111132;151893;126732;172387;141553;159888;172389;80580;80581;174328;108245;141551;80583;80585;80584;80587;88514;80588;80586;80582;80589;80591;78395;80593;80600;80594;80598;80597;80604;80599;80601;80602;80590;80595;80603;80596;80607;80592;80606;80613;80614;80608;80611;80609;80612;80610;80619;80621;80618;80616;80620;80623;80617;80615;80622;80625;80627;80628;80629;80631;80634;80630;80632;80635;80639;80638;80636;80640;80605;80626;80637;80644;80646;80642;80633;80645;80643;80650;80624;80652;80647;80654;80651;80657;80648;80653;80660;80655;80656;80661;80649;80662;80659;80664;80665;84807;80663;80669;80672;80674;80671;80668;80666;80667;80658;80676;80678;80680;80682;80681;80673;80677;80679;80686;80688;80685;80670;80687;80692;80694;80693;80689;80691;80690;80698;80697;80700;80699;80702;80695;80684;80704;80703;80683;80701;80706;80707;80710;80713;80712;80934;80714;80696;80709;80641;80715;80708;126735;80717;80705;80718;80711;80720;80719;80723;80721;80675;80722;80727;80725;80729;80724;80728;80726;80735;80732;80730;80736;80733;80741;80731;80743;80738;80744;80742;80739;80749;80737;80740;80751;80745;80748;80756;80750;80752;80746;80734;80753;80755;80747;80763;80760;80758;80764;80761;80762;80769;80759;80771;80767;80772;80768;80766;80775;80778;80770;80776;80773;80782;80765;80779;80777;80784;80780;80785;80754;80787;80786;80781;80790;80774;80789;80792;80783;80757;80788;80791;80796;80794;80795;80798;80800;80799;80797;80806;80804;80803;80809;80802;80808;80807;80805;80812;80811;80813;80817;80801;80820;80818;80821;80815;80824;80814;36510;36870;80810;80816;37361;80823;36972;37928;37461;38071;80822;80819;37878;36808;36271;37902;38025;37416;36258;37580;37019;37862;38046;38094;23147;36639;37909;67156;36565;23159;37094;23126;23150;38024;37893;37948;23158;23151;23163;23155;23166;23165;37833;23164;23168;80793;36626;23239;37540;23198;23167;23238;67158;38116;67157;23235;23254;36327;23248;23247;24974;23249;23260;37130;23257;23255;23259;23223;24975;23258;23244;36915;23263;23262;37700;36616;23264;37857;23267;36272;37992;38110;37982;36872;23265;24393;23269;24394;23266;23294;23285;23295;23690;38067;23296;23268;23291;13295;36678;37458;23261;13298;13296;36987;13297;13299;13300;13304;13301;23297;13306;23304;13305;13303;26959;13307;13309;13302;13312;13310;13311;13314;13316;13313;13317;18068;33916;13319;23306;13321;13320;13318;13315;13324;23315;67159;14199;21170;13327;26909;13325;13330;13332;13326;23316;13323;13328;21009;13331;13333;13336;13339;17356;13338;13345;13347;13337;13349;23321;13348;13346;13342;13341;13343;37154;13322;13340;13334;80716;23326;13352;23301;13354;13353;13358;13351;72142;67160;13355;23327;13359;13362;13357;13360;13363;13365;13366;23328;13369;13364;33211;22155;13373;13370;13368;13371;13356;13372;13361;67161;23330;23334;13367;13375;13380;13377;23336;13384;23335;13386;13378;13381;33797;13389;13388;23338;13383;13391;36568;13382;13392;23344;37081;13395;23345;13390;13394;13387;23343;13374;13393;67162;23352;23346;13398;23358;23359;13396;13399;23362;23361;13397;23360;13385;23355;25730;23363;13400;23367;16084;23364;13403;23366;24984;23371;25074;13402;23373;13404;23374;23372;23368;23369;13401;24985;23375;36946;23377;23379;13405;23365;23381;36543;23378;23376;23385;23384;23389;23387;23388;23386;23391;43895;22507;15482;15744;23392;15594;18284;15593;20945;13406;23383;23395;23390;23397;37808;23351;23404;23403;23396;19455;30176;23409;23407;23405;37241;19456;17357;23406;37226;36716;36406;37979;23411;23414;23412;23410;24853;24986;23417;37733;23413;23416;33798;37548;37251;24395;23415;37271;23421;23418;36577;36305;27053;76553;23424;27007;23427;20946;37867;24397;36302;37363;25279;24398;27509;73910;24396;23428;25281;24399;27009;27008;24854;27010;37397;26960;31762;36789;67163;23423;29828;38026;37098;34996;27087;36954;25650;31598;33799;34068;35222;40939;33426;40971;71737;71735;72144;67164;72143;71736;36494;86456;71734;13407;23430;86457;90577;13411;90578;13408;23433;13412;13410;13414;33918;13413;13409;13419;13417;13422;21171;13421;13420;27011;13424;13415;18070;13427;13429;13423;76519;13426;13428;13431;13432;13425;13434;27088;14200;67165;13435;13437;13440;13438;23440;23439;13416;13430;36415;13443;23402;27012;13441;13447;13433;21010;13450;13442;13452;13454;13445;13444;13455;13446;13453;13451;13448;13459;13458;13461;13460;13462;13467;13466;13463;13470;13469;13465;22156;13464;13471;13473;13456;13474;13478;13476;13477;13475;13457;13484;13483;33212;13486;13487;13480;13489;13481;13491;13485;13468;13490;23449;23447;13493;13494;13497;13492;13499;13503;13498;13500;13495;13502;13488;13504;23453;13496;13472;23454;16088;13507;25076;13501;13505;25731;43896;13506;15483;23455;23460;13508;22508;15745;15595;17359;23461;23459;20947;19457;19582;23462;18283;13509;23465;23463;37670;23466;15596;38008;23772;24400;37821;24401;27016;23457;76554;24402;25652;20948;24856;29850;27017;27015;35215;27089;40940;71738;40972;34069;37644;23470;76520;86459;23472;90579;71739;72145;86458;33427;27014;31599;13511;23452;23477;23478;23473;90580;13513;13515;67166;26165;13519;19458;13517;14367;33919;13518;53353;13510;13524;13521;13516;13525;13523;13514;16089;13527;13529;34230;29209;13520;23485;53281;23486;23480;72146;13531;13534;22157;13740;46797;23492;14201;13544;23491;13541;13536;13543;16187;13547;23488;13546;13549;72147;13545;13551;23495;16090;13550;13553;23494;46798;15756;18074;23493;13556;13554;13548;13530;13558;27090;13561;23497;23499;31600;13562;25732;23503;23496;23498;23500;13559;23501;13565;13560;23504;23505;24993;56688;13563;23510;23508;23507;13568;40973;13567;23509;21264;21011;13569;13566;23511;36978;13571;24994;13564;23515;23513;13573;13572;45408;13741;49655;23516;23512;23517;13575;23514;28280;49789;55018;23519;37260;13745;23522;15757;23524;23523;23521;13576;23526;23525;13574;23474;13555;13350;17358;23528;52731;23530;23529;26166;26910;26167;13577;23534;18179;45032;15609;23531;18285;23536;23541;17360;23542;34998;76555;23544;23546;23543;19460;30177;23547;21265;23545;23550;19459;23535;19841;38081;36670;37046;23551;34997;23552;24995;37513;23554;36719;48941;18609;33800;17683;23553;19842;36504;25398;37426;23556;36889;37387;37533;21172;23559;23563;24403;23562;47895;36257;36330;56087;23549;23564;36676;24858;23555;25078;27019;27018;24404;33213;23567;27091;73911;26168;36354;27092;24407;52732;23568;24405;27021;34999;27022;45118;24220;24859;25283;24406;25285;71740;27020;71741;27025;31763;27023;27024;36547;35419;37630;37558;33428;36684;67167;33802;35000;33801;71742;35574;36484;35420;40941;39004;71743;71828;71744;37722;71827;30178;67168;38075;40974;46326;27093;24996;32371;71745;71829;55540;71747;77911;76521;71746;23569;86460;86461;23570;78112;72148;90582;14366;90581;16188;23573;73593;71830;23572;13584;13581;13587;13586;13583;13579;13588;13592;16091;72149;46800;13593;46799;18076;13591;13585;29211;27094;13590;13596;53527;13600;18078;13603;13605;13604;13601;13606;33921;13594;16092;13608;13607;25733;13609;13610;31601;23575;23574;13611;27095;13615;13589;13620;13616;13617;23580;21267;23581;23576;14202;23582;40975;23578;27026;22248;45409;13621;56679;13623;13624;13625;13626;13627;23584;52733;13743;23583;27027;13629;23587;23586;13622;13630;23585;23593;37470;23591;23589;15759;49790;23592;25196;23595;13633;27029;13634;23594;34231;14672;27096;15999;23597;23596;17361;27097;18286;23598;35001;35002;23599;54967;46764;23603;45033;13612;18180;13631;49656;19461;23607;19843;23605;23606;21268;80884;23610;19844;17686;23609;18610;23611;22249;19583;36841;33803;23613;19462;76556;25401;21173;23773;56088;23619;24997;23620;38005;36986;34232;23612;36451;23621;24861;27030;28281;52734;21012;47896;23623;24408;25079;27032;27031;24222;67169;24409;24862;27099;27098;27034;24410;27033;71748;24863;27100;27039;67170;30179;35421;27042;45119;31764;73912;33214;33805;33429;32372;35422;35423;33806;35003;39005;35576;71750;71831;40942;40976;71832;71749;71753;37711;55541;73594;76522;71752;72150;77912;90583;86462;78113;71751;46327;76803;76805;44397;76806;76802;90584;86463;82817;90619;82818;90622;76807;76804;90621;90620;76808;109173;109172;109175;76801;109174;99457;124153;135667;135669;159935;159936;159934;124154;148933;99458;33804;99459;76800;135668;174473;109176;174475;76809;78461;174476;76811;76815;76813;76812;80935;174474;76814;80940;76810;80942;88003;80938;80939;80936;80941;96602;88002;106125;121222;132996;121221;121223;88001;80937;106126;132998;156901;156903;96601;156900;170171;189223;76816;76817;76820;76818;156902;84759;92452;84760;76821;76819;101801;92454;101802;92455;189222;101804;101803;111186;111188;101806;126766;111190;111191;111187;126764;101805;111189;126765;92453;138539;126768;132997;163490;151922;126769;163493;163492;151923;76823;178629;76822;178628;178627;178626;76825;163491;76827;76828;76826;76832;76829;76830;76834;100997;76833;78463;76831;76836;86531;76835;76824;78462;86533;86532;118188;94134;94133;86534;130009;118190;118189;94135;94132;130006;130007;141773;154264;154265;166384;130008;141771;166385;166386;183515;124062;130458;86996;126263;183516;141772;140041;154473;86994;126767;86995;23604;174477;86530;146992;185451;146808;144334;91123;91917;77504;86421;77503;47138;47136;47137;42877;159303;53811;31681;58106;57824;58105;53332;24912;66351;31680;53812;20865;27618;29999;72337;12215;46860;25933;62948;39448;34060;26002;182510;157871;182511;38929;131725;163718;163719;49286;119846;21162;58343;21726;171077;140535;12634;97993;132025;81105;123648;23527;70444;73943;60022;60021;56090;32394;73212;74421;73500;65690;83730;82077;78584;65689;125387;92557;127137;66474;40620;68930;78068;71568;71567;72744;71569;71566;77182;40619;62389;62390;78507;25000;77557;33486;68958;24022;25124;25627;25370;25903;23931;31344;30149;26923;31356;35030;40495;25709;78506;36034;33487;33488;30148;33545;124651;25693;118226;41069;41074;41070;41068;41072;41073;41077;41075;41071;41080;41078;41083;41079;58225;41089;41076;41088;41081;41084;58224;41086;41087;41092;41097;41082;41096;41091;41094;41100;41085;41095;41103;41105;41101;41093;41104;41099;41102;41107;41098;41109;41108;41115;41112;41113;41111;41116;41119;41117;41120;41114;41118;41110;41121;41106;41123;41129;41124;41128;41126;41127;41131;41134;41133;41132;41136;41138;41135;41130;41125;41142;41141;41140;41145;41147;41144;41151;41137;41150;41154;41143;41149;41153;41139;41148;41146;41122;41090;42373;41157;41152;41161;41159;41163;41158;41160;41162;41164;41169;41155;41168;41171;41166;44653;41172;58226;41175;41167;41176;41170;41179;41173;41178;41181;41185;41180;41188;41177;41183;41165;41189;41186;41187;41191;41190;41195;41194;41182;41174;41193;41198;41196;41200;41202;41199;41197;41207;41203;41208;41205;41204;41201;41211;41206;41212;41213;41209;41214;41184;41216;41218;41220;41219;41217;41226;41222;41224;41223;41215;41227;41221;41225;41230;41228;41210;41232;41234;41192;41236;41231;41238;41233;41235;41237;41240;41242;41249;41244;41246;41245;41241;41251;41247;41253;41239;41256;41252;41255;58227;41248;41259;41243;41263;41260;41254;41261;41250;41258;41264;41265;41262;41257;41269;41267;41273;41272;41268;41278;41270;41280;41271;41276;41279;41275;41274;41284;41282;41285;41277;41291;41288;41281;41286;41287;41289;41290;41296;41295;41297;41301;41293;41298;41302;41294;41300;41266;41304;41292;41283;41308;41229;41306;41307;41299;41311;41305;41315;41314;41310;41313;41312;41317;41309;41319;41318;41321;41322;41323;41320;41327;41325;41641;42227;41326;41324;41316;41954;42947;41964;42299;42243;42920;42863;42048;42200;42812;41621;42948;44929;43379;43598;43364;43147;44050;43599;44031;44304;44654;44998;44591;45070;43854;45125;46247;47107;45453;46335;45452;46216;46217;46169;47795;46205;46668;47688;44958;42836;46863;47018;46685;58228;47568;47617;49255;45401;48429;48752;49101;48901;49760;48900;49757;49759;49657;50855;49191;51660;51338;49758;50523;52702;51953;51111;53823;53250;50854;52710;52711;53312;53401;53251;53354;50982;52629;58229;53355;49823;53636;53585;53883;53868;54993;53618;55918;55768;55617;55440;55826;41329;41328;55971;41334;41332;56002;41331;41336;41337;41335;41333;56033;41341;41338;55895;41347;41343;41344;41339;41345;41330;53637;41346;47590;41342;41340;41156;41349;39880;39877;39879;39876;41303;39881;39883;39878;39885;39884;39887;39889;39888;39882;39891;40403;39886;41033;44358;43395;44899;40641;42388;39893;39895;39894;39892;41009;39897;45375;39896;39890;47689;40881;39898;40841;39899;47755;39901;39900;39905;39903;44360;39906;39904;40642;39902;45071;42244;39907;45598;44124;39910;47690;39909;44975;42245;42389;46006;39911;39913;39915;39914;39908;39912;39920;44678;44359;42173;39919;39917;44361;42949;39923;39925;40442;39924;44305;39918;39922;39921;47569;46185;39927;43025;45339;42228;39926;39928;39933;39929;39935;39934;39931;39930;39932;40882;42837;45619;39939;39938;45095;47570;47796;39941;39937;39944;43600;45349;42471;39943;39940;40643;39946;39945;39950;39942;41034;42314;39948;40842;42102;39947;39956;39955;39952;39953;39951;39949;39936;39954;45096;39916;44032;40572;42390;45531;43050;46248;39958;40815;43148;40336;45522;39961;44976;39959;44636;39963;39960;40488;44606;39964;39965;46879;39962;39966;39967;45532;47815;45383;44900;39969;39971;46206;46007;39973;39968;39970;40903;43855;39974;39978;39979;39975;39976;39977;39982;39983;44306;39985;43380;44607;40644;39981;39987;39990;39993;39988;39992;39984;46186;39989;39991;39995;39998;40524;39996;39997;39994;39980;39999;39986;39972;40816;41622;42921;40000;40001;40003;40002;42851;40004;40525;40005;46187;45533;45604;40007;40006;40008;42813;43051;45454;40010;40011;44621;40013;40783;40012;40016;40015;40014;47602;44086;46727;45491;40018;45010;40020;42864;40019;42229;40009;40021;40017;40022;45492;40645;40024;46249;46228;40023;43629;46218;40026;44679;42315;40027;40784;40025;42201;41035;40031;46229;40034;40032;44999;40030;40037;46353;40035;40029;42852;40039;40036;40040;40038;40028;40033;47120;42457;39957;43616;45097;40042;40043;42791;46339;40047;40337;40049;40045;45455;44362;40499;47019;40048;40646;47591;40046;40050;40053;41002;40052;40058;40056;40573;40044;40061;40055;40059;44409;40054;40063;40060;40064;40057;40051;40066;46008;46749;40069;42972;40065;40545;40067;44608;47706;46230;42416;40070;40073;40071;40072;40068;40076;45523;41036;40075;44087;42973;46669;40443;40080;40079;40081;40077;40083;40074;43869;40082;47819;41010;40062;44125;40078;40085;40089;40086;40090;40087;40095;40088;42458;41037;47725;40091;42922;40092;40094;40093;44609;40096;40859;40102;40098;40103;40100;40099;40105;43082;40097;40101;44610;40106;40107;42230;40109;44044;40110;40111;44990;40104;40108;47726;41938;40113;40112;47727;40115;40114;44051;40117;40118;42859;40119;40122;44930;43345;40124;40120;40116;40123;40129;40126;44977;40127;40131;40125;40128;40134;40132;46686;41003;40133;40130;40121;42202;40084;40135;47820;40137;40136;41038;42459;46207;40138;45011;40140;40139;46340;40142;40144;40143;40141;45457;40147;45350;40146;40588;40145;44112;40149;45481;40647;40148;45458;47773;40150;40152;44363;45456;42246;40154;40153;42950;42068;40785;40156;40843;40786;40787;40155;40844;45072;40160;40157;40158;40162;40161;40164;40159;40163;40167;40166;40170;40168;40165;40172;40171;40174;40404;42391;40648;40173;41039;40151;40169;42417;47691;44364;44901;49279;50460;45524;53682;47906;41011;40176;49944;45376;50366;53683;40178;40177;40845;50461;50012;40179;45073;40180;40175;40183;40883;47756;44126;44366;45599;40182;42247;40181;44365;44978;49083;40649;42392;40184;40185;42248;44680;46009;49824;49752;42174;40187;40188;53651;53652;46354;42175;40186;44367;49212;42951;40194;40193;47852;40191;40884;44307;40444;40190;40196;43396;47692;40195;40189;45126;40041;40197;41348;49753;42231;40200;40198;45340;47572;45620;40199;49667;40204;40192;53653;40202;45351;40203;40205;40201;40207;40206;47797;43601;50415;40208;45098;40209;40788;42472;45099;40650;53654;41040;42316;42838;40213;40846;40212;47816;40211;43149;42103;50316;53657;53655;42393;53656;45534;40574;40214;40338;44979;44033;40817;45525;40489;40216;44637;40215;48320;46880;53658;48753;40217;49641;44611;43052;40219;40218;53659;48233;46208;40220;43381;44902;45535;40223;40224;40221;53660;44612;40210;45384;50367;53661;48259;40229;46010;40227;40222;49754;43382;40228;40230;40226;40234;40904;40231;44308;40232;46188;40233;49213;40236;40225;40651;40235;40526;40239;40238;40818;40240;42460;41623;42923;53662;48902;40241;53663;40527;45459;40242;42853;46189;50298;45536;40244;40245;43053;53665;40243;53667;42814;53668;40246;40248;40247;53664;40250;40789;40360;49993;40249;53666;40237;42952;45605;53669;44034;48280;49668;47774;44964;53671;40251;40253;40819;40252;45493;53670;40254;46728;44088;53672;49975;48234;40255;47121;40256;50368;46250;45494;42232;40652;42865;43630;48754;49669;44681;41041;47603;46231;46219;42317;45000;40790;50010;42203;53673;46232;40260;40259;53674;40261;45460;42854;40263;40258;40266;40264;53676;40262;49192;46355;53677;40265;40267;40268;45100;53678;40339;46341;42792;40257;53679;43617;44368;53675;40270;47020;40653;45461;47592;42144;40271;40275;40575;40272;40274;40273;49264;40500;44410;53680;41004;40546;49256;50011;46750;47707;40276;46233;42418;40280;40278;40279;40277;45526;53681;44613;42974;42975;40445;53684;41042;50462;44089;40282;40281;40284;40283;43870;40285;53685;40286;40287;41012;46670;40288;40860;42924;40290;41043;42461;40289;40293;48430;40291;53686;40292;47729;50013;47728;44127;44614;40269;49257;49945;43083;42334;40296;48372;50369;40297;44615;44991;49265;40295;41939;40299;40300;47730;40905;50370;46781;40298;43346;40303;40301;40302;53687;40304;44931;42860;44980;44052;42204;40308;40306;40305;42205;50463;53688;40309;49280;48235;42206;46687;50371;50014;40310;40312;41044;40313;40311;40315;42462;40589;45127;46209;45012;49214;45462;49258;40316;41005;40317;44113;46342;42249;44682;40318;40307;45464;45482;47775;40319;45352;40321;45463;40320;42069;40314;40654;40791;40323;46729;42953;40322;40792;40847;53690;40793;42925;42419;53689;40326;40325;45074;44903;40327;43383;47693;45527;49281;50464;53770;53769;45495;44370;47868;40324;53772;49946;50465;45034;47907;50372;47678;53782;53774;53775;47757;50018;44371;45075;44981;53691;53773;49084;47694;45600;53784;53692;46011;49210;46356;49825;53694;53696;53693;47134;42954;53771;53697;44369;53695;44683;44128;53698;47853;53699;49755;50416;45341;53702;45621;42839;47798;53700;45353;43107;53701;47573;53703;49670;53706;53705;53708;53707;45102;53704;46178;50417;53709;45101;49302;53710;53712;53716;44053;44035;53714;43054;53711;47817;53715;44667;43150;50317;49642;44638;43384;48321;53717;44982;53719;46881;53722;53724;48755;53721;44616;46210;49994;53723;48236;45537;44905;53718;53726;50373;44904;53727;53720;53713;44618;44622;53728;53725;48260;53730;49756;44310;49215;53729;43813;46190;48903;53733;53734;53732;42926;45606;42855;43385;46191;45465;53731;42463;53737;53736;53738;50299;43055;53739;45538;42394;45128;43631;44411;53884;42395;53735;50015;46730;44668;50409;53741;53740;45607;45354;53743;53744;49976;44090;53745;48237;47122;46251;53742;47604;43632;44684;53747;45496;50374;48756;49672;46235;46220;53748;45001;45466;42856;50016;53746;46234;44617;53750;44309;49671;53752;53754;53753;53751;40294;43856;46357;48322;53756;45103;53885;49193;44403;53757;53755;44372;43618;53761;45467;46343;53762;53759;53763;53760;53765;49266;47021;53766;53886;44412;53764;53768;53767;50017;46751;53838;47593;53758;44091;53777;53779;53780;53776;53781;42976;50466;43871;53778;53785;44129;42464;53783;46671;47731;42927;48431;53789;48373;53788;44619;53786;47732;53790;44992;53791;53787;53792;53875;44623;44054;46782;50375;49947;53794;50019;53793;53795;53887;43347;47758;44906;53888;45035;44932;44983;43619;53824;53796;53799;49282;49267;53798;50376;50467;47854;45129;53797;53801;49168;50020;53800;48238;48281;45013;46012;53803;53804;45497;46211;49216;45468;44114;49259;53807;53806;45355;44685;45469;44322;46344;44373;47776;45076;53808;53809;42955;45470;53825;47777;75486;75454;75648;49139;75647;53805;53889;75548;53810;47733;53802;75652;75651;75650;75656;75653;75654;75646;75655;75658;75661;75660;75663;75659;75665;75657;75682;75667;75688;75664;75683;75684;75662;75418;75668;75417;75419;75421;75423;75687;75422;75420;75416;75426;75431;75427;75430;75666;75428;75429;75432;75425;75434;75435;75437;75441;75439;75436;75445;75438;75447;75449;75433;75448;75451;75440;75455;75443;75457;75452;75458;75450;75453;75444;75442;75446;75424;75459;75463;75456;75466;75462;75461;75464;75465;75469;75467;75474;75473;75470;75468;75471;75472;75475;75477;75481;75478;75483;75482;75480;75479;75485;75491;75487;75489;75490;75488;75492;75495;75484;75476;75494;75496;75498;75499;75503;75497;75502;75504;75500;75506;75508;75505;75507;75501;75514;75510;75516;75511;75515;75513;75512;75520;75518;75519;75521;75524;75523;75517;75522;75526;75509;75460;75528;75530;75532;75649;75493;75534;75536;75527;75529;75538;75535;75540;75542;75539;75541;75531;75537;75533;75544;75549;75550;75545;75546;75551;75557;75553;75547;75559;75554;75558;75555;75543;75552;75561;75564;75556;75562;75568;75563;75581;75565;75566;75570;75609;75610;75567;75572;75574;75573;75571;75577;75576;75569;75580;75578;75583;75585;75582;75579;75590;75587;75586;75592;75591;75589;75575;75588;75584;75560;75599;75596;75597;75594;75595;75600;75601;75598;75604;75603;75605;75613;75606;75614;75612;75607;75608;75611;75617;75616;75602;75623;75618;75625;75619;75622;75620;75626;75627;75621;75630;75631;75628;75632;75634;75629;75624;75615;75637;75642;75635;75639;75641;75670;75640;75638;75644;75636;75669;75645;75672;75673;75674;75675;75671;75678;75686;75643;75680;75679;75681;75690;75685;75689;75695;75692;75677;75694;75693;75701;75697;75691;75699;75700;75676;75698;75633;75696;75703;75593;75705;75704;75707;75706;75709;75712;75711;75710;75718;75714;75716;75708;75723;75715;75720;75713;75722;75725;75726;75717;75721;75727;75730;75729;75719;75734;75731;75728;75736;75732;75737;75735;75739;75740;75741;75738;75733;75744;75743;75745;75724;75747;75749;75748;75746;75751;75756;75752;75755;75750;75757;75759;75754;75753;75764;75761;75760;75765;75762;75772;75766;75770;75769;75776;75771;75763;75758;75774;75775;75773;75768;75767;75742;75778;75780;75779;75781;75945;75946;75948;75947;75828;75951;75950;75952;75944;75953;75965;75963;75966;75967;75968;75970;75964;75949;75785;75977;75976;75782;75784;75786;75783;75788;75790;75789;75792;75793;75795;75794;75791;75800;75797;75969;75799;75787;75804;75802;75808;75803;75807;75806;75811;75810;75801;75812;75798;75809;75805;75814;75817;75818;75815;75821;75820;75822;75816;75819;75824;75825;75833;75826;75830;75831;75827;75832;75829;75823;75813;75796;53749;47571;75525;75702;75777;75837;75838;75835;75836;75843;75842;75839;75840;75845;75841;75847;75849;75848;75850;75846;75851;75853;75854;75852;75860;75856;75861;75858;75857;75864;75862;75868;75866;75869;75865;75844;75859;75863;75870;75867;75855;75872;75873;75874;75879;75878;75880;75876;75877;75885;75882;75884;75886;75875;75883;75888;75889;75881;75890;75917;75918;75887;75893;75892;75896;75895;75898;75897;75894;75905;75901;75903;75902;75900;75907;75908;75906;75912;75904;75899;75914;75871;75916;75913;75891;75911;75910;75919;75921;75920;75915;75927;75925;75926;75929;75923;75933;75922;75928;75931;75924;75937;75935;75932;75940;75934;75955;75941;75942;75943;75939;75954;75959;75938;75930;75957;75936;75958;75961;75971;75962;75960;75973;75975;75974;75979;75982;75981;75978;75983;75985;75987;75984;75989;75972;75980;75995;75988;75992;75991;75994;75993;75990;75997;75998;75999;76001;76003;76002;76000;75909;75996;75986;75956;76006;76005;76014;76007;76011;76010;76009;76012;76018;76016;76022;76008;76013;76020;76021;76024;76017;76019;76015;76027;76031;76026;76029;76032;76025;76030;76028;76038;76036;76037;76040;76034;76042;76035;76043;76046;76023;76049;76044;76033;76048;76045;76047;76052;76051;55161;41351;41350;72977;76039;80021;76050;64158;41354;76188;67105;41356;68947;41352;42876;41353;44374;42363;41355;41955;41358;50872;44907;43386;66343;41357;50875;50873;76041;50874;50876;53252;52650;57083;55483;57084;51591;58524;57971;56003;70189;58112;57970;53647;69343;74006;64209;50877;81697;57085;69344;51592;41360;57086;41359;64208;82739;44375;57972;51593;51594;50878;45064;50880;51595;53890;41362;41363;50881;50879;44130;44984;42250;41364;73783;44376;58774;57586;50884;52565;51086;50883;64098;64905;57087;71763;44377;41366;41365;41367;42251;50885;66505;50882;41361;50886;76004;52686;50888;51087;50889;57089;69474;42252;52566;65907;57088;82657;65023;71614;58030;77048;57090;42176;41369;53282;44686;55165;50890;64100;58740;64102;64101;64104;64103;71964;50973;69294;64099;41368;58615;64106;69295;64107;71965;69296;79307;76909;81507;76367;64108;77099;81665;64109;58263;44378;77742;41370;69345;77958;64110;42956;69787;44311;64112;64111;64115;64113;77850;55547;77196;64105;57091;80389;50891;64114;81076;41371;69259;50892;83330;64116;64118;41372;50893;76472;51596;42233;64117;53528;57092;50895;64862;53586;58941;70018;73410;58764;58942;71833;50897;45130;50896;41375;70019;50894;41373;57093;65794;50898;55972;73129;81389;64119;52765;41374;53484;79760;66953;76523;79738;55711;42829;81120;41376;76198;83461;64120;81970;55586;83133;50899;41377;70134;45104;57094;45105;80165;42473;41379;77217;70842;82019;67221;72241;66354;41378;72242;50487;51112;71786;42300;55618;41380;57096;72243;52066;58140;41382;76247;74115;81121;50983;57095;41381;55587;50900;53356;66020;53587;57097;53357;41383;64123;53402;64124;64122;41384;64125;64121;51597;81666;64126;55827;83285;53501;77755;51598;51599;41386;53283;79618;41385;57098;43151;42866;45036;52683;41387;70780;79414;41388;42989;41390;44036;64127;57465;41389;74087;64129;57099;74173;64128;65024;57838;64130;57100;64131;58973;64134;65175;64133;64135;80022;44965;64136;41965;64132;65865;66667;66666;68949;70933;70935;70934;67195;73147;77599;81122;76989;76990;82068;81123;80023;72554;79761;43387;41391;71560;50901;41392;44639;50903;51983;50904;53485;55019;53912;52959;55828;50902;71559;58560;57102;57996;64138;64137;57101;58286;64142;64140;64613;64965;64141;65939;64143;64636;64139;66920;66492;70936;72455;68950;69969;71492;73075;72700;73591;76105;74088;72085;73850;65566;50887;65596;55162;68948;77244;78885;81077;80565;79686;80054;77672;80995;79308;81877;64925;83486;41393;55829;55712;73510;53313;81752;81245;50906;64144;58720;82819;83286;50907;57103;64145;41394;44389;41395;50905;50908;64146;50909;51600;54985;57104;50910;64147;41397;64149;52630;51601;72422;50912;57105;50911;57106;64150;64148;71307;77673;81295;76604;81039;74351;57839;57434;44908;81667;77229;71308;55441;57696;41396;41399;66287;51198;66954;64151;72797;74321;50913;64152;66955;77433;68952;70631;82639;76501;64153;41401;44312;68951;70758;55981;51602;72277;68874;51661;64154;66253;64155;68953;66741;64156;57107;64906;73117;64159;41402;50914;64160;70872;64157;41400;51603;57613;41403;41956;57108;73609;65795;42928;43857;50915;52631;81311;51605;51604;56004;64161;64163;58113;53891;65545;64162;41404;41398;41406;70289;66193;41405;43872;50916;58164;55619;51606;69090;52751;42396;64165;65597;64166;64164;74284;79634;70960;51667;77319;66616;69069;72681;64167;64168;64863;65245;58141;64169;81435;64780;66194;71171;41407;50918;42857;69029;50917;41408;64170;52067;55137;66855;64171;65246;66031;71020;50919;72555;74254;81436;69071;79635;72423;77273;79208;74007;76998;83287;64172;81419;69070;70873;50920;66538;76473;41409;51199;81909;51088;50921;53284;52684;54840;43858;77674;41411;41410;76754;70632;43056;41413;51607;52685;41414;42990;42343;44037;51610;51609;50922;51608;44966;41412;50924;50925;51611;50923;51613;51614;53570;55686;57109;53571;57110;52597;57297;58845;57853;64173;64175;57854;64177;64176;57111;64174;64179;64500;64888;66344;66742;64180;67196;70040;66539;71033;70039;66912;72163;72325;72324;71034;51612;68954;66854;73554;64178;53486;74462;74033;80249;51615;78650;76557;80250;44092;82020;57430;41415;50927;51934;50974;50926;68875;41416;71425;77230;79232;81312;78651;57725;54640;55620;76138;77145;68979;78105;64181;73939;83515;42867;81480;65717;81481;71035;41417;57112;58943;57596;64192;58767;69054;65568;41418;72615;65567;50928;55563;65829;82021;55564;53358;65682;57113;50929;78253;64182;50931;74506;77959;42234;50930;73268;50932;41419;77472;55431;83462;55432;80166;81161;50933;55484;43633;51616;53314;51617;50934;76558;70328;81878;41420;69511;77434;77435;41421;74373;57115;50936;82428;57114;64531;45002;42301;51618;64183;81176;50935;50937;41424;50939;50938;42830;41423;57569;52988;55138;58031;58677;51620;57116;51619;64184;64186;77299;64185;74352;65718;73592;81124;64188;64187;81996;71834;69457;41422;57117;69374;41425;78886;58678;41426;55896;58165;64189;50940;50941;74210;51621;43620;50942;64191;76139;64190;65784;51622;50943;54641;51134;42793;79687;51623;77179;57118;64193;57119;77663;77662;41427;81078;58721;55745;58479;41429;77600;55774;73511;42145;64195;52735;73130;50944;64196;83543;76755;52712;64197;53588;58775;41430;64194;82640;66463;41431;70794;50945;41432;55696;64781;64199;51624;64200;70797;72769;72229;74507;64201;64198;55728;58195;70796;41428;41433;56018;50946;41434;79332;55697;50947;64204;57682;64205;41435;64203;72198;64206;53253;66288;41436;58588;64207;79309;57531;53228;50948;53839;70843;80251;53619;66300;51626;70937;54827;56019;74021;51625;42420;41437;52687;41957;42364;70938;44379;44909;52688;50952;53229;50950;57886;52651;51627;43388;50951;41438;58114;83049;73297;64926;55565;42957;73707;74116;68980;41439;74117;57120;72199;64202;71835;53648;50953;50949;76500;66552;71172;71561;57122;72478;43873;80217;76248;41440;78856;76910;57123;81313;83516;57121;64211;50954;76140;69375;41443;41442;64210;57124;76106;44131;41445;41441;71836;41444;72856;57125;67197;71137;79822;55713;51628;57126;73979;52960;55714;72244;41446;41447;51844;50955;57127;50956;41448;51629;76141;44592;78667;43084;53892;55467;54920;50957;51631;53529;64212;41449;41450;64213;44055;80252;57128;64214;41642;53230;53854;51630;71136;65247;64215;64216;50958;82470;77723;64217;57129;50959;65683;77524;73468;65796;69233;64218;57130;54828;76424;79619;58203;72536;64219;72200;74145;77180;64220;78254;64221;70724;41451;53254;72873;73512;73751;57131;43348;50960;73784;64222;79739;64223;70020;57133;54642;44933;41452;64224;76372;71226;65248;81040;74118;78464;57840;54921;69168;81508;76212;53826;57726;41453;80024;64889;64225;45131;57134;70021;77743;64864;41455;41454;73708;51632;64226;69030;41457;41456;57727;69192;57841;57132;52689;73555;64227;66195;45014;71392;76053;51633;73327;53446;80390;57555;52472;65940;80253;57597;66464;64229;50961;50963;82658;50962;66021;53638;50964;69458;69414;64430;58317;55503;57855;81543;77197;56020;81542;64228;51634;80825;53827;70781;80996;55020;41460;55453;41458;52690;81641;50965;78887;53315;43085;41459;58944;51635;64230;57136;58115;64231;66254;57137;72086;54994;64796;69893;64795;71138;69894;69091;73397;64469;53231;45077;79620;77960;82523;76373;64232;81642;80254;78868;65797;50967;55973;54934;50966;64236;58396;64234;64233;64235;69297;64237;41461;64238;71562;78652;70969;71393;41462;82990;53316;57138;66985;58395;81643;51636;70961;71937;73015;80547;66801;69112;72456;67107;74463;69113;67108;67110;82641;69117;67113;69114;69116;67111;69115;67112;64239;64241;51637;67106;64240;52162;57139;56034;41464;41463;67114;73178;67109;73287;69191;27101;27103;39497;34317;27102;33378;29911;29347;27603;29348;27104;27107;27106;27108;29349;27109;29351;29350;29353;27110;33380;33379;27604;39498;59602;27111;35948;27112;66345;29354;29355;27105;27115;51682;27116;27114;67255;29352;27113;27117;27118;29358;29356;27121;27119;27120;29361;27122;27123;28369;27529;29363;29362;27528;31088;29360;31715;29359;32114;31722;33499;33498;34318;33757;32113;34957;34319;41467;41466;35303;29357;41465;34941;33756;31087;41983;41984;41468;44934;42868;42365;49887;49889;43397;49890;49893;45498;49891;44380;49892;49888;57147;50488;52736;57149;51411;44910;57148;57151;57152;53232;57150;56608;55485;56609;53649;57153;49894;56005;57858;27127;27125;27124;59520;27129;27128;27126;29694;27131;27132;29912;33119;31602;27130;35325;34198;34428;30121;31620;34958;41986;58032;34345;27510;41985;35950;35949;41472;27134;41469;33120;41987;41470;27133;36199;41471;58116;29365;27135;27138;29366;27139;29240;27137;29367;29368;27136;27140;34844;34843;51686;32023;51685;51684;51683;29877;29369;27141;27142;51689;51687;13753;38910;13761;13754;13759;51688;13755;13757;13760;41988;13763;13765;13769;13758;13756;13767;13764;13766;13771;13770;13775;13772;13778;13776;13773;13768;13779;13777;13780;13782;13781;13788;13785;13784;13789;13790;13786;13792;13774;13794;13793;13795;13787;13798;13797;13796;13799;13791;13803;13801;13783;13802;13805;13762;13810;13807;13806;13809;13804;13814;13812;13818;13813;13816;13817;13808;13811;13820;13815;13821;13826;13824;13825;13822;13823;13828;13829;13830;13834;13832;13833;13838;13831;13827;14276;13837;14206;13819;14600;14264;13836;14231;14667;14775;14658;14731;15569;14730;15528;14322;15755;15552;16303;16305;14769;15923;15726;16307;17217;16454;16306;17198;15423;16304;16372;13835;13800;16362;29364;17242;64242;20082;17271;17238;17325;17300;17606;17671;18112;18096;18057;17982;17618;18082;18014;17617;19242;19240;19244;19245;18154;19246;18462;19241;18463;19249;19250;19248;19243;19333;19925;19927;19382;19924;19930;19251;19929;19928;19932;19933;19931;19936;20064;19996;20087;19934;19937;20240;19247;20083;19935;20209;20369;20334;20335;20370;18113;20901;20483;20239;20879;20820;21014;20967;20923;21137;21093;21013;20821;21138;19926;21233;20758;21368;20282;21370;21369;21289;21163;21136;21623;21290;24415;24413;21624;21723;24414;24417;24412;21622;24422;24420;24424;24419;24418;24421;24426;24428;24427;24431;24425;24429;24430;24436;24434;24432;24416;24423;24442;24437;24441;24439;24435;24444;24438;24446;24440;24449;24447;24445;24453;24451;24450;24455;24454;24459;24456;24457;24448;24462;24443;24460;24466;24464;24461;25406;25405;24465;24411;24458;24452;24433;25409;25413;25407;21150;25415;25411;25417;25418;24463;26170;25414;25410;26172;25419;25416;25412;26175;26171;26179;26180;26177;26178;26173;26183;26176;30141;26181;26184;26169;83564;26182;83562;83560;83563;26174;83567;83566;83570;83561;83571;83568;83569;83572;83573;83575;83577;83576;83579;83574;83582;83581;83578;83584;83580;83586;83588;83585;83591;83590;83589;83597;83594;83587;83593;83599;83595;83583;83598;83565;83592;83605;83602;83601;83596;83603;83607;83606;83604;83613;83610;83611;83609;83615;83614;83612;83608;83617;83619;83618;83621;83627;83622;83620;83626;83623;83625;83631;83630;83629;83624;83628;83634;83633;83638;83616;83636;83637;83635;83639;83845;83642;83641;83644;83847;83846;83643;83640;83645;83647;83849;119958;83649;83648;83646;83651;119959;83650;83653;83850;83655;83652;25408;83600;83654;83659;83656;83632;83851;83658;83660;83848;83662;83666;83664;83668;83663;83661;83667;83672;83669;83670;83674;83676;83675;83680;83671;83679;83677;83678;83665;119960;83685;83682;83687;83686;83683;83684;83681;83673;119961;83692;83689;83690;83691;83694;83693;83699;119962;83697;83698;83702;83701;83700;83704;83703;83696;119963;83695;83711;83709;83710;83707;83706;83713;83714;83708;83717;83719;83718;83715;83712;83705;83716;83688;83722;83725;83723;83721;83724;83755;83757;83728;83727;83726;119964;83854;83857;83856;83756;83855;83853;83852;83868;83859;83869;83946;83947;83860;83903;83945;83970;83870;83988;83971;84016;84079;84080;83948;84081;83858;84147;84115;84084;84145;84116;84083;119966;119965;84146;84260;84206;84192;84191;84227;84285;84261;84207;84190;84423;84337;84397;84441;84395;84338;84396;84425;84361;84424;84427;84442;84469;84468;84443;84544;84546;84286;119967;84723;84426;84545;83720;84082;84558;84548;84559;84561;84632;84562;84560;84725;84663;84662;84634;84724;84874;119968;84633;84876;84896;84899;84897;84914;84979;85074;84898;84913;85152;85153;85121;85151;85180;85214;85239;85215;85213;84875;85073;85179;119969;85374;85378;85377;85379;85375;85376;85399;85401;85504;85400;85577;85398;85598;85575;85532;119970;85625;85624;85597;85647;85505;85719;85722;85720;85721;85723;85681;85576;85762;85250;85761;85791;85795;85796;85792;85764;85794;85868;85841;85793;85871;85870;85905;85901;85928;85904;85902;85903;86140;85906;85869;85942;86057;86142;85941;86141;86184;119971;86217;86121;86203;86307;86290;86143;86289;85929;86288;86309;86344;86340;86343;86341;86339;86346;86397;86342;86440;86347;86345;86441;86464;86398;86399;86535;86378;86490;86538;86540;86539;86537;86536;86627;86628;86616;86648;86695;86703;86442;86696;86649;85763;84547;86308;17237;55548;83657;75834;86707;86706;86705;86709;86753;86755;86708;86757;86808;86752;86866;86865;86756;86803;86868;86869;86870;86941;86754;86943;86883;86940;87007;87720;87009;87010;87051;87642;87643;87063;86895;87008;86867;87105;87721;86942;87181;87106;87104;87122;87404;87197;87201;87180;87198;87200;87196;87199;87202;87644;87214;119972;87276;87317;87277;87278;87279;87646;87280;87338;87496;87405;87319;87495;87524;87645;87461;87215;87318;87527;87526;87528;87064;87589;87591;87590;87588;87648;87650;87649;87652;87651;87654;87668;87666;87655;87647;87669;87653;87670;87722;87724;87857;87731;87723;87863;87861;87860;87859;87858;87865;87864;87862;87867;87887;87909;87667;87912;87911;87963;87913;87910;87962;87988;87914;88008;88005;88006;87964;88007;88004;87961;88140;88039;88038;88144;88081;88142;88176;88082;88143;88141;88178;88486;88453;88454;88408;88508;88485;88507;87866;88009;88177;119973;88559;88620;88560;88575;88621;87525;88619;88622;88692;88623;88691;88707;88709;119974;88803;88802;88710;88708;88677;88832;88834;88833;88892;88947;88891;88893;88835;89022;88949;89021;89076;89655;89077;89654;88948;89656;89722;88831;89775;89730;89723;89658;89918;89922;89919;89731;89920;89990;89923;89961;89992;89929;89989;89960;89991;89994;89921;90064;90063;90092;90093;90186;90185;90262;90065;90263;90303;90304;90346;90305;90264;90187;90348;89657;89993;90394;90396;90395;90398;90506;90534;90397;90532;90420;90531;90399;90536;90585;90535;90533;90596;90587;90595;90505;90623;90754;90756;90755;90883;90758;119975;90597;90821;90885;90759;90757;90884;90586;90913;90820;90992;90914;90994;90996;90993;90995;90991;91043;119976;91121;91120;91159;91160;91161;91158;91180;91119;91247;91248;91249;91251;91217;91254;91252;91250;91282;91297;91319;91318;91298;91253;119977;91309;90886;91308;91281;88515;91650;91651;119978;90347;91653;91652;91656;91654;91556;91658;91661;91660;91662;91657;91659;91655;91666;91665;91668;91664;91669;93151;91667;93155;93153;93154;93157;93159;93162;93152;93156;93158;93164;91663;93163;93161;93167;93166;93169;93168;93171;93165;93174;93172;93173;93176;93178;93180;93182;93175;93183;93177;93187;93179;93186;93184;93170;93189;93188;93185;93271;93270;93273;93272;93276;93275;93278;93190;93277;93274;93160;93181;93280;93282;93284;93286;93285;93288;93283;93290;93281;93292;93291;93287;93289;93293;93294;93297;93302;93296;93300;93301;93298;93306;93305;93308;93299;93304;93310;93309;93307;93303;93295;93312;93314;93313;93341;93368;93342;93367;93371;93370;93455;93437;93439;93372;93373;93456;93438;93458;93369;93505;93459;93507;93506;93590;93558;93591;93646;93508;93644;93645;93712;93713;93311;93589;93714;93647;93279;93457;93766;93734;93735;93765;93768;93615;93767;93770;93769;93772;93860;93808;119979;119980;93807;93806;93771;93862;93863;93893;93894;93895;119982;93936;119981;93909;93937;94006;93935;94036;94040;94007;93861;93910;94038;119983;94041;94042;94067;94043;94039;94268;94270;94274;94273;94276;94271;94272;94267;94269;94278;94277;94280;94282;94281;94279;94284;94286;94320;94285;94283;94037;94324;94321;94325;94350;94434;94275;94319;94433;94349;94326;94455;94504;119984;94506;94572;94507;94505;94435;94322;94609;94729;94668;94739;94728;119985;94921;94608;95281;94758;94938;94939;95283;95282;94969;94757;94607;95312;95314;95294;95316;119986;95369;95367;95315;95368;95397;95384;95317;95422;95398;95423;95396;119987;95383;95452;95535;95534;95453;95537;119988;95564;95536;95607;95606;95623;95608;95625;95627;95628;95626;95624;95565;95313;93733;95424;91649;95660;94323;95651;95711;95710;95712;95652;95709;95801;95799;95800;95798;95803;95802;95761;95797;95805;96031;95915;95821;96034;95806;95822;96032;95987;95986;95989;95991;95990;95988;95804;96076;96082;96077;96078;96033;96080;96081;96079;96087;96089;96134;96135;96088;96136;96083;96137;96141;96140;96139;96149;96148;96255;96258;96147;96257;96260;96150;96263;96262;96264;96138;96259;96075;96256;96261;96266;96303;119989;119990;96335;96404;96387;96430;96429;96431;96434;96433;96435;96334;96432;96527;96482;96528;96566;96530;96603;96653;96405;96529;96655;96695;96694;96654;96701;96699;96698;96697;96700;96604;96715;119991;96696;96718;96717;96716;96793;96762;96794;96827;96795;96869;96761;96901;96902;96870;96923;96903;96868;96926;96976;97040;97041;96925;97015;96924;96977;97042;97014;97044;97045;97046;97043;97064;97080;97065;97063;96950;96702;97096;96265;97082;119992;97130;97186;97129;97189;97205;97204;97202;97097;97188;97206;97207;97203;97298;97317;97187;97380;97299;97300;97382;97297;119993;97431;119994;97433;97467;97466;97519;97381;97296;97549;97550;97518;97570;97495;97520;97432;97652;97572;97653;97598;97655;97654;97571;97599;97771;97657;97695;97774;97777;97775;97696;97824;97773;97825;97829;97827;97830;97772;97494;97826;97776;97828;97847;97656;97832;97849;97831;97851;97850;97848;97913;97915;97914;99083;97912;99085;99084;99088;99087;99086;99089;97916;99115;99091;99092;99114;99090;119997;99119;99118;99117;99165;99180;119996;99116;99230;99120;99231;99232;99243;99245;99244;99242;99262;99302;99263;99356;99358;99357;99355;99261;99394;99395;99396;99434;99461;99397;99465;99460;99466;99463;99464;99468;99507;99469;99467;99462;97081;99393;99181;119995;99578;99623;99654;99653;99580;99579;99625;99705;99624;99761;99759;99960;99760;99962;99964;99963;99961;99959;99980;99979;99758;100022;99991;100050;100024;100023;99992;100207;100149;100152;100122;100150;100206;100121;99978;100151;100209;100211;100210;100213;100215;100212;100214;100242;100244;100243;100246;100289;100351;100264;100292;100241;100245;100291;100319;100352;100353;100320;100376;100374;100378;100375;100377;100406;100405;100404;100290;100354;100208;100409;119998;100408;100459;100539;100540;100569;100538;100541;100543;100589;100410;100661;100588;100544;100614;100780;100542;100864;100834;100803;100907;100908;100866;100910;100914;100865;100912;100911;100867;100951;100917;100916;100918;100913;100754;100953;100915;100985;100954;100909;119999;101043;101042;100986;101056;101058;101060;101057;101080;101059;101061;101055;101106;101082;101107;120000;101143;101109;101108;101146;101142;101147;101202;101203;101259;101145;101201;101081;101144;100952;100407;101221;101223;101225;101228;101222;101226;101230;101224;101227;101260;101291;101292;101289;101229;101293;101351;101290;101353;101389;101352;101390;101392;101391;101519;101393;101520;101764;101765;101762;101763;101807;101766;101768;101767;101394;101831;101832;101808;101887;101889;101888;101885;101350;101891;101927;101926;101890;101886;101941;101946;101942;101945;101943;101948;102068;101944;102066;102189;102067;102070;102013;101947;102188;101940;102191;102069;102193;120001;102192;102219;102252;102251;102218;102255;102194;102254;102308;102256;102257;102310;102309;102253;102307;102313;102314;102315;102312;102316;102317;102320;102319;102318;102414;102352;102415;102353;102351;102413;102354;102474;102311;102477;102476;102540;120002;102478;102577;102541;102542;102696;102539;102579;102626;102627;102695;102693;102694;102729;102836;102800;102578;102801;102839;102841;102840;102855;102837;120003;102802;102838;102913;102856;102911;120004;102912;102910;102728;102475;102190;102854;99508;102952;101204;95650;102953;120005;104649;102974;102973;102954;102955;103111;103176;103120;103110;103178;103177;102990;102989;103180;103185;103184;103186;103181;103183;103213;103182;103211;103215;103212;103216;103245;103210;103214;103247;103293;103179;103294;103248;103296;103298;120006;103297;103300;103316;103301;103295;103317;120007;103318;103299;103315;103354;103370;103369;103371;103412;103414;103454;103455;103415;103413;103597;103564;103596;103563;103637;103636;103246;103528;103503;103689;103355;103690;103743;103742;103639;103770;103768;103767;103833;103771;103807;103640;103772;103853;103852;103832;103769;103917;103919;103961;104010;104012;103918;104011;104009;104017;104016;104015;104014;104019;104020;104018;104021;104013;103854;103920;104024;104023;104026;104028;104025;104030;104094;104029;104027;104099;104098;104117;104096;104097;104172;104171;104142;104095;104210;104141;104208;104252;104253;104254;104255;104542;104650;104374;104271;104376;104430;104429;104428;104427;104375;104471;104270;104209;104022;104473;103638;104475;104474;104494;104529;104495;104476;104532;104531;104776;104651;104778;104781;104530;104779;104777;104780;104783;104869;104806;104805;104871;104874;104873;104872;104877;104876;104878;104953;104880;104954;104870;104952;104956;104875;104782;104960;104958;104957;104879;104962;104961;104959;104991;104966;104965;104968;105033;104964;104993;104992;104967;104963;105034;105035;105072;105093;105036;105095;120008;105073;105097;105149;105094;105148;105096;104955;105020;105150;120009;105098;120010;105270;105253;105272;105276;105278;105271;105274;105279;105273;105277;105280;105275;105281;120011;105282;105284;105286;105285;105288;105350;105290;105289;105287;105349;105408;105351;105353;105388;105348;105409;105283;105463;105461;105459;105458;105352;105462;105483;105460;105482;105506;105540;105538;105513;120012;105539;105481;105580;105578;105574;105575;105579;105576;105577;105582;105648;105647;105684;105685;106092;105721;105720;105719;105581;105541;105744;105764;104472;105480;106042;106043;105763;105172;106046;105765;106041;106044;106048;106047;106073;106127;106049;106093;106129;106045;106095;106130;106131;106185;106186;106133;106187;106128;106132;106184;106261;106263;106259;106260;106293;106292;106262;106344;106094;106343;106342;107251;106346;106436;106370;106345;120013;106437;106438;106440;106442;106441;106439;106435;106444;106448;106446;106445;106449;106454;106447;106450;106452;106453;106456;106471;106470;106294;106455;106473;106443;106451;106474;106476;106475;106477;106480;106527;106478;106529;106479;106526;120014;106531;106481;106530;120015;106578;106555;106528;106576;106605;106579;106577;106603;106604;106580;106618;106653;106652;106617;106674;106672;106532;106673;106602;106708;106746;106745;106789;106707;106786;106747;106788;106835;106787;106815;106836;106834;106748;106867;106868;106897;106866;106899;106898;106901;106900;106896;106967;106943;106942;107002;106941;106865;106944;106472;106926;120016;106654;107054;107115;107131;107132;107055;107085;107086;107116;107140;107142;107141;107214;107144;107143;107139;107213;107253;107289;107255;107288;107254;120017;107292;107290;108509;108280;108367;108279;108511;108512;108368;108400;107291;107252;120018;108510;108401;108402;108450;108452;108530;108449;108578;108451;108529;108532;108482;108528;108580;108531;108646;108533;108581;108647;108652;108650;108649;118346;108648;108653;108655;108684;108656;108654;108579;108686;108651;108369;108687;108705;108745;108747;108746;108744;108827;108825;108749;108826;108824;108829;108831;108871;108830;108828;108874;108877;108876;108875;108946;108873;108748;109000;108948;108947;109011;108945;109013;109014;109012;109028;120019;109083;109015;109001;109161;109085;109162;108872;109198;109240;120020;109242;109197;109244;109243;109246;109250;109247;109252;109251;109245;109241;109248;109254;109256;109253;109258;109260;109259;109262;109264;109263;109261;109249;108685;109255;109257;107022;109084;105722;109266;109268;109270;109269;109267;109274;109273;109276;109271;109272;109278;109277;109310;109342;109341;109358;109275;109356;109547;109309;109359;109357;109572;109548;109360;109647;109646;109598;109645;109549;118251;109599;109550;109672;120021;109673;109355;109675;120022;109676;109674;109678;109721;109679;109756;109758;109757;109722;109677;109762;109760;109763;109761;109765;109768;109767;109766;109770;109764;109774;109772;109771;109776;109773;109775;109769;109778;118252;109759;109780;109782;109779;109784;109786;109783;109787;109790;109781;109792;109788;109794;109793;109789;109785;109796;120023;109859;109797;109861;109791;109862;109887;109886;109860;109889;109891;109890;109937;118253;109939;109938;109913;110030;109795;110029;109888;110031;118255;110032;110033;110035;110036;110034;110038;110039;110042;110041;110043;110040;110089;110090;110037;118256;118257;110092;110093;110183;110184;110123;118258;110185;110187;110189;110190;110188;110223;110259;110224;110258;110222;110186;110091;109777;110261;110310;118254;110284;110339;110341;110340;110338;110343;110345;110344;110347;110346;110349;110351;110350;110353;110352;110348;110358;110356;110355;110342;110361;110360;110362;110357;110359;110368;110366;110365;110364;110363;110369;110367;110374;110354;110372;110370;110373;110377;110376;110379;110381;110380;110378;110375;118259;110443;110410;110394;118260;110412;110411;110393;118261;110473;110511;120024;110510;110445;118262;110509;110548;118263;110544;110547;110546;110512;110531;118264;110545;110444;118265;110620;110595;110371;118266;110659;118267;110638;110636;110635;110596;110637;110660;110639;118269;110640;118268;118270;110682;110683;110621;110761;118271;120025;110684;110760;110764;110763;110803;110685;110804;110838;110837;110836;110762;120027;120026;120028;120031;120030;120032;110661;120029;120036;120034;118273;110938;120035;120037;110966;110972;120033;120041;120039;111051;120040;120042;120043;111052;118274;111055;120044;111057;111059;120046;111053;111058;111056;111054;110594;118272;120048;120038;111102;110260;120045;111150;111134;120047;120049;120050;118275;111200;111201;120053;111202;118276;111203;120054;120052;120056;111262;111261;111263;120051;120057;120058;111264;111328;111368;111329;111348;111367;111346;120059;111265;120055;120060;111370;111372;111347;111371;120062;120061;120064;111435;111373;111434;111433;111437;118277;120063;111436;120065;111443;111438;120067;111439;111441;111442;111440;111445;111447;111446;111444;111451;111450;111453;111449;111454;111369;111448;111459;111457;120066;111455;111458;111456;111503;111463;111462;111461;111505;111504;111508;111460;111506;111464;111525;111509;120069;111507;111546;111575;111574;111548;120071;121042;111591;120070;120073;111592;120072;120068;120075;111662;111664;111547;120074;111663;120077;120076;111741;111742;118278;118279;118280;111744;111743;111740;111746;111781;111747;120078;111782;111784;120080;118281;111785;120081;118282;111783;111814;118283;111815;111813;120079;111817;111639;111452;111819;111823;111822;111828;111745;111820;111821;111827;111825;111826;111830;111832;111833;111831;111818;111824;111829;111835;111836;111841;111837;111838;111840;112010;112012;120082;112011;111839;112013;112015;112014;120083;111842;111834;120084;119211;120085;112055;120086;118284;112056;112081;112079;120087;119142;119551;112106;112108;112080;112107;112082;112057;112146;112271;112147;120088;112201;112199;112188;112202;112148;118285;120091;120090;112272;120089;112204;112203;112276;112200;112145;112016;112278;112275;117354;112274;112287;112277;117355;120092;118287;117385;117386;118288;120093;118286;117451;120095;117449;120094;120096;117453;117452;117450;117478;117528;120098;117529;120099;118289;117527;117448;120100;120097;117660;120102;117629;117661;117664;118290;117694;117663;117662;120104;118292;117695;118291;117697;120105;118293;120103;117699;117696;117701;117700;117703;117702;120106;117800;117802;117801;117820;117803;117804;120107;117698;117799;120101;112273;111816;102914;120109;109265;111101;117821;120110;120111;118294;118295;117823;117899;117858;117824;117822;117859;120113;117866;117900;120112;120115;120114;120116;117901;118298;117902;118296;120117;120119;118299;120118;117932;117903;120121;120120;117990;117989;122393;117992;120122;117993;118297;117991;120123;117933;118302;118300;120124;120125;117994;118032;118078;118033;117995;120127;118080;118034;118079;120128;120129;118171;120130;118141;120126;120131;118174;120133;118175;118198;118173;120132;120134;118223;118304;120135;118303;118222;118199;118305;118172;118301;120137;118319;118321;118320;118318;118348;118347;120138;120136;118349;120140;118353;118352;120141;120139;118357;118350;118356;118351;118355;118387;120143;118388;120142;118390;118391;118456;118454;118457;120144;118455;120145;118354;120146;118459;118490;118460;120148;118389;118491;118499;118564;118500;120149;120147;119571;118498;118502;118501;118565;119449;118566;119672;119572;118588;118587;118728;118590;119450;120151;118589;118729;119573;119451;120153;118458;118306;120150;119574;118747;118748;120155;118749;120154;120159;120157;119552;118819;120160;118854;120158;120156;118882;118952;120162;118953;120163;119011;119575;119553;118965;119012;119033;119554;119032;119013;119034;120164;119031;119042;119041;119644;119036;120161;119115;119576;120166;120167;119117;119116;120165;119145;119645;119212;119143;119144;119214;119555;119213;119215;119281;120168;120169;120172;119284;120170;119283;119299;119285;120171;119286;125666;119333;119334;120175;119335;120174;119452;119282;119035;119456;119454;119453;119455;120173;120176;120181;120177;120179;119457;120180;119556;119577;120183;120182;120178;119646;120184;119579;119647;120186;120185;129578;119649;119648;119651;119719;119718;119720;120187;119741;119740;119744;119578;119743;119650;120188;119760;119747;119761;119746;120191;119763;119806;120189;119745;119808;119807;120192;120190;119824;119810;119869;120193;119870;119825;119762;119955;119871;120982;120194;119956;119954;120195;120196;119809;119742;119872;119937;119336;120984;120152;120985;121003;121058;121060;120986;126492;121091;121061;121093;121158;120987;121094;121206;121208;121240;121059;121241;121207;121209;121092;121294;121242;121296;121292;121293;121298;121297;121159;121243;121295;121301;121305;121341;121303;121304;121300;121343;121465;121302;121539;121416;121466;121342;121568;121344;121417;121467;121570;121612;121610;121611;121614;121569;121616;121615;121636;121635;121618;121571;121613;121540;121637;121617;121299;122047;122048;122049;122092;122113;122050;122146;122147;122149;122182;122229;122181;122228;122306;122309;122230;122148;122311;122340;122308;122310;122343;122344;122342;122341;122312;122446;122397;122361;122360;122472;122474;122419;122345;122307;122471;122477;122475;122476;122530;122581;122531;122532;122608;122478;122645;122664;123780;122663;122666;122747;122715;122665;122774;122773;122775;122809;122808;122810;122776;122609;122965;122890;122889;122851;122944;122967;122473;122966;122964;122748;122850;121638;122969;122996;122998;122970;122999;123000;122997;123061;123063;123062;123067;123065;123068;123060;123064;123066;123070;123125;123071;123409;123126;123411;123448;123410;123446;123413;123450;123444;123449;123447;123069;123412;123498;123445;123546;123496;123501;123500;123499;123497;123548;123550;123633;123635;123634;123551;123547;123671;123549;123672;126524;123748;123747;123783;123749;123822;123781;123673;123785;123784;123824;123923;123825;123823;123636;123925;123782;123451;123968;123926;123929;123970;123967;123928;123927;123994;123993;123997;123996;124018;124056;124055;123998;123995;124083;124111;124112;123969;124149;124113;124109;124268;124082;124151;124269;124110;124270;124150;124148;124057;124294;124190;124296;124317;124295;124315;124314;124319;124364;124316;124362;124320;124361;124318;124451;124403;124363;124453;124456;124452;124586;124455;124404;124645;124454;124675;124646;124647;124694;124644;124674;124695;124405;124293;123924;120983;122968;126493;124716;124855;124757;124854;124852;126440;124857;125024;124853;125214;125130;125023;126525;124856;125920;125133;125131;125245;126439;125244;125132;138490;126458;125246;125247;125280;125249;125248;125307;126441;126457;125282;125283;125333;129878;125351;126494;126336;125334;125457;125459;125461;125460;125458;125464;125463;125465;126686;125466;125467;125335;126442;125468;126443;125470;125535;125469;125536;125471;126736;125537;125539;130087;125462;125281;125541;125540;126459;125673;125620;125674;121004;126496;125592;125675;121005;125676;126495;122094;122051;125672;121306;121468;122151;122150;122093;122313;122867;126526;150628;125677;122945;121160;122891;123452;123073;122231;123072;123454;123455;123453;123553;123637;123456;123639;123638;123640;123552;123971;124084;123972;123554;124365;124858;124406;123674;124321;150546;125702;125284;125703;125473;125250;125336;125472;125678;150613;123826;125944;125538;122971;125845;125846;150649;150662;150561;150510;150551;150610;125984;150666;150625;150600;150684;150575;150585;150512;150669;150597;150626;150530;150648;150598;150540;150618;150681;150594;150558;150529;150682;150554;150514;150620;150624;150614;150593;125760;150660;150507;125761;150533;150563;150642;150633;150619;150568;150535;150552;150517;150638;150601;125762;125764;125798;125799;125800;150668;125849;125847;125848;125763;125873;150664;125875;150650;125947;125921;125876;125945;125874;125986;125922;125988;125946;125989;125990;125987;125992;125994;126044;125985;125991;126046;126062;125997;125996;126063;125993;126151;126047;126152;126150;126045;126154;126156;126155;125995;126158;126153;126159;126149;128071;126160;126162;126163;126161;126164;126166;126168;126167;126170;126172;126169;126171;126165;126237;126337;126238;126444;126253;126239;126240;126461;126462;126497;126463;126500;126501;126498;126502;126173;126460;126499;126157;125759;126561;126595;126562;125850;126597;126617;126619;126687;127744;126596;126689;126688;126691;126693;128017;126692;126690;126618;126696;126737;126695;126741;126739;126697;126740;126742;126738;126771;126744;126809;126808;126770;126811;126743;126694;126810;126813;126812;126913;126986;126914;126983;126981;126985;126982;126984;127038;127090;127039;127040;128018;127091;127089;127747;127092;127748;127746;127749;127750;127754;127753;127755;127759;127751;127752;127757;127758;127761;127760;127763;127756;127764;127762;127765;127745;126814;127767;128019;127768;127770;127772;127771;127775;127769;127774;127776;127780;127782;127777;127781;127779;127778;127786;127773;127785;127788;127789;127885;127787;127790;128020;127784;127884;128022;128610;128072;128073;127838;128609;128144;128074;128021;128147;127783;128145;128302;128301;128146;128752;128315;128314;128313;128317;128319;128318;128312;128411;128467;128466;128316;129096;128469;128471;128470;128468;128543;128520;128504;128544;128542;128472;128410;128473;128611;127766;128048;128628;128613;128673;128870;128675;128676;128674;129844;128678;128753;128871;128872;128679;128966;128989;128988;128873;128677;128992;129043;129045;129047;128991;129046;129155;129044;129160;129156;129154;129157;138248;129159;129158;129153;129283;128990;129285;129347;129288;129286;129350;129284;129348;129287;129383;129381;129382;129401;129402;138249;129465;129526;129528;129552;129555;129404;130088;129553;129582;129583;129554;129349;129529;129527;129674;129676;129675;129747;129673;129581;129403;129746;129773;129282;129879;129962;129772;129845;129880;129961;129881;129964;129966;129965;130089;130050;130002;130051;130145;129963;130941;130162;130165;130001;130942;130161;130164;130943;130193;130163;130195;130197;130944;130196;130194;130166;130144;130199;130254;130253;130256;130340;130255;130342;130257;130344;130343;130345;130388;130361;130391;131067;130390;130421;130341;130423;130425;130426;130424;130422;130450;130452;130583;130512;130451;138250;130619;130620;130752;130621;130584;129748;128612;126560;130198;124715;130389;130754;130449;130896;130755;130898;130900;130899;130897;130948;130946;130947;130950;130952;130945;130954;130949;130951;130956;130958;130960;130955;130959;131070;138251;130957;131118;131069;131119;131071;131122;130953;131124;131068;131123;131120;131159;138252;131160;131222;131224;131221;131302;131305;131304;131307;131306;131223;131303;131309;134278;131311;131310;131385;131387;131386;131312;131546;131391;131390;131388;131389;131548;131547;131550;131308;131121;131545;131551;131552;131555;131557;131556;131553;131554;131753;131750;131751;131756;131755;131757;131754;131758;138253;131558;131998;131752;131760;138254;131833;132000;132002;131999;132004;132001;132006;132005;132008;132010;132003;131759;132009;132090;132073;132007;132072;132071;132088;132092;132089;132094;132236;132237;132334;132239;132308;132309;132338;132238;132093;132336;132337;132091;132388;132390;132395;132518;132387;132389;132430;132394;132705;132431;132671;132703;132432;132704;132702;132670;132070;132335;132396;131549;132743;178281;132707;132765;132766;132744;132745;132850;132852;132851;132921;132853;144032;132923;132767;132922;132924;132927;132925;132952;132928;133033;133034;138255;133032;133036;133038;133037;133135;133137;133136;133140;133141;133134;133139;132926;133176;133201;133255;133177;133175;133035;133254;133203;133257;133256;133258;133349;133394;133392;133202;133390;133396;133391;133397;133438;133448;133389;133393;133259;133348;133494;133395;133439;133138;133493;133539;133520;133544;133546;133543;133540;133542;133547;133594;133541;133598;133596;133599;133545;133595;133597;133601;133761;133602;133763;133791;133790;133762;133830;133831;133832;133834;133829;133836;133835;133833;133839;133600;133838;133948;134036;133949;133792;134075;133947;134076;133946;134074;134035;134082;134080;134079;134078;134099;134083;134101;134100;134081;134103;134105;134104;134077;134158;134160;134159;134106;134199;134200;134202;134201;134203;134287;133495;134286;134161;132706;134285;134102;133837;134291;134290;134289;134295;134294;134296;138256;134292;134293;134351;134350;134297;134364;134366;134365;134363;134400;134561;138257;134560;134623;134401;134441;134621;134655;134625;134624;134697;134653;134656;134654;134622;134756;134399;134824;134757;134853;134855;134854;134852;135023;134938;135025;135024;135165;135166;134937;135196;135164;135169;138258;135225;135168;135223;135224;135227;135228;134972;139904;135267;135226;135281;135167;134698;135268;163266;135389;135197;135393;135388;135391;135392;135266;135396;135395;135397;135390;135671;135580;135752;135751;135579;135394;135965;135893;135961;135963;136014;135964;135962;135754;136024;136074;136075;136077;136025;136013;136076;136026;136081;136079;136080;135753;136163;136165;136164;136082;136167;136168;136170;136169;136166;136395;136394;136280;136396;136397;136464;136462;136466;136465;136279;136463;136469;136468;136649;136651;136648;136653;136652;135387;136467;136655;136078;136650;138259;136659;136656;136657;136660;136658;136782;136785;136661;136784;136783;136787;136789;138260;136790;136788;138261;136795;136792;136786;136796;136662;136797;136793;137535;137536;136800;136799;136794;137540;137539;137538;137541;136791;138540;138262;137537;150582;137542;136798;150576;150661;150590;137543;150676;150577;150679;137544;150651;150547;150599;150528;150605;150672;150538;150589;150511;150588;150583;150557;150627;150673;150518;150539;150644;150608;137545;150630;150581;150553;138263;150615;150555;150544;150522;150606;150635;150573;150659;150683;150578;150680;150520;150652;150525;150607;150663;150641;150623;150632;150584;150657;150574;150591;150647;150564;150616;150639;150569;150629;150560;150595;150531;150545;150665;150674;150677;150542;150548;150541;150580;150643;150670;150603;150523;150609;150592;150611;150527;150549;150634;150526;150596;150637;150656;150671;137546;150636;137548;137579;137549;137552;137550;137578;137577;137547;137551;150513;150602;137581;150556;136654;134288;138541;137582;137584;137586;137585;137583;137590;137589;137591;137593;138264;137594;137588;137592;137587;138491;137598;137596;137597;137601;137599;137604;137603;137602;137600;137609;137607;138542;137606;137605;137595;137610;137611;137608;137613;137615;137614;137616;137618;137621;137620;137619;137624;137623;138265;137617;138543;138268;138266;137622;138272;138270;138273;138267;138271;138275;138277;138276;138274;138279;138281;138280;138283;138544;138285;138282;138284;138269;138278;138287;137612;138288;138289;138291;138293;138292;138298;138296;138290;138295;138297;138300;138302;138301;138299;138294;138305;138306;138304;138307;138310;138309;138308;138316;138314;138313;138312;138318;138303;138317;138315;138311;138322;138320;138323;138492;138433;138321;138434;138324;138432;138495;138494;138546;138496;138548;138547;138550;138493;138551;138545;138759;138758;138794;138791;138793;138792;138870;138830;138832;138831;138871;138760;138549;138992;138833;138795;138319;138286;138994;138996;138995;139170;139172;139173;139171;139169;139175;139177;139176;139222;139282;139223;139178;139174;139310;139358;139309;139360;139362;139361;139359;139403;139364;139409;139402;139405;139408;139406;139363;139407;139404;139452;139536;139454;139533;139308;139453;139534;139594;139535;139592;139593;139835;139656;139532;139657;139837;139566;139658;139687;139684;139686;139595;139689;139685;139721;139688;139723;139691;139781;139720;139722;139838;139690;139410;139836;139840;139841;139844;139845;139843;139905;139842;139907;140026;140242;140025;140027;139906;139847;140109;140241;139846;140246;140249;140245;140248;140244;140446;140252;140251;140253;140256;140255;140257;140243;140259;140250;140247;140260;140254;140261;140263;140262;140379;143713;140380;143618;140378;140381;140383;140385;140264;140447;140387;140384;140382;140388;140448;140476;140475;140449;140478;140515;140481;140480;140513;140479;140258;140514;140477;140512;139839;140386;138993;143840;143849;143683;143767;143634;143833;143746;143790;143733;143691;143715;143872;143693;143645;143883;143835;143782;143641;143825;143864;143739;143868;143628;143828;143724;143732;143806;143807;143774;143789;143714;143734;143655;143823;143877;143636;143810;143736;143756;143808;143798;143750;143682;143800;143793;143829;143685;143651;143853;143707;143637;143665;143781;143610;143630;143631;143819;143805;143743;143657;143678;143718;143663;143865;143667;163244;143873;143643;143866;143775;143679;143721;143815;143839;143671;143612;143708;143801;143783;143650;143652;143842;143837;143742;143640;143672;143762;143747;143681;143786;143757;143884;143845;143615;143850;143722;143803;143744;143609;143659;143862;143699;143626;143758;143771;143784;143649;143759;143656;143827;143882;143751;143709;143811;143820;143614;143848;143706;143696;143838;143613;143847;143822;143766;143816;143638;143726;143635;143684;143647;143813;143720;143670;143797;143690;143832;143644;143621;143673;143851;143876;143788;143622;143754;143765;143689;143623;143777;143791;143863;143874;143768;143772;143694;143844;143795;143632;143854;143761;143658;143792;143776;143629;143773;143841;143719;143885;143624;143843;143688;143779;143809;143697;143763;143695;143760;143716;143664;143799;143880;143749;143748;143616;143730;143620;143858;143712;143855;143852;143648;143660;143731;143728;143711;143676;143879;143817;143881;143753;143627;143727;143625;143745;143787;143831;143703;143725;143737;143704;143846;143710;143814;143723;143794;143700;143778;143661;143859;143871;143654;143617;143869;143770;143796;143834;143639;143856;143735;143802;143886;143668;143740;143741;143764;143857;143875;143752;143812;143646;143780;143785;143867;143687;143702;143826;143738;143818;143662;143642;143686;143677;143611;143861;143701;143836;143878;143717;143680;143675;143692;143674;143804;143824;143619;143666;143755;143633;143821;143729;144046;143669;143860;144034;144027;143769;143653;143705;143698;143830;143870;137580;130753;120108;144094;144173;144102;86704;144171;144095;144137;144100;144101;144254;144237;144121;144360;144259;144351;144354;144318;144427;144492;144443;144143;144432;144438;144499;144491;144501;144493;144527;144445;144535;144571;144575;144495;144532;144348;144476;144578;144570;144580;144576;144586;144599;144596;144579;144608;144637;144623;144733;144764;144760;144732;144740;144619;144759;144921;144757;144910;144917;144761;144911;144926;144928;189629;189630;189632;144912;144953;144908;144959;144909;144915;144914;144913;144763;145022;145025;144581;145018;145019;145031;145029;145020;145030;145205;145120;145198;145156;145026;145199;145179;145164;145181;145239;145175;189634;145253;145258;145343;189631;145300;145291;145352;189635;145490;145470;145476;145479;145481;145484;145487;145363;145108;146146;146141;145765;146051;146174;146050;145739;146156;146170;146145;146111;146362;146365;146322;146187;146135;146367;146401;146366;146416;146406;146395;146394;146463;146460;146387;146476;146470;146465;146478;146474;146359;145520;144960;146461;146526;146520;146517;146530;146523;146573;146579;146563;146576;146511;146614;146577;146597;146600;146553;146729;146643;146751;146669;146726;146790;146685;146788;146789;146797;146795;146794;146785;146653;146838;146890;146849;146923;146924;146915;146910;146925;146889;146904;146885;146920;146615;146891;146912;146940;146944;146936;146941;146946;146937;146966;146980;146921;146967;146978;146983;146973;146982;146984;146976;146972;146987;146796;146975;147030;146903;147050;147155;147060;147134;147570;147575;147612;147511;147568;147463;147162;147591;147579;147454;147544;147586;147545;147597;147452;147447;147436;147502;147571;147564;147464;147529;147736;147741;147788;147735;147786;147801;147796;147785;147875;147849;147843;147944;147871;147938;148143;148142;147936;147851;148144;148139;148164;148171;148162;148177;148138;148145;148175;148165;148150;148167;148155;146971;148160;146475;148168;148151;147781;148227;148149;148233;148226;148276;148251;148237;148365;148303;148304;148299;148252;148361;148366;148269;148410;148387;148389;148386;148415;148413;148414;148408;148434;148443;148532;148507;148388;148529;148515;148523;148502;148362;148524;148437;148501;148509;148510;148521;148531;148533;148528;148639;148636;148698;148594;148761;148747;148751;148600;148758;148700;148757;148753;148837;148864;148867;148871;148875;148868;148873;148838;148752;148966;148874;148929;148872;148504;149018;148755;149080;149035;149076;149012;149074;150521;149203;149077;149068;149113;149083;149179;149180;149195;149075;149185;149152;149230;150667;149224;149135;149084;149225;150508;150515;150622;149227;150631;150612;149174;150658;150654;149248;150571;150536;150586;150562;149266;150559;150516;149269;149279;150566;150524;150532;150675;150534;150678;150509;150604;150519;149276;150646;150572;150565;150655;150617;150550;150579;150543;150640;150621;149271;150567;149274;150537;150645;149006;150587;150888;150653;150902;150872;151127;150874;151099;151122;151355;150914;151803;151201;151084;151618;152128;152221;152199;152155;152550;152551;152810;152476;152811;152544;153461;152834;153626;153774;153484;153477;153867;152762;151993;153915;154212;154740;154250;155801;154862;154640;155798;155812;155814;156099;156211;155905;155819;156167;156290;149264;156012;149263;149272;150274;149273;149268;150306;149278;149340;149347;149457;149428;149429;149422;149270;149265;153840;149461;149463;149487;149462;149458;149484;149459;149516;149491;149633;149535;149806;149808;149716;149795;149805;149494;149798;149804;149486;149717;149800;149802;149797;149807;149856;149796;150017;150014;150024;150018;150110;150012;150019;149976;150101;151492;149801;150106;150112;150083;150092;150102;150085;150108;150182;150086;150201;150193;150082;150203;150093;150084;150215;150222;150116;150200;150191;150212;150220;150257;150267;150266;150686;150223;150307;150697;150685;150698;150300;150190;150270;149456;163092;150695;150100;150570;152107;150305;150338;150335;150313;150404;150397;150402;150400;150413;150696;150699;150407;150396;150414;150406;150401;150412;150687;150409;150395;150410;150415;150398;150505;150472;150470;150405;150473;150458;150411;150459;150476;150403;150746;150399;150726;150731;150730;150745;150737;150468;150740;150738;150743;150728;150739;150733;150727;150742;150744;150741;150736;150732;150891;150729;150734;150890;150892;150889;150871;150901;150898;150927;150877;150893;150870;150876;150895;150912;150456;150885;150735;150884;150913;150894;150887;150875;150896;150928;150878;150900;150882;150881;150883;150879;150886;150899;151088;150897;151085;151105;151090;151086;151094;151093;151095;151106;151087;151103;151104;151110;150880;151108;151089;151096;151102;151101;151107;151098;151109;151124;151126;151123;151097;151125;151100;151195;151118;151091;151202;151205;151200;151354;151360;151204;151203;151194;151356;151481;151491;151532;151523;151530;151092;150873;151524;151616;151531;151357;151654;151650;151651;151206;151653;151657;151649;151655;151760;151656;151659;152272;151765;151758;151658;151804;151763;151764;151652;151759;151761;151801;151813;151815;151805;151802;151868;151880;151869;151875;151877;151878;151821;151884;151757;151874;151870;151881;151986;151980;151998;151873;151994;151989;151988;151996;151991;151997;151992;151990;151995;152055;152056;152032;152048;152031;152022;151983;152061;152023;151981;152110;152060;152109;152105;152106;152062;152158;152113;152104;151999;151885;152116;152160;152156;152153;152146;152157;152167;152162;152142;152186;152159;152187;152248;152200;152222;152201;152185;152188;152202;152239;152246;152253;152242;152251;152254;152252;152475;152241;152245;152243;152481;152244;152480;152240;152247;152567;152479;152545;152612;152546;152651;152643;152649;152269;152650;152642;152652;152656;152641;152566;152655;152611;152648;152676;152654;152714;152691;152704;152708;152677;152715;152690;152718;152711;152717;152653;152703;152712;152716;152705;152710;151617;152706;152108;152765;152713;152478;152760;152763;152759;152709;152809;152806;152766;152800;152807;152803;152808;152802;152761;152804;152845;152801;152851;152847;152842;152890;152836;152889;152887;152891;152833;152888;152843;152805;152919;152947;153020;152945;152920;152921;153019;153015;153022;152944;152914;153018;153012;153010;153017;153023;153014;153011;153016;152996;152997;152992;153021;152990;152995;152994;152993;153028;152989;152988;153119;153027;152991;152915;153120;153121;153013;153122;153192;153189;153191;153198;153193;153197;153124;153247;153190;153246;153249;153196;153194;153423;153467;153469;153464;153468;153465;153466;153463;153483;153478;153540;153536;153535;153462;153489;153580;153542;153248;153577;153576;153618;153581;153623;153620;170506;153614;153615;153625;153621;153632;153619;153627;153622;153784;153611;153616;153775;153643;153798;153794;153787;153795;153791;153773;153831;153869;153624;153919;153538;153868;153125;153830;153918;153917;153907;153793;153905;153916;153923;153904;153920;153906;153951;153922;154003;154002;153999;153921;154067;154099;154087;153969;154100;154090;154089;154052;154102;154062;154098;154092;154101;154073;154068;154094;154054;154063;154088;154095;154093;153998;154161;154160;154189;154133;154181;154183;154190;154217;154185;154182;154256;154210;154247;154249;154305;154298;154322;154319;154299;154248;154218;154321;154314;154323;154302;154304;154303;154300;154355;154317;154308;154301;154634;154318;154630;154129;154638;154325;154620;154629;154618;154637;154651;154647;154646;154653;154648;154641;154652;154654;154742;154708;154745;154643;154645;154906;154904;154908;154907;154861;154741;154941;154922;154927;155004;155002;155001;155007;155006;154924;154744;154921;155048;155005;155213;155134;155157;155166;155076;155465;155304;155363;155462;155461;155464;155468;155467;155302;155466;155576;155303;155580;155579;155582;155463;155578;155651;155577;155575;155646;155650;155641;155644;155635;155645;154632;155649;153903;155640;155581;155647;155642;155003;155659;155670;152707;155671;155643;155669;155703;155668;155666;150318;155699;155700;155704;155702;155698;155667;178280;178279;178278;178276;155724;155748;155813;155810;155805;155723;155800;155817;155809;155804;155807;155791;155806;155793;178277;155808;155795;155797;155792;155816;155796;155794;155815;155803;155818;155799;155827;155829;155837;155836;155840;155828;155855;155811;155834;155856;155895;155912;155911;155910;155909;155902;155906;155894;155893;155903;155907;155899;155898;155904;155897;155913;155802;155854;155900;155896;155933;155981;155990;155930;156009;155929;155992;156007;156010;156006;156046;156049;156047;155959;156019;156048;156090;156008;156282;156084;156081;156088;156092;156050;156082;156093;156089;156091;156097;156087;156085;156083;156051;156098;156086;156096;156170;156095;156148;156172;156110;156209;156094;156214;156169;156207;156245;156281;158145;156212;156291;156287;156285;156213;156288;156289;156283;156280;156286;156284;156422;156420;156421;156342;156337;156330;155901;156080;156445;156446;156292;156475;156480;156477;156479;156607;156634;156644;156615;156611;156646;156638;159133;156635;156699;156703;158142;156709;158146;156701;158061;156704;158174;156748;156759;156746;156760;156776;170922;156775;158063;156923;156814;156810;156806;156758;156777;156702;156813;156807;156809;156805;156817;156815;156883;156881;156808;156882;156816;166195;158191;156926;156811;158060;156921;156922;156927;158065;156925;156928;156919;158137;156951;157090;157072;157128;157073;156953;157087;156952;156924;157094;158064;157083;157078;157070;158091;157098;157103;157109;157074;157101;157076;158156;157108;158139;157075;157146;157202;157102;157144;157149;157145;158175;157180;157214;157188;157278;157233;157221;157279;157271;157281;157306;157272;159227;157282;157283;157276;157280;157273;157308;157298;157310;157151;157300;157303;157307;157315;157304;157305;157341;157342;157302;157344;157343;157346;157347;157373;157334;157345;157393;157392;157340;157389;157394;157390;157870;157391;157419;157396;157869;157898;157897;157899;157388;157900;157301;156468;157395;157079;157895;157939;157929;158128;158122;158123;157932;158062;158141;158126;158151;158155;158153;158138;158152;158124;158181;158185;158144;158136;158190;158186;158183;158176;158189;158179;158233;158173;158182;158228;171197;158244;158221;158226;158184;158229;158180;158242;158238;158227;158337;158225;158336;171409;158433;158395;158415;158446;158358;159146;158357;158430;158447;158506;159150;158448;158339;158503;159170;159149;158569;158580;158581;158570;158571;158445;158230;158614;158582;158612;158579;158568;158602;158603;158598;158597;158610;158616;158594;159159;158615;158601;158607;159154;158621;159155;158609;158608;158619;158599;158595;158596;158613;158622;158618;158605;159153;158611;159148;159151;159178;158750;158593;158606;158753;170213;158758;158757;159164;158748;159156;158754;159158;158766;158751;158765;158772;159162;158752;158798;158768;158769;158763;158755;159152;158771;158916;158908;158801;158885;158880;159012;158915;158910;158799;158919;158925;158917;158926;158770;158911;158920;158620;158756;158957;158909;159147;158963;158966;158961;158960;158955;158969;158958;158964;159027;159013;159019;159034;158967;159171;159031;159029;159136;159161;159163;159193;159062;159131;159130;159129;159157;159128;159174;159172;159177;159127;159028;159191;159188;159230;159179;159228;159231;159232;159278;159279;159176;159339;159337;159342;170921;159344;159341;159338;159333;159233;159345;159340;170513;159334;159352;159335;159336;159366;159369;159358;159357;165748;159349;159368;159370;159371;159356;159175;159353;159355;159343;159360;159351;159350;159389;159479;164965;159499;159506;159391;159475;159367;159505;159501;159502;159476;159535;159567;159598;159498;159619;159599;159668;159620;159647;159600;159617;159699;159661;159700;159500;159618;159695;159697;159652;159698;159702;159738;159693;159703;159734;159739;159736;159756;159704;159754;159735;159737;159752;159750;159757;159751;159769;159701;159755;159884;159768;159998;159981;159883;159885;159748;159990;159753;159932;159705;159749;159018;157894;159354;159950;159996;159951;160048;160062;159938;160064;160066;170223;159987;160063;160058;160006;170226;170217;170211;160067;160075;160072;160070;160056;160057;160073;160069;160074;160071;160096;160099;160091;160095;160098;160094;160093;160100;160102;160092;160179;170230;160197;160103;160104;160060;160195;160090;170214;160196;160193;160221;160202;160194;160220;160283;160223;160278;160219;160279;160284;160281;160324;160287;160277;160285;160276;160222;160322;160326;160330;160327;160280;160328;170712;160282;160381;160388;170224;160329;160382;160325;160380;160390;160494;160460;160387;160462;160386;160461;156812;157077;160389;156478;157086;172433;157154;157868;158194;158140;157150;158188;158604;158338;158749;158429;158172;158178;159017;158600;158187;159025;159032;159033;159135;157105;159023;159014;159388;159566;159190;172429;159134;159534;172434;160068;159396;160097;160489;172439;160493;159696;160498;170215;160490;160488;160500;160499;160524;160523;160529;160672;160521;160522;160492;160286;160715;160331;160667;160877;160716;160881;160876;159021;160879;160875;160880;160882;160878;160986;160987;160886;160984;160885;160988;160990;161065;161741;160982;161086;161160;161085;160974;161222;160989;161163;161162;161164;161221;161239;160981;161158;161204;161230;161225;161224;161229;161231;161226;161234;161220;161228;161236;161232;161237;161227;161233;161235;161259;170227;161255;161257;170208;161238;161367;161260;161258;161352;161365;161357;161360;161359;161353;161256;161362;161356;161223;161394;161389;161397;161390;161388;161400;161391;161403;161424;168342;161427;161392;161431;161425;161396;161467;161469;161460;161459;161465;161423;161496;161466;161497;161539;161499;161498;161470;161591;161574;161458;161468;161568;161550;161556;161651;161495;161548;161519;161650;161647;161644;161653;161645;161682;161646;161738;161735;161652;161744;161743;161746;161740;161742;161737;161785;161787;161745;161786;161736;161819;161827;161683;161739;161393;161538;161828;161823;161826;160664;161831;161822;161820;161824;172438;161833;161841;161834;161845;161844;161847;161842;161914;161821;161919;161915;161916;161941;161918;161917;161942;161944;161945;161970;162000;162007;161999;161943;161846;162131;162130;162128;162127;162209;162132;162129;162211;162187;162185;162215;162212;162208;162207;162184;162236;162183;162237;162176;162244;162243;162241;162235;162239;162234;162233;162240;162245;162238;162242;162177;162232;162388;162390;162382;162133;162387;162389;162383;162380;162379;162381;162399;162386;162472;170231;162470;162469;162466;162468;162492;162493;162519;162495;162491;162467;162521;162522;162520;162524;162523;162535;162540;162516;162378;162534;162537;162539;162517;162494;162533;162542;162530;162538;162532;162546;162545;162544;162558;162557;162598;162590;162541;162556;162536;162559;162555;162543;162695;162591;162693;162694;172432;172430;162707;162607;162709;162710;162608;162609;162714;162692;162531;162310;162599;162711;162712;162769;162767;162765;162764;162715;162777;162774;162937;162766;162775;162938;162771;162925;162933;162770;162953;162966;162939;162940;162911;162948;162768;162929;162936;162960;162913;162910;162912;172436;162955;162965;162935;162941;162927;162954;162951;162926;162959;162944;162930;162958;162950;162964;162934;162957;162952;162946;162956;162945;162947;162963;162931;163018;163015;163006;162996;163000;163019;163007;170233;163002;163001;163005;163009;163003;163004;163017;162924;162997;162999;162961;163016;163012;163064;163062;163061;163065;163063;163066;163067;163070;163069;163059;163060;163068;163091;163096;163095;163093;163058;163240;163239;163247;163243;163263;163245;163242;163246;163367;163364;163366;163384;163373;163350;163357;163355;163383;163363;163361;163377;163241;163365;163359;163354;163374;163389;163356;163388;163392;163362;163380;163353;163391;163351;163390;163379;163369;163419;163418;163423;163421;163427;163429;163422;163417;163378;163420;163424;163456;163428;163431;163426;163425;163381;163360;162713;161825;162998;159931;163457;155648;163485;163430;163482;163487;163506;163484;163483;163508;163510;163504;163714;163512;163511;163720;163507;163648;163721;163578;163715;163636;163644;163640;163642;163646;163641;163728;163645;163647;163639;163638;163716;163685;163717;163687;163722;163690;163591;163713;163686;163637;163692;163689;163684;163723;163688;163817;163727;163812;163752;163819;163802;163691;163816;163804;163799;163822;163798;163823;163811;163803;163814;163805;163825;163820;163815;163683;163826;163800;163818;163824;163821;163873;163801;163877;163874;163876;163897;163878;163875;163881;163879;163900;163902;163898;163914;163899;163925;163880;163930;163999;164001;163931;163990;163991;163975;163976;164000;163994;163993;163989;163992;163901;163996;163995;164002;163998;163981;163988;164060;164056;164065;164061;170220;170229;164068;164058;164067;164062;164066;164059;164064;164106;164098;164055;164097;164103;164101;164102;164105;164095;164104;164100;164096;163979;164140;164069;163806;164220;164139;164224;164138;164234;164174;164231;164185;164238;164227;164262;164252;164217;164221;164264;164267;164268;164308;164314;164269;164310;164306;164307;164266;164305;164303;164312;164265;164263;164304;164302;164335;164311;164336;164337;164334;164367;164313;164366;164331;164373;164371;164370;164315;164332;164333;164369;164372;164430;164428;164448;164441;164440;164426;164447;164425;164442;164443;164444;164469;164445;164439;164368;164461;164462;164466;164464;164309;164497;164467;164463;164496;164546;164499;164465;164541;164549;164548;164468;164542;164544;164637;164547;164515;164636;164635;164543;164642;164634;164644;164643;164639;164662;164665;164664;164667;172437;164663;164660;164633;164659;164545;164668;164691;164666;164702;164914;164686;164693;164692;164913;164884;170232;164688;164887;170218;164919;164915;164888;164920;164689;164923;164908;164886;164931;164882;164925;164921;164922;164934;164927;164907;164661;164917;164460;164916;164883;164099;164880;164885;164926;164906;164930;164909;164881;164928;164902;164901;171196;164903;164933;164900;164932;164899;164937;164940;164936;164924;164966;164967;164976;164977;164978;164979;164969;165334;165193;165201;164968;164981;164980;164939;164941;165197;165194;165199;165198;165200;165191;165192;165229;165231;165228;165233;165234;165235;165227;165189;165249;165232;165230;165250;165253;166943;165252;165304;165316;165293;165294;165226;165333;165306;165305;165254;165420;165335;165428;165421;165418;165196;165424;165427;165426;165422;165425;165434;165433;165423;165437;165450;165448;165435;165419;165493;165453;165492;165436;172431;165489;165495;165451;165482;165484;165499;165488;165486;165490;165487;165491;165452;165498;165496;165494;165485;165501;165566;165497;165483;165568;172435;165560;165557;165575;165556;165562;165561;165574;165564;165555;165573;165559;165558;165581;165563;165565;165572;165582;165584;165580;165579;165583;165554;165578;165585;165577;165614;165332;165609;165481;165613;165608;165616;165621;165664;165617;165670;165620;165648;165688;165610;165618;165672;165656;165671;165692;165679;165660;166373;165691;165667;165659;165681;166189;165726;165727;165743;165756;165725;165684;165666;165750;165751;165755;165752;165745;165744;165753;166021;165777;165778;166531;165776;166105;166194;166146;165749;166188;166153;166192;166147;166184;166190;166185;166183;166186;166256;166187;166252;166253;166257;166248;166254;165754;166191;166251;166295;166303;166247;166193;166300;166304;166306;166307;166246;166299;166302;166258;166311;166301;166296;166360;166371;166359;166420;166421;166358;166372;166423;166451;166419;166417;166456;166424;166422;166418;166432;166312;166446;166526;166442;166443;166447;166455;166450;166534;166454;166535;166530;166533;166538;166449;166532;166527;166529;166537;181673;166528;166590;166596;181674;166597;166603;166577;166586;166592;166593;166583;166579;166582;166581;166585;166587;165615;166584;164918;166453;166595;166580;166683;166693;166694;166578;166688;166255;166692;166696;166690;166736;166691;166689;166695;166765;166687;166755;166751;166805;170222;166759;166794;166824;166783;166795;170216;166785;170212;170210;166784;166792;170219;170234;166945;166764;166942;166952;170225;166793;166951;166944;166956;166955;166954;177784;167039;167037;167036;167038;177789;177790;167035;166950;167066;167062;167063;167067;167223;167221;167216;167218;167209;167208;167212;167213;167210;167220;167211;167064;167222;166796;167214;167217;167243;167219;167241;167242;167331;167336;167349;167335;167337;167326;167346;167327;167340;167342;167347;167345;167341;167351;167329;168343;167339;167352;167350;167334;167330;167518;167333;167516;167512;167517;167515;167343;167332;167727;167726;167729;167735;167736;167769;167734;167649;167648;167751;167757;167725;167724;167760;167728;167756;167650;167733;167763;167732;167731;167754;167761;167787;167647;167786;167759;167752;167758;167773;167753;167768;167779;167730;167514;167764;167762;167765;167772;167225;167929;167932;167927;167941;167924;167944;167755;167928;167950;167943;167937;167934;167949;167939;167963;167952;167951;167946;167925;167936;167935;167948;167931;167922;167930;167923;167947;167942;168055;167940;167938;168123;168121;168122;167945;168072;168054;168081;168112;168099;168092;168139;168140;168143;168138;168089;168142;168144;168126;168166;168173;168161;168091;168172;168178;168159;168180;168168;168176;168175;168165;168167;168163;168169;168192;168199;168201;168191;168141;168243;168195;168253;168242;168248;168246;167933;168255;168196;168249;168240;170221;168245;168252;168247;168254;168251;168244;168256;168307;168297;168291;168296;168303;168305;168309;168287;168304;168289;168295;168308;168285;168301;168284;168293;168250;168306;168288;168292;168298;168331;168286;168290;168294;168339;168341;168299;168300;168335;168378;168468;168332;168471;168333;168340;168448;168472;168490;168486;168334;168540;168536;168537;168492;168611;168616;168543;168602;168649;168603;168648;168609;168469;168302;168541;168719;168200;167766;168716;168718;168721;170209;168714;168717;168715;168787;168781;168778;168720;168789;168788;168780;168786;168782;168790;168886;168784;168895;168894;168889;168888;168891;168893;168904;168890;168905;168885;168903;168892;168920;168779;168906;168918;168935;168933;168919;168921;168887;168902;168900;168944;168937;168938;168934;168936;168939;168943;168942;168959;168940;168956;168949;168948;168952;168957;168953;169103;168955;168950;168958;169278;169105;169104;168901;168954;169282;170228;169288;169291;169349;169290;168941;169351;169289;169352;169350;169410;169354;169292;169413;169412;169353;169422;169423;169348;169414;169421;169434;169465;169430;169475;169469;169474;169429;169471;169470;169468;169467;169411;169484;169483;169472;169464;169466;169482;169477;169665;169486;169635;169476;171417;169697;169632;171527;169720;169636;169839;169931;169840;169686;169984;169928;169986;169980;170009;169932;170022;170008;170013;169945;170021;169884;169473;170019;169281;172417;170020;170094;170118;170097;170190;170186;170116;170189;170248;170244;170127;170246;170251;170184;170250;170242;170245;170249;170252;170253;170241;170614;170607;170613;170478;170497;170608;170662;170664;170616;170665;170674;170247;170704;170663;170708;170673;170675;170679;170721;170710;170678;170702;170707;170695;170694;170719;170718;170696;170720;170723;170717;170709;170706;170701;170722;170752;170742;170746;170711;170748;170751;170749;170747;170750;170901;170903;170896;170900;170744;170745;170743;170897;170904;170716;170944;170949;170945;170943;170948;170902;170951;170677;170975;170950;171005;170977;171000;170974;171003;171004;171070;170946;171066;171065;171064;170976;171062;171063;171058;171136;171193;171145;171128;171187;171059;171002;171129;171192;171188;171132;171184;171198;171138;171183;171194;171130;171200;171147;171152;171131;171127;171406;171403;171134;171413;171426;171416;171135;171408;171428;171419;171407;171425;171420;171412;171424;171423;171405;171415;171411;170899;171418;171427;171191;168671;166588;170096;171430;171402;171401;171431;171400;171496;171471;171494;171475;171491;171489;171404;171486;171487;171477;171488;171493;171490;171492;171504;171478;171495;171485;171503;171526;171474;171524;171528;171538;171529;171532;171537;171525;171534;171535;171536;171481;171530;171584;171590;171619;171587;171585;171689;171589;171618;171620;171685;171688;171679;171687;171682;171680;171684;171768;171765;171617;171681;171770;171767;171766;171844;171842;171886;171841;171843;171769;171891;171889;171531;171683;171892;171874;171880;171881;171914;171890;171915;171872;171909;171906;171911;171937;171947;171913;171916;171910;171955;171949;171934;172021;171936;172014;171948;172019;172015;171944;172012;172022;172020;172018;171946;172013;172028;172043;172059;172023;172044;172060;172067;172064;172063;172097;172061;172101;172065;172099;172100;172098;172096;172102;172103;172062;172254;172403;172253;172256;172174;172418;172423;172252;172404;172424;172416;172419;172408;172411;172421;172413;172409;172415;172017;171873;172402;172175;172412;172410;172420;172426;172405;172425;172407;172479;172474;172478;172477;172473;172509;172564;172563;172476;172559;172562;172510;172566;172570;172567;172561;172610;172571;172608;172597;172598;172654;172475;172649;172565;172648;172645;172642;172651;172650;172655;172646;172644;172677;172647;172638;172664;172643;172676;172652;173218;172653;172675;173219;172678;173216;173215;173213;173198;173225;173226;172673;173200;172665;173209;172609;173210;173217;173224;173199;173214;173222;173236;173212;173205;173221;173242;173229;173287;173288;173289;173375;173201;173220;173380;173286;173381;177827;173378;173382;173379;173410;173376;173408;173407;173377;173406;173612;173447;173409;173452;173285;173448;173411;173611;173455;173454;173451;173446;173641;173636;173637;173630;173625;173642;173632;173627;173640;173631;173633;173629;173643;173644;173645;173626;173628;173688;173635;173695;173634;173682;173689;173450;173638;173700;173639;173231;173697;173685;173684;173680;172414;173704;173681;173693;173686;173683;173696;173705;173687;173694;173736;173699;173703;173698;173702;173735;173727;173733;173726;173768;173729;173728;173725;173775;173701;173766;173734;173771;173767;173772;173773;173774;173827;173902;173824;173903;173769;173899;173889;173825;173826;173901;173894;173887;173884;173900;173893;173883;173958;173888;173962;173892;173956;173961;173891;173960;173890;173959;173963;173770;174011;173951;174009;173882;173957;174010;174024;174013;174027;174023;174025;174026;174050;174157;174048;174144;174142;174047;174146;174049;174379;174378;174376;174371;174373;174369;174377;174370;174372;174380;174375;174428;174429;174427;174382;174381;174374;174532;174529;174536;174538;174535;174533;174534;174530;174499;174498;174493;174492;174500;174495;174496;174497;174608;174614;174612;174611;174537;174694;174698;174684;174613;174674;174919;174711;174719;174672;174491;174531;174686;174609;174708;174008;174785;174718;174720;174716;174774;174768;174783;174715;174779;174777;174782;174771;174776;174769;174784;174781;174773;174775;174786;174780;174893;174778;174894;174895;175029;174892;174886;174885;174891;174887;174917;174890;174920;174889;174918;174916;174922;174926;174888;174921;174770;174947;174942;174949;174945;174946;174948;174943;174979;174944;175028;174980;177502;175087;175362;175159;175387;175367;174941;175327;175160;175363;175157;175376;175158;175402;175375;175328;175385;175548;175528;175517;175124;174923;175361;175366;175535;175547;175533;175541;175540;175549;175532;175546;175525;175552;175596;175539;175590;175592;175588;175417;175589;175597;175595;175587;175531;175593;175598;175416;175582;175594;175580;175591;175415;175808;175817;175802;175815;175418;175581;175814;175801;175813;175806;175964;175958;175974;175809;175803;175807;175963;175957;175961;175959;178456;176042;177484;175960;175956;176041;176059;176043;176044;176046;176060;178596;176058;176061;176057;176104;177610;176100;176101;176139;178407;176140;176142;176137;177486;178414;176045;175816;175355;176099;174707;173706;176224;176222;176220;176136;176270;176225;178692;177505;176354;176351;176264;176271;176352;176355;176385;176384;176405;178696;177491;176410;176407;176406;176502;176402;176411;177609;176517;176516;176513;176508;177499;176512;176510;176412;176511;176507;176514;176506;177407;176518;176515;176505;176509;176504;176621;176587;176546;176619;176500;176586;176646;176618;176928;176647;176649;176967;176974;176620;176969;176957;176956;176963;176955;176975;176931;176973;176971;176930;176648;176952;176958;176503;176962;176972;176929;176953;176978;176970;176965;176964;176961;176954;176966;176960;176979;177061;177053;177077;177056;177060;177062;177055;177054;177059;177101;177085;178691;177057;177081;177208;177192;177052;177058;177212;177278;177279;177281;177191;177099;177283;177277;177377;177282;177379;177378;177334;177340;177381;177276;177435;177408;177439;177436;177441;177438;177440;177448;177445;177447;177406;177443;177446;177442;176959;177444;177437;177409;177504;177100;177501;177487;177497;177500;177552;177548;177503;177545;177485;177547;177554;177555;177546;177611;177556;177551;177549;177550;177622;177607;177623;177608;177591;179683;177606;177705;181260;177707;177706;177693;177698;177704;177702;177624;177615;177709;177708;177697;177703;177699;177700;177733;177721;177719;177731;177730;177722;177723;177724;177725;177716;177734;177729;177727;177728;177726;177717;177807;177809;177829;177732;177720;177806;177825;177812;177802;177824;177822;177805;177718;177823;177810;177828;177692;177826;177831;177856;177880;177870;177830;177803;177854;177876;177872;177922;177874;177921;177853;177877;177917;177879;177878;177920;177992;177919;177873;177923;177916;177989;177990;177994;177991;181751;178008;178023;178047;178046;178045;177918;177988;178009;178116;178117;178180;178225;178302;178224;178179;178181;178305;178313;178315;178303;178320;178314;178317;178312;178321;178304;178316;178401;178411;178318;178311;178404;178402;178413;178408;178405;178410;178406;178412;178415;178400;178044;178319;178409;177808;177461;178453;178458;178459;178594;178595;178598;178454;178591;178457;178590;178588;178597;178589;178593;178592;178587;178693;177590;178694;178688;178689;178759;178757;178690;178799;178800;178761;178760;178802;178695;178808;178805;178801;178806;178809;178803;178758;178931;178923;178804;178933;178922;178932;178925;178929;178934;178930;178926;178927;178955;178953;178954;178928;179034;179028;179036;179029;179039;179031;179035;179040;179033;179030;179116;179037;179123;178924;179038;179118;178807;179128;179119;179122;179130;179125;179131;179117;179126;179129;179198;179127;179196;179132;179124;179195;179120;179187;179115;179190;179188;179199;179194;179185;179186;179189;179197;179192;179296;179291;179294;179293;179304;179191;179295;179193;179303;179298;179299;179297;179300;179292;179354;179302;179348;179290;179353;179355;179347;179301;179350;179352;179356;179357;179351;179384;179430;179382;179428;179383;179432;179431;179427;179588;179435;179593;179349;179429;179433;179434;179305;179121;179571;179573;179592;179594;179578;179596;179576;179595;179570;179581;179590;179577;179585;179589;179572;179591;179586;179658;179656;179575;179579;179657;179587;179679;179680;179685;179678;179681;179721;179677;179646;179719;179574;179684;179725;179682;182571;179724;179722;179820;179825;179827;179824;179828;179720;179830;179823;179882;179919;179829;179822;179917;179918;179916;179821;179915;179962;179964;179968;179971;179826;179961;179969;179967;179966;179970;179992;179993;179963;179965;179990;179723;179914;179985;179989;179984;179983;179986;179988;179991;180047;180044;180042;180041;180043;180151;180046;180048;180045;180141;180147;180134;180133;180137;180153;180136;180138;180152;180143;180144;180145;180135;180146;180149;180139;180314;180142;180148;180140;180309;180315;180303;180306;180310;180295;180317;180297;180296;180313;180308;180304;180318;180311;180305;180301;180322;180312;180316;180294;180299;180302;180298;180447;180336;180337;180333;180334;180335;180449;180150;180450;180300;179987;178455;179580;180307;176141;180451;163458;180452;180457;180497;180533;171429;180536;180541;180538;180529;180528;180535;180526;180531;180530;180540;180527;180537;180539;180525;181199;181197;181257;184071;181198;181196;181256;181262;181201;181200;181259;183767;180534;181263;181401;181336;181264;181402;181258;181403;181334;181335;181779;181405;181498;181457;181455;181503;181778;181496;181404;181456;181502;181497;181501;181499;181500;181581;181583;181586;181594;181584;181592;181494;181495;181582;181593;181261;181577;181591;181590;181574;181585;181578;181588;181587;181589;181662;181580;181669;181575;181663;181655;181665;181668;181576;181664;181666;181667;181659;181658;181661;181660;181657;181747;181745;181752;181753;181740;181737;181736;181744;181738;181656;181739;181734;181741;181746;181749;181732;181742;181748;181735;181777;181743;181829;181776;181828;181733;181827;181821;181820;181823;181819;181824;181826;181872;181869;181822;181910;181870;181909;181868;181914;181915;181908;181913;181916;181871;181902;181750;181579;181904;181903;181911;181825;181905;181907;181917;181906;182091;182125;182111;182118;182127;182108;182104;182119;182128;182129;182109;182126;182114;182103;182124;182106;182115;182097;182101;182098;182095;182123;182094;182122;182112;182099;182090;182121;182107;182120;182102;182092;182093;182117;182100;182113;182110;182180;182184;182182;182173;182116;182089;182096;182176;182181;182178;182172;182174;182177;182385;182383;182185;182183;182384;182390;182388;182175;182179;182105;182393;182389;182387;182386;182495;182508;182391;182490;182496;182507;182491;182489;182485;182498;182501;182497;182502;182486;182506;182500;182494;182499;182492;182503;182505;182487;182567;182493;182569;182504;182484;182488;182562;182565;182568;182566;182563;182570;182573;182670;182561;182674;182672;182669;182671;182572;182673;182744;182743;182742;182800;182798;182797;182898;182745;182894;182903;182799;182895;182906;182905;182893;182899;182896;182901;182897;182392;181912;182902;182900;182564;182675;183002;183013;183016;183003;183009;183006;183015;183001;183012;183007;183005;183030;183008;183011;183017;183010;183074;183071;183075;183004;183072;184801;183077;183076;183211;183073;183278;183208;183284;183210;183209;183282;183014;183287;183279;183277;183285;183281;183280;183286;183360;183288;183378;183357;183358;183356;183381;183382;183359;183380;183492;183361;183379;183355;183501;183495;183500;183497;183499;183493;183498;183662;183664;183766;183771;183765;183768;183661;183494;183663;183856;183769;183857;183859;183861;183283;183496;183864;183770;183855;183858;183854;183860;183899;183863;183937;183939;183948;183940;183952;183947;183951;183900;183942;183946;183935;183943;183936;183990;183950;183949;183938;183941;183992;183991;183994;183988;183945;183944;184031;183953;184032;184029;184033;184036;184028;183987;184030;184070;184067;184072;184069;184034;184066;184068;184123;184108;184122;184035;184119;184101;184107;184106;184114;184126;184113;184121;184111;184105;184120;184109;184124;184104;184116;184125;184112;184117;183862;184103;184118;184191;184115;183989;184337;184192;184110;184193;184338;184340;184341;184194;184342;184345;184339;184346;184404;184336;184407;184403;184402;184343;184344;184798;184408;184803;184802;184405;184794;184797;184799;185421;184800;184792;184793;184796;184795;185446;185449;184406;185445;185448;185463;185450;185598;185596;185462;185603;185597;184804;185602;185599;185601;185600;185595;185728;185725;185726;185729;185730;185727;185882;185938;185881;185937;185604;185939;185940;185935;185944;185936;185945;185942;185943;185946;185724;185941;185975;185447;186020;185947;185977;186022;186026;186024;186023;186021;186149;186157;186170;186155;186148;186162;186151;186156;186146;186025;186150;186158;186159;186168;186154;186171;186163;186166;186152;186160;186161;186169;186167;186165;186153;186234;186147;186233;186164;186237;186232;186250;186253;186236;186254;186259;186255;186252;186262;186251;186256;186264;186261;186348;186263;186257;186338;186342;186346;186260;186349;186333;186344;186345;186343;185976;186341;186258;186340;186335;186235;184102;182904;186337;186347;186339;186409;186408;186411;186334;186410;186464;186465;186470;186462;186471;186463;186412;186503;186520;186502;186581;186638;186647;186519;186641;186636;186639;186640;186642;186646;186684;186501;186648;186686;186635;186744;186747;186745;186814;186817;186815;186685;186816;186812;186813;186811;186746;187014;186862;186881;187009;186810;186879;186858;186857;186901;186870;186868;186863;186856;186878;186876;186855;186875;186861;186637;186950;186873;186869;186877;186880;186874;186867;186899;187000;186900;186872;186871;187012;187015;186994;186860;187024;186951;187007;187016;186998;187006;187008;187023;187025;187017;187005;186934;187010;187022;187002;186995;187019;186997;186999;187011;186935;187013;187001;186996;187021;187071;187020;187004;187037;187036;187070;187073;187149;187018;187154;187072;187157;187176;187144;187116;187159;187153;187145;187147;187155;187150;187003;187174;187142;187151;187140;187115;186859;187139;187156;187117;187143;187146;187179;187148;187178;187152;187180;187141;187177;187182;187175;187275;187280;187181;187274;187204;187200;187199;187303;187376;187281;187312;187198;187389;187377;187273;187294;187276;187388;187387;187394;187313;187390;187495;187496;187492;187490;187304;187491;187494;187493;187664;187663;187393;187651;187724;187721;187661;187722;187941;187970;187940;187662;187723;188032;187489;187939;188064;187969;189170;189147;188063;189110;189169;189102;187854;189172;187395;189109;189101;189148;189168;189229;189111;189228;189214;189212;189208;189230;189210;189209;189211;189205;189206;189204;189249;189257;189256;189213;189255;189401;189399;189400;189402;189308;189498;189494;189500;189497;189499;189615;189496;189502;189398;189711;189617;189616;189495;189719;189618;189712;189714;189715;189709;189718;189717;189716;189720;189886;189835;189884;189710;189713;189832;189882;189833;189879;189885;189880;189887;189888;189881;189883;189934;189876;189929;189937;189877;189930;189932;189936;189935;189933;41989;189931;189878;31296;27143;31125;31297;31126;33572;33573;34942;29370;189501;189834;27144;189207;38856;51691;51690;51692;36033;51695;41990;42318;51696;51698;51694;51693;51700;51699;51697;57154;51704;51703;51702;52567;58776;66506;64907;29371;51707;57587;51701;51706;51708;51705;63610;51710;189171;187158;51712;34943;51713;51711;51714;51716;51715;51717;58166;27145;35552;29373;28282;29372;52568;31767;34698;34779;31766;31768;34699;34697;35920;49826;42319;42253;49827;57155;56600;46013;41473;31765;31673;56021;65908;42397;65025;29375;27146;27147;57156;31338;27149;31319;29377;27150;27148;27152;27151;29376;29374;29379;29780;30092;29878;29779;33381;41474;34233;35004;41475;29378;36079;35606;34429;33266;57298;42320;41477;49828;49830;49829;50975;42177;57157;53285;44687;59445;55166;59053;58480;62002;69172;29879;62198;27154;61658;57158;27156;27153;27155;31390;41478;27158;53233;57159;33894;61523;35676;35470;29380;27157;32076;31963;29381;27160;27161;29383;27163;27162;29382;51719;51718;29384;61524;29386;49831;27166;35565;31449;29387;27167;27164;33382;27165;33383;29388;35445;27168;33500;41991;33501;41480;41476;31450;59552;27159;41479;62176;29385;62674;61728;36016;34289;31451;57161;27594;31452;57162;34276;36200;34070;59983;53234;57163;58408;41481;32211;53530;41992;32212;34071;57164;27169;27595;28325;49832;31128;30191;30192;31127;41482;29389;27171;27172;29390;31320;29391;33100;29392;29343;45471;41483;35025;33099;28370;53589;42235;56601;49835;64865;49836;42321;57166;49833;29395;58299;57165;29393;27177;29394;27175;27176;27173;27174;29397;49834;58765;27178;29396;27179;29399;29400;27181;27180;27183;27170;27182;27184;27185;29402;29781;29401;29404;29403;32047;31111;31112;33503;33502;34944;33384;34945;41486;32048;34166;36121;33385;41484;29782;41488;41487;41485;34167;41993;45622;49837;35103;57168;50856;49838;65798;51135;56602;57169;27186;59948;34260;52989;29405;29783;41489;55974;31391;57167;67222;66355;31392;35471;42840;38643;49839;41490;57160;41491;27187;51709;186336;57170;66956;38180;55761;29398;62060;33223;35245;29406;27188;57171;27189;27191;45106;27190;49841;29409;29408;29407;29410;49840;29411;29413;27194;27605;29412;29914;31394;27193;31393;33158;28203;31769;31770;29913;31621;27192;41492;34358;41493;34359;35368;43389;41494;37844;42815;39389;57172;49842;50984;41495;41496;66356;41994;41497;56603;57842;51638;52473;67242;68955;33785;51720;41498;58142;66617;57173;49843;55621;35758;33159;42302;42322;56604;57175;56605;57174;34437;31396;38946;41499;27195;31395;41500;57176;35955;57177;57178;41501;55588;41996;57180;42794;35715;53590;35034;57179;61595;49844;29414;57181;41502;53502;56606;27196;57183;57182;41997;28224;27197;53359;53317;57184;27201;27198;29243;27202;33895;34320;35677;51721;27200;35740;51639;27647;27204;29415;27199;28355;42104;32440;29416;34213;53403;41503;41995;27203;34709;32439;31622;29915;34708;29419;29418;35304;27207;27205;27206;30048;30049;29420;41504;34046;27208;31398;31397;33121;42958;41505;27209;41506;51640;45078;49845;53286;49846;33193;41507;31453;27211;38644;31454;29423;27210;42398;41508;29421;42869;29422;59639;33194;43152;49849;27520;49850;29424;29426;49848;44038;49847;41509;29425;29427;27213;27217;29428;30037;27215;27216;41998;27214;27212;29429;30036;27572;57185;51722;45539;51723;42000;51728;51724;51725;51726;34199;41999;59682;57466;57186;60059;58525;29430;27218;51727;62573;62096;65026;66668;65598;62780;63626;65866;63091;59354;57187;54612;50080;49852;67198;60092;27530;29431;27221;27219;27220;29433;42189;29784;29785;29434;31965;34754;59118;34753;35246;35747;51730;51733;31964;42001;51729;51732;51735;51737;51736;57189;51739;57190;52969;51738;51734;57191;57188;51984;29432;51731;29417;49851;57193;57195;58129;58300;57194;58561;59451;63279;62494;62935;64637;64614;64966;59054;66493;63473;61596;65958;66921;29435;57196;55830;49853;27222;27224;34438;27223;65569;42049;41966;27227;27225;33431;27226;27228;68956;38684;29438;49854;29437;53487;49855;57197;57198;64092;58722;51742;41510;51744;51743;51741;38857;27230;29440;34192;59854;51745;27229;33430;27231;27233;29439;34366;34967;29916;51740;29436;30193;27232;31322;30194;31321;36004;41513;62210;27236;29442;27234;38807;29441;27235;41512;51746;52970;51747;27237;29444;58791;57200;61641;57199;27238;34153;27239;29244;61680;29443;61453;38181;35330;55442;50377;57435;62960;63295;55920;29445;58576;33215;33896;66802;81125;27241;33251;27240;34214;29446;33267;27242;41515;29245;41514;35080;41517;29447;66289;36201;66957;51748;42002;33559;34215;57201;59829;27243;32115;27244;41516;41511;27247;27246;29450;27245;27249;27248;29448;49856;66958;34439;27250;29449;29451;27251;35741;29452;66959;29453;34506;41518;42004;27255;27252;27256;29455;29454;33160;27253;59855;33161;29456;31190;42003;27259;27254;35921;31189;41519;27261;29457;35922;49857;29459;44313;35956;35986;27257;27264;27262;27266;41520;27267;27265;34959;29458;27260;36005;59190;29460;34981;34431;29461;28171;41521;27258;29246;42005;27263;31400;27269;34430;41522;27268;31399;34193;57614;35005;34194;27271;29463;27270;51749;29462;36006;29465;64908;27272;34739;29464;35247;63021;34845;29466;27273;41523;34982;39514;34740;29469;39433;34968;29467;49858;27274;57313;29468;62061;41524;49860;32049;41967;34024;49859;41525;51339;59119;49861;53893;43859;57203;57204;56006;49862;59493;62116;42929;52632;57683;65546;66856;66196;62961;27275;27276;29471;29473;31771;27511;29472;68876;69092;28170;57205;29470;57192;34035;34036;27277;41526;29476;34072;32050;29474;34485;41527;41528;29475;34200;43822;41529;49863;49864;53235;52737;57206;59064;57207;55757;57208;62962;69093;27279;65599;62177;30195;27280;66197;34037;27278;31773;36070;50968;42007;35305;57209;66857;52752;42006;57658;57210;62381;55622;30248;66618;65570;63092;59065;27513;51750;35306;42008;69072;31774;32178;34038;27281;35331;27282;52068;36071;27512;66198;27283;57211;51751;29477;51113;41530;27286;38645;27284;29478;27285;27287;27288;42816;29480;49865;29479;27289;30038;29481;30039;29483;43057;28204;51089;32179;41531;49866;32180;29484;36710;27290;59121;51364;29482;59120;29485;59122;27292;29486;27294;29488;59123;29487;27293;27296;27295;29489;27299;27298;27297;30142;28172;59125;59124;29248;30144;30249;59126;31090;31089;30250;30143;59127;41533;33252;33432;41532;33253;41534;29880;27291;61567;59128;59129;59131;59130;41535;59132;41536;35026;41537;34457;59133;34755;59134;35446;41538;39335;59136;59135;59138;59137;42009;41540;59139;59140;42465;41541;59143;59142;49868;59141;59144;44398;49869;43398;49867;41539;49870;59148;59146;59147;49872;59149;59151;46252;51158;49874;49871;51752;49873;59153;59156;59150;52971;59152;59155;55504;55468;59157;57212;59159;56607;57214;59154;59161;59160;57659;59158;57213;59145;59522;62676;62675;66781;65960;29490;66782;27300;65959;27302;32051;29786;27301;28173;34239;36202;27305;27307;27303;29491;35973;29494;27308;27304;27309;27310;59162;29493;29495;29492;31623;29992;29991;36122;27311;27306;41542;49876;44093;29496;68877;29497;57431;51159;27313;31624;27315;29498;49877;42010;27314;34718;27312;55566;42236;57215;34780;31402;31403;27316;42323;41543;42011;67223;27318;27317;27319;29958;29957;60103;29960;29959;27320;31401;49875;59521;34331;29787;42012;29500;29499;27322;27321;27323;49878;42013;28174;34679;55434;27324;29501;57216;27325;29502;57217;41544;51754;29503;27326;36007;28175;41545;27327;29505;49879;42015;29504;55433;33885;35759;51753;29506;35248;30180;42325;42014;34261;49880;34073;29344;45003;27531;42324;27328;38923;63072;27329;35459;38646;27330;63680;39445;38662;29507;28326;32052;29508;32024;29509;41546;35553;41549;41547;42016;49882;41548;35748;55897;35733;58167;61547;28205;35447;50821;49881;57218;27331;30015;27332;58577;29510;28176;62781;57219;29881;52738;41550;29851;42017;34486;57220;55746;36080;27334;38950;27333;29511;33786;41552;29512;41553;34074;57221;52990;41551;34075;49883;35027;35678;60077;58777;64093;53591;66465;43634;42019;36182;49884;42018;29513;55850;49885;27335;27606;32473;29514;35607;29515;58196;41554;51755;49886;27338;57222;42020;27336;30093;36203;27337;51756;38788;34208;30095;32474;60152;34207;30094;35320;34846;59494;35699;34025;41556;34983;50969;41557;42021;59163;55698;34847;33195;62003;33196;57684;66301;57223;34076;32077;27340;63259;60104;58616;27339;66290;27343;27341;54829;34812;31775;27342;59722;34077;29518;34984;29519;32129;29516;53639;27344;33939;27346;57224;27347;34026;27349;35679;57225;27348;29520;27345;30181;27350;33513;29521;42022;36204;31637;35448;36008;33837;29522;42421;45499;49895;33838;27352;57226;29517;50489;42190;27351;31697;31991;49896;32025;32026;34367;35307;34960;49897;43399;49899;49901;44911;49898;45500;49900;44381;53236;42366;33386;57228;57227;53650;41558;27355;27354;27356;33387;42023;41559;42959;27353;27359;29524;27358;49902;52652;34985;30182;29523;27357;41560;33886;32116;49903;45107;50021;34765;41561;42024;57229;55687;64927;34027;27360;28356;29526;32117;49904;56610;53447;29527;57231;35039;27361;51757;29528;49905;29883;41562;29882;42303;41563;29525;31696;33787;60060;41555;35460;57230;34509;31772;29529;41564;51759;30016;29961;35680;57232;55715;66553;62004;51758;56611;42025;29530;27532;30197;29532;29533;41565;30196;27362;42026;29531;29962;29535;29536;32079;66230;29534;63345;32078;49906;41566;34441;28327;29537;27364;34487;34078;27363;41567;34262;50842;49907;41569;34468;29539;29538;27366;31842;31841;29540;27589;41568;27367;27369;61695;29543;35681;29542;27368;29541;27365;31843;41572;41571;29545;41570;34321;34440;49909;27370;45385;42841;57233;49908;57234;57235;53640;57570;56612;55139;41573;59316;58679;59237;56613;49910;32454;50610;41574;42027;65719;36116;41576;57236;58033;67199;41575;44132;27373;33088;27372;27371;27533;27374;31309;31844;33224;29884;27375;27378;27376;34039;35249;27377;42028;35957;34458;34469;34687;42029;35784;57238;57239;39361;55716;27380;33574;57237;29544;56701;27379;27381;31776;35736;34263;29546;34264;49911;35007;28283;45540;29547;44593;33162;41577;28284;29548;29886;27382;49912;51845;29549;29885;33433;49913;31091;27385;28177;27386;33887;27384;33090;28285;35028;28286;34040;33089;57240;27383;39499;53894;49915;49914;29551;43086;39434;34041;31339;31340;27388;51641;34692;27387;27392;27390;27393;65249;27391;27397;27395;27394;27396;31456;36081;29552;35449;29887;42326;31455;29553;27399;35923;27398;29555;29550;35682;32118;27389;29554;49916;34813;32119;42030;41578;49917;65785;43621;56702;59984;59164;29556;33897;49918;33888;57241;34240;53855;57242;57243;30199;27400;30251;29558;29557;30198;27401;36169;44056;41643;50043;49921;42031;49919;57244;49920;41579;53531;59384;27404;62545;53318;27403;41580;27405;29559;57247;54830;57245;57246;56614;30145;35785;27408;35332;33924;27402;29560;33923;41581;54643;30146;51642;27409;38713;58891;33163;27407;36082;57248;59308;49923;49922;27406;28178;43349;35006;27411;29562;29563;29564;27410;53237;27414;27412;27415;29566;27416;27413;29567;41582;50822;59393;39418;29565;56615;27417;57250;57251;57249;33889;27418;61771;29569;27419;57252;41583;53255;29790;27420;32120;33898;29572;29570;29571;27422;34028;27421;34986;51760;29568;34020;28328;57253;29573;28371;27423;27424;34987;42032;34042;28225;69118;27426;29574;29575;27427;34988;28206;27425;29789;27430;27428;65799;27429;27431;27433;27432;32181;29577;31457;27434;27435;27436;35647;27442;27440;27438;27441;27439;27437;29888;27444;29578;27581;29695;27573;31114;34201;31845;32027;31113;34961;39462;27445;42327;29579;35250;31458;49924;44935;27446;27448;27447;34360;27450;42033;27451;27449;27443;27452;29823;59830;29580;41584;32183;29824;29582;27453;32182;49925;33434;27454;27457;64866;35040;27458;29581;35184;27455;42035;34848;29583;27459;27456;38776;41585;42034;35598;34814;45132;31777;41588;41587;36049;49926;59355;41589;29576;69055;42036;33216;49927;41590;27460;66466;35472;45015;59288;34241;59523;51447;29584;27463;27461;27465;29585;27607;59524;49928;27462;27466;29889;29586;29588;29589;27464;29587;57254;27467;51761;29590;32184;27468;31846;29890;27469;33123;57872;31847;27470;33122;28287;27471;31298;31675;34155;34499;34154;41592;29591;29592;49929;52525;31674;45472;46170;49930;64431;56035;41591;42037;57255;57843;31698;33435;57256;34168;27473;34442;31699;41594;41595;27472;27514;31676;34249;53256;51762;29593;42328;51763;27474;33788;57257;57258;35683;34989;57259;56616;53828;55505;27475;34079;33092;27476;33091;42038;29594;51764;41596;55021;41597;57260;49931;41598;27478;30050;34990;42070;42039;31404;34047;31778;53319;35272;38924;35729;57262;54995;57263;57261;58117;57264;59723;64797;58945;62097;69169;29595;27479;27480;42040;27477;41593;41586;31115;29561;56617;51766;32441;59469;32502;66255;57265;30096;28207;27482;27481;29963;62025;29891;56618;62963;63153;41599;29792;29791;57267;29596;31779;27483;34303;30099;29597;31460;30097;31723;31780;42041;31716;30100;31459;34302;32392;57266;30098;31782;51769;51768;32393;35599;27484;27486;29598;27485;51770;38846;29600;29599;27490;34234;27487;29602;41600;29601;27489;41601;51767;49933;38847;29603;53404;27491;57268;27488;35723;58143;31781;30017;49932;57269;30040;43365;30102;30101;27492;33165;30041;33164;27494;29604;30104;49934;29605;27493;30103;29606;29607;27496;27497;66803;29609;28179;27498;41602;33166;29608;42042;49935;41603;52163;42406;42422;27495;38182;33101;27500;29611;27501;51365;33742;33743;35369;27502;34991;29612;28180;34962;56619;41605;57299;57270;47152;29613;41604;27505;27504;29610;25927;70970;30133;70972;27499;70971;67256;25926;27503;70975;70976;70977;70974;70978;70980;70979;132057;17162;17163;22226;55115;25707;55116;51813;69263;44959;73946;131765;138209;80911;76403;73947;151469;137827;77406;69307;67002;62925;31858;103195;103837;77404;81599;81600;103839;125372;104573;91124;90199;172499;71993;171960;77050;91895;93717;97661;104459;119617;100593;96045;91125;110778;119616;151470;131233;133675;73964;59367;59366;124768;66927;59365;72542;169425;79083;136619;84368;86873;85256;90200;136620;151468;141082;56412;69803;133676;56413;62458;58514;91894;62715;62716;52052;50432;45017;45018;51190;50433;56378;59192;102203;59193;102204;104972;71994;70973;57796;58204;57795;93409;93658;93408;93654;93344;67229;92757;68936;67003;67004;92840;31857;93652;91915;133410;47046;130630;91261;56666;60161;63067;68935;83117;74153;74152;72218;46733;105300;185896;185888;63418;168261;162548;140918;13852;171605;50603;135707;135706;49176;72219;135709;49175;105074;52715;107096;52716;101159;101160;135970;171539;176296;142054;100574;150797;135708;51765;35646;131726;23650;46784;32443;14729;35702;25954;39563;66256;58814;58813;47901;53625;55817;86318;100422;88090;80481;86317;58389;70126;80482;74369;77528;64568;72203;64569;64567;86326;57062;55593;11059;34361;54990;40927;40926;183027;181672;91428;134892;159537;149094;164982;176551;173271;154960;160335;171389;134871;93483;52044;135410;66811;93482;17213;166380;16192;62628;135409;35648;133361;149064;34050;133269;133217;134629;34216;34490;103968;103969;24683;133623;50831;34363;29724;158648;154962;25172;154351;58580;25171;84007;35451;25925;104354;84008;24682;49707;27583;24815;134452;154961;24681;139668;139667;148428;35042;25148;58597;25120;12076;25757;11428;14686;32400;25547;134302;17611;69421;34432;35743;100961;100962;20485;20486;20484;49805;50044;49803;49804;50081;49995;50301;50319;51501;50524;20487;50045;50300;49791;50318;50410;50046;50491;50411;50490;50412;50559;51114;50560;50492;20488;50573;50843;50823;51115;50857;50970;51184;50824;51075;51074;51076;50649;51116;51136;51117;20489;51434;51421;51435;51433;20490;51453;51437;51436;51340;51073;51668;51572;51509;51525;51584;51583;51643;52579;20491;52527;51771;52526;51669;51847;51846;51673;51858;51871;51870;51900;65098;51996;51954;51986;20492;51997;52069;52023;52022;51848;51985;52070;51502;50378;52480;52164;52475;52474;52477;52499;52479;65099;52476;20494;65100;52478;52500;52529;52528;52682;52598;65101;52581;20495;52739;52498;65102;52972;52667;52991;65103;53220;53218;53222;53221;53219;52740;20496;53287;53257;20497;52580;53295;53294;53321;53408;53296;55067;55069;55068;55071;55070;53372;53303;53320;20498;55075;55074;20499;55078;55077;55073;55080;55082;55076;55081;55084;55086;55085;55079;55083;55072;55088;55090;55089;53238;55094;20500;55093;55092;55099;55091;55097;55096;55101;20501;55100;55095;55102;20502;55103;55105;55104;55107;55098;55113;55407;55108;20503;55469;55114;55109;55167;55163;55172;55168;55283;55408;55413;55409;55282;20504;55605;55521;55589;55522;55106;55454;55531;55567;55530;55590;55591;55592;55637;55648;55607;55689;55700;20505;55606;55718;55699;55688;20506;55729;55982;55762;55784;55922;55758;20507;55731;55785;55810;55921;55414;55857;55087;55717;55899;56562;55968;55957;55967;56089;55898;55923;56115;56139;55730;56279;58511;56140;56036;20508;56161;20509;56191;58532;56190;56194;56192;56189;56206;56237;56330;20510;56207;56280;56331;56236;56048;56193;56343;56305;56257;56344;56345;56281;56347;56384;56332;56346;56406;56375;20511;56387;56466;56390;56389;56479;56507;56556;56506;56563;56555;20512;56583;56582;56580;56388;56581;56256;56629;56554;56638;56637;20514;20513;56644;56642;56641;56639;56640;56664;56645;56646;56643;56680;56747;20515;56775;56647;57393;56768;56767;56777;56817;56778;20516;56776;56854;56870;56853;56860;56868;56746;57685;56943;56869;56861;56916;20517;56914;56919;56915;56913;56912;56946;56945;56944;20518;56949;56948;56947;56971;56970;57997;57024;57005;57038;56917;57056;57048;20519;57055;57060;57058;57047;57061;56911;56630;56969;56978;55858;20493;57300;20521;57059;20520;57057;57306;57304;57303;57301;57302;57458;57457;57315;20522;57321;57314;57305;57342;57344;57343;57448;57436;57370;57345;57495;57449;57467;57357;57497;20523;57447;57496;57341;20524;57533;57534;57532;57660;57535;20525;57661;57588;57662;57615;57664;57663;57686;57688;57665;57698;57707;57706;57763;57687;57873;57762;57790;57844;57845;57874;57616;20526;57697;57498;57856;57689;57888;57887;20527;57933;57935;57937;57936;20528;57932;57958;57938;57998;58034;57973;57934;57999;58104;20529;58037;58118;58131;58144;58130;58145;58069;58168;20530;58169;58035;58264;58036;58179;58146;58223;58197;58266;58267;20531;58268;58288;58265;58301;58270;58289;58287;58269;58326;20533;58341;58325;58271;58340;58384;58425;58444;20532;58807;58481;58397;58493;58443;58383;58589;58492;58318;58495;58170;58497;58498;57846;58578;58496;58499;58533;58590;20534;58723;58617;58680;58618;58534;58742;58741;58808;58600;58870;20535;58873;58872;58871;20536;58923;58892;59470;58922;58946;63107;58947;58964;58948;59033;59032;59015;58986;59170;59034;58743;59187;59107;20537;59364;59016;59225;59226;59188;20539;20538;59238;59186;59309;59291;59292;59290;20540;59320;59289;59321;59394;59385;59324;59322;59323;59386;59640;59525;59254;58974;59724;59395;59725;59397;59398;59471;59399;59396;20541;59472;20542;59473;59475;59495;59496;59476;59553;59452;59566;59565;59554;59603;20543;59604;59567;59474;59754;61568;59784;59755;59809;59810;59811;20544;59526;59605;20546;59816;59783;59815;20545;59814;59833;59891;59813;59845;20548;20547;59832;59956;59954;59856;59831;59964;59903;59957;59985;20549;60012;59965;20551;61729;60078;60014;60079;20552;59986;59654;20550;58494;59955;60013;59812;61506;60106;60136;61379;60137;20553;60126;61411;61485;60125;61507;61445;61484;61458;61380;61483;61509;20554;61511;62036;61510;61513;61526;61525;61570;61549;61569;61619;61512;61548;61608;61607;61643;61706;61730;61707;20558;20556;61508;20557;61787;20555;61773;62062;61772;62005;62006;61788;62039;61745;62007;20559;62038;62382;62041;62040;62073;62111;62178;62112;20561;62072;62180;61642;62037;62098;62179;62200;20560;62212;62239;62238;62211;62219;20562;62241;62290;62347;62307;62348;62306;62387;62366;20563;62409;62434;62240;62388;62435;63285;62411;62437;62430;62474;62408;62365;20564;62475;62436;62495;20566;62476;62410;62497;62660;62513;62512;62548;62496;62515;62619;62511;62547;62620;20567;62661;62700;62546;62514;62733;62557;62707;62756;62708;62815;20568;62709;62817;62818;62868;62860;62869;62899;20569;62870;62888;62936;62816;62982;20565;63024;62677;62937;63022;62199;63023;62983;63145;63026;20570;63027;63108;63093;63116;63109;63120;63118;63025;63058;63119;63122;63123;63121;20571;63219;63163;63165;63164;63220;63221;20572;63154;63184;63264;63117;63260;20573;63262;63261;63287;63124;63298;63288;63286;63317;63296;63321;63315;63297;63320;63322;63447;63316;63367;63299;63665;63467;63448;63475;63535;63538;63474;20575;63537;63539;63541;63536;64480;20574;63608;63222;63612;63613;64432;63615;64433;63609;64435;63616;63540;63614;20577;63667;63666;64434;20576;64285;64284;64283;63668;64289;64481;20578;64376;64375;63669;64616;64615;64290;64291;64629;20579;64617;64618;64436;64680;64639;64641;64619;64482;20580;20583;64698;20582;64967;64681;64640;64782;64799;20581;65684;64783;64801;64798;64803;64805;64804;64808;64802;64806;64810;64807;64890;20584;64968;64809;64892;64910;64909;64811;64928;64891;64911;64638;63611;62900;64800;60105;20585;57271;65045;64969;65095;65104;65250;65096;65077;20586;65574;65252;65572;65547;65573;65571;65251;65608;65610;65609;20587;65641;65640;65629;65611;65666;65685;65667;65655;20588;65607;65686;65763;65787;65788;65730;65818;65819;65868;65800;65817;65870;20589;20591;65869;20590;65923;65816;65872;65871;65994;65980;66032;65981;66022;66232;66199;66215;65867;66171;20592;66302;66291;66231;66292;66347;66200;65786;66346;20760;66357;66442;66314;20593;66372;66467;20594;66348;66471;66494;66470;66468;66496;66588;66469;66540;66669;66587;66670;66443;66589;66691;66712;66715;66714;66713;66590;66692;20595;66495;66783;66817;66819;66716;66816;66821;66820;66818;66823;20598;20597;66822;66825;66827;66826;66824;66829;66834;66830;66833;66831;20599;66886;66877;66892;66901;66900;66902;66832;66893;66303;66903;20596;66858;66924;66922;66904;66828;66961;66960;66923;67000;67186;67001;20601;67015;67016;67138;67187;67139;20602;67189;67224;66962;20604;68903;67191;68957;67206;68923;67190;20603;68926;68925;69031;69073;68924;69120;67188;69122;69119;69173;69123;69124;69121;69175;69126;20606;69127;68902;69235;69234;69373;69125;69366;69174;69416;20607;69417;69367;69415;69419;69807;69798;69797;20761;69418;69809;69808;20608;69824;20605;69947;69260;69843;20609;69811;69862;69812;69975;69973;69974;69972;69971;69970;69976;70086;69980;69977;69981;70116;70191;70087;69979;70193;70190;69978;20611;70192;70252;70251;70254;70253;70255;70266;70117;20610;70194;70270;70267;70256;70268;20613;70366;70269;70367;70541;70538;70492;70539;70452;20616;70542;70540;20615;70543;70580;70579;70582;70584;70583;70581;70608;20617;70698;70725;70783;70782;70607;20614;20612;20600;70799;69810;70801;70759;70606;70844;20618;70802;70805;70800;70803;70875;70874;70876;70804;70845;70962;71036;71021;20619;71205;71139;71094;71203;71208;20620;71204;71209;71206;71211;71244;71210;71253;20621;71260;71207;71037;71394;71376;71493;71374;71375;71531;20622;71532;71791;71563;71565;71792;71518;71793;71564;71615;71795;71794;71797;71796;20623;71799;71855;71895;71896;71990;71798;71938;71837;71939;20625;72005;20624;72087;72089;72088;72116;72230;20626;72117;72235;72232;72231;72164;72366;72234;20628;72278;72502;72424;72386;71309;20627;72457;72598;72233;72572;72573;20629;72575;72577;72571;72503;72576;72599;72701;72574;72578;20630;73398;72425;72720;72740;72799;72857;72479;72798;20631;72875;72812;72897;72899;72874;72682;72326;72876;72900;72858;72898;72978;72925;72901;72980;72979;73077;72902;73017;73092;20633;73016;73148;73076;73180;73202;73181;72115;73179;72719;73288;73078;73245;20632;73329;73401;73316;20634;73513;73328;73400;73556;73514;73665;73399;20635;73680;73681;73723;73402;73666;73727;73725;73722;73726;73724;73753;73728;73801;73785;73820;20636;73786;73800;73752;73803;73709;73821;73799;73822;73882;73884;73883;73888;65105;73886;73891;73889;73887;20637;73890;73893;73885;20762;73940;73902;73905;73903;73941;73904;74022;74034;74023;76107;74420;74134;73906;74035;20763;73892;74182;74136;74137;20764;20765;73802;74212;74183;74211;74184;74214;74213;74285;74353;74322;20766;74215;74185;74356;74354;77245;74355;74358;74357;74360;20767;74361;76199;76109;74464;74509;74493;76142;76108;76158;74359;74508;76160;74494;76200;76159;76249;20768;76275;76251;76201;76250;76296;76295;76297;76294;20769;76298;76354;76276;76379;76381;76382;76378;76384;20770;76386;76385;76524;76563;76559;76525;76562;76451;76561;76380;20771;76560;76143;74135;76425;76567;76565;73223;76383;70798;20772;76566;76586;76569;76705;76704;76587;76706;76756;76568;20638;20774;76682;20773;76707;76785;76961;76757;76935;76999;76991;77085;77019;76962;77568;77198;77147;20775;77320;76784;77146;77199;77181;77148;77236;77219;77049;77724;77237;77274;77321;77324;20776;77387;77325;77323;77300;77485;20777;77436;77664;77486;77420;77322;77492;77491;77490;77489;20778;77525;77526;77569;77488;77602;77601;78465;77701;77555;77570;77218;20779;77527;77487;77744;77809;77817;77818;77808;77821;20780;77807;20782;77851;77726;77853;77897;77819;77961;77816;77982;20781;78041;78106;78010;77898;77854;20783;77820;78040;78107;78466;78255;78042;77852;78504;78257;78260;78261;78258;20785;78259;78538;78468;78653;78505;78467;78698;78654;78668;20784;78761;78763;78539;78762;78869;78765;79119;78723;78888;20787;79209;79121;79120;78821;78764;79211;79210;20639;79122;20786;77725;79214;79213;78256;79430;20788;79333;79244;79382;79432;79383;79354;20789;79435;79576;79434;79433;79623;79688;79621;79431;79598;79436;79659;79689;79716;79740;79717;20790;79823;79741;79825;79854;79853;80025;79824;20791;79718;80027;79852;80028;79622;80030;80031;80032;80029;80167;80168;80033;20792;80392;80391;80412;80034;80411;80413;80218;80548;81041;80549;21054;80441;80474;80472;80511;80851;80510;80473;80513;80410;80026;80471;81177;80514;80517;80515;21055;80516;80551;80827;80552;80550;21056;80852;80826;80943;81017;81019;81018;81016;21057;81043;81162;80945;81163;81341;81042;81144;80944;81045;80854;21058;81178;81165;81296;81314;81255;81297;80853;81399;81412;21059;20640;81256;81544;81644;81482;81400;81729;21060;81398;81420;81567;81509;81569;81568;81570;81565;81572;81571;81484;81573;21071;81646;81566;81590;81483;81164;80512;81668;81756;81755;79212;81773;81753;81775;81754;81776;81879;81910;81951;81645;81880;81772;81881;81771;81774;21061;82023;82022;21062;81950;82074;82071;82070;82069;82024;82073;82268;82524;82267;82471;81971;21063;82527;82525;82526;82565;82072;82643;82661;82644;21064;82659;82662;82642;82696;82766;82765;21065;82695;82697;82660;82991;83086;83109;83050;82792;83111;82992;83052;82993;82911;83110;83112;83277;83134;21066;83176;82847;83051;83178;83180;83177;83181;83182;21067;83255;82497;83252;83256;83258;83179;83259;83331;83257;83333;83260;20641;83251;83261;83262;83334;21072;83414;83435;83777;83344;83544;83345;83413;83759;83332;83779;83758;83434;83760;83778;83762;83861;83761;83810;83863;83809;83950;21069;83811;83862;84045;83989;84117;83972;21070;83990;84122;84118;84125;84123;21182;83780;84120;84124;21068;83175;83949;84316;84119;84148;84319;84317;84213;84211;84121;84318;84214;84320;84229;84228;84210;84230;21151;84212;84430;84429;84487;84563;84444;21183;84209;84612;84613;84664;84615;84617;84794;84428;84339;84616;84619;84614;84564;84620;84900;84635;84666;21184;21204;84957;85240;84980;84665;84958;84982;84984;84981;84983;85075;84986;85042;85076;21216;85079;84915;85078;85122;85077;85154;85081;85123;85156;85080;84618;85157;20642;85158;84985;85252;85159;85344;85578;85155;85251;86400;85297;85265;85444;85345;85445;21270;85253;85648;85533;85506;21291;85509;85534;85511;85510;85579;85508;85512;85682;85683;85724;85684;85735;85660;85507;85799;21292;85797;85874;85801;85872;85875;85765;85800;85907;85982;21568;85984;85873;85983;86102;86291;86144;86103;21300;86146;21301;86147;86190;86204;86185;86292;86206;86208;86218;86207;86189;86219;86293;84208;81698;85798;86205;21234;86294;86145;86244;76564;86221;86295;86298;86297;86296;86379;86310;86443;86401;21321;86491;86416;86415;21371;86467;86466;86565;86299;86468;86493;86494;86492;86617;21372;86629;86630;86651;86652;86650;86758;86809;86566;86465;86784;86720;86760;21373;86786;86759;86789;86787;86783;86788;21374;86811;86810;20643;86785;86871;86815;86814;86847;86872;86848;86816;86813;86944;86896;87065;86897;86672;86993;87107;21376;21375;86812;86911;87168;87123;87203;87169;87108;87205;87170;87204;87216;21377;87236;87217;87320;87407;87239;87406;87409;87238;87463;87369;21569;87408;87464;87466;87468;87467;87465;87462;87470;87237;87498;87497;87530;87499;87529;87471;87536;87534;87533;21588;87535;87756;87758;87757;87915;87532;87531;87755;87868;87537;87814;87774;87816;87846;87815;21604;88804;87845;87761;87469;87066;87759;87916;87760;21612;88012;87939;88015;88011;88017;88016;88013;88019;88010;88040;88014;88018;88084;21613;27858;88409;88455;88487;88637;27860;88517;88456;27859;88521;88516;88457;88083;88520;88523;88518;88519;27861;88524;88526;88678;88576;88749;88712;88750;88861;88805;88525;27862;88748;88711;88747;88836;88806;88838;88929;89776;88928;88837;88899;88897;89024;88896;88898;89023;88894;88895;88901;88522;89025;20644;27863;88902;88950;88930;89026;88952;89078;89079;89732;89733;89100;88953;88951;89659;90598;89660;27864;89734;89865;89778;89827;89930;89828;89866;89933;89777;90421;89931;89934;89932;89826;89935;89962;89936;89997;89996;89937;90855;90094;90822;89995;90188;90349;90306;90095;91255;27866;90245;90147;90021;90402;90401;90404;90507;90400;90405;90403;27867;90915;90824;91333;90677;91256;90588;90350;90406;27865;88900;90589;87888;90826;90678;90827;27868;90760;90858;27869;90856;90917;90857;91082;91257;90918;90916;90887;91087;91086;91085;91084;27870;91089;91090;91088;27872;91092;91091;91258;91095;91093;27871;91182;91184;91083;91183;91188;91186;91187;91185;91190;27873;91191;91094;91320;91259;91219;91218;91189;91422;91341;91425;91220;91423;91424;91450;91498;91451;91181;91557;27874;91559;91560;20645;27875;20646;91499;91561;91334;91122;91558;91563;91566;91565;91570;91568;91564;91569;27876;91727;91729;91873;91567;91758;91726;91876;91725;91874;91878;91914;91879;27877;91881;91882;91877;91728;91880;92408;91884;91954;91956;91893;91968;92010;91955;92009;91957;91883;91875;92311;92033;92011;92313;92314;92316;92456;92312;92319;92318;92409;92784;92511;92583;92315;27879;92317;92966;92750;92751;92863;92699;92860;92865;92785;92861;92862;27880;92815;27881;92985;92867;92866;93509;92869;92868;93025;92864;93046;27878;91562;93047;92584;93106;93217;93120;93241;27882;93045;93218;93243;93219;93107;93220;93682;93683;93399;93398;93242;93510;93559;93511;93603;93601;93648;93607;93684;93773;93715;93604;93649;93602;93460;27884;93938;93827;93775;93801;93864;93809;93800;93954;93953;27883;93600;93956;93606;93958;142021;94044;93605;93959;94068;27885;94153;94152;94155;93896;93955;20647;94157;94069;94158;94156;94154;94195;94249;94351;94287;93957;94289;27886;94045;94288;93774;94159;94508;94464;94352;94466;94465;94509;94574;94468;94467;94573;27887;95025;94730;94732;94731;94735;94734;94733;27888;94510;94737;95054;94954;27889;95284;95466;95053;94669;95386;95426;95295;95371;95285;95318;94736;95428;95425;97351;95431;95385;27890;95430;95433;95568;95570;95432;95569;95434;95572;95574;95573;95629;95808;27891;95567;95661;95949;27892;95807;95467;95429;95873;95995;95992;95993;95994;95997;95566;94353;95996;96035;90825;95999;96871;96304;95571;96406;96336;95427;96000;96438;96436;96440;96443;92999;96437;96439;96445;96483;96441;96442;96656;27893;96872;96719;96796;97852;97047;97083;96605;96763;96978;96444;97853;27894;96927;96720;96951;96953;96954;96979;96980;96981;96955;27896;27895;97049;97099;97048;97084;97018;97016;97208;97221;97098;97301;97209;97017;27898;97222;20648;27897;97303;97223;97050;97321;97319;97323;97322;102814;97320;97302;96952;27899;97383;97521;97384;97190;97468;100545;101833;97304;97434;97523;102258;99121;97602;97600;97601;97604;97603;97522;97633;97605;97551;97318;97608;97658;97606;97634;97721;97659;97752;97607;97720;27901;97719;97722;97723;97973;27900;97793;97660;97856;99093;97779;97855;97778;97887;97936;97857;97854;97937;97917;97938;99122;99025;99024;99095;99094;99023;99098;27903;99097;100677;99101;99196;99182;27902;99197;99100;99626;99279;99435;99198;27904;99099;99303;99096;99195;97753;97324;99278;99581;99582;99656;99660;99659;99583;99657;27905;99658;99723;99724;99655;99726;99686;27906;99725;99685;99965;100154;99966;100293;100248;100098;100249;100101;100100;100099;99993;100216;100102;100155;100379;100265;100247;100217;100219;27907;100156;27908;100250;100251;100252;100253;100267;100266;100255;100414;100268;100412;100294;100413;20649;100254;100460;100411;100509;27909;100547;100590;100548;100546;100591;27910;100632;100663;100549;100662;100633;100570;100666;100218;100678;100415;100665;100668;100664;100835;27911;100781;100667;100837;100836;101261;100921;100920;100755;100924;100922;100926;100923;100925;100931;100927;100933;100987;100930;100988;100932;100928;101148;100929;101024;27912;101149;101062;101083;101150;100990;27913;101152;101154;101156;103319;101157;27914;101151;101263;101153;101155;101546;101354;101809;101769;101835;101834;101545;27915;101894;101892;101262;100989;100919;101893;101770;100153;101231;101950;102091;101949;101952;101929;102092;101973;101951;101974;102071;102015;27916;102016;102034;102160;102033;102196;102093;102014;102197;102198;102195;102260;102416;102261;27917;102259;102422;102420;102419;27918;102424;102523;102423;102522;102161;102493;102418;102417;102580;102525;102524;102421;102583;102581;102680;102584;102679;102582;27919;102777;102697;102815;102819;102681;102857;20650;27920;102957;102956;102818;102678;102820;102976;102817;103047;103372;103187;103249;102816;102975;102543;103217;103218;103320;103322;103325;103321;103323;103324;103327;103416;103356;103418;27922;103417;183526;103326;103643;27921;103644;103642;103646;103808;103731;103466;27923;103692;103774;103776;103773;103662;103667;103775;103641;103780;103779;103811;103810;103778;103809;103813;103814;103815;103863;104118;103812;103921;27924;103691;103645;27926;104122;104143;104211;103834;104173;103835;27925;104121;104120;104213;104318;104212;104272;104321;104320;103250;103777;104322;104319;104119;104431;104477;104317;104323;104496;104432;104377;104569;105542;104994;104625;104807;27928;104543;104715;105543;104734;104714;104653;104716;104735;104739;104713;104737;27929;104995;104738;104652;104809;104717;104785;104845;104881;104808;104810;104844;104883;104736;105021;104712;27930;105038;20651;104846;105037;104884;104882;105102;105354;105101;105103;27931;105107;105106;105254;105100;105649;105173;105583;105104;105355;104784;105686;105687;105544;27932;105105;105688;105723;105724;105099;105746;105750;105726;105749;105727;105748;105745;27934;105747;27933;105725;105767;106074;106265;106134;106482;106135;106264;106267;105766;106269;106268;106266;106271;106096;105751;106272;108750;106790;106348;108751;106295;106483;106371;106347;106556;106533;27935;106534;106558;106372;106620;106582;106557;106677;106373;106676;106675;106749;27936;106791;106793;106794;106619;106792;125352;106581;105650;106678;106270;95998;106709;101928;64929;106837;27937;27927;106869;107145;106927;86220;106929;106839;106945;106968;107215;107087;106969;106928;106972;106838;27938;107146;106971;107147;107117;107148;107194;107193;106973;107003;27939;107293;107256;107192;106970;107257;108335;107023;108949;108372;108371;108453;27940;20652;108514;108484;108513;108582;108657;108403;108658;108707;108483;108709;108583;108708;108706;108833;108710;108832;108793;108834;108794;108840;108841;108842;27942;108879;108843;108878;108950;27941;108370;108835;108951;109002;183533;109311;109200;109199;109466;109086;109315;109313;109312;27943;109467;109468;109316;109314;109648;109317;183611;109469;109680;27944;109600;109649;109681;109892;109798;109812;109863;109940;109343;27945;109650;109723;110047;110044;110045;110046;109894;183610;110049;110050;110051;110094;110191;27946;110124;110052;110264;110226;110286;110263;110320;27947;110048;110285;110321;110395;110382;110413;110549;110262;110475;110474;183612;110322;110477;110479;109058;110225;110550;110478;110481;109893;110480;110513;27948;110515;110533;110516;110552;110517;110514;110622;110532;110611;110551;27949;110641;110765;110662;110721;110939;110897;110894;110896;27950;110895;110899;110921;110898;110900;27951;110623;110925;110941;110805;110924;110923;110922;110974;110940;110973;110975;111005;111039;27952;111038;111006;111062;111266;111060;111268;110942;111135;111061;111374;27953;111330;111267;111349;117537;111331;117825;20653;111041;111269;111040;111526;111511;111510;27954;111576;111578;111512;111640;111580;111672;111579;111641;111749;111581;183608;111513;112017;27955;111577;111843;111752;111748;111844;112033;111750;183638;111751;112083;117479;112058;111673;112110;112109;111753;112032;112113;112111;112149;112190;112189;112205;27958;112084;27957;112150;112112;112151;117331;117356;117538;117539;117357;117456;117595;154827;27959;117805;117869;117867;117868;117454;117806;117631;183598;111375;117630;27956;110476;117496;117871;117873;117872;117455;117913;117904;117915;118322;118067;118794;117996;117934;118081;117935;27960;118082;118358;117914;118142;117916;118083;118323;118176;118144;118200;118324;118201;119300;118326;118325;27961;118359;118068;118328;118143;118329;27962;118392;118567;27963;118393;118568;118750;118591;119146;118795;118492;20654;118820;152537;27964;118751;118855;118906;118904;119043;119253;118966;183596;118907;118968;118905;118970;118967;118797;118954;118796;118327;119014;118972;118971;118969;27965;119118;119255;27966;119301;119337;119254;119302;119496;119339;119257;119216;119303;119458;119459;119652;119580;119256;27967;119653;183599;125542;119497;119655;119830;119338;119654;119828;119829;119826;119827;119581;121062;119832;27968;119340;183626;121096;121095;121210;121186;121211;121187;121212;121063;27969;121244;121345;121161;121329;183637;121224;121346;121382;121381;122398;122479;121594;121592;121469;27970;121432;118973;121328;122052;121593;119831;121470;121595;183642;121508;183651;121507;27971;121541;121597;121598;122053;122054;121639;122055;121640;121619;121596;27972;122153;122183;122152;122399;183648;122184;122481;122314;122499;122482;122500;122480;183645;27975;122610;27973;122362;122667;122647;122646;122668;27974;183594;122716;27976;122813;122533;122669;122892;122811;122868;136604;183630;122946;123001;123077;122812;123074;123075;124152;123078;124114;123127;27977;183603;123502;123457;20655;122893;123076;123505;124271;123504;27978;123641;27979;123678;123679;183633;123676;123680;123682;123786;123751;123787;27980;123931;123930;124272;123675;123677;123555;123933;123973;123934;124019;124115;123503;123932;183623;123999;123681;27981;123750;124085;124273;124191;124322;124275;124297;124407;124274;183631;124408;183649;27982;125765;125386;124458;124587;124561;124677;124679;124678;124676;124696;124759;27983;124718;125026;124717;125025;123414;125593;124457;121506;125135;117870;124323;125134;125475;125353;125028;125136;124758;125474;27984;125138;65106;124116;125139;125137;27986;125140;27985;126095;125143;125251;125145;125253;125252;125215;27987;125339;125141;125338;125766;125948;125354;125337;125144;125476;125142;125355;125544;125594;125545;125622;20657;20656;125621;125623;125625;125624;125704;125705;125720;27988;125722;125724;125726;183607;125768;125769;125767;125770;125725;125811;125772;125851;125771;27989;125813;125721;125852;125854;125543;27990;125812;126066;126067;125998;183643;126097;126065;126096;125723;126098;126099;126064;126174;183605;126241;126255;126068;126257;126256;126306;27991;126503;126375;126254;126464;27992;126563;126565;126504;126445;126374;126305;183600;126566;126567;126242;126564;126465;126568;126698;27993;127093;126745;27994;126598;126746;126747;126772;126815;126818;126816;126749;126748;126948;126774;126773;27995;126950;126949;127886;126817;127041;127792;127042;127094;127043;127096;127793;127095;127097;127887;126947;127795;125853;127800;127796;127802;127801;127798;127799;127804;127791;127839;27997;27996;127890;127888;127797;127806;127892;127889;20658;128023;127803;127805;127840;27999;128026;128024;128028;27998;128030;128029;128025;128050;128076;128075;128049;128320;128322;128027;127891;128474;128321;128412;128680;128993;128323;128031;128505;128476;128506;28001;128477;128545;128475;128629;128507;128631;183606;128521;128630;28002;128614;129048;128874;128754;128756;128875;28000;128681;128682;128755;128478;129049;134888;129351;129289;129290;129466;28003;129384;129488;129489;129556;129677;129050;129712;129491;129490;129385;183629;129775;129774;129808;28004;129882;130146;129967;130150;130052;130147;28005;130149;28006;129749;129968;130152;130148;130003;130585;130200;130167;130392;28008;130393;130362;130395;130513;28009;130586;130394;130396;130429;28007;142870;130623;130428;130588;130427;130961;130587;130757;130622;28010;130962;131011;130964;131694;130963;131012;130151;131013;128967;130756;134657;131014;130966;28011;127794;131313;131017;131016;131162;131161;131225;131074;131072;131015;131226;20659;131182;131392;131315;132011;131560;131559;28012;131695;131073;183628;131722;131564;131696;28013;131561;131565;131563;131314;131923;132012;131562;132013;183555;131924;132095;132016;132014;132310;28014;132689;131761;132692;183644;132691;132015;133142;183542;132748;132240;133224;132747;132929;132746;183636;28015;132768;132930;132931;131723;132854;132932;28016;132690;133143;132933;133144;133039;133204;133206;133205;133225;133289;28017;28018;133040;133178;133292;133179;133291;133293;133294;133352;133350;133207;133290;133351;133354;133356;28019;133398;133355;133449;133353;133521;133548;133496;133524;133523;133522;133450;133647;133549;28020;133646;133649;133648;133550;133764;183716;133840;133551;133715;133795;28021;133793;183647;133798;133797;133799;133796;133794;133951;133950;134037;28023;134038;134300;134299;134298;28022;133497;132953;134039;134367;133800;134442;20660;134660;28024;134662;134659;134664;134402;134658;134663;134758;134699;134856;135027;135028;135029;135171;135229;135270;183650;28027;28026;135282;134661;135170;135026;135271;28025;135283;135269;135286;135399;135581;135284;28028;135398;135455;135846;135894;135847;135672;136027;135895;135968;135966;136398;136028;135896;136083;136281;136029;151919;136171;136087;28029;136089;136172;136088;28030;136282;136084;136085;136086;136399;136173;136420;136545;136546;136606;136401;136607;136605;136493;136663;135285;28032;28031;135967;136710;136692;136708;136964;136608;136730;136709;136732;136733;136731;136966;136759;28033;136943;136967;136803;136801;136802;136965;136944;136894;137043;137044;136711;28034;143270;137046;137179;137133;137295;137298;137178;137296;137297;137300;28035;137301;137232;28036;137555;137554;137625;137352;137556;137553;137745;28037;20661;137825;137299;137824;137849;137891;137872;137045;136400;137848;134301;137744;130965;125027;138133;138134;137353;138135;28038;138138;138139;138136;138166;138137;138498;138168;138326;138208;138325;138497;138167;138834;138165;28039;138835;138836;28040;138874;138872;138873;138999;139365;139179;138875;139180;139024;139023;138998;138997;139026;139027;28041;138552;139181;139182;139366;183602;139312;139028;140028;139313;139368;139370;139479;139369;139367;28042;139372;139373;139596;139311;139567;139659;139480;139568;139661;139693;139662;139725;139724;139692;139660;139025;139770;139371;28044;28043;139783;139782;139784;139848;140176;139908;140029;140265;140031;140177;183622;140030;140179;140178;140180;183635;140182;140184;140183;140181;140267;28046;140450;140451;140266;28045;140600;140458;20662;140593;140592;28047;140604;140601;140646;140639;140645;140644;140590;140642;28048;140641;140647;140648;140643;140638;140652;140637;140651;140650;183583;140659;140717;140589;140719;140723;140720;140603;140591;28049;140649;147981;140730;28050;140751;140640;140753;140736;140786;28051;140754;140722;183597;28052;140752;140729;140802;140801;140788;140800;140803;140784;141482;140929;28053;140925;140924;140920;140755;140923;140919;141825;140701;140922;140787;141092;140928;142027;140921;148334;140927;141922;141111;141112;141097;141109;148842;28054;141180;141178;141095;141181;141179;141182;28055;141176;141183;141110;141302;141301;141459;141177;141450;141447;141451;28056;141448;141449;141542;141483;141936;183624;141537;141545;141206;183552;183639;141479;28057;141538;141539;141544;141054;141541;141615;141824;141862;141621;20663;141821;142502;141620;141863;141934;141822;141820;141913;28060;141932;28058;141937;142017;142026;142865;142367;141923;142218;142055;28061;141921;142464;28059;142371;142499;142498;142735;28062;142501;142368;142729;142732;142370;142721;142741;142001;142727;142736;28063;142739;142969;142966;142866;142968;142998;142731;143127;142500;142730;143121;143215;143120;143214;143119;143242;143206;141543;28064;142967;140724;143264;143267;142369;149521;143271;143266;143268;143376;28065;144890;143269;143373;143433;143428;145013;143375;143431;143374;143432;143430;144111;143445;143429;143476;144110;144112;143585;144011;143584;144709;144078;144015;144013;144012;28066;143587;144299;144066;144016;28067;144337;144710;144704;144746;144751;144747;28068;144749;144745;144788;144750;144808;144789;144785;144752;144786;144897;144943;144849;145228;28070;144870;144869;145046;145011;28069;147987;145234;145078;145048;145047;144787;20664;144300;145409;145464;144944;28071;145410;145081;145007;145221;145517;145510;145514;145518;145463;145516;145515;145511;146349;28072;146044;146043;146069;146070;145542;28073;146068;146306;146209;146302;146301;146208;146066;145512;146350;146385;146375;28074;146435;146348;146494;146538;146351;146437;147988;28075;147979;148011;147996;147999;147986;148006;146436;147977;147983;146384;147980;147975;147990;147997;147982;28076;147978;148009;148008;147991;148005;147976;146303;148000;147994;147984;145084;28077;148007;148004;147993;183108;147989;147998;147985;183587;183641;183571;183640;183557;148010;28078;183546;183126;183619;183539;28079;183620;183698;183175;183530;183132;183158;170923;183141;183553;183702;183538;183616;183618;183528;183705;28080;183693;183582;183566;183701;183548;183532;183704;183738;183543;183554;183156;183558;20665;183692;183715;183113;183157;183531;183180;28082;183709;183588;183166;183621;183700;183155;183541;28081;183130;183181;183556;183717;183573;183617;183584;28083;183585;183609;183550;183124;183634;183570;183595;183627;183168;28084;183160;183162;183109;183625;183563;183178;183170;183547;183118;183179;183114;28085;183646;183691;28086;183632;183110;183551;183163;183560;183601;183712;183604;28087;183697;183103;28088;183536;183115;183182;183161;183572;148003;183139;148001;147974;147992;147970;147973;147972;147971;148002;147969;148089;183578;148034;147968;183148;147995;28090;183119;148135;148108;148130;183137;148218;148248;148244;148891;143249;20666;28092;28089;148279;148335;148495;149032;148295;28093;148493;148497;148555;148494;148492;148554;148691;148689;148690;148911;149244;148491;148498;148260;149044;28094;148496;183116;148856;148855;148859;148991;148938;148992;148819;149251;28095;149252;149092;149253;149055;148987;149323;150325;149322;149093;149417;149332;28096;149306;149418;149409;149405;149324;149474;148810;149408;149419;149410;148953;149407;149661;149415;149404;149416;149411;149519;28097;149478;149446;149651;149520;149527;149650;28099;149406;28098;183142;149477;149834;149742;149908;149906;149818;149905;149727;149903;149907;150712;149988;149991;150029;149649;150131;28100;150324;150129;150028;150492;150144;153852;150320;150130;150134;164828;150132;28101;150232;150152;150164;150143;150420;150292;150234;150394;150151;150692;150691;183707;150690;150846;150233;150793;150857;28102;150436;150867;150940;150809;150155;150939;150949;152134;150030;150953;151017;150942;151000;150947;20667;150954;28103;153127;153131;150955;150957;20668;150948;150952;150995;151443;169510;151451;151583;151452;151444;156562;28105;28104;151800;151835;151836;151830;151680;153129;150956;151921;28106;151907;151920;151837;151924;152081;151679;152002;152136;152555;152135;152143;152145;153942;152144;152180;156918;152229;152079;28107;157372;152230;152181;152420;152363;152362;152416;152235;183153;152830;153130;152417;152216;152536;183559;152508;152178;28108;152632;152637;152681;152665;152640;152702;156633;152870;183586;152784;152639;152869;152868;152774;152918;183706;152917;28109;152913;152954;183579;152916;152953;153143;153138;157224;152957;153134;153144;152846;153139;153361;28110;153137;153142;153174;28111;153156;153476;153179;153526;153183;153527;153177;153178;153445;153367;153408;153366;153407;153243;154053;153510;153391;153514;28112;153449;153448;153511;153211;153145;150858;153573;153406;153591;153446;153447;153592;153766;153569;152539;153568;28113;153781;153593;153768;153769;153770;153801;154205;154162;153785;153797;153799;153789;153851;153788;153856;153802;153853;28114;20669;153855;183575;153857;153888;153908;153910;153866;28115;153779;153959;154203;153854;154227;28116;154273;154204;154242;154274;183529;154279;28117;154328;154278;154405;154241;154337;154352;154431;154779;154709;154413;154415;154704;154977;154783;154903;154778;28118;154569;154338;153925;156561;154883;154414;154972;28119;155162;154980;155222;155220;155232;155221;155295;183131;156041;155892;155296;155297;155374;155375;155308;155655;155351;28120;183591;155687;155637;155602;155727;155672;155752;183710;183147;155751;183580;155722;155747;155750;155681;155767;28121;155923;155766;183152;183614;183703;155768;155908;183690;155943;183549;155935;28122;155939;155729;155944;183592;155936;155938;155925;160896;28123;183123;183120;183154;156203;155952;183111;155970;183164;156043;154974;155749;156055;183104;156161;183129;157139;156076;156054;183708;156042;156105;156122;156168;156104;178945;28124;156171;156472;183525;156155;183169;156190;156486;156485;28126;156483;156710;156568;156544;156481;28125;156482;183112;183149;156484;183724;183172;28127;156612;176377;183135;156608;156645;156711;156650;156743;183545;183145;156772;156712;156744;166448;156613;20670;183176;156853;183133;28128;183173;156802;156804;183171;156742;183117;156543;156879;183576;156801;183122;160853;156880;156934;156914;156917;156961;156962;157143;157059;28130;157057;156915;183177;157112;183143;156960;157085;157160;183589;163079;183150;157162;183720;160668;157299;160980;28131;157287;157286;157243;157371;183544;157351;183106;157349;157350;28132;157458;157355;157353;158125;183127;157370;183146;157404;157356;157456;183138;157352;157457;157843;157882;28133;183165;157463;183134;183590;158212;158053;28134;158072;157357;183174;28129;138132;156040;153508;183159;28091;158258;158135;158162;158253;158159;183577;158161;158160;158255;28135;158254;158250;20671;158256;158249;158259;158272;158572;158273;158271;158456;158457;158453;158454;158502;158458;28137;158680;158455;28136;158574;183694;158679;158646;158573;158683;158688;183136;161245;158737;158728;158731;159022;158789;158939;158866;159208;158905;158901;28138;158817;158940;158937;159631;158902;158932;158987;28139;159026;159024;159059;159058;183713;159020;159107;159144;158941;159309;28140;159142;183711;183125;159137;159255;183568;158938;159189;183695;159204;183593;159138;183613;28141;159331;159248;159192;159328;159308;159361;159363;159268;159346;159372;159160;159373;159330;160588;159386;162171;159384;159364;159243;159387;160234;159524;159515;159380;183567;28142;159395;159579;159589;28143;159593;28144;160309;159689;165813;159645;159594;159639;159729;160211;159690;160207;159882;159687;159982;159714;160028;159725;183107;160026;159719;160027;159385;160401;159143;159630;160065;159711;183140;160213;28145;160188;160206;160214;28146;160478;160519;160290;160307;160308;160205;160323;161983;160444;160275;160318;160317;160233;160636;160507;28208;160506;160474;161611;160674;160538;160502;160724;160959;161059;169518;161025;161058;160977;20672;161063;161061;161060;161480;161064;28209;28210;161251;161209;161171;161219;161386;161170;28249;161336;161249;161252;161330;161250;161663;161248;161337;161253;183574;161447;161448;161451;161452;161450;161473;161810;161474;183561;28288;161446;161449;161481;161062;28251;28250;161809;161874;161812;161576;161634;161615;161690;28357;161613;161724;161633;161670;161630;161759;161728;161723;161790;161671;161912;161750;161789;29236;161908;28358;161920;163755;161922;161957;161954;161956;183151;161950;161938;161909;28359;161986;161958;163110;161959;161982;161981;164377;162173;162290;162221;162170;162962;162263;28360;162718;162172;172054;162394;162376;162404;162688;162515;162773;162424;28372;162426;162552;162485;162471;183718;162514;162553;162377;162425;162614;161811;161955;162554;160025;29214;162691;162689;162690;29696;29213;20673;162733;162702;163026;162821;29304;162735;163035;162734;162993;163112;29215;163111;162822;162932;162994;163113;163108;163109;163106;163117;163107;163104;183540;163267;164944;163285;163302;163272;164256;163270;183699;163055;163287;29238;163325;163436;163468;29237;163454;183714;163522;163305;163469;163520;163521;163525;163523;29239;163577;163680;163679;163701;163467;163545;163863;163871;29305;163756;163865;163855;163829;163860;163923;163561;163294;163922;163872;164012;164005;164146;163921;164003;164031;164015;164016;29738;164034;164029;164036;164013;164157;166179;164037;29739;164280;164275;164327;164124;164281;164287;165631;164326;164376;164382;164381;164378;164324;164030;165062;164421;164392;164386;164486;164506;29793;164493;164483;164587;164627;164528;164628;164538;164671;164670;164529;164654;20674;164669;164680;164617;164682;164683;164929;164896;164891;164681;164890;165110;165016;165015;163924;164950;165011;29892;165084;165109;29740;165662;165082;165524;165188;165247;165248;165205;165277;165220;183721;29918;165287;165278;165204;167743;164655;165282;165281;165289;165290;165280;183121;183128;165324;29919;165321;165323;165319;165417;165286;165320;167852;165322;165461;165465;165325;165457;165466;165470;29920;165459;168153;165463;165527;165525;165600;165505;29921;165601;165602;165653;165668;165504;165690;165680;167065;165706;165650;165716;165326;29922;165526;165669;165731;165820;165651;183144;165717;166014;166012;166010;29964;183615;166006;166088;166108;166013;166103;166089;166114;29978;183105;166049;166106;166155;166115;166219;166178;167834;166265;173620;168011;166262;166109;166560;168231;166154;166008;166261;166266;166286;166113;29979;166156;166414;166569;166452;166276;166499;166339;166514;166500;166498;166272;166559;166558;166574;30018;166619;166576;166561;166800;166799;167273;166668;166748;30042;166861;165718;166798;166669;30019;20675;29917;166939;162625;167166;166941;167196;167061;166264;167197;167229;167234;167542;167060;167272;168311;167286;30043;167513;167770;168282;167920;167919;167771;167921;176237;167865;167744;167874;168146;167767;167530;30147;167900;168150;168160;171732;183723;168193;30183;168208;168152;168184;168275;168154;168280;168010;168234;168185;168337;168281;168316;183696;168227;168312;168635;168317;168347;168376;168375;168348;168349;168346;30184;168148;168631;168344;30252;168279;168345;168460;168470;183569;168467;168466;168464;168479;168489;172127;168509;168533;168534;168628;168452;168518;168516;168627;168630;183719;168636;171576;168465;168653;168724;168642;168733;168744;31092;168840;168732;31093;169727;169516;168673;169707;169461;168883;31164;169585;169883;169689;169583;169692;169732;169584;169730;169726;169688;169587;169712;169909;169711;170082;169690;169904;169905;31165;169807;20676;170001;169997;170010;169734;169691;168391;169586;170011;173050;170039;170415;171734;170111;170110;170103;171087;170180;170078;31166;170126;170109;170181;170188;170178;170187;171012;170185;170412;170413;170280;170728;170473;65107;172056;31341;170417;170179;170727;170565;170561;171964;170644;170762;171009;171011;170556;170658;170651;170734;170632;170735;170898;170891;31405;170650;170907;171250;171251;170913;170927;170926;170928;170908;31406;171056;170960;170961;170910;171014;171103;171090;170925;170912;170966;171211;171088;171105;31461;171249;170562;171252;171266;171261;173780;171263;172613;171264;171364;171265;174409;171270;171248;31603;171361;171212;171262;171392;171386;171365;171260;171472;31625;171470;171483;171513;172055;171484;171388;171269;171577;171578;171592;171573;171579;172031;31783;31638;171733;171574;171812;171810;171926;171930;171941;171867;171637;171951;171928;31639;171942;171940;171943;172223;20677;171952;171986;171969;171985;171954;171575;171938;172025;171109;170012;171939;172024;171965;172053;171967;31677;172082;172048;172050;172049;173052;172094;172092;172136;172091;31678;172133;31700;172095;172057;172132;172126;172135;172134;172131;172213;172228;172209;172243;172222;172241;172227;172216;172230;172246;31701;172367;172365;172443;172229;172444;172366;31702;172442;172362;172441;172495;177460;172504;172511;172488;172093;172497;173277;172558;172576;172545;172573;172575;173425;172589;172631;172574;172590;172619;172614;172632;172496;172617;31704;172588;173253;173037;172238;173781;173051;173432;173326;31784;31703;173265;173269;173372;173434;173424;173374;173440;173349;173437;173433;173443;31785;173481;173618;173653;173621;173619;173648;173834;173718;173652;31848;173717;173730;173654;173782;173797;173794;173831;173441;173863;176265;173949;173945;173861;20679;173944;31966;174161;173946;174006;174154;174044;174141;174153;20678;174437;174160;174155;174173;174266;31967;174274;174805;174228;174271;174787;176456;174230;173795;173039;32053;174172;174272;174449;174331;174330;174344;174461;174410;32028;174450;174457;32029;176892;174459;174485;174553;174610;174591;174751;174484;174458;174752;32054;174460;174750;174806;174772;174807;176252;187743;174907;174486;174749;174961;174804;174929;174932;174960;32185;175976;175150;176364;175083;174959;174997;175284;175147;175109;175149;175283;32186;175723;175288;175565;175285;175560;175537;175487;175566;175567;175572;32187;175561;175573;175394;175575;174906;175600;175666;175579;176242;175599;176243;175722;175671;175821;176248;175915;175820;175148;32188;176241;176327;175884;175883;175977;176063;175914;175996;176088;175988;176257;176067;178444;175916;176090;176064;176091;176089;176227;176226;177429;32190;176215;176239;175975;20680;176340;176325;176338;176326;176324;176342;176240;176388;176361;176341;32192;176459;176228;176244;176670;176323;32193;32191;176482;176479;176493;176480;176458;176491;176455;176336;175574;32189;176478;174276;176489;176218;166940;33254;32357;65109;32358;33198;33197;32430;32360;32359;176501;176492;176488;176490;176487;176561;32431;176540;176484;176550;176562;176565;32432;176563;178778;176617;176616;176713;176712;176715;33093;176564;176534;176886;176744;176639;176726;177463;176885;177216;176986;176981;177109;33124;176745;177051;177050;176987;177108;177107;177111;176968;177114;177115;177260;177390;177352;33199;177275;177263;177326;177324;177327;177558;177256;177325;177323;177080;176714;183410;177423;177453;177354;177356;177431;33388;183722;177389;183564;183562;177426;183527;183565;177454;177433;33217;33255;177472;177476;177471;177459;178661;178660;178326;177536;178656;33436;178445;177696;181839;177430;178653;178657;178654;177537;177891;178659;177901;177902;183752;177910;33389;178000;177998;177999;20681;178001;178658;177900;177934;178106;178779;178655;178105;33390;178211;178107;178210;178108;178212;183524;33464;178207;178208;183535;178649;178648;183534;178662;178209;178652;178223;181249;33544;178651;178260;178650;177711;178680;178677;178283;178647;186986;178481;178486;178487;181247;178282;178749;178443;33504;178780;178482;178755;45473;178777;178750;178794;179075;178789;178795;33531;179616;178636;178798;178796;178913;178915;178914;178920;178919;178940;178947;33827;33758;178946;178912;179061;180286;178974;178948;179062;179063;179146;179203;179246;180003;33560;179334;179436;179332;179331;179459;179306;179340;179247;179406;179333;178797;33575;179584;179597;179076;179652;179691;179660;179706;179705;179734;179733;179893;183789;179880;33587;179704;179904;179653;179881;179903;179938;179905;179929;20682;179940;179907;179939;180008;33759;180004;179936;180011;179937;179941;180029;180181;180223;180187;180226;33760;180227;179902;180224;180222;180261;180260;180257;180258;33807;180274;180285;180268;180259;180361;180332;180362;180236;180446;180442;180431;180444;180441;180468;180445;180443;180472;180488;180473;180471;33808;180321;178222;179659;180510;181189;180103;181248;180512;33809;181184;181185;181186;180532;181561;180558;33940;180557;180545;180560;180562;180556;180559;181004;181006;181005;181178;181237;181315;181318;181316;181238;181129;181319;181883;181317;181769;181393;181364;181838;183874;180561;181362;33941;181363;181427;182081;181426;181411;181450;181453;181541;181482;181452;183427;181542;34048;181543;181540;34059;181451;181560;181637;181639;181638;182376;181641;182469;181635;181636;181688;181640;181687;181689;34080;181765;181692;181767;181766;181764;181613;181410;181945;182612;181899;181900;20683;181943;181898;181944;182420;186327;182520;184162;183751;182892;182471;182843;182431;182421;34094;183750;182437;182470;182528;182577;34116;182531;182530;182468;182558;182557;183426;182480;182529;182582;182578;182789;36904;182432;182791;183787;182817;182769;183273;182844;182944;183428;182845;182792;182907;182982;182891;37738;183272;183581;183230;182932;183197;183308;183887;183384;183231;183537;182583;182872;183271;183429;182691;183873;183342;37936;183888;183458;183754;183456;184026;183461;183459;183460;183457;183788;183455;183773;183924;183779;185738;183778;183790;183753;183889;183454;65110;184087;38073;183886;183232;183780;184025;36243;184188;183834;184095;183929;184018;185512;184009;38000;184086;184085;184088;186613;184098;184096;184161;184027;184190;185457;37910;185456;184451;184097;185162;184210;184209;185342;185739;185416;185503;184019;185504;184168;185708;185569;184303;185779;183923;185778;185930;185568;185780;185781;186016;186010;185910;36855;186015;186993;186014;186037;186085;186039;186490;186013;186489;186038;186082;186077;186488;186084;186086;36256;20684;186076;186078;186079;187680;186083;186491;186081;186718;186191;186301;186080;186193;186209;186190;186192;186534;186221;37068;186225;186358;186208;186291;186226;186219;186307;186367;186299;186368;37333;186440;186677;186446;186442;186381;186448;186443;186441;186300;186449;186444;36953;183307;180511;36805;186289;186382;186445;186587;186758;186609;186586;186608;186610;186615;186622;186614;189108;38049;186623;186624;187919;186676;186682;186825;186711;186717;186719;186734;186720;186793;186743;187787;186742;187934;186826;187935;186644;186823;187657;186989;37662;186844;186755;186809;186992;186757;186773;186990;189088;186991;186772;187955;187106;187105;187938;186824;187613;187429;187626;187406;187682;187788;187742;187684;37944;187683;186756;187807;187918;187937;37836;187933;187627;187954;187956;188048;188049;187936;188054;36491;188062;188055;189143;189087;189293;189775;188056;189851;188073;36681;189194;189907;189295;189459;189195;189360;189375;20686;189537;189519;189292;189613;189520;189536;20685;189608;189612;38023;189614;189759;189607;37570;189736;189609;189831;189611;189735;189748;189777;189776;189774;189860;189915;37161;189830;189908;37499;189758;189773;189294;189086;37538;37631;189749;20687;38074;37649;189610;36364;36499;37299;36916;36711;37355;36899;37177;37887;37886;37683;37546;37045;37203;37965;37853;37207;36745;20688;37977;36652;38099;37422;36374;187808;36611;36896;36927;38095;20689;36225;36984;37474;65111;37984;36657;36674;36815;37654;37828;36761;37888;20690;37974;37968;37746;37362;37447;38132;37876;20691;36382;36220;37469;36397;36714;37162;37217;36454;37381;37842;20692;65112;36279;38011;65114;38044;20693;36218;37002;37148;36478;38070;36665;38036;36720;38131;65116;37810;65115;36589;36786;20694;36746;37740;38037;37042;37364;37956;20695;37607;36749;36361;37463;37359;65113;37220;37983;20696;38092;37935;20697;36366;36537;38148;37504;37152;37337;37606;36418;37819;37498;36907;37389;36635;37438;20698;36228;38205;37978;37849;37762;37806;38196;38686;20699;38647;38194;38685;39362;38758;38716;38714;38195;36530;38715;38777;38848;20700;20701;39390;39313;39336;38741;39533;39337;39371;39353;39419;38984;39491;39311;39312;39517;39515;39600;39586;39619;39534;40348;20703;39516;39787;20704;39786;20702;39601;38759;39363;39518;36262;39620;39851;40655;39789;40329;36471;40417;40361;20705;65117;40491;40528;44326;39800;40490;40492;40416;40530;40656;40547;40590;40531;40658;40751;40657;40752;40943;40767;40768;40576;40769;65118;40529;40794;20706;40906;20707;40944;40981;41006;40982;20708;41045;41606;41046;41940;41969;20709;41968;42079;41013;42093;42051;42080;42081;42082;42167;20710;42344;42207;41624;42043;42237;42146;42050;42209;40848;42208;42474;42407;42467;42795;42408;20711;42466;42817;42930;42891;65119;43026;43087;43001;42858;43059;20712;43109;43108;43058;43153;43368;43367;43366;43110;43825;65120;20713;43824;43897;43874;44057;43097;43898;44106;20714;43622;44058;44107;44323;44039;44133;44335;44327;44669;44108;44656;44115;44399;43823;44594;44655;44641;20715;44586;44640;44585;45549;44912;44936;44913;45037;20717;20716;45016;44336;45038;65121;44688;45081;44985;45080;65122;45343;45377;45483;45342;45108;45079;45398;45484;65123;45476;45475;20718;45474;45486;47159;45487;47821;47160;47823;45551;20719;45550;42335;47855;47162;47824;47825;47161;45485;46014;47574;45589;46179;47822;46192;46336;46253;46688;46254;46672;47799;45576;46731;46691;46752;46700;46810;65124;47618;20720;46812;20721;47110;47035;47109;65125;46836;46855;47575;47108;47856;47826;50342;47695;47857;47679;47111;45575;20722;47778;47742;46811;47858;48242;48253;48261;48283;48282;48362;48349;48315;20723;48904;48381;48361;48757;49268;48758;49269;20724;48262;48905;49102;49066;49140;49303;49304;49170;49171;49065;49169;49141;49306;49236;49283;20726;49644;49643;20725;49761;49765;49762;50082;49763;49772;50083;49673;49764;35608;189187;169894;49305;189186;47734;186541;45042;39788;57891;42844;10289;59642;152357;72582;33850;108797;11765;60109;136950;136949;184459;178103;173398;168917;185460;185458;168945;185459;18551;146990;101295;178748;101294;100272;91126;24734;175434;34820;174480;16230;91127;20182;174321;33900;55983;175425;176066;180543;183880;182588;180544;186419;186430;186426;186429;183414;186427;184197;186418;40549;62100;62901;83729;62798;76536;33819;72008;72985;175424;68984;72007;130056;166291;42831;40548;63646;156846;170137;78549;92788;65701;54644;20993;92789;150989;34730;31853;33278;33485;34400;40466;41626;55608;55024;48760;51851;50650;52976;48906;60049;63137;53405;69015;63381;66216;58416;72279;137358;51772;137357;137397;78626;136896;105294;112216;136999;126246;136895;111518;136422;70560;31852;100592;40376;40372;40375;40374;40370;40378;40380;40377;40379;40373;40382;52010;40383;40385;42178;40386;40384;40387;40389;40390;40392;40393;40391;128080;40388;40381;42179;42870;42289;89735;44642;89736;45386;52012;89737;89738;89739;43826;44993;89740;56246;47150;49085;46765;50858;49703;89741;89742;50985;89743;51077;52014;45402;89745;99166;51422;51971;50611;52582;53840;54968;55747;53592;56665;58362;58302;58535;57749;58744;58903;58977;59506;89744;52011;56508;61747;64642;63332;62944;65735;69193;66723;64812;64643;70527;71245;71214;69550;73851;72958;73469;74465;78025;72006;77630;74244;79762;71617;87889;81079;88954;99102;93512;86254;96084;105410;105768;105584;103357;111350;110902;118360;126699;123556;124192;125146;129161;128994;130346;118955;136174;137047;137354;132017;127807;110901;31727;139849;131018;143166;141757;57397;140044;140043;140045;134216;133843;152047;162736;171789;70448;151129;56997;35068;137826;59966;108711;179665;94053;76945;122976;76964;99708;111601;104852;111386;84804;132753;99709;84150;111602;105787;141803;157129;143450;76966;82741;76944;63112;57399;31729;63113;57398;57400;34156;45541;54996;32503;51057;36117;42308;34818;63074;31728;84220;84219;33105;77332;72038;59091;59729;73672;63076;58793;81185;74265;92945;76454;87926;91226;105555;95288;84805;63075;140772;71231;20729;105783;111978;97990;105793;26200;161605;105788;168362;164422;180506;184130;125884;151012;133208;177328;76426;180179;66896;82899;151285;66897;180178;111220;63062;84340;154017;76947;82708;79147;84341;78669;145402;66909;76356;66908;76946;79864;83184;77727;63681;63685;63682;63683;59372;63684;33106;40907;134163;105794;105789;64920;110098;105790;105795;25119;72040;26201;59092;73674;93521;81187;76456;59730;58794;97834;84223;74267;87928;84806;91227;134973;132417;63077;137663;131129;157130;134627;164057;95290;92947;137077;99105;100418;99590;104853;105791;111761;103380;110099;125224;105487;123002;105785;111979;127138;118467;26911;64558;64559;73595;64921;95657;140773;21336;97941;12006;33859;69274;69275;81787;22047;81702;58620;12005;76355;69516;73758;42292;69517;73520;83739;73759;70119;83743;62943;63099;99906;57709;63098;125896;133357;132341;124567;73103;139326;57710;139227;137658;139238;133402;62120;137633;140187;83491;83288;108485;57708;139237;141344;101838;93049;141347;105082;141349;141348;108883;129168;141345;141346;96663;141343;108486;123510;99907;141342;72646;79217;139730;77542;70070;99236;80856;134308;80858;80859;80855;71466;21749;72644;70069;80857;140578;38734;63280;96533;12019;112194;96534;108811;20973;21738;27040;25956;29998;25770;33820;20826;21733;47717;43181;50846;51091;57363;22921;56681;38858;50379;15817;15952;71787;11530;19217;16204;67207;16199;16152;59756;158243;131835;177217;131317;70613;162174;70614;12054;170626;70617;70616;70619;147420;70618;70620;74442;70621;35788;70623;70615;70625;70626;70628;70630;70622;66420;70624;152102;171956;141782;70627;164690;77668;70629;141783;63620;171957;70329;70331;70330;139239;170016;38652;23732;10310;21674;11429;25879;22022;28182;10311;10313;22072;24277;25684;20392;54585;122448;122422;15912;15970;72388;10315;78078;180174;40564;73613;31641;72387;10309;76167;26027;72389;21737;11884;34335;23648;17362;35629;78673;41029;69105;36127;34113;69881;79251;176373;71521;78675;73864;72942;70762;76992;89103;77732;91820;79252;92816;90786;76150;83488;81672;84398;86480;77731;40335;87824;55510;48943;40999;85405;44338;49978;46864;43350;58517;57538;59239;48213;61571;51458;50678;60116;62477;55411;54942;53473;61572;64361;63095;177397;56163;52502;80459;66894;56689;66543;59240;56690;60117;56164;57539;58518;71520;60118;63096;61573;72941;64362;62478;66544;65254;70763;69880;103984;69104;91821;90787;102919;93940;87825;97574;176372;89104;92817;96765;103985;100671;66895;95435;93518;102920;99437;102921;119419;126923;125365;105007;121107;124164;106142;129301;129061;110269;126921;118206;108885;103986;134114;111387;140777;118207;136922;107093;121108;117339;124166;129059;125367;119420;126919;136926;131950;101898;133212;125369;129299;133215;134110;155571;151643;147645;140775;138087;140757;135857;144634;142678;148946;139573;156390;134112;124165;144642;155573;136924;164838;148948;154824;157893;146105;170172;174236;144640;156388;172121;147647;178197;185771;182524;151641;170000;187623;166608;164831;158992;170169;169990;174238;142421;180101;187625;172137;176370;187630;178199;185776;34112;104741;97997;137657;105151;111227;164085;64687;88959;143151;24282;24269;100994;88958;65253;24270;64788;182526;176368;131948;43830;45051;72482;24271;51187;71246;61797;155963;48337;73437;85736;72684;40477;44871;71637;52001;52668;51186;24272;108411;102992;56467;105045;104854;104857;45052;104855;91990;88960;51902;88961;104856;24871;65548;34220;88962;34252;25197;70768;70767;182965;88963;59275;21625;24273;137565;24274;59641;63619;135860;20224;24757;11049;14597;12108;44046;24245;40333;20212;74328;74327;47701;59174;58386;30130;62121;71864;55535;59606;66859;69137;29825;30205;11432;58000;25798;25955;25459;25932;23870;24913;20737;51833;29896;21620;164211;48273;135188;119242;161702;164143;168824;161760;168818;168802;168819;168814;168794;168796;168821;168807;168817;168812;168793;168813;168815;168822;168791;168804;168805;168795;184368;184364;177230;168799;168800;184380;177233;184373;177231;177219;177221;184377;184376;177223;184358;184379;177220;184371;184378;184366;184369;184360;179598;184374;184361;185524;185549;185527;185528;185526;185545;185529;184370;185547;185531;118801;25460;148706;45050;80887;65108;158134;142108;180448;16865;144388;144037;106816; + +TARGET +192.168.40.167,192.168.40.168,192.168.40.169,192.168.40.170 + +compliance_generate_description +no + +listen_address +0.0.0.0 + +local_portscan.snmp +yes + +severity_processed +202402021215 + +disable_api +no + +slice_network_addresses +no + +non_simult_ports +139, 445, 3389 + +local_portscan.netstat_ssh +yes + +hostMedScanTime +864 + +ssl_mode +tls_1_2 + +dumpfile_rotation_time +1 + +max_checks +4 + +attached_report_maximum_size +25 + +stop_scan_on_disconnect +no + +network_scanners.syn +yes + +severity_basis +cvss_v3 + +report_crashes +yes + +hostMaxScanTime +879 + +scan_history_expiration_days +0 + +network_scanners.tcp +no + +disable_guides +no + +xmlrpc_listen_port +8834 + +dumpfile_max_files +100 + +report_cleanup_threshold_days +30 + +discovery_mode +portscan_common + +engine.max_hosts +16 + +name +Credentialed Patch Audit + +whoami +soteria + +hostCredsFailedCount +0 + +logfile_rotation_time +1 + +hostAvgScanTime +864 + +advanced_mode +default + +scan_description + + +bw_prevent_agent_scans +yes + +track_unique_agents +yes + +oracle_database_use_detected_sids +no + +reverse_lookup +yes + +engine.min +12 + +dumpfile_max_size +512 + +optimize_test +yes + +log_whole_attack +no + +loaded_plugin_set +202402021215 + +portscan.ping +yes + +cgi_path +/cgi-bin:/scripts + +unscanned_closed +no + +scan_end_timestamp +1706896093 + +hostCredsWithoutCount +0 + +listen_port +1241 + +network_scanners.udp +no + +engine.max +48 + +auto_update +yes + +local_portscan.netstat_wmi +yes + +checks_read_timeout +5 + +plugins_timeout +320 + +auto_enable_dependencies +yes + +safe_checks +yes + +hostCredsSuccessCount +4 + +report_task_id +d04d9076-c70e-d000-c9f5-aaf3080549ae41512db67f8b013e + +hostMaxScanTimeHosts +SOT-WIN2K22-WEB + +visibility +private + +bw_permanent_blackout_window +no + +allow_post_scan_editing +yes + +wizard_uuid +0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f + +scan.unlimited +no + +max_hosts +30 + +engine.max_checks +64 + +scan_name +Soteria all SVR scan + +logfile_max_size +512 + +plugin_upload +yes + +reduce_connections_on_congestion +no + +scan_start_timestamp +1706895194 + +silent_dependencies +yes + +logfile_max_files +100 + +scan_vulnerability_groups +yes + +feed_type +ProFeed + +dumpfile_rot +size + +scan_vulnerability_groups_mixed +yes + +port_range +default + +logfile_rot +size + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Adtran AOS Compliance Checks +71991 +Adtran AOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller : +Domain Controller : +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain : +Domain : +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username : +Domain Username : +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password : +Domain Password : +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 2: +Domain Controller 2: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 2: +Domain 2: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 2: +Domain Username 2: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 2: +Domain Password 2: +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 3: +Domain Controller 3: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 3: +Domain 3: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 3: +Domain Username 3: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 3: +Domain Password 3: +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 4: +Domain Controller 4: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 4: +Domain 4: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 4: +Domain Username 4: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 4: +Domain Password 4: +password + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Controller 5: +Domain Controller 5: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain 5: +Domain 5: +entry + + + +ADSI Settings +60024 +ADSI Settings[entry]:Domain Username 5: +Domain Username 5: +entry + + + +ADSI Settings +60024 +ADSI Settings[password]:Domain Password 5: +Domain Password 5: +password + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch Environment API URL : +AirWatch Environment API URL : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch port : +AirWatch port : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch username : +AirWatch username : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[password]:AirWatch password : +AirWatch password : +password + + + +AirWatch API Settings +76460 +AirWatch API Settings[entry]:AirWatch API key : +AirWatch API key : +entry + + + +AirWatch API Settings +76460 +AirWatch API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +AirWatch API Settings +76460 +AirWatch API Settings[checkbox]:Verify SSL certificate : +Verify SSL certificate : +checkbox +no +no + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Alcatel TiMOS Compliance Checks +102730 +Alcatel TiMOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Amazon AWS Compliance Checks +72426 +Amazon AWS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[file]:File containing machine readable results : +File containing machine readable results : +file + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[radio]:Mode +Mode +radio +Map applications;Just grab banners;Port scan only +Map applications;Just grab banners;Port scan only + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:Quicker +Quicker +checkbox +no +no + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:UDP scan (disabled in safe_checks) +UDP scan (disabled in safe_checks) +checkbox +no +no + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:SSL (disabled in safe_checks) +SSL (disabled in safe_checks) +checkbox +yes +yes + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[checkbox]:RPC (disabled in safe_checks) +RPC (disabled in safe_checks) +checkbox +yes +yes + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Parallel tasks +Parallel tasks +entry + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Connection retries +Connection retries +entry + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Connection timeout +Connection timeout +entry + + + +amap (NASL wrapper) +14663 +amap (NASL wrapper)[entry]:Read timeout +Read timeout +entry + + + +Antivirus Software Check +16193 +Antivirus Software Check[entry]:Delay (in days, between 0 and 7) : +Delay (in days, between 0 and 7) : +entry +0 +0 + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Apple Profile Manager server : +Apple Profile Manager server : +entry + + + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Apple Profile Manager port : +Apple Profile Manager port : +entry +443 +443 + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Apple Profile Manager username : +Apple Profile Manager username : +entry + + + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[password]:Apple Profile Manager password : +Apple Profile Manager password : +password + + + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[checkbox]:Force Device Updates : +Force Device Updates : +checkbox +yes +yes + +Apple Profile Manager API Settings +60032 +Apple Profile Manager API Settings[entry]:Device Update Timeout (Minutes) : +Device Update Timeout (Minutes) : +entry +5 +5 + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Arista EOS Compliance Checks +92838 +Arista EOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +ArubaOS Compliance Checks +153133 +ArubaOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region af-south-1 : +Region af-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-east-1 : +Region ap-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-northeast-1 : +Region ap-northeast-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-northeast-2 : +Region ap-northeast-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-northeast-3 : +Region ap-northeast-3 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-south-1 : +Region ap-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-southeast-1 : +Region ap-southeast-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ap-southeast-2 : +Region ap-southeast-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region ca-central-1 : +Region ca-central-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region cn-north-1 : +Region cn-north-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region cn-northwest-1 : +Region cn-northwest-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-central-1 : +Region eu-central-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-north-1 : +Region eu-north-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-south-1 : +Region eu-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-west-1 : +Region eu-west-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-west-2 : +Region eu-west-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region eu-west-3 : +Region eu-west-3 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region me-south-1 : +Region me-south-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region sa-east-1 : +Region sa-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-east-1 : +Region us-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-east-2 : +Region us-east-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-gov-east-1 : +Region us-gov-east-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-gov-west-1 : +Region us-gov-west-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-west-1 : +Region us-west-1 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Region us-west-2 : +Region us-west-2 : +checkbox +no +no + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[password]:AWS Access Key ID : +AWS Access Key ID : +password + + + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[password]:AWS Secret Access Key : +AWS Secret Access Key : +password + + + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Amazon Web Services Settings +73490 +Amazon Web Services Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[radio]:Authentication Method : +Authentication Method : +radio + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Authentication Environment : +Authentication Environment : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Username : +Username : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[password]:Password : +Password : +password + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Client ID : +Client ID : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Tenant ID : +Tenant ID : +entry + + + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Microsoft Azure Settings +79358 +Microsoft Azure Settings[entry]:Subscriptions : +Subscriptions : +entry + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Microsoft Azure Compliance Checks +79357 +Microsoft Azure Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Hostname : +Blackberry UEM Hostname : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Port : +Blackberry UEM Port : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Tenant : +Blackberry UEM Tenant : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Domain : +Blackberry UEM Domain : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[entry]:Blackberry UEM Username : +Blackberry UEM Username : +entry + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[password]:Blackberry UEM Password : +Blackberry UEM Password : +password + + + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[checkbox]:Blackberry UEM SSL : +Blackberry UEM SSL : +checkbox +yes +yes + +Blackberry UEM Settings +124860 +Blackberry UEM Settings[checkbox]:Blackberry UEM Verify SSL Certificate : +Blackberry UEM Verify SSL Certificate : +checkbox +no +no + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +BlueCoat ProxySG Compliance Checks +70470 +BlueCoat ProxySG Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Brocade FabricOS Compliance Checks +71842 +Brocade FabricOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Check Point GAiA Compliance Checks +62679 +Check Point GAiA Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco ACI Compliance Checks +137785 +Cisco ACI Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[radio]:IOS Config File To Audit : +IOS Config File To Audit : +radio +Saved/(show config);Running/(show running);Startup/(show startup) +Saved/(show config);Running/(show running);Startup/(show startup) + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco IOS Compliance Checks +46689 +Cisco IOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco Firepower Compliance Checks +128275 +Cisco Firepower Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cisco Viptela Compliance Checks +161408 +Cisco Viptela Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[entry]:Username : +Username : +entry + + + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[password]:Password : +Password : +password + + + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[entry]:Port : +Port : +entry +443 +443 + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Citrix NITRO API Settings +154869 +Citrix NITRO API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Citrix Application Delivery Compliance Checks +154868 +Citrix Application Delivery Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Cleartext protocols settings +21744 +Cleartext protocols settings[entry]:User name : +User name : +entry + + + +Cleartext protocols settings +21744 +Cleartext protocols settings[password]:Password (unsafe!) : +Password (unsafe!) : +password + + + +Cleartext protocols settings +21744 +Cleartext protocols settings[checkbox]:Try to perform patch level checks over telnet +Try to perform patch level checks over telnet +checkbox +no +no + +Cleartext protocols settings +21744 +Cleartext protocols settings[checkbox]:Try to perform patch level checks over rsh +Try to perform patch level checks over rsh +checkbox +no +no + +Cleartext protocols settings +21744 +Cleartext protocols settings[checkbox]:Try to perform patch level checks over rexec +Try to perform patch level checks over rexec +checkbox +no +no + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Windows Compliance Checks +21156 +Windows Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Windows File Contents Compliance Checks +24760 +Windows File Contents Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Database settings +33815 +Database settings[radio]:DB Type : +DB Type : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Database service type : +Database service type : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Database SID : +Database SID : +entry + + + +Database settings +33815 +Database settings[entry]:Database port to use : +Database port to use : +entry + + + +Database settings +33815 +Database settings[entry]:Login : +Login : +entry + + + +Database settings +33815 +Database settings[password]:Password : +Password : +password + + + +Database settings +33815 +Database settings[radio]:Oracle auth type: +Oracle auth type: +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:SQL Server auth type: +SQL Server auth type: +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Sybase ASE auth type: +Sybase ASE auth type: +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (1) : +Additional DB Type (1) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (1) : +Additional Database service type (1) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (1) : +Additional Database SID (1) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (1) : +Additional Database port to use (1) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (1) : +Additional Login (1) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (1) : +Additional Password (1) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (1) : +Additional Oracle auth type (1) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (1) : +Additional SQL Server auth type (1) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (1) : +Additional Sybase ASE auth type (1) : +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (2) : +Additional DB Type (2) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (2) : +Additional Database service type (2) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (2) : +Additional Database SID (2) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (2) : +Additional Database port to use (2) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (2) : +Additional Login (2) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (2) : +Additional Password (2) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (2) : +Additional Oracle auth type (2) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (2) : +Additional SQL Server auth type (2) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (2) : +Additional Sybase ASE auth type (2) : +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (3) : +Additional DB Type (3) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (3) : +Additional Database service type (3) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (3) : +Additional Database SID (3) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (3) : +Additional Database port to use (3) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (3) : +Additional Login (3) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (3) : +Additional Password (3) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (3) : +Additional Oracle auth type (3) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (3) : +Additional SQL Server auth type (3) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (3) : +Additional Sybase ASE auth type (3) : +radio +RSA;Plain Text +RSA;Plain Text + +Database settings +33815 +Database settings[radio]:Additional DB Type (4) : +Additional DB Type (4) : +radio +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE +Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + +Database settings +33815 +Database settings[radio]:Additional Database service type (4) : +Additional Database service type (4) : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Database settings +33815 +Database settings[entry]:Additional Database SID (4) : +Additional Database SID (4) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Database port to use (4) : +Additional Database port to use (4) : +entry + + + +Database settings +33815 +Database settings[entry]:Additional Login (4) : +Additional Login (4) : +entry + + + +Database settings +33815 +Database settings[password]:Additional Password (4) : +Additional Password (4) : +password + + + +Database settings +33815 +Database settings[radio]:Additional Oracle auth type (4) : +Additional Oracle auth type (4) : +radio +NORMAL;SYSOPER;SYSDBA +NORMAL;SYSOPER;SYSDBA + +Database settings +33815 +Database settings[radio]:Additional SQL Server auth type (4) : +Additional SQL Server auth type (4) : +radio +Windows;SQL +Windows;SQL + +Database settings +33815 +Database settings[radio]:Additional Sybase ASE auth type (4) : +Additional Sybase ASE auth type (4) : +radio +RSA;Plain Text +RSA;Plain Text + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Database Compliance Checks +33814 +Database Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Address : +K1000 Address : +entry + + + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Port : +K1000 Database Port : +entry +3306 +3306 + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Organization Database Name : +K1000 Organization Database Name : +entry +ORG1 +ORG1 + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Username : +K1000 Database Username : +entry +R1 +R1 + +Patch Management: Dell KACE K1000 Settings +76866 +Patch Management: Dell KACE K1000 Settings[password]:K1000 Database Password : +K1000 Database Password : +password + + + +Do not scan fragile devices +22481 +Do not scan fragile devices[checkbox]:Scan Network Printers +Scan Network Printers +checkbox +no +no + +Do not scan fragile devices +22481 +Do not scan fragile devices[checkbox]:Scan Novell Netware hosts +Scan Novell Netware hosts +checkbox +no +no + +Do not scan fragile devices +22481 +Do not scan fragile devices[checkbox]:Scan Operational Technology devices +Scan Operational Technology devices +checkbox +yes +yes + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Extreme ExtremeXOS Compliance Checks +73156 +Extreme ExtremeXOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +F5 Compliance Checks +95388 +F5 Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +F5 Settings +95387 +F5 Settings[entry]:Username : +Username : +entry + + + +F5 Settings +95387 +F5 Settings[password]:Password : +Password : +password + + + +F5 Settings +95387 +F5 Settings[entry]:Port : +Port : +entry +443 +443 + +F5 Settings +95387 +F5 Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +F5 Settings +95387 +F5 Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +Service Detection +22964 +Service Detection[radio]:Test SSL based services +Test SSL based services +radio +All ports +All ports + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +FireEye Compliance Checks +70469 +FireEye Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Fortigate FortiOS Compliance Checks +70272 +Fortigate FortiOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Google Cloud Platform Compliance Checks +150078 +Google Cloud Platform Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Google Cloud Platform Settings +150079 +Google Cloud Platform Settings[file]:Service Account JSON Key File : +Service Account JSON Key File : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Generic SSH Compliance Checks +129714 +Generic SSH Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Global variable settings +12288 +Global variable settings[checkbox]:Probe services on every port +Probe services on every port +checkbox +yes +yes + +Global variable settings +12288 +Global variable settings[checkbox]:Do not log in with user accounts not specified in the policy +Do not log in with user accounts not specified in the policy +checkbox +yes +yes + +Global variable settings +12288 +Global variable settings[checkbox]:Enable CGI scanning +Enable CGI scanning +checkbox +no +no + +Global variable settings +12288 +Global variable settings[radio]:Network type +Network type +radio +Mixed (use RFC 1918);Private LAN;Public WAN (Internet) +Mixed (use RFC 1918) + +Global variable settings +12288 +Global variable settings[checkbox]:Enable experimental scripts +Enable experimental scripts +checkbox +no +no + +Global variable settings +12288 +Global variable settings[checkbox]:Thorough tests (slow) +Thorough tests (slow) +checkbox +no +no + +Global variable settings +12288 +Global variable settings[radio]:Report verbosity +Report verbosity +radio +Normal;Quiet;Verbose +Normal + +Global variable settings +12288 +Global variable settings[radio]:Report paranoia +Report paranoia +radio +Normal;Avoid false alarms;Paranoid (more false alarms) +Normal;Avoid false alarms;Paranoid (more false alarms) + +Global variable settings +12288 +Global variable settings[entry]:HTTP User-Agent +HTTP User-Agent +entry +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) + +Global variable settings +12288 +Global variable settings[file]:SSL certificate to use : +SSL certificate to use : +file + + + +Global variable settings +12288 +Global variable settings[file]:SSL CA to trust : +SSL CA to trust : +file + + + +Global variable settings +12288 +Global variable settings[file]:SSL key to use : +SSL key to use : +file + + + +Global variable settings +12288 +Global variable settings[password]:SSL password for SSL key : +SSL password for SSL key : +password + + + +Global variable settings +12288 +Global variable settings[checkbox]:Enumerate all SSL ciphers +Enumerate all SSL ciphers +checkbox +yes +yes + +Global variable settings +12288 +Global variable settings[checkbox]:Enable CRL checking (connects to Internet) +Enable CRL checking (connects to Internet) +checkbox +no +no + +Global variable settings +12288 +Global variable settings[checkbox]:Enable plugin debugging +Enable plugin debugging +checkbox +no +no + +Global variable settings +12288 +Global variable settings[entry]:Java ARchive Detection Path : +Java ARchive Detection Path : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:GMC Server : +GMC Server : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:Port : +Port : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:Domain : +Domain : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[entry]:Username : +Username : +entry + + + +Good MDM Settings +66963 +Good MDM Settings[password]:Password : +Password : +password + + + +Good MDM Settings +66963 +Good MDM Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Good MDM Settings +66963 +Good MDM Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[entry]:HCL BigFix Web Reports Server : +HCL BigFix Web Reports Server : +entry + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[entry]:HCL BigFix Web Reports Port : +HCL BigFix Web Reports Port : +entry + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[entry]:HCL BigFix Web Reports Username : +HCL BigFix Web Reports Username : +entry + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[password]:HCL BigFix Web Reports Password : +HCL BigFix Web Reports Password : +password + + + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[checkbox]:HCL BigFix SSL : +HCL BigFix SSL : +checkbox +no +no + +Patch Management: HCL BigFix Server Settings +160247 +Patch Management: HCL BigFix Server Settings[checkbox]:HCL BigFix Verify SSL Certificate : +HCL BigFix Verify SSL Certificate : +checkbox +no +no + +Hosts File Whitelisted Entries +73980 +Hosts File Whitelisted Entries[file]:Upload file with custom hosts entries : +Upload file with custom hosts entries : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[radio]:HP ProCurve File To Audit : +HP ProCurve File To Audit : +radio +Saved/(show config);Default/(show default-config);Running/(show running-config) +Saved/(show config);Default/(show default-config);Running/(show running-config) + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +HP ProCurve Compliance Checks +70271 +HP ProCurve Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +HTTP cookies import +42893 +HTTP cookies import[file]:Cookies file : +Cookies file : +file + + + +HTTP login page +11149 +HTTP login page[entry]:Login page : +Login page : +entry +/ +/ + +HTTP login page +11149 +HTTP login page[entry]:Login form : +Login form : +entry + + + +HTTP login page +11149 +HTTP login page[entry]:Login form fields : +Login form fields : +entry +user=%USER%&pass=%PASS% +user=%USER%&pass=%PASS% + +HTTP login page +11149 +HTTP login page[radio]:Login form method : +Login form method : +radio +POST;GET +POST;GET + +HTTP login page +11149 +HTTP login page[checkbox]:Automated login page search +Automated login page search +checkbox +no +no + +HTTP login page +11149 +HTTP login page[entry]:Re-authenticate delay (seconds) : +Re-authenticate delay (seconds) : +entry + + + +HTTP login page +11149 +HTTP login page[entry]:Check authentication on page : +Check authentication on page : +entry + + + +HTTP login page +11149 +HTTP login page[entry]:Follow 30x redirections (# of levels) : +Follow 30x redirections (# of levels) : +entry +2 +2 + +HTTP login page +11149 +HTTP login page[entry]:Authenticated regex : +Authenticated regex : +entry + + + +HTTP login page +11149 +HTTP login page[checkbox]:Invert test (disconnected if regex matches) +Invert test (disconnected if regex matches) +checkbox +no +no + +HTTP login page +11149 +HTTP login page[checkbox]:Match regex on HTTP headers +Match regex on HTTP headers +checkbox +no +no + +HTTP login page +11149 +HTTP login page[checkbox]:Case insensitive regex +Case insensitive regex +checkbox +no +no + +HTTP login page +11149 +HTTP login page[checkbox]:Abort web application tests if login fails +Abort web application tests if login fails +checkbox +no +no + +Remote web server screenshot +59861 +Remote web server screenshot[checkbox]:Allow Nessus to connect to the cloud to take a screenshot of the public targets +Allow Nessus to connect to the cloud to take a screenshot of the public targets +checkbox +no +no + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Huawei VRP Compliance Checks +73157 +Huawei VRP Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Hydra: Cisco enable +15870 +Hydra: Cisco enable[entry]:Logon password : +Logon password : +entry + + + +Hydra: HTTP +15873 +Hydra: HTTP[entry]:Web page : +Web page : +entry + + + +Hydra: LDAP +15877 +Hydra: LDAP[entry]:DN : +DN : +entry + + + +Hydra: PostgreSQL +18660 +Hydra: PostgreSQL[entry]:Database name (optional) : +Database name (optional) : +entry + + + +Hydra: HTTP proxy +15874 +Hydra: HTTP proxy[entry]:Web site (optional) : +Web site (optional) : +entry + + + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Always enable Hydra (slow) +Always enable Hydra (slow) +checkbox +no +no + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[file]:Logins file : +Logins file : +file + + + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[file]:Passwords file : +Passwords file : +file + + + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[entry]:Number of parallel tasks : +Number of parallel tasks : +entry +16 +16 + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[entry]:Timeout (in seconds) : +Timeout (in seconds) : +entry +30 +30 + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Try empty passwords +Try empty passwords +checkbox +yes +yes + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Try login as password +Try login as password +checkbox +yes +yes + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Exit as soon as an account is found +Exit as soon as an account is found +checkbox +no +no + +Hydra (NASL wrappers options) +15868 +Hydra (NASL wrappers options)[checkbox]:Add accounts found by other plugins to login file +Add accounts found by other plugins to login file +checkbox +yes +yes + +Hydra: SAP R3 +15883 +Hydra: SAP R3[entry]:Client ID (between 0 and 99) : +Client ID (between 0 and 99) : +entry + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +IBM DB2 DB Compliance Checks +149648 +IBM DB2 DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Hydra: SMB +15884 +Hydra: SMB[checkbox]:Interpret passwords as NTLM hashes +Interpret passwords as NTLM hashes +checkbox +no +no + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Server : +Web Reports Server : +entry + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Port : +Web Reports Port : +entry + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Username : +Web Reports Username : +entry + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[password]:Web Reports Password : +Web Reports Password : +password + + + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:SSL : +SSL : +checkbox +no +no + +Patch Management: IBM Tivoli Endpoint Manager Server Settings +62558 +Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Intune Settings +125030 +Intune Settings[entry]:Intune Tenant : +Intune Tenant : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Client : +Intune Client : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Secret : +Intune Secret : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Username : +Intune Username : +entry + + + +Intune Settings +125030 +Intune Settings[entry]:Intune Password : +Intune Password : +entry + + + +Active Connection to or from Host Listed in Custom Netstat IP Threat List +147190 +Active Connection to or from Host Listed in Custom Netstat IP Threat List[file]:Custom Netstat IP Threat List : +Custom Netstat IP Threat List : +file + + + +Active Outbound Connection to Host Listed in Known Bot Database +58430 +Active Outbound Connection to Host Listed in Known Bot Database[file]:Custom Netstat IP Threat List : +Custom Netstat IP Threat List : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +IBM iSeries Compliance Checks +57860 +IBM iSeries Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +IBM iSeries Credentials +57861 +IBM iSeries Credentials[entry]:Login : +Login : +entry + + + +IBM iSeries Credentials +57861 +IBM iSeries Credentials[password]:Password : +Password : +password + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Juniper Junos Compliance Checks +62680 +Juniper Junos Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Kerberos configuration +17351 +Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : +Kerberos Key Distribution Center (KDC) : +entry + + + +Kerberos configuration +17351 +Kerberos configuration[entry]:Kerberos KDC Port : +Kerberos KDC Port : +entry +88 +88 + +Kerberos configuration +17351 +Kerberos configuration[radio]:Kerberos KDC Transport : +Kerberos KDC Transport : +radio +tcp +tcp + +Kerberos configuration +17351 +Kerberos configuration[entry]:Kerberos Realm (SSH only) : +Kerberos Realm (SSH only) : +entry + + + +LDAP 'Domain Admins' Group Membership Enumeration +58038 +LDAP 'Domain Admins' Group Membership Enumeration[entry]:LDAP user : +LDAP user : +entry + + + +LDAP 'Domain Admins' Group Membership Enumeration +58038 +LDAP 'Domain Admins' Group Membership Enumeration[password]:LDAP password : +LDAP password : +password + + + +LDAP 'Domain Admins' Group Membership Enumeration +58038 +LDAP 'Domain Admins' Group Membership Enumeration[entry]:Max results : +Max results : +entry +1000 +1000 + +LDAP Active Directory - crossRef Enumeration +176549 +LDAP Active Directory - crossRef Enumeration[checkbox]:Collect Identity Data from Active Directory +Collect Identity Data from Active Directory +checkbox +no +no + +LDAP Active Directory - Identity Data Enumeration +165066 +LDAP Active Directory - Identity Data Enumeration[checkbox]:Collect Identity Data from Active Directory +Collect Identity Data from Active Directory +checkbox +no +no + +Login configurations +10870 +Login configurations[entry]:HTTP account : +HTTP account : +entry + + + +Login configurations +10870 +Login configurations[password]:HTTP password (sent in clear) : +HTTP password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:NNTP account : +NNTP account : +entry + + + +Login configurations +10870 +Login configurations[password]:NNTP password (sent in clear) : +NNTP password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:FTP account : +FTP account : +entry +anonymous +anonymous + +Login configurations +10870 +Login configurations[password]:FTP password (sent in clear) : +FTP password (sent in clear) : +password +nessus@nessus.org +********* + +Login configurations +10870 +Login configurations[entry]:FTP writeable directory : +FTP writeable directory : +entry +/incoming +/incoming + +Login configurations +10870 +Login configurations[entry]:POP2 account : +POP2 account : +entry + + + +Login configurations +10870 +Login configurations[password]:POP2 password (sent in clear) : +POP2 password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:POP3 account : +POP3 account : +entry + + + +Login configurations +10870 +Login configurations[password]:POP3 password (sent in clear) : +POP3 password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:IMAP account : +IMAP account : +entry + + + +Login configurations +10870 +Login configurations[password]:IMAP password (sent in clear) : +IMAP password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:IPMI account : +IPMI account : +entry + + + +Login configurations +10870 +Login configurations[password]:IPMI password (sent in clear) : +IPMI password (sent in clear) : +password + + + +Login configurations +10870 +Login configurations[entry]:SMB account : +SMB account : +entry + +degthat + +Login configurations +10870 +Login configurations[password]:SMB password : +SMB password : +password + +********* + +Login configurations +10870 +Login configurations[entry]:SMB domain (optional) : +SMB domain (optional) : +entry + + + +Login configurations +10870 +Login configurations[radio]:SMB password type : +SMB password type : +radio +Password;LM Hash;NTLM Hash +Password + +Login configurations +10870 +Login configurations[entry]:Additional SMB account (1) : +Additional SMB account (1) : +entry + + + +Login configurations +10870 +Login configurations[password]:Additional SMB password (1) : +Additional SMB password (1) : +password + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB domain (optional) (1) : +Additional SMB domain (optional) (1) : +entry + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB account (2) : +Additional SMB account (2) : +entry + + + +Login configurations +10870 +Login configurations[password]:Additional SMB password (2) : +Additional SMB password (2) : +password + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB domain (optional) (2) : +Additional SMB domain (optional) (2) : +entry + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB account (3) : +Additional SMB account (3) : +entry + + + +Login configurations +10870 +Login configurations[password]:Additional SMB password (3) : +Additional SMB password (3) : +password + + + +Login configurations +10870 +Login configurations[entry]:Additional SMB domain (optional) (3) : +Additional SMB domain (optional) (3) : +entry + + + +Login configurations +10870 +Login configurations[checkbox]:Never send SMB credentials in clear text +Never send SMB credentials in clear text +checkbox +yes +yes + +Login configurations +10870 +Login configurations[checkbox]:Only use NTLMv2 +Only use NTLMv2 +checkbox +no +yes + +Login configurations +10870 +Login configurations[checkbox]:Only use Kerberos authentication for SMB +Only use Kerberos authentication for SMB +checkbox +no +no + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Username : +Username : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[password]:Password : +Password : +password + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Root URL : +Root URL : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Platform ID : +Platform ID : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:Billing ID : +Billing ID : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:App ID : +App ID : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:App version : +App version : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[entry]:App access key : +App access key : +entry + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect All Device Data : +Collect All Device Data : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Summary : +Collect Device Summary : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Applications : +Collect Device Applications : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Compliance : +Collect Device Compliance : +checkbox + + + +MaaS360 Settings +92000 +MaaS360 Settings[checkbox]:Collect Device Policies : +Collect Device Policies : +checkbox + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Mobile Device Manager Compliance Checks +81914 +Mobile Device Manager Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron VSP Admin Portal URL : +MobileIron VSP Admin Portal URL : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron VSP Admin Portal Port : +MobileIron VSP Admin Portal Port : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron port : +MobileIron port : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[entry]:MobileIron username : +MobileIron username : +entry + + + +MobileIron API Settings +72904 +MobileIron API Settings[password]:MobileIron password : +MobileIron password : +password + + + +MobileIron API Settings +72904 +MobileIron API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +MobileIron API Settings +72904 +MobileIron API Settings[checkbox]:Verify SSL certificate : +Verify SSL certificate : +checkbox +no +no + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +MongoDB Compliance Checks +76513 +MongoDB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +MongoDB Settings +76512 +MongoDB Settings[entry]:Username : +Username : +entry + + + +MongoDB Settings +76512 +MongoDB Settings[password]:Password : +Password : +password + + + +MongoDB Settings +76512 +MongoDB Settings[entry]:Database for authentication : +Database for authentication : +entry + + + +MongoDB Settings +76512 +MongoDB Settings[entry]:Port : +Port : +entry +27017 +27017 + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Microsoft SQL Server DB Compliance Checks +149647 +Microsoft SQL Server DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +MySQL DB Compliance Checks +149309 +MySQL DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Nessus SYN scanner +11219 +Nessus SYN scanner[radio]:Firewall detection : +Firewall detection : +radio +Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) +Automatic (normal) + +Nessus TCP scanner +10335 +Nessus TCP scanner[radio]:Firewall detection : +Firewall detection : +radio +Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) +Automatic (normal) + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +NetApp Data ONTAP Compliance Checks +66934 +NetApp Data ONTAP Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +NetApp API Compliance Checks +112117 +NetApp API Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Netapp API Settings +112118 +Netapp API Settings[entry]:Username : +Username : +entry + + + +Netapp API Settings +112118 +Netapp API Settings[password]:Password : +Password : +password + + + +Netapp API Settings +112118 +Netapp API Settings[entry]:vFiler : +vFiler : +entry + + + +Netapp API Settings +112118 +Netapp API Settings[entry]:Port : +Port : +entry + + + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Enable Nikto +Enable Nikto +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Disable if server never replies 404 +Disable if server never replies 404 +checkbox +yes +yes + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[entry]:Root directory +Root directory +entry + + + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[entry]:Pause between tests (s) +Pause between tests (s) +entry + + + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[radio]:Scan CGI directories +Scan CGI directories +radio +User supplied;All;None +User supplied;All;None + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 1 Show redirects +Display: 1 Show redirects +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 2 Show cookies received +Display: 2 Show cookies received +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 3 Show all 200/OK responses +Display: 3 Show all 200/OK responses +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: 4 Show URLs which require authentication +Display: 4 Show URLs which require authentication +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Display: V Verbose Output +Display: V Verbose Output +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 1 Interesting File / Seen in logs +Tuning: 1 Interesting File / Seen in logs +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 2 Misconfiguration / Default File +Tuning: 2 Misconfiguration / Default File +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 3 Information Disclosure +Tuning: 3 Information Disclosure +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 4 Injection (XSS/Script/HTML) +Tuning: 4 Injection (XSS/Script/HTML) +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 5 Remote File Retrieval - Inside Web Root +Tuning: 5 Remote File Retrieval - Inside Web Root +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 6 Denial of Service +Tuning: 6 Denial of Service +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 7 Remote File Retrieval - Server Wide +Tuning: 7 Remote File Retrieval - Server Wide +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 8 Command Execution / Remote Shell +Tuning: 8 Command Execution / Remote Shell +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 9 SQL Injection +Tuning: 9 SQL Injection +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: 0 File Upload +Tuning: 0 File Upload +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: a Authentication Bypass +Tuning: a Authentication Bypass +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: b Software Identification +Tuning: b Software Identification +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: c Remote Source Inclusion +Tuning: c Remote Source Inclusion +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Tuning: x Reverse Tuning Options (i.e., include all except specified) +Tuning: x Reverse Tuning Options (i.e., include all except specified) +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 1 Test all files with all root directories +Mutate: 1 Test all files with all root directories +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 2 Guess for password file names +Mutate: 2 Guess for password file names +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 3 Enumerate user names via Apache (/~user type requests) +Mutate: 3 Enumerate user names via Apache (/~user type requests) +checkbox +no +no + +Nikto (NASL wrapper) +14260 +Nikto (NASL wrapper)[checkbox]:Mutate: 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) +Mutate: 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) +checkbox +no +no + +Nutanix Settings +160184 +Nutanix Settings[entry]:Nutanix host : +Nutanix host : +entry + + + +Nutanix Settings +160184 +Nutanix Settings[entry]:Nutanix port : +Nutanix port : +entry +9440 +9440 + +Nutanix Settings +160184 +Nutanix Settings[entry]:Nutanix username : +Nutanix username : +entry + + + +Nutanix Settings +160184 +Nutanix Settings[password]:Nutanix password : +Nutanix password : +password + + + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:Auto Discover Managed Nutanix Hosts : +Auto Discover Managed Nutanix Hosts : +checkbox +yes +yes + +Nutanix Settings +160184 +Nutanix Settings[checkbox]:Auto Discover Managed Virtual Machines : +Auto Discover Managed Virtual Machines : +checkbox +yes +yes + +Office 365 Settings +109581 +Office 365 Settings[entry]:Username : +Username : +entry + + + +Office 365 Settings +109581 +Office 365 Settings[password]:Password : +Password : +password + + + +Office 365 Settings +109581 +Office 365 Settings[entry]:Client Id : +Client Id : +entry + + + +Office 365 Settings +109581 +Office 365 Settings[password]:Client Secret : +Client Secret : +password + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OpenShift Compliance Checks +161406 +OpenShift Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +OpenShift Settings +161407 +OpenShift Settings[entry]:Service Account Token : +Service Account Token : +entry + + + +OpenShift Settings +161407 +OpenShift Settings[entry]:Port : +Port : +entry +6443 +6443 + +OpenShift Settings +161407 +OpenShift Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +OpenShift Settings +161407 +OpenShift Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +OpenStack Settings +86348 +OpenStack Settings[entry]:Username : +Username : +entry + + + +OpenStack Settings +86348 +OpenStack Settings[entry]:Tenant Name for Authentication : +Tenant Name for Authentication : +entry +admin +admin + +OpenStack Settings +86348 +OpenStack Settings[password]:Password : +Password : +password + + + +OpenStack Settings +86348 +OpenStack Settings[entry]:Port : +Port : +entry +443 +443 + +OpenStack Settings +86348 +OpenStack Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +OpenStack Settings +86348 +OpenStack Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OpenStack Compliance Checks +86349 +OpenStack Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Oracle DB Compliance Checks +149375 +Oracle DB Compliance Checks[radio]:Oracle Character Length Semantics : +Oracle Character Length Semantics : +radio +byte +byte + +Oracle Settings +22076 +Oracle Settings[radio]:Oracle service type : +Oracle service type : +radio +SID;SERVICE_NAME +SID;SERVICE_NAME + +Oracle Settings +22076 +Oracle Settings[entry]:Oracle SID : +Oracle SID : +entry + + + +Oracle Settings +22076 +Oracle Settings[checkbox]:Test default accounts (slow) +Test default accounts (slow) +checkbox +no +no + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OVAL Linux Compliance Checks +83188 +OVAL Linux Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +OVAL Windows Compliance Checks +83189 +OVAL Windows Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Palo Alto Networks PAN-OS Compliance Checks +64095 +Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Username : +Palo Alto Username : +entry + + + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[password]:Palo Alto Password : +Palo Alto Password : +password + + + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Port : +Palo Alto Port : +entry +443 +443 + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Palo Alto Networks PAN-OS Settings +64286 +Palo Alto Networks PAN-OS Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +PCI DSS compliance +33929 +PCI DSS compliance[checkbox]:Check for PCI-DSS compliance +Check for PCI-DSS compliance +checkbox +no +no + +Patch Report +66334 +Patch Report[checkbox]:Display the superseded patches in the report +Display the superseded patches in the report +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[entry]:TCP ping destination port(s) : +TCP ping destination port(s) : +entry +built-in +built-in + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do an ARP ping +Do an ARP ping +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do a TCP ping +Do a TCP ping +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do an ICMP ping +Do an ICMP ping +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[entry]:Number of retries (ICMP) : +Number of retries (ICMP) : +entry +2 +2 + +Ping the remote host +10180 +Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) +Do an applicative UDP ping (DNS,RPC...) +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Make the dead hosts appear in the report +Make the dead hosts appear in the report +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Log live hosts in the report +Log live hosts in the report +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Test the local Nessus host +Test the local Nessus host +checkbox +yes +yes + +Ping the remote host +10180 +Ping the remote host[checkbox]:Fast network discovery +Fast network discovery +checkbox +no +no + +Ping the remote host +10180 +Ping the remote host[checkbox]:Interpret ICMP unreach from gateway +Interpret ICMP unreach from gateway +checkbox +no +no + +Nessus Launched Plugin List +112154 +Nessus Launched Plugin List[checkbox]:Enable Plugin List Report +Enable Plugin List Report +checkbox +no +no + +Port scanners settings +33812 +Port scanners settings[checkbox]:Check open TCP ports found by local port enumerators +Check open TCP ports found by local port enumerators +checkbox +no +no + +Port scanners settings +33812 +Port scanners settings[checkbox]:Only run network port scanners if local port enumeration failed +Only run network port scanners if local port enumeration failed +checkbox +yes +yes + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +PostgreSQL DB Compliance Checks +148944 +PostgreSQL DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Rackspace Compliance Checks +79356 +Rackspace Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Rackspace Settings +79355 +Rackspace Settings[entry]:Username : +Username : +entry + + + +Rackspace Settings +79355 +Rackspace Settings[password]:Password or API Key : +Password or API Key : +password + + + +Rackspace Settings +79355 +Rackspace Settings[radio]:Authentication Method : +Authentication Method : +radio +API-Key;Password +API-Key;Password + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Dallas-Fort Worth (DFW) : +Dallas-Fort Worth (DFW) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Chicago (ORD) : +Chicago (ORD) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Northern Virginia (IAD) : +Northern Virginia (IAD) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:London (LON) : +London (LON) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Sydney (SYD) : +Sydney (SYD) : +checkbox +yes +yes + +Rackspace Settings +79355 +Rackspace Settings[checkbox]:Hong Kong (HKG) : +Hong Kong (HKG) : +checkbox +yes +yes + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +RHEV Compliance Checks +77090 +RHEV Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +RHEV Settings +77089 +RHEV Settings[entry]:Username : +Username : +entry + + + +RHEV Settings +77089 +RHEV Settings[password]:Password : +Password : +password + + + +RHEV Settings +77089 +RHEV Settings[entry]:Port : +Port : +entry +443 +443 + +RHEV Settings +77089 +RHEV Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Salesforce.com Settings +76710 +Salesforce.com Settings[entry]:Username : +Username : +entry + + + +Salesforce.com Settings +76710 +Salesforce.com Settings[password]:Password : +Password : +password + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Salesforce.com Compliance Checks +76711 +Salesforce.com Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Server : +Satellite 6 Server : +entry + + + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Port : +Satellite 6 Port : +entry +443 +443 + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[checkbox]:Satellite 6 Use SSL : +Satellite 6 Use SSL : +checkbox +yes +yes + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[checkbox]:Satellite 6 Verify Certificate : +Satellite 6 Verify Certificate : +checkbox +yes +yes + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Username : +Satellite 6 Username : +entry + + + +Patch Management: Red Hat Satellite 6 Settings +84232 +Patch Management: Red Hat Satellite 6 Settings[password]:Satellite 6 Password : +Satellite 6 Password : +password + + + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite server(s) [separated w/ semicolons] : +Red Hat Satellite server(s) [separated w/ semicolons] : +entry + + + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite port(s) : +Red Hat Satellite port(s) : +entry +443 +443 + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[checkbox]:Verify SSL certificates : +Verify SSL certificates : +checkbox +no +no + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite username(s) : +Red Hat Satellite username(s) : +entry + + + +Patch Management: Red Hat Satellite Server Settings +84238 +Patch Management: Red Hat Satellite Server Settings[password]:Red Hat Satellite password(s) : +Red Hat Satellite password(s) : +password + + + +Modbus/TCP Coil Access +23817 +Modbus/TCP Coil Access[entry]:Start reg : +Start reg : +entry +0 +0 + +Modbus/TCP Coil Access +23817 +Modbus/TCP Coil Access[entry]:End reg : +End reg : +entry +16 +16 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #1 : +SCAP File (zip) #1 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #1 : +SCAP Version #1 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : +SCAP Data Stream ID (1.2 only) #1 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #1 : +SCAP Benchmark ID #1 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #1 : +SCAP Profile ID #1 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #1 : +OVAL Result Type #1 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #2 : +SCAP File (zip) #2 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #2 : +SCAP Version #2 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : +SCAP Data Stream ID (1.2 only) #2 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #2 : +SCAP Benchmark ID #2 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #2 : +SCAP Profile ID #2 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #2 : +OVAL Result Type #2 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #3 : +SCAP File (zip) #3 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #3 : +SCAP Version #3 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : +SCAP Data Stream ID (1.2 only) #3 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #3 : +SCAP Benchmark ID #3 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #3 : +SCAP Profile ID #3 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #3 : +OVAL Result Type #3 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #4 : +SCAP File (zip) #4 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #4 : +SCAP Version #4 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : +SCAP Data Stream ID (1.2 only) #4 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #4 : +SCAP Benchmark ID #4 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #4 : +SCAP Profile ID #4 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #4 : +OVAL Result Type #4 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[file]:SCAP File (zip) #5 : +SCAP File (zip) #5 : +file + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:SCAP Version #5 : +SCAP Version #5 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : +SCAP Data Stream ID (1.2 only) #5 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #5 : +SCAP Benchmark ID #5 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[entry]:SCAP Profile ID #5 : +SCAP Profile ID #5 : +entry + + + +SCAP Linux Compliance Checks +66757 +SCAP Linux Compliance Checks[radio]:OVAL Result Type #5 : +OVAL Result Type #5 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #1 : +SCAP File (zip) #1 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #1 : +SCAP Version #1 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : +SCAP Data Stream ID (1.2 only) #1 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #1 : +SCAP Benchmark ID #1 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #1 : +SCAP Profile ID #1 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #1 : +OVAL Result Type #1 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #2 : +SCAP File (zip) #2 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #2 : +SCAP Version #2 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : +SCAP Data Stream ID (1.2 only) #2 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #2 : +SCAP Benchmark ID #2 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #2 : +SCAP Profile ID #2 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #2 : +OVAL Result Type #2 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #3 : +SCAP File (zip) #3 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #3 : +SCAP Version #3 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : +SCAP Data Stream ID (1.2 only) #3 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #3 : +SCAP Benchmark ID #3 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #3 : +SCAP Profile ID #3 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #3 : +OVAL Result Type #3 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #4 : +SCAP File (zip) #4 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #4 : +SCAP Version #4 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : +SCAP Data Stream ID (1.2 only) #4 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #4 : +SCAP Benchmark ID #4 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #4 : +SCAP Profile ID #4 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #4 : +OVAL Result Type #4 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[file]:SCAP File (zip) #5 : +SCAP File (zip) #5 : +file + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:SCAP Version #5 : +SCAP Version #5 : +radio +1.2;1.1;1.0 +1.2;1.1;1.0 + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : +SCAP Data Stream ID (1.2 only) #5 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #5 : +SCAP Benchmark ID #5 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[entry]:SCAP Profile ID #5 : +SCAP Profile ID #5 : +entry + + + +SCAP Windows Compliance Checks +66756 +SCAP Windows Compliance Checks[radio]:OVAL Result Type #5 : +OVAL Result Type #5 : +radio +Full results w/ system characteristics;Full results w/o system characteristics;Thin results +Full results w/ system characteristics;Full results w/o system characteristics;Thin results + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[entry]:SCCM Server : +SCCM Server : +entry + + + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[entry]:SCCM Domain : +SCCM Domain : +entry + + + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[entry]:SCCM Username : +SCCM Username : +entry + + + +Patch Management: SCCM Server Settings +57029 +Patch Management: SCCM Server Settings[password]:SCCM Password : +SCCM Password : +password + + + +SMB Scope +10917 +SMB Scope[checkbox]:Request information about the domain +Request information about the domain +checkbox +yes +yes + +SNMP settings +19762 +SNMP settings[entry]:Community name : +Community name : +entry +public +public + +SNMP settings +19762 +SNMP settings[entry]:Community name (1) : +Community name (1) : +entry + + + +SNMP settings +19762 +SNMP settings[entry]:Community name (2) : +Community name (2) : +entry + + + +SNMP settings +19762 +SNMP settings[entry]:Community name (3) : +Community name (3) : +entry + + + +SNMP settings +19762 +SNMP settings[entry]:UDP port : +UDP port : +entry +161 +161 + +SNMP settings +19762 +SNMP settings[entry]:Additional UDP port (1) : +Additional UDP port (1) : +entry + +161 + +SNMP settings +19762 +SNMP settings[entry]:Additional UDP port (2) : +Additional UDP port (2) : +entry + +161 + +SNMP settings +19762 +SNMP settings[entry]:Additional UDP port (3) : +Additional UDP port (3) : +entry + +161 + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name : +SNMPv3 user name : +entry + + + +SNMP settings +19762 +SNMP settings[password]:SNMPv3 authentication password : +SNMPv3 authentication password : +password + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm : +SNMPv3 authentication algorithm : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[password]:SNMPv3 privacy password : +SNMPv3 privacy password : +password + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm : +SNMPv3 privacy algorithm : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (1) : +SNMPv3 user name (1) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (1) : +SNMPv3 authentication algorithm (1) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (1) : +SNMPv3 privacy algorithm (1) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (2) : +SNMPv3 user name (2) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (2) : +SNMPv3 authentication algorithm (2) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (2) : +SNMPv3 privacy algorithm (2) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (3) : +SNMPv3 user name (3) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (3) : +SNMPv3 authentication algorithm (3) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (3) : +SNMPv3 privacy algorithm (3) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (4) : +SNMPv3 user name (4) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (4) : +SNMPv3 authentication algorithm (4) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (4) : +SNMPv3 privacy algorithm (4) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SNMP settings +19762 +SNMP settings[entry]:SNMPv3 user name (5) : +SNMPv3 user name (5) : +entry + + + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 authentication algorithm (5) : +SNMPv3 authentication algorithm (5) : +radio +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 +MD5;SHA1;SHA-224;SHA-256;SHA-384;SHA-512 + +SNMP settings +19762 +SNMP settings[radio]:SNMPv3 privacy algorithm (5) : +SNMPv3 privacy algorithm (5) : +radio +AES;AES192;AES192C;AES256;AES256C;DES +AES;AES192;AES192C;AES256;AES256C;DES + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +SonicWALL SonicOS Compliance Checks +71955 +SonicWALL SonicOS Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Splunk Compliance Checks +166550 +Splunk Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Splunk API Settings +166551 +Splunk API Settings[entry]:Username : +Username : +entry + + + +Splunk API Settings +166551 +Splunk API Settings[password]:Password : +Password : +password + + + +Splunk API Settings +166551 +Splunk API Settings[entry]:Port : +Port : +entry +8089 +8089 + +Splunk API Settings +166551 +Splunk API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Splunk API Settings +166551 +Splunk API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +yes +yes + +SSH settings +14273 +SSH settings[entry]:SSH user name : +SSH user name : +entry +root +root + +SSH settings +14273 +SSH settings[password]:SSH password (unsafe!) : +SSH password (unsafe!) : +password + + + +SSH settings +14273 +SSH settings[file]:SSH public key to use : +SSH public key to use : +file + + + +SSH settings +14273 +SSH settings[file]:SSH private key to use : +SSH private key to use : +file + + + +SSH settings +14273 +SSH settings[password]:Passphrase for SSH key : +Passphrase for SSH key : +password + + + +SSH settings +14273 +SSH settings[radio]:Elevate privileges with : +Elevate privileges with : +radio +Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' +Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' + +SSH settings +14273 +SSH settings[entry]:Privilege elevation binary path (directory) : +Privilege elevation binary path (directory) : +entry + + + +SSH settings +14273 +SSH settings[entry]:su login : +su login : +entry + + + +SSH settings +14273 +SSH settings[entry]:Escalation account : +Escalation account : +entry +root +root + +SSH settings +14273 +SSH settings[password]:Escalation password : +Escalation password : +password + + + +SSH settings +14273 +SSH settings[file]:SSH known_hosts file : +SSH known_hosts file : +file + + + +SSH settings +14273 +SSH settings[entry]:Preferred SSH port : +Preferred SSH port : +entry +22 +22 + +SSH settings +14273 +SSH settings[entry]:Client version : +Client version : +entry +OpenSSH_5.0 +OpenSSH_5.0 + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (1) : +Additional SSH user name (1) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (1) : +Additional SSH password (1) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (2) : +Additional SSH user name (2) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (2) : +Additional SSH password (2) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (3) : +Additional SSH user name (3) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (3) : +Additional SSH password (3) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (4) : +Additional SSH user name (4) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (4) : +Additional SSH password (4) : +password + + + +SSH settings +14273 +SSH settings[entry]:Additional SSH user name (5) : +Additional SSH user name (5) : +entry + + + +SSH settings +14273 +SSH settings[password]:Additional SSH password (5) : +Additional SSH password (5) : +password + + + +SSL Certificate Expiry +15901 +SSL Certificate Expiry[entry]:Identify certificates that expire within x days +Identify certificates that expire within x days +entry +60 +60 + +SMB Registry : Start the Registry Service during the scan +35703 +SMB Registry : Start the Registry Service during the scan[checkbox]:Start the registry service during the scan +Start the registry service during the scan +checkbox +no +yes + +SMB Registry : Start the Registry Service during the scan +35703 +SMB Registry : Start the Registry Service during the scan[checkbox]:Enable administrative shares during the scan +Enable administrative shares during the scan +checkbox +no +yes + +SMTP settings +11038 +SMTP settings[entry]:Third party domain : +Third party domain : +entry +example.edu +example.edu + +SMTP settings +11038 +SMTP settings[entry]:From address : +From address : +entry +nobody@example.edu +nobody@example.edu + +SMTP settings +11038 +SMTP settings[entry]:To address : +To address : +entry +postmaster@[AUTO_REPLACED_IP] +postmaster@[AUTO_REPLACED_IP] + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Sybase DB Compliance Checks +150080 +Sybase DB Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Server : +Symantec Altiris Database Server : +entry + + + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Port : +Symantec Altiris Database Port : +entry +5690 +5690 + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Name : +Symantec Altiris Database Name : +entry +Symantec_CMDB +Symantec_CMDB + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[checkbox]:Symantec Altiris Use Windows Credentials : +Symantec Altiris Use Windows Credentials : +checkbox +no +no + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Username : +Symantec Altiris Database Username : +entry + + + +Patch Management: Symantec Altiris Settings +78013 +Patch Management: Symantec Altiris Settings[password]:Symantec Altiris Database Password : +Symantec Altiris Database Password : +password + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +Unix Compliance Checks +21157 +Unix Compliance Checks[radio]:Docker Scan Scope : +Docker Scan Scope : +radio +all +all + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Unix File Contents Compliance Checks +72095 +Unix File Contents Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +VMware vCenter/vSphere Compliance Checks +64455 +VMware vCenter/vSphere Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:VMware user name : +VMware user name : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:VMware password : +VMware password : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Ignore SSL Certificate : +Ignore SSL Certificate : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (1) : +Additional VMware user name (1) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (1) : +Additional VMware password (1) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (1) : +Additional Ignore SSL Certificate (1) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (2) : +Additional VMware user name (2) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (2) : +Additional VMware password (2) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (2) : +Additional Ignore SSL Certificate (2) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (3) : +Additional VMware user name (3) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (3) : +Additional VMware password (3) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (3) : +Additional Ignore SSL Certificate (3) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (4) : +Additional VMware user name (4) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (4) : +Additional VMware password (4) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (4) : +Additional Ignore SSL Certificate (4) : +checkbox +no +no + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[entry]:Additional VMware user name (5) : +Additional VMware user name (5) : +entry + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[password]:Additional VMware password (5) : +Additional VMware password (5) : +password + + + +VMware SOAP API Settings +57395 +VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (5) : +Additional Ignore SSL Certificate (5) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:VMware vCenter host : +VMware vCenter host : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:VMware vCenter port : +VMware vCenter port : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:VMware vCenter user name : +VMware vCenter user name : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:VMware vCenter password : +VMware vCenter password : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Auto Discover Managed ESXi Hosts : +Auto Discover Managed ESXi Hosts : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Auto Discover Managed Virtual Machines : +Auto Discover Managed Virtual Machines : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (1) : +Additional VMware vCenter host (1) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (1) : +Additional VMware vCenter port (1) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (1) : +Additional VMware vCenter user name (1) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (1) : +Additional VMware vCenter password (1) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (1) : +Additional SSL (1) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (1) : +Additional Verify SSL Certificate (1) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Auto Discover Managed ESXi Hosts : +Additional Auto Discover Managed ESXi Hosts : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Auto Discover Managed Virtual Machines : +Additional Auto Discover Managed Virtual Machines : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (2) : +Additional VMware vCenter host (2) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (2) : +Additional VMware vCenter port (2) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (2) : +Additional VMware vCenter user name (2) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (2) : +Additional VMware vCenter password (2) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (2) : +Additional SSL (2) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (2) : +Additional Verify SSL Certificate (2) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (3) : +Additional VMware vCenter host (3) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (3) : +Additional VMware vCenter port (3) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (3) : +Additional VMware vCenter user name (3) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (3) : +Additional VMware vCenter password (3) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (3) : +Additional SSL (3) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (3) : +Additional Verify SSL Certificate (3) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (4) : +Additional VMware vCenter host (4) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (4) : +Additional VMware vCenter port (4) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (4) : +Additional VMware vCenter user name (4) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (4) : +Additional VMware vCenter password (4) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (4) : +Additional SSL (4) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (4) : +Additional Verify SSL Certificate (4) : +checkbox +no +no + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (5) : +Additional VMware vCenter host (5) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (5) : +Additional VMware vCenter port (5) : +entry +443 +443 + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (5) : +Additional VMware vCenter user name (5) : +entry + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (5) : +Additional VMware vCenter password (5) : +password + + + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional SSL (5) : +Additional SSL (5) : +checkbox +yes +yes + +VMware vCenter SOAP API Settings +63060 +VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (5) : +Additional Verify SSL Certificate (5) : +checkbox +no +no + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +WatchGuard Compliance Checks +86269 +WatchGuard Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:Enable web applications tests +Enable web applications tests +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[entry]:Maximum run time (min) : +Maximum run time (min) : +entry +60 +60 + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:Try all HTTP methods +Try all HTTP methods +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[radio]:Combinations of arguments values +Combinations of arguments values +radio +one value;some pairs;all pairs (slower but efficient);some combinations;all combinations (extremely slow) +one value;some pairs;all pairs (slower but efficient);some combinations;all combinations (extremely slow) + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:HTTP Parameter Pollution +HTTP Parameter Pollution +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[radio]:Stop at first flaw +Stop at first flaw +radio +per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) +per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) + +Web Application Tests Settings +39471 +Web Application Tests Settings[checkbox]:Test embedded web servers +Test embedded web servers +checkbox +no +no + +Web Application Tests Settings +39471 +Web Application Tests Settings[entry]:URL for Remote File Inclusion : +URL for Remote File Inclusion : +entry +http://rfi.nessus.org/rfi.txt +http://rfi.nessus.org/rfi.txt + +Web mirroring +10662 +Web mirroring[entry]:Number of pages to mirror : +Number of pages to mirror : +entry +1000 +1000 + +Web mirroring +10662 +Web mirroring[entry]:Maximum depth : +Maximum depth : +entry +6 +6 + +Web mirroring +10662 +Web mirroring[entry]:Start page : +Start page : +entry +/ +/ + +Web mirroring +10662 +Web mirroring[entry]:Excluded items regex : +Excluded items regex : +entry +/server_privileges\.php|logout +/server_privileges\.php|logout + +Web mirroring +10662 +Web mirroring[checkbox]:Follow dynamic pages : +Follow dynamic pages : +checkbox +no +no + +Malicious Process Detection +59275 +Malicious Process Detection[file]:Additional MD5 hashes (optional) : +Additional MD5 hashes (optional) : +file + + + +Malicious Process Detection +59275 +Malicious Process Detection[file]:Known good MD5 hashes (optional) : +Known good MD5 hashes (optional) : +file + + + +Malicious Process Detection +59275 +Malicious Process Detection[file]:Yara rules file : +Yara rules file : +file + + + +Malicious Process Detection +59275 +Malicious Process Detection[checkbox]:disable_dns_resolution +disable_dns_resolution +checkbox +no +no + +Malicious Process Detection +59275 +Malicious Process Detection[checkbox]:enable_malware_scanning +enable_malware_scanning +checkbox +no +no + +Wake-on-LAN +52616 +Wake-on-LAN[file]:List of MAC addresses for Wake-on-LAN: +List of MAC addresses for Wake-on-LAN: +file + + + +Wake-on-LAN +52616 +Wake-on-LAN[entry]:Time to wait (in minutes) for the systems to boot: +Time to wait (in minutes) for the systems to boot: +entry +5 +5 + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[entry]:Workspace ONE Environment API URL : +Workspace ONE Environment API URL : +entry + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[entry]:Workspace ONE port : +Workspace ONE port : +entry + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[entry]:Workspace ONE username : +Workspace ONE username : +entry + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[password]:Workspace ONE password : +Workspace ONE password : +password + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Workspace ONE Collect All Device Data : +Workspace ONE Collect All Device Data : +checkbox + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Workspace ONE Collect Device Applications : +Workspace ONE Collect Device Applications : +checkbox + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Workspace ONE Collect Device Profiles : +Workspace ONE Collect Device Profiles : +checkbox + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[password]:Workspace ONE API key : +Workspace ONE API key : +password + + + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:SSL : +SSL : +checkbox +yes +yes + +Workspace ONE API Settings +174452 +Workspace ONE API Settings[checkbox]:Verify SSL certificate : +Verify SSL certificate : +checkbox +no +no + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[entry]:WSUS Server : +WSUS Server : +entry + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[entry]:WSUS Port : +WSUS Port : +entry + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[entry]:WSUS Username : +WSUS Username : +entry + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[password]:WSUS Password : +WSUS Password : +password + + + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[checkbox]:SSL : +SSL : +checkbox +no +no + +Patch Management: WSUS Server Settings +57031 +Patch Management: WSUS Server Settings[checkbox]:Verify SSL Certificate : +Verify SSL Certificate : +checkbox +no +no + +Zoom Settings +163518 +Zoom Settings[entry]:Client ID +Client ID +entry + + + +Zoom Settings +163518 +Zoom Settings[entry]:Account ID +Account ID +entry + + + +Zoom Settings +163518 +Zoom Settings[password]:Client Secret +Client Secret +password + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +Zoom Compliance Checks +163517 +Zoom Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #1 : +Policy file #1 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #2 : +Policy file #2 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #3 : +Policy file #3 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #4 : +Policy file #4 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Policy file #5 : +Policy file #5 : +file + + + +ZTE ROSNG Compliance Checks +144328 +ZTE ROSNG Compliance Checks[file]:Offline config file (.txt or .zip) : +Offline config file (.txt or .zip) : +file + + + + + +MacOS X Local Security Checks +enabled + +MarinerOS Local Security Checks +enabled + +F5 Networks Local Security Checks +enabled + +DNS +disabled + +Gain a shell remotely +disabled + +Solaris Local Security Checks +enabled + +Port scanners +mixed + +Web Servers +disabled + +SMTP problems +disabled + +Service detection +disabled + +Brute force attacks +disabled + +CGI abuses : XSS +disabled + +Databases +enabled + +Mandriva Local Security Checks +enabled + +Debian Local Security Checks +enabled + +Default Unix Accounts +disabled + +Denial of Service +disabled + +Settings +mixed + +Palo Alto Local Security Checks +enabled + +HP-UX Local Security Checks +enabled + +Backdoors +disabled + +VMware ESX Local Security Checks +enabled + +NewStart CGSL Local Security Checks +enabled + +SCADA +disabled + +General +mixed + +PhotonOS Local Security Checks +enabled + +Oracle Linux Local Security Checks +enabled + +Red Hat Local Security Checks +enabled + +FreeBSD Local Security Checks +enabled + +CGI abuses +disabled + +Rocky Linux Local Security Checks +enabled + +Windows : User management +enabled + +Tenable.ot +disabled + +Netware +disabled + +Amazon Linux Local Security Checks +enabled + +Peer-To-Peer File Sharing +disabled + +Slackware Local Security Checks +enabled + +SNMP +disabled + +Gentoo Local Security Checks +enabled + +Huawei Local Security Checks +enabled + +Fedora Local Security Checks +enabled + +Ubuntu Local Security Checks +enabled + +Misc. +mixed + +Alma Linux Local Security Checks +enabled + +Virtuozzo Local Security Checks +enabled + +FTP +disabled + +Firewalls +disabled + +Windows : Microsoft Bulletins +enabled + +Junos Local Security Checks +enabled + +Mobile Devices +disabled + +Policy Compliance +disabled + +Windows +enabled + +SuSE Local Security Checks +enabled + +RPC +disabled + +OracleVM Local Security Checks +enabled + +CentOS Local Security Checks +enabled + +CISCO +enabled + +Scientific Linux Local Security Checks +enabled + +AIX Local Security Checks +enabled + + +97993 +OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library) +Misc. +enabled + +34220 +Netstat Portscanner (WMI) +Port scanners +enabled + +21745 +OS Security Patch Assessment Failed +Settings +enabled + +24786 +Nessus Windows Scan Not Performed with Admin Privileges +Settings +enabled + +12634 +Authenticated Check : OS Name and Installed Package Enumeration +Settings +enabled + +14274 +Nessus SNMP Scanner +Port scanners +enabled + +14272 +Netstat Portscanner (SSH) +Port scanners +enabled + +10180 +Ping the remote host +Port scanners +enabled + +19506 +Nessus Scan Information +Settings +enabled + +76795 +Huawei Versatile Routing Platform Version Detection +Misc. +enabled + +76796 +Huawei Quidway Switches DoS (HWPSIRT-2014-0301) +Huawei Local Security Checks +enabled + +11219 +Nessus SYN scanner +Port scanners +enabled + +33850 +Unix Operating System Unsupported Version Detection +General +enabled + +76797 +Huawei eSap Platform DoS (HWPSIRT-2014-0111) +Huawei Local Security Checks +enabled + +87413 +Host Tagging +Settings +enabled + +66334 +Patch Report +General +enabled + + + + + +1706896093 +Fri Feb 2 09:48:13 2024 +983 +0 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024): Upgrade to VMware Tools version 12.3.5 or later. +CVE-2024-21388, CVE-2024-21337, CVE-2024-20721, CVE-2024-20709, CVE-2024-20675, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996, CVE-2023-5859, CVE-2023-5858, CVE-2023-5857, CVE-2023-5856, CVE-2023-5855, CVE-2023-5854, CVE-2023-5853, CVE-2023-5852, CVE-2023-5851, CVE-2023-5850, CVE-2023-5849, CVE-2023-5487, CVE-2023-5486, CVE-2023-5485, CVE-2023-5484, CVE-2023-5483, CVE-2023-5482, CVE-2023-5481, CVE-2023-5480, CVE-2023-5479, CVE-2023-5478, CVE-2023-5477, CVE-2023-5476, CVE-2023-5475, CVE-2023-5474, CVE-2023-5473, CVE-2023-5472, CVE-2023-5346, CVE-2023-5218, CVE-2023-5217, CVE-2023-5187, CVE-2023-5186, CVE-2023-4909, CVE-2023-4908, CVE-2023-4907, CVE-2023-4906, CVE-2023-4905, CVE-2023-4904, CVE-2023-4903, CVE-2023-4902, CVE-2023-4901, CVE-2023-4900, CVE-2023-4863, CVE-2023-4764, CVE-2023-4763, CVE-2023-4762, CVE-2023-4761, CVE-2023-4572, CVE-2023-44323, CVE-2023-4431, CVE-2023-4430, CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4368, CVE-2023-4367, CVE-2023-4366, CVE-2023-4365, CVE-2023-4364, CVE-2023-4363, CVE-2023-4362, CVE-2023-4361, CVE-2023-4360, CVE-2023-4359, CVE-2023-4358, CVE-2023-4357, CVE-2023-4356, CVE-2023-4355, CVE-2023-4354, CVE-2023-4353, CVE-2023-4352, CVE-2023-4351, CVE-2023-4350, CVE-2023-4349, CVE-2023-4078, CVE-2023-4077, CVE-2023-4076, CVE-2023-4075, CVE-2023-4074, CVE-2023-4073, CVE-2023-4072, CVE-2023-4071, CVE-2023-4070, CVE-2023-4069, CVE-2023-4068, CVE-2023-38187, CVE-2023-38174, CVE-2023-38173, CVE-2023-38158, CVE-2023-38157, CVE-2023-3740, CVE-2023-3738, CVE-2023-3737, CVE-2023-3736, CVE-2023-3735, CVE-2023-3734, CVE-2023-3733, CVE-2023-3732, CVE-2023-3730, CVE-2023-3728, CVE-2023-3727, CVE-2023-36888, CVE-2023-36887, CVE-2023-36883, CVE-2023-36880, CVE-2023-36878, CVE-2023-36787, CVE-2023-36741, CVE-2023-36735, CVE-2023-36727, CVE-2023-36562, CVE-2023-36559, CVE-2023-36409, CVE-2023-36034, CVE-2023-36029, CVE-2023-36026, CVE-2023-36024, CVE-2023-36022, CVE-2023-36014, CVE-2023-36008, CVE-2023-35618, CVE-2023-35392, CVE-2023-3422, CVE-2023-3421, CVE-2023-3420, CVE-2023-33145, CVE-2023-3217, CVE-2023-3216, CVE-2023-3215, CVE-2023-3214, CVE-2023-3079, CVE-2023-29354, CVE-2023-29350, CVE-2023-29334, CVE-2023-28301, CVE-2023-28286, CVE-2023-28284, CVE-2023-28261, CVE-2023-2726, CVE-2023-2725, CVE-2023-2724, CVE-2023-2723, CVE-2023-2722, CVE-2023-2721, CVE-2023-24935, CVE-2023-2468, CVE-2023-2467, CVE-2023-2466, CVE-2023-2465, CVE-2023-2464, CVE-2023-2463, CVE-2023-2462, CVE-2023-2460, CVE-2023-2459, CVE-2023-23374, CVE-2023-2312, CVE-2023-21795, CVE-2023-21794, CVE-2023-21720, CVE-2023-21719, CVE-2023-2137, CVE-2023-2135, CVE-2023-2134, CVE-2023-2133, CVE-2023-2033, CVE-2023-1999, CVE-2023-1534, CVE-2023-1533, CVE-2023-1532, CVE-2023-1531, CVE-2023-1530, CVE-2023-1529, CVE-2023-1528, CVE-2023-1236, CVE-2023-1235, CVE-2023-1234, CVE-2023-1233, CVE-2023-1232, CVE-2023-1231, CVE-2023-1230, CVE-2023-1229, CVE-2023-1228, CVE-2023-1224, CVE-2023-1223, CVE-2023-1222, CVE-2023-1221, CVE-2023-1220, CVE-2023-1219, CVE-2023-1218, CVE-2023-1217, CVE-2023-1216, CVE-2023-1215, CVE-2023-1214, CVE-2023-1213, CVE-2023-0941, CVE-2023-0933, CVE-2023-0932, CVE-2023-0931, CVE-2023-0930, CVE-2023-0929, CVE-2023-0928, CVE-2023-0927, CVE-2023-0705, CVE-2023-0704, CVE-2023-0703, CVE-2023-0702, CVE-2023-0701, CVE-2023-0700, CVE-2023-0699, CVE-2023-0698, CVE-2023-0697, CVE-2023-0696, CVE-2023-0474, CVE-2023-0473, CVE-2023-0472, CVE-2023-0471, CVE-2023-0141, CVE-2023-0140, CVE-2023-0139, CVE-2023-0138, CVE-2023-0136, CVE-2023-0135, CVE-2023-0134, CVE-2023-0133, CVE-2023-0132, CVE-2023-0131, CVE-2023-0130, CVE-2023-0129, CVE-2022-44708, CVE-2022-44688, CVE-2022-4440, CVE-2022-4439, CVE-2022-4438, CVE-2022-4437, CVE-2022-4436, CVE-2022-4262, CVE-2022-4195, CVE-2022-4194, CVE-2022-4193, CVE-2022-4192, CVE-2022-4191, CVE-2022-4190, CVE-2022-4189, CVE-2022-4188, CVE-2022-4187, CVE-2022-4186, CVE-2022-4185, CVE-2022-4184, CVE-2022-4183, CVE-2022-4182, CVE-2022-4181, CVE-2022-4180, CVE-2022-4179, CVE-2022-4178, CVE-2022-4177, CVE-2022-4175, CVE-2022-4174, CVE-2022-4135, CVE-2022-41115, CVE-2022-3890, CVE-2022-3889, CVE-2022-3888, CVE-2022-3887, CVE-2022-3886, CVE-2022-3885, CVE-2022-38012, CVE-2022-3723, CVE-2022-3661, CVE-2022-3660, CVE-2022-3657, CVE-2022-3656, CVE-2022-3655, CVE-2022-3654, CVE-2022-3653, CVE-2022-3652, CVE-2022-35796, CVE-2022-3450, CVE-2022-3449, CVE-2022-3447, CVE-2022-3446, CVE-2022-3445, CVE-2022-3373, CVE-2022-3370, CVE-2022-33680, CVE-2022-33649, CVE-2022-33639, CVE-2022-33636, CVE-2022-3200, CVE-2022-3199, CVE-2022-3198, CVE-2022-3197, CVE-2022-3196, CVE-2022-3195, CVE-2022-3075, CVE-2022-3058, CVE-2022-3057, CVE-2022-3056, CVE-2022-3055, CVE-2022-3054, CVE-2022-3053, CVE-2022-3047, CVE-2022-3046, CVE-2022-3045, CVE-2022-3044, CVE-2022-3041, CVE-2022-3040, CVE-2022-3039, CVE-2022-3038, CVE-2022-30128, CVE-2022-30127, CVE-2022-29147, CVE-2022-29146, CVE-2022-29144, CVE-2022-2861, CVE-2022-2860, CVE-2022-2858, CVE-2022-2857, CVE-2022-2856, CVE-2022-2855, CVE-2022-2854, CVE-2022-2853, CVE-2022-2852, CVE-2022-26912, CVE-2022-26909, CVE-2022-26908, CVE-2022-26905, CVE-2022-26900, CVE-2022-26899, CVE-2022-26895, CVE-2022-26894, CVE-2022-26891, CVE-2022-2624, CVE-2022-2623, CVE-2022-2622, CVE-2022-2621, CVE-2022-2619, CVE-2022-2618, CVE-2022-2617, CVE-2022-2616, CVE-2022-2615, CVE-2022-2614, CVE-2022-2612, CVE-2022-2611, CVE-2022-2610, CVE-2022-2606, CVE-2022-2605, CVE-2022-2604, CVE-2022-2603, CVE-2022-2481, CVE-2022-2480, CVE-2022-2479, CVE-2022-2478, CVE-2022-2477, CVE-2022-24523, CVE-2022-24475, CVE-2022-23264, CVE-2022-23263, CVE-2022-23262, CVE-2022-23261, CVE-2022-23258, CVE-2022-2294, CVE-2022-22021, CVE-2022-21970, CVE-2022-21954, CVE-2022-21931, CVE-2022-21930, CVE-2022-21929, CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, CVE-2022-2007, CVE-2022-1876, CVE-2022-1875, CVE-2022-1874, CVE-2022-1873, CVE-2022-1872, CVE-2022-1871, CVE-2022-1870, CVE-2022-1869, CVE-2022-1868, CVE-2022-1867, CVE-2022-1865, CVE-2022-1864, CVE-2022-1863, CVE-2022-1862, CVE-2022-1859, CVE-2022-1858, CVE-2022-1857, CVE-2022-1856, CVE-2022-1855, CVE-2022-1854, CVE-2022-1853, CVE-2022-1640, CVE-2022-1639, CVE-2022-1638, CVE-2022-1637, CVE-2022-1636, CVE-2022-1635, CVE-2022-1634, CVE-2022-1501, CVE-2022-1500, CVE-2022-1499, CVE-2022-1498, CVE-2022-1497, CVE-2022-1495, CVE-2022-1494, CVE-2022-1493, CVE-2022-1492, CVE-2022-1491, CVE-2022-1490, CVE-2022-1488, CVE-2022-1487, CVE-2022-1486, CVE-2022-1485, CVE-2022-1484, CVE-2022-1483, CVE-2022-1482, CVE-2022-1481, CVE-2022-1479, CVE-2022-1478, CVE-2022-1477, CVE-2022-1364, CVE-2022-1314, CVE-2022-1313, CVE-2022-1312, CVE-2022-1310, CVE-2022-1309, CVE-2022-1308, CVE-2022-1307, CVE-2022-1306, CVE-2022-1305, CVE-2022-1232, CVE-2022-1146, CVE-2022-1145, CVE-2022-1143, CVE-2022-1139, CVE-2022-1138, CVE-2022-1137, CVE-2022-1136, CVE-2022-1135, CVE-2022-1134, CVE-2022-1133, CVE-2022-1131, CVE-2022-1130, CVE-2022-1129, CVE-2022-1128, CVE-2022-1127, CVE-2022-1125, CVE-2022-1096, CVE-2022-0980, CVE-2022-0979, CVE-2022-0978, CVE-2022-0977, CVE-2022-0976, CVE-2022-0975, CVE-2022-0974, CVE-2022-0973, CVE-2022-0972, CVE-2022-0971, CVE-2022-0809, CVE-2022-0808, CVE-2022-0807, CVE-2022-0806, CVE-2022-0805, CVE-2022-0804, CVE-2022-0803, CVE-2022-0802, CVE-2022-0801, CVE-2022-0800, CVE-2022-0799, CVE-2022-0798, CVE-2022-0797, CVE-2022-0796, CVE-2022-0795, CVE-2022-0794, CVE-2022-0793, CVE-2022-0792, CVE-2022-0791, CVE-2022-0790, CVE-2022-0789, CVE-2022-0610, CVE-2022-0609, CVE-2022-0608, CVE-2022-0607, CVE-2022-0606, CVE-2022-0605, CVE-2022-0604, CVE-2022-0603, CVE-2022-0120, CVE-2022-0118, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0109, CVE-2022-0108, CVE-2022-0107, CVE-2022-0106, CVE-2022-0105, CVE-2022-0104, CVE-2022-0103, CVE-2022-0102, CVE-2022-0101, CVE-2022-0100, CVE-2022-0099, CVE-2022-0098, CVE-2022-0097, CVE-2022-0096, CVE-2021-43221, CVE-2021-42308, CVE-2021-42307, CVE-2021-4102, CVE-2021-4101, CVE-2021-4100, CVE-2021-4099, CVE-2021-4098, CVE-2021-4068, CVE-2021-4067, CVE-2021-4066, CVE-2021-4065, CVE-2021-4064, CVE-2021-4063, CVE-2021-4062, CVE-2021-4061, CVE-2021-4059, CVE-2021-4058, CVE-2021-4057, CVE-2021-4056, CVE-2021-4055, CVE-2021-4054, CVE-2021-4053, CVE-2021-4052, CVE-2021-38669, CVE-2021-38642, CVE-2021-38641, CVE-2021-38022, CVE-2021-38021, CVE-2021-38020, CVE-2021-38019, CVE-2021-38018, CVE-2021-38017, CVE-2021-38016, CVE-2021-38015, CVE-2021-38014, CVE-2021-38013, CVE-2021-38012, CVE-2021-38011, CVE-2021-38010, CVE-2021-38009, CVE-2021-38008, CVE-2021-38007, CVE-2021-38006, CVE-2021-38005, CVE-2021-38003, CVE-2021-38002, CVE-2021-38001, CVE-2021-38000, CVE-2021-37999, CVE-2021-37998, CVE-2021-37997, CVE-2021-37996, CVE-2021-37995, CVE-2021-37994, CVE-2021-37993, CVE-2021-37992, CVE-2021-37991, CVE-2021-37990, CVE-2021-37989, CVE-2021-37988, CVE-2021-37987, CVE-2021-37986, CVE-2021-37985, CVE-2021-37984, CVE-2021-37983, CVE-2021-37982, CVE-2021-37981, CVE-2021-37980, CVE-2021-37979, CVE-2021-37978, CVE-2021-37977, CVE-2021-37976, CVE-2021-37975, CVE-2021-37974, CVE-2021-37973, CVE-2021-37972, CVE-2021-37971, CVE-2021-37970, CVE-2021-37969, CVE-2021-37968, CVE-2021-37967, CVE-2021-37966, CVE-2021-37965, CVE-2021-37964, CVE-2021-37963, CVE-2021-37962, CVE-2021-37961, CVE-2021-37959, CVE-2021-37958, CVE-2021-37957, CVE-2021-37956, CVE-2021-36930, CVE-2021-34506, CVE-2021-34475, CVE-2021-33741, CVE-2021-30633, CVE-2021-30632, CVE-2021-30630, CVE-2021-30629, CVE-2021-30628, CVE-2021-30627, CVE-2021-30626, CVE-2021-30625, CVE-2021-30624, CVE-2021-30623, CVE-2021-30622, CVE-2021-30621, CVE-2021-30620, CVE-2021-30619, CVE-2021-30618, CVE-2021-30617, CVE-2021-30616, CVE-2021-30615, CVE-2021-30614, CVE-2021-30613, CVE-2021-30612, CVE-2021-30611, CVE-2021-30610, CVE-2021-30609, CVE-2021-30608, CVE-2021-30607, CVE-2021-30606, CVE-2021-30604, CVE-2021-30603, CVE-2021-30602, CVE-2021-30601, CVE-2021-30599, CVE-2021-30598, CVE-2021-30597, CVE-2021-30596, CVE-2021-30594, CVE-2021-30593, CVE-2021-30592, CVE-2021-30591, CVE-2021-30590, CVE-2021-30589, CVE-2021-30588, CVE-2021-30587, CVE-2021-30586, CVE-2021-30585, CVE-2021-30584, CVE-2021-30583, CVE-2021-30582, CVE-2021-30581, CVE-2021-30580, CVE-2021-30579, CVE-2021-30578, CVE-2021-30577, CVE-2021-30576, CVE-2021-30575, CVE-2021-30574, CVE-2021-30573, CVE-2021-30572, CVE-2021-30571, CVE-2021-30569, CVE-2021-30568, CVE-2021-30567, CVE-2021-30566, CVE-2021-30565, CVE-2021-30564, CVE-2021-30563, CVE-2021-30562, CVE-2021-30561, CVE-2021-30560, CVE-2021-30559, CVE-2021-30557, CVE-2021-30556, CVE-2021-30555, CVE-2021-30554, CVE-2021-30553, CVE-2021-30552, CVE-2021-30551, CVE-2021-30550, CVE-2021-30549, CVE-2021-30548, CVE-2021-30547, CVE-2021-30546, CVE-2021-30545, CVE-2021-30544, CVE-2021-30541, CVE-2021-30540, CVE-2021-30539, CVE-2021-30538, CVE-2021-30537, CVE-2021-30536, CVE-2021-30535, CVE-2021-30534, CVE-2021-30533, CVE-2021-30532, CVE-2021-30531, CVE-2021-30530, CVE-2021-30529, CVE-2021-30528, CVE-2021-30527, CVE-2021-30526, CVE-2021-30525, CVE-2021-30524, CVE-2021-30523, CVE-2021-30522, CVE-2021-30521, CVE-2021-30520, CVE-2021-30519, CVE-2021-30518, CVE-2021-30517, CVE-2021-30516, CVE-2021-30515, CVE-2021-30514, CVE-2021-30513, CVE-2021-30512, CVE-2021-30511, CVE-2021-30510, CVE-2021-30509, CVE-2021-30508, CVE-2021-30507, CVE-2021-30506, CVE-2021-26439, CVE-2021-26436, CVE-2021-24113, CVE-2021-21233, CVE-2021-21232, CVE-2021-21231, CVE-2021-21230, CVE-2021-21229, CVE-2021-21228, CVE-2021-21227, CVE-2021-21226, CVE-2021-21225, CVE-2021-21224, CVE-2021-21223, CVE-2021-21222, CVE-2021-21221, CVE-2021-21220, CVE-2021-21219, CVE-2021-21218, CVE-2021-21217, CVE-2021-21216, CVE-2021-21215, CVE-2021-21214, CVE-2021-21213, CVE-2021-21212, CVE-2021-21211, CVE-2021-21210, CVE-2021-21209, CVE-2021-21208, CVE-2021-21207, CVE-2021-21206, CVE-2021-21205, CVE-2021-21204, CVE-2021-21203, CVE-2021-21202, CVE-2021-21201, CVE-2021-21199, CVE-2021-21198, CVE-2021-21197, CVE-2021-21196, CVE-2021-21195, CVE-2021-21194, CVE-2021-21193, CVE-2021-21192, CVE-2021-21191, CVE-2021-21190, CVE-2021-21189, CVE-2021-21188, CVE-2021-21187, CVE-2021-21186, CVE-2021-21185, CVE-2021-21184, CVE-2021-21183, CVE-2021-21182, CVE-2021-21181, CVE-2021-21180, CVE-2021-21179, CVE-2021-21178, CVE-2021-21177, CVE-2021-21176, CVE-2021-21175, CVE-2021-21174, CVE-2021-21173, CVE-2021-21172, CVE-2021-21171, CVE-2021-21170, CVE-2021-21169, CVE-2021-21168, CVE-2021-21167, CVE-2021-21166, CVE-2021-21165, CVE-2021-21164, CVE-2021-21163, CVE-2021-21162, CVE-2021-21161, CVE-2021-21160, CVE-2021-21159, CVE-2021-21157, CVE-2021-21156, CVE-2021-21155, CVE-2021-21154, CVE-2021-21153, CVE-2021-21152, CVE-2021-21151, CVE-2021-21150, CVE-2021-21149, CVE-2021-21148, CVE-2021-21147, CVE-2021-21146, CVE-2021-21145, CVE-2021-21144, CVE-2021-21143, CVE-2021-21142, CVE-2021-21141, CVE-2021-21140, CVE-2021-21139, CVE-2021-21137, CVE-2021-21136, CVE-2021-21135, CVE-2021-21134, CVE-2021-21133, CVE-2021-21132, CVE-2021-21131, CVE-2021-21130, CVE-2021-21129, CVE-2021-21128, CVE-2021-21127, CVE-2021-21126, CVE-2021-21125, CVE-2021-21124, CVE-2021-21123, CVE-2021-21122, CVE-2021-21121, CVE-2021-21120, CVE-2021-21119, CVE-2021-21118, CVE-2021-21116, CVE-2021-21115, CVE-2021-21114, CVE-2021-21113, CVE-2021-21112, CVE-2021-21111, CVE-2021-21110, CVE-2021-21109, CVE-2021-21108, CVE-2021-21107, CVE-2021-21106, CVE-2020-27844, CVE-2020-16044, CVE-2020-16043, CVE-2020-16042, CVE-2020-16041, CVE-2020-16040, CVE-2020-16039, CVE-2020-16038, CVE-2020-16037, CVE-2020-16036, CVE-2020-16034, CVE-2020-16033, CVE-2020-16032, CVE-2020-16031, CVE-2020-16030, CVE-2020-16029, CVE-2020-16028, CVE-2020-16027, CVE-2020-16026, CVE-2020-16025, CVE-2020-16024, CVE-2020-16023, CVE-2020-16022, CVE-2020-16018, CVE-2020-16017, CVE-2020-16016, CVE-2020-16015, CVE-2020-16014, CVE-2020-16013, CVE-2020-16012, CVE-2020-16011, CVE-2020-16009, CVE-2020-16008, CVE-2020-16007, CVE-2020-16006, CVE-2020-16005, CVE-2020-16004, CVE-2020-16003, CVE-2020-16002, CVE-2020-16001, CVE-2020-16000, CVE-2020-15999, CVE-2020-15995, CVE-2019-8075 +933 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388): Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +1706896092 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"SOT-WIN2K22-02","sources":["get_host_fqdn()"]}] +00:50:56:2E:96:56 +general-purpose +Microsoft Windows Server 2022 Standard Build 20348 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-02-02","Signature version":"1.403.3098.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +SOT-WIN2K22-02 +WORKGROUP +SOT-WIN2K22-02 +240E4D56-3AF4-A03F-F53C-33F38988C97D +[{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 14},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 73}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190704_7_p=49665 +SOT-WIN2K22-02 +true +192.168.40.170\degthat +smb +192.168.40.170 +1706895243 +Fri Feb 2 09:34:03 2024 + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 2 actions : + + +[ Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) (189605) ] + ++ Action to take : Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. + ++Impact : Taking this action will resolve 933 different vulnerabilities (CVEs). + + + +[ VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) (184130) ] + ++ Action to take : Upgrade to VMware Tools version 12.3.5 or later. + + + + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202402021215 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria all SVR scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.39 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 6.894 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.170\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/2/2 9:34 Pacific Standard Time +Scan duration : 836 sec +Scan for malware : no + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. +AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-746496990-2641142201-3713043312-500 + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\Windows\system32\mshtml.dll + Version : 11.0.20348.2227 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-02-02T11:31:23-05:00 (20240202113123.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv2 + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + C$ : + + - C:\Windows\System32\MSDRM\MsoIrmProtector.doc + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc + - C:\Windows\System32\MSDRM\MsoIrmProtector.ppt + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt + - C:\Windows\System32\MSDRM\MsoIrmProtector.xls + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Announcement.docx + + + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +ADFS +appcompat +apppatch +AppReadiness +assembly +AzureArcSetup +bcastdvr +bfsvc.exe +Boot +bootstat.dat +Branding +BrowserCore +CbsTemp +Containers +Cursors +debug +diagnostics +DiagTrack +DigitalLocker +Downloaded Program Files +drivers +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +IME +ImmersiveControlPanel +INF +InputMethod +Installer +L2Schemas +LiveKernelReports +Logs +lsasetup.log +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServerStandard.xml +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 +SystemApps +SystemResources +SystemTemp +SysWOW64 +TAPI +Tasks +Temp +tracing +twain_32 +twain_32.dll +Vss +WaaS +Web +win.ini +WindowsShell.Manifest + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +$WINRE_BACKUP_PARTITION.MARKER +Documents and Settings +DumpStack.log.tmp +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +System Volume Information +Users +Windows + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - IPC$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - SOT-WIN2K22-02\soteria (User) + - SOT-WIN2K22-02\degthat (User) + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.3098.0 + Antispyware signature version : 1.403.3098.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows Server 2022 21H2 + Vendor : Microsoft + Product : Windows Server + Release : 2022 21H2 + Edition : Standard + Version : 10.0.20348.2227 + Role : server + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_server_2022:10.0.20348.2227:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:-:any:*:standard:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Feb. 2, 2024 at 08:51:48 GMT + Malware Signature Version : 1.403.3098.0 + Signatures Last Updated : Feb. 2, 2024 at 15:11:46 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CDPUserSvc_2102f8 startup parameters : + Display name : Connected Devices Platform User Service_2102f8 + Service name : CDPUserSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k smbsvcs + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\Windows\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UALSVC startup parameters : + Display name : User Access Logging Service + Service name : UALSVC + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : WinMgmt/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WpnUserService_2102f8 startup parameters : + Display name : Windows Push Notifications User Service_2102f8 + Service name : WpnUserService_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + cbdhsvc_2102f8 startup parameters : + Display name : Clipboard User Service_2102f8 + Service name : cbdhsvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/nsi/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\sppsvc.exe + Dependencies : RpcSs/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\vm3dservice.exe + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CaptureService_2102f8 startup parameters : + Display name : CaptureService_2102f8 + Service name : CaptureService_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + ConsentUxUserSvc_2102f8 startup parameters : + Display name : ConsentUX User Service_2102f8 + Service name : ConsentUxUserSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + CredentialEnrollmentManagerUserSvc_2102f8 startup parameters : + Display name : CredentialEnrollmentManagerUserSvc_2102f8 + Service name : CredentialEnrollmentManagerUserSvc_2102f8 + Executable path : C:\Windows\system32\CredentialEnrollmentManager.exe + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceAssociationBrokerSvc_2102f8 startup parameters : + Display name : DeviceAssociationBroker_2102f8 + Service name : DeviceAssociationBrokerSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + DevicesFlowUserSvc_2102f8 startup parameters : + Display name : DevicesFlow_2102f8 + Service name : DevicesFlowUserSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\Windows\System32\lsass.exe + Dependencies : RPCSS/ + + EapHost startup parameters : + Display name : Extensible Authentication Protocol + Service name : EapHost + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + FrameServerMonitor startup parameters : + Display name : Windows Camera Frame Server Monitor + Service name : FrameServerMonitor + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k CameraMonitor + Dependencies : rpcss/ + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\elevation_service.exe" + Dependencies : RPCSS/ + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + KPSSVC startup parameters : + Display name : KDC Proxy Server service (KPS) + Service name : KPSSVC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup + Dependencies : rpcss/http/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\elevation_service.exe" + Dependencies : RPCSS/ + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PimIndexMaintenanceSvc_2102f8 startup parameters : + Display name : Contact Data_2102f8 + Service name : PimIndexMaintenanceSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PrintWorkflowUserSvc_2102f8 startup parameters : + Display name : PrintWorkflow_2102f8 + Service name : PrintWorkflowUserSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RSoPProv startup parameters : + Display name : Resultant Set of Policy Provider + Service name : RSoPProv + Log on as : LocalSystem + Executable path : C:\Windows\system32\RSoPProv.exe + Dependencies : RPCSS/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\snmptrap.exe + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\Windows\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + StiSvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : StiSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k termsvcs + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\Windows\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/BrokerInfrastructure/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\Windows\servicing\TrustedInstaller.exe + + UdkUserSvc_2102f8 startup parameters : + Display name : Udk User Service_2102f8 + Service name : UdkUserSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k UdkSvcGroup + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + UnistoreSvc_2102f8 startup parameters : + Display name : User Data Storage_2102f8 + Service name : UnistoreSvc_2102f8 + Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup + + UserDataSvc_2102f8 startup parameters : + Display name : User Data Access_2102f8 + Service name : UserDataSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\Windows\system32\vssvc.exe + Dependencies : RPCSS/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : rpcss/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WarpJITSvc startup parameters : + Display name : Warp JIT Service + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\Windows\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + sacsvr startup parameters : + Display name : Special Administration Console Helper + Service name : sacsvr + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + tapisrv startup parameters : + Display name : Telephony + Service name : tapisrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\Windows\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{A5870C72-0E69-4482-ABA6-6ED4CEC56E1D} + Dependencies : rpcss/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\Windows\system32\wbem\WmiApSrv.exe + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\Windows\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevicePickerUserSvc_2102f8 startup parameters : + Display name : DevicePicker_2102f8 + Service name : DevicePickerUserSvc_2102f8 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\Windows\System32\SensorDataService.exe + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\Windows\system32\AgentService.exe + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k appmodel -p + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + ssh-agent startup parameters : + Display name : OpenSSH Authentication Agent + Service name : ssh-agent + Log on as : LocalSystem + Executable path : C:\Windows\System32\OpenSSH\ssh-agent.exe + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\soteria + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +Base Filtering Engine [ BFE ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Capability Access Manager Service [ camsvc ] +Connected Devices Platform Service [ CDPSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +DHCP Client [ Dhcp ] +Connected User Experiences and Telemetry [ DiagTrack ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Diagnostic Policy Service [ DPS ] +Device Setup Manager [ DsmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Windows Font Cache Service [ FontCache ] +Group Policy Client [ gpsvc ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +Network Connection Broker [ NcbService ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Program Compatibility Assistant Service [ PcaSvc ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +State Repository Service [ StateRepository ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Themes [ Themes ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Windows Modules Installer [ TrustedInstaller ] +User Access Logging Service [ UALSVC ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic System Host [ WdiSystemHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Push Notifications System Service [ WpnService ] +Clipboard User Service_2102f8 [ cbdhsvc_2102f8 ] +Connected Devices Platform User Service_2102f8 [ CDPUserSvc_2102f8 ] +Windows Push Notifications User Service_2102f8 [ WpnUserService_2102f8 ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Information [ Appinfo ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +Background Intelligent Transfer Service [ BITS ] +Bluetooth Support Service [ bthserv ] +Certificate Propagation [ CertPropSvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Association Service [ DeviceAssociationService ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Delivery Optimization [ DoSvc ] +Wired AutoConfig [ dot3svc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ EapHost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Camera Frame Server [ FrameServer ] +Windows Camera Frame Server Monitor [ FrameServerMonitor ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Microsoft Store Install Service [ InstallService ] +KDC Proxy Server service (KPS) [ KPSSVC ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Windows License Manager Service [ LicenseManager ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Performance Counter DLL Host [ PerfHost ] +Performance Logs & Alerts [ pla ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Remote Access Connection Manager [ RasMan ] +Routing and Remote Access [ RemoteAccess ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Resultant Set of Policy Provider [ RSoPProv ] +Special Administration Console Helper [ sacsvr ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +SNMP Trap [ SNMPTRAP ] +Software Protection [ sppsvc ] +SSDP Discovery [ SSDPSRV ] +OpenSSH Authentication Agent [ ssh-agent ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +Windows Image Acquisition (WIA) [ StiSvc ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Telephony [ tapisrv ] +Remote Desktop Services [ TermService ] +Storage Tiers Management [ TieringEngineService ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +UPnP Device Host [ upnphost ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +Windows Update Medic Service [ WaaSMedicSvc ] +WalletService [ WalletService ] +Warp JIT Service [ WarpJITSvc ] +Windows Biometric Service [ WbioSrvc ] +Diagnostic Service Host [ WdiServiceHost ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Insider Service [ wisvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Search [ WSearch ] +Windows Update [ wuauserv ] +CaptureService_2102f8 [ CaptureService_2102f8 ] +ConsentUX User Service_2102f8 [ ConsentUxUserSvc_2102f8 ] +CredentialEnrollmentManagerUserSvc_2102f8 [ CredentialEnrollmentManagerUserSvc_2102f8 ] +DeviceAssociationBroker_2102f8 [ DeviceAssociationBrokerSvc_2102f8 ] +DevicePicker_2102f8 [ DevicePickerUserSvc_2102f8 ] +DevicesFlow_2102f8 [ DevicesFlowUserSvc_2102f8 ] +Contact Data_2102f8 [ PimIndexMaintenanceSvc_2102f8 ] +PrintWorkflow_2102f8 [ PrintWorkflowUserSvc_2102f8 ] +Udk User Service_2102f8 [ UdkUserSvc_2102f8 ] +User Data Storage_2102f8 [ UnistoreSvc_2102f8 ] +User Data Access_2102f8 [ UserDataSvc_2102f8 ] + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 0 +Password history len: 0 +Maximum password age (d): No limit +Password must meet complexity requirements: Enabled +Minimum password age (d): 0 +Forced logoff time (s): Not set +Locked account time (s): 600 +Time between failed logon (s): 600 +Number of invalid logon before locked out (s): 10 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user accounts have been disabled : + + - DefaultAccount + - Guest + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never logged into their accounts. +smb_users_neverloggedon.nasl +2018/08/13 +Microsoft Windows - Users Information : User Has Never Logged In +2002/03/15 +local +None +1.20 +Delete accounts that are not needed. +At least one user has never logged into his or her account. + +The following users have never logged in : + + - DefaultAccount + - Guest + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never changed their passwords. +smb_users_lastpwchange.nasl +2018/08/13 +Microsoft Windows - Users Information : Never Changed Password +2002/03/15 +local +None +1.23 +Allow or require users to change their passwords regularly. +At least one user has never changed his or her password. + +The following users have never changed their passwords : + + - DefaultAccount + - Guest + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following users have passwords that never expire : + + - degthat + - soteria + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - DefaultAccount (id S-1-5-21-746496990-2641142201-503, A user account managed by the system.) + - degthat (id S-1-5-21-746496990-2641142201-1001, degthat) + - Guest (id S-1-5-21-746496990-2641142201-501, Built-in account for guest access to the computer/domain, Guest account) + - soteria (id S-1-5-21-746496990-2641142201-500, Built-in account for administering the computer/domain, Administrator account) + - WDAGUtilityAccount (id S-1-5-21-746496990-2641142201-504, A user account managed and used by the system for Windows Defender Application Guard scenarios.) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows x64 + + Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows NT x86 + +--- Microsoft Print To PDF --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + +--- Microsoft XPS Document Writer v4 --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 01_2024 [KB5034129] + Cumulative Rollup : 12_2023 + Cumulative Rollup : 11_2023 + Cumulative Rollup : 10_2023 + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + Cumulative Rollup : 10_2022 + Cumulative Rollup : 09_2022 + Cumulative Rollup : 08_2022 + Cumulative Rollup : 07_2022 + Cumulative Rollup : 06_2022 + Cumulative Rollup : 05_2022 + Cumulative Rollup : 04_2022 + Cumulative Rollup : 03_2022 + Cumulative Rollup : 02_2022 + Cumulative Rollup : 01_2022 + Cumulative Rollup : 12_2021 + Cumulative Rollup : 11_2021 + Cumulative Rollup : 10_2021 + + Latest effective update level : 01_2024 + File checked : C:\Windows\system32\ntoskrnl.exe + File version : 10.0.20348.2227 + Associated KB : 5034129 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Foundation +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.20348.380 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.1668 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1070 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Staged +Release Type : Language Pack +Install Time : + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~~10.0.20348.617 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerStandard-GVLK-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:44 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1668 +State : Superseded +Release Type : Language Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.2227 +State : Installed +Release Type : Language Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.20348.1194 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Superseded +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1787 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4614.6 +State : Superseded +Release Type : Update +Install Time : 4/5/2023 12:21 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4690.3 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:10 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~20348.880.1.1 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:08 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.1668.1.8 +State : Superseded +Release Type : Security Update +Install Time : 4/5/2023 12:33 AM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.2227.1.4 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:23 PM + +Package : Package_for_ServicingStack_2200~31bf3856ad364e35~amd64~~20348.2200.1.0 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:11 PM + +Package : Package_for_WinREServicing~31bf3856ad364e35~amd64~~20348.2201.1.18 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:26 PM + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files\Google\Chrome\Application + Version : 121.0.6167.140 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +365 - 730 days +2022/05/06 +cpe:/a:microsoft:edge +CVE-2022-1305 +CVE-2022-1306 +CVE-2022-1307 +CVE-2022-1308 +CVE-2022-1309 +CVE-2022-1310 +CVE-2022-1312 +CVE-2022-1313 +CVE-2022-1314 +CVE-2022-1364 +CVE-2022-29144 +9.6 +CVE-2022-1312 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1364 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.44. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2022 advisory. + + - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313) + + - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1305) + + - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306) + + - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307) + + - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1308) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_44.nasl +2022-A-0156-S +2022/04/15 +2023/11/01 +Microsoft Edge (Chromium) < 100.0.1185.44 Multiple Vulnerabilities +2022/04/18 +local +Low +Critical +1.7 +http://www.nessus.org/u?84a20f12 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144 +Upgrade to Microsoft Edge version 100.0.1185.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/04/11 +CISA-KNOWN-EXPLOITED:2022/05/06 +IAVA:2022-A-0156-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1232 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1232 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.36. It is, therefore, affected by a vulnerability as referenced in the April 7, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1232) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_36.nasl +2022-A-0133-S +2022/04/07 +2023/11/02 +Microsoft Edge (Chromium) < 100.0.1185.36 Vulnerability +2022/04/07 +local +Low +Critical +1.7 +http://www.nessus.org/u?cc9eba61 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1232 +Upgrade to Microsoft Edge version 100.0.1185.36 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.7 +2022/04/04 +IAVA:2022-A-0133-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.36 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33639 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33639 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected by multiple vulnerabilities as referenced in the June 23, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_37.nasl +2022/06/23 +2023/03/21 +Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities +2022/06/23 +local +Low +Medium +1.9 +http://www.nessus.org/u?2b2d4e0f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638 +Upgrade to Microsoft Edge version 103.0.1264.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/06/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.37 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2007 +CVE-2022-2008 +CVE-2022-2010 +CVE-2022-2011 +9.3 +CVE-2022-2010 +8.4 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H +5.8 +10.0 +CVE-2022-2011 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2022 advisory. + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011) + + - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007) + + - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008) + + - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2022-2010) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_102_0_1245_41.nasl +2022-A-0231-S +2022/06/13 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities +2022/06/13 +local +Low +Critical +1.9 +http://www.nessus.org/u?c00d2c8a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011 +Upgrade to Microsoft Edge version 102.0.1245.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.1 +2022/06/09 +IAVA:2022-A-0231-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-22021 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-22021 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.39. It is, therefore, affected by a vulnerability as referenced in the June 9, 2022 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_102_0_1245_39.nasl +2022/06/09 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.39 Vulnerability +2022/06/09 +local +Low +Medium +1.6 +http://www.nessus.org/u?c8dc918f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22021 +Upgrade to Microsoft Edge version 102.0.1245.39 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.39 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1125 +CVE-2022-1127 +CVE-2022-1128 +CVE-2022-1129 +CVE-2022-1130 +CVE-2022-1131 +CVE-2022-1133 +CVE-2022-1134 +CVE-2022-1135 +CVE-2022-1136 +CVE-2022-1137 +CVE-2022-1138 +CVE-2022-1139 +CVE-2022-1143 +CVE-2022-1145 +CVE-2022-1146 +CVE-2022-24475 +CVE-2022-24523 +CVE-2022-26891 +CVE-2022-26894 +CVE-2022-26895 +CVE-2022-26900 +CVE-2022-26908 +CVE-2022-26909 +CVE-2022-26912 +8.8 +CVE-2022-1143 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +5.1 +CVE-2022-26912 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.29. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-24475) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26891) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26894) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26895) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_100_0_1185_29.nasl +2021-A-0544-S +2022/04/01 +2023/11/03 +Microsoft Edge (Chromium) < 100.0.1185.29 Multiple Vulnerabilities +2022/04/01 +local +Low +Medium +1.8 +http://www.nessus.org/u?471a8cda +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1125 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1128 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1137 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26894 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26895 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26909 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26912 +Upgrade to Microsoft Edge version 100.0.1185.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/29 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.29 + + + +365 - 730 days +2022/09/15 +cpe:/a:microsoft:edge +CVE-2022-2294 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2294 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory. + + - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_103_0_1264_49.nasl +2022-A-0262-S +2022/07/06 +2023/10/19 +Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability +2022/07/07 +local +Very High +Critical +1.7 +http://www.nessus.org/u?c255ed38 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295 +Upgrade to Microsoft Edge version 103.0.1264.49 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/07/04 +IAVA:2022-A-0262-S +CISA-KNOWN-EXPLOITED:2022/09/15 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.49 + + + +365 - 730 days +2022/09/08 +cpe:/a:microsoft:edge +CVE-2022-2856 +6.5 +6.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +7.8 +CVE-2022-2856 +6.8 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.60. It is, therefore, affected by a vulnerability as referenced in the August 17, 2022 advisory. + + - Insufficient validation of untrusted input in Intents. (CVE-2022-2856) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_104_0_1293_60.nasl +2022/08/17 +2023/10/13 +Microsoft Edge (Chromium) < 104.0.1293.60 Vulnerability +2022/08/18 +local +Low +High +1.6 +http://www.nessus.org/u?b53011a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2856 +Upgrade to Microsoft Edge version 104.0.1293.60 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2022/08/16 +CISA-KNOWN-EXPLOITED:2022/09/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.60 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-1477 +CVE-2022-1478 +CVE-2022-1479 +CVE-2022-1481 +CVE-2022-1482 +CVE-2022-1483 +CVE-2022-1484 +CVE-2022-1485 +CVE-2022-1486 +CVE-2022-1487 +CVE-2022-1488 +CVE-2022-1490 +CVE-2022-1491 +CVE-2022-1492 +CVE-2022-1493 +CVE-2022-1494 +CVE-2022-1495 +CVE-2022-1497 +CVE-2022-1498 +CVE-2022-1499 +CVE-2022-1500 +CVE-2022-1501 +CVE-2022-29146 +CVE-2022-29147 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1493 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.32. It is, therefore, affected by multiple vulnerabilities as referenced in the April 28, 2022 advisory. + + - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493) + + - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1477) + + - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478) + + - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1479) + + - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_101_0_1210_32.nasl +2022-A-0183-S +2022/04/28 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.32 Multiple Vulnerabilities +2022/04/28 +local +Low +Critical +1.9 +http://www.nessus.org/u?436625dd +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1481 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1483 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1484 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1485 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1486 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1487 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1488 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1490 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1491 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1492 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1493 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1494 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1495 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1497 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1498 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1499 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1500 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1501 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29147 +Upgrade to Microsoft Edge version 101.0.1210.32 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/04/26 +IAVA:2022-A-0183-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.32 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33680 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33680 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.44. It is, therefore, affected by a vulnerability as referenced in the June 30, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639. (CVE-2022-33680) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_44.nasl +2022/06/30 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.44 Vulnerability +2022/06/30 +local +Low +Medium +1.5 +http://www.nessus.org/u?83620a15 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33680 +Upgrade to Microsoft Edge version 103.0.1264.44 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/30 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1634 +CVE-2022-1635 +CVE-2022-1636 +CVE-2022-1637 +CVE-2022-1638 +CVE-2022-1639 +CVE-2022-1640 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1640 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.47. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2022 advisory. + + - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1640) + + - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1634) + + - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1635) + + - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636) + + - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_101_0_1210_47.nasl +2022/05/13 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.47 Multiple Vulnerabilities +2022/05/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?3405acc7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1634 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1637 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1638 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1639 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1640 +Upgrade to Microsoft Edge version 101.0.1210.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2603 +CVE-2022-2604 +CVE-2022-2605 +CVE-2022-2606 +CVE-2022-2610 +CVE-2022-2611 +CVE-2022-2612 +CVE-2022-2614 +CVE-2022-2615 +CVE-2022-2616 +CVE-2022-2617 +CVE-2022-2618 +CVE-2022-2619 +CVE-2022-2621 +CVE-2022-2622 +CVE-2022-2623 +CVE-2022-2624 +CVE-2022-33636 +CVE-2022-33649 +CVE-2022-35796 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-33649 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.47. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2022 advisory. + + - Use after free in Omnibox. (CVE-2022-2603) + + - Use after free in Safe Browsing. (CVE-2022-2604) + + - Out of bounds read in Dawn. (CVE-2022-2605) + + - Use after free in Managed devices API. (CVE-2022-2606) + + - Insufficient policy enforcement in Background Fetch. (CVE-2022-2610) + + - Inappropriate implementation in Fullscreen API. (CVE-2022-2611) + + - Side-channel information leakage in Keyboard input. (CVE-2022-2612) + + - Use after free in Sign-In Flow. (CVE-2022-2614) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2615) + + - Inappropriate implementation in Extensions API. (CVE-2022-2616) + + - Use after free in Extensions API. (CVE-2022-2617) + + - Insufficient validation of untrusted input in Internals. (CVE-2022-2618) + + - Insufficient validation of untrusted input in Settings. (CVE-2022-2619) + + - Use after free in Extensions. (CVE-2022-2621) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-2622) + + - Use after free in Offline. (CVE-2022-2623) + + - Heap buffer overflow in PDF. (CVE-2022-2624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_104_0_1293_47.nasl +2022/08/05 +2023/10/25 +Microsoft Edge (Chromium) < 104.0.1293.47 Multiple Vulnerabilities +2022/08/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?d822b1dc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796 +Upgrade to Microsoft Edge version 104.0.1293.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3370 +CVE-2022-3373 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3373 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected by multiple vulnerabilities as referenced in the October 3, 2022 advisory. + + - Use after free in CSS. (CVE-2022-3304) + + - Use after free in Media. (CVE-2022-3307) + + - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308) + + - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310) + + - Use after free in Import. (CVE-2022-3311) + + - Incorrect security UI in Full Screen. (CVE-2022-3313) + + - Type confusion in Blink. (CVE-2022-3315) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316) + + - Insufficient validation of untrusted input in Intents. (CVE-2022-3317) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_34.nasl +2022-A-0396-S +2022/10/03 +2023/10/25 +Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities +2022/10/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?2c48e7f3 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3311 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3316 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3317 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035 +Upgrade to Microsoft Edge version 106.0.1370.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/27 +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.34 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3195 +CVE-2022-3196 +CVE-2022-3197 +CVE-2022-3198 +CVE-2022-3199 +CVE-2022-3200 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3200 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2022 advisory. + + - Out of bounds write in Storage. (CVE-2022-3195) + + - Use after free in PDF. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198) + + - Use after free in Frames. (CVE-2022-3199) + + - Heap buffer overflow in Internals. (CVE-2022-3200) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_42.nasl +2022-A-0379-S +2022-A-0396-S +2022/09/15 +2023/10/25 +Microsoft Edge (Chromium) < 105.0.1343.42 Multiple Vulnerabilities +2022/09/16 +local +Low +Critical +1.9 +http://www.nessus.org/u?e8ee04b1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3199 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3200 +Upgrade to Microsoft Edge version 105.0.1343.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/14 +IAVA:2022-A-0379-S +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.42 + + + +365 - 730 days +2022/09/29 +cpe:/a:microsoft:edge +CVE-2022-3075 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3075 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.27. It is, therefore, affected by a vulnerability as referenced in the September 2, 2022 advisory. + + - Insufficient data validation in Mojo. (CVE-2022-3075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_105_0_1343_27.nasl +2022-A-0351-S +2022-A-0361-S +2022/09/02 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.27 Vulnerability +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?7aa022b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075 +Upgrade to Microsoft Edge version 105.0.1343.27 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/09/02 +CISA-KNOWN-EXPLOITED:2022/09/29 +IAVA:2022-A-0351-S +IAVA:2022-A-0361-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.27 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3652 +CVE-2022-3653 +CVE-2022-3654 +CVE-2022-3655 +CVE-2022-3656 +CVE-2022-3657 +CVE-2022-3660 +CVE-2022-3661 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3657 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3652) + + - Heap buffer overflow in Vulkan. (CVE-2022-3653) + + - Use after free in Layout. (CVE-2022-3654) + + - Heap buffer overflow in Media Galleries. (CVE-2022-3655) + + - Insufficient data validation in File System. (CVE-2022-3656) + + - Use after free in Extensions. (CVE-2022-3657) + + - Inappropriate implementation in Full screen mode. (CVE-2022-3660) + + - Insufficient data validation in Extensions. (CVE-2022-3661) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_107_0_1418_24.nasl +2022-A-0446-S +2022-A-0454-S +2022/10/27 +2022/11/28 +Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities +2022/10/27 +local +Low +Critical +1.8 +http://www.nessus.org/u?57027261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3652 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3653 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3654 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3655 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3656 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3657 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3660 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3661 +Upgrade to Microsoft Edge version 107.0.1418.24 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/25 +IAVA:2022-A-0446-S +IAVA:2022-A-0454-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.24 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3885 +CVE-2022-3886 +CVE-2022-3887 +CVE-2022-3888 +CVE-2022-3889 +CVE-2022-3890 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3890 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.42. It is, therefore, affected by multiple vulnerabilities as referenced in the November 10, 2022 advisory. + + - Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3885) + + - Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3886) + + - Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3887) + + - Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3888) + + - Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3889) + + - Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3890) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_107_0_1418_42.nasl +2022-A-0493-S +2022/11/10 +2023/10/25 +Microsoft Edge (Chromium) < 107.0.1418.42 Multiple Vulnerabilities +2022/11/10 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3885 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3886 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3888 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3889 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3890 +Upgrade to Microsoft Edge version 107.0.1418.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/11/08 +IAVA:2022-A-0493-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.42 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2477 +CVE-2022-2478 +CVE-2022-2479 +CVE-2022-2480 +CVE-2022-2481 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2481 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2022 advisory. + + - : Use after free in Guest View. (CVE-2022-2477) + + - : Use after free in PDF. (CVE-2022-2478) + + - : Insufficient validation of untrusted input in File. (CVE-2022-2479) + + - : Use after free in Service Worker API. (CVE-2022-2480) + + - Use after free in Views. (CVE-2022-2481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_103_0_1264_71.nasl +2022/07/22 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.71 Multiple Vulnerabilities +2022/07/23 +local +Low +Critical +1.5 +http://www.nessus.org/u?4d376e5a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2481 +Upgrade to Microsoft Edge version 103.0.1264.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/07/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.71 + + + +365 - 730 days +2022/12/19 +cpe:/a:microsoft:edge +CVE-2022-4135 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4135 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.62. It is, therefore, affected by a vulnerability as referenced in the November 28, 2022 advisory. + + - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (Chromium security severity: High) (CVE-2022-4135) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_62.nasl +2022-A-0501-S +2022-A-0502-S +2022/11/28 +2023/09/20 +Microsoft Edge (Chromium) < 107.0.1418.62 Vulnerability +2022/11/29 +local +Medium +Critical +1.8 +http://www.nessus.org/u?2fa4911e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4135 +Upgrade to Microsoft Edge version 107.0.1418.62 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/11/24 +CISA-KNOWN-EXPLOITED:2022/12/19 +IAVA:2022-A-0501-S +IAVA:2022-A-0502-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.62 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1853 +CVE-2022-1854 +CVE-2022-1855 +CVE-2022-1856 +CVE-2022-1857 +CVE-2022-1858 +CVE-2022-1859 +CVE-2022-1862 +CVE-2022-1863 +CVE-2022-1864 +CVE-2022-1865 +CVE-2022-1867 +CVE-2022-1868 +CVE-2022-1869 +CVE-2022-1870 +CVE-2022-1871 +CVE-2022-1872 +CVE-2022-1873 +CVE-2022-1874 +CVE-2022-1875 +CVE-2022-1876 +CVE-2022-26905 +CVE-2022-30127 +CVE-2022-30128 +9.6 +CVE-2022-1853 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-30128 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.30. It is, therefore, affected by multiple vulnerabilities as referenced in the May 31, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. (CVE-2022-30128) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. (CVE-2022-30127) + + - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853) + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1854) + + - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_102_0_1245_30.nasl +2022/05/31 +2023/10/26 +Microsoft Edge (Chromium) < 102.0.1245.30 Multiple Vulnerabilities +2022/05/31 +local +Low +Medium +1.8 +http://www.nessus.org/u?ae294315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1859 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1862 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1864 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1865 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1867 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1868 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1869 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1870 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1871 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1873 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1874 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1875 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1876 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30128 +Upgrade to Microsoft Edge version 102.0.1245.30 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/05/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.30 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-41115 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.41. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_41.nasl +current +2022-A-0507-S +2022-A-0510-S +2022/12/05 +2023/09/20 +Microsoft Edge (Chromium) < 108.0.1462.41 Multiple Vulnerabilities +2022/12/05 +local +Low +Critical +1.8 +http://www.nessus.org/u?26b297b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 +IAVA:2022-A-0507-S +IAVA:2022-A-0510-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.41 + + + +365 - 730 days +2023/04/20 +cpe:/a:microsoft:edge +CVE-2022-3038 +CVE-2022-3039 +CVE-2022-3040 +CVE-2022-3041 +CVE-2022-3044 +CVE-2022-3045 +CVE-2022-3046 +CVE-2022-3047 +CVE-2022-3053 +CVE-2022-3054 +CVE-2022-3055 +CVE-2022-3056 +CVE-2022-3057 +CVE-2022-3058 +CVE-2022-38012 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3058 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory. + + - Use after free in Network Service. (CVE-2022-3038) + + - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041) + + - Use after free in Layout. (CVE-2022-3040) + + - Inappropriate implementation in Site Isolation. (CVE-2022-3044) + + - Insufficient validation of untrusted input in V8. (CVE-2022-3045) + + - Use after free in Browser Tag. (CVE-2022-3046) + + - Insufficient policy enforcement in Extensions API. (CVE-2022-3047) + + - Inappropriate implementation in Pointer Lock. (CVE-2022-3053) + + - Insufficient policy enforcement in DevTools. (CVE-2022-3054) + + - Use after free in Passwords. (CVE-2022-3055) + + - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056) + + - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057) + + - Use after free in Sign-In Flow. (CVE-2022-3058) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_25.nasl +2022-A-0361-S +2022/09/01 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?31d28038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3039 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3040 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3041 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3044 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3045 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3046 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3047 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012 +Upgrade to Microsoft Edge version 105.0.1343.25 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/30 +IAVA:2022-A-0361-S +CISA-KNOWN-EXPLOITED:2023/04/20 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.25 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3445 +CVE-2022-3446 +CVE-2022-3447 +CVE-2022-3449 +CVE-2022-3450 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3450 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 14, 2022 advisory. + + - Use after free in Skia. (CVE-2022-3445) + + - Heap buffer overflow in WebSQL. (CVE-2022-3446) + + - Inappropriate implementation in Custom Tabs. (CVE-2022-3447) + + - Use after free in Safe Browsing. (CVE-2022-3449) + + - Use after free in Peer Connection. (CVE-2022-3450) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_47.nasl +2022-A-0437-S +2022/10/14 +2022/11/11 +Microsoft Edge (Chromium) < 106.0.1370.47 Multiple Vulnerabilities +2022/10/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?e2630fd9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3445 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3446 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3447 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3449 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3450 +Upgrade to Microsoft Edge version 106.0.1370.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/11 +IAVA:2022-A-0437-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-4436 +CVE-2022-4437 +CVE-2022-4438 +CVE-2022-4439 +CVE-2022-4440 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-4440 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.54. It is, therefore, affected by multiple vulnerabilities as referenced in the December 16, 2022 advisory. + + - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4436) + + - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4437) + + - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4438) + + - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) (CVE-2022-4439) + + - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4440) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_108_0_1462_54.nasl +2023-A-0003-S +2022/12/16 +2023/02/10 +Microsoft Edge (Chromium) < 108.0.1462.54 Multiple Vulnerabilities +2022/12/16 +local +Low +Critical +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4437 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4438 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4440 +Upgrade to Microsoft Edge version 108.0.1462.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/12/13 +IAVA:2023-A-0003-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-21720 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H +3.6 +5.4 +CVE-2023-21720 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.78. It is, therefore, affected by a vulnerability as referenced in the February 2, 2023 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-21720) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_78.nasl +2023-A-0071-S +2023/02/03 +2023/02/16 +Microsoft Edge (Chromium) < 109.0.1518.78 Tampering (CVE-2023-21720) +2023/02/10 +local +Low +Medium +1.1 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720 +Upgrade to Microsoft Edge version 109.0.1518.78 or later. +I +The remote host has an web browser installed that is affected by tampering. +Very Low +No recorded events +No recorded events +4.4 +2023/02/02 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.78 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0927 +CVE-2023-0928 +CVE-2023-0929 +CVE-2023-0930 +CVE-2023-0931 +CVE-2023-0932 +CVE-2023-0933 +CVE-2023-0941 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0941 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.56. It is, therefore, affected by multiple vulnerabilities as referenced in the February 25, 2023 advisory. + + - Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0927) + + - Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0928) + + - Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0929) + + - Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0930) + + - Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0931) + + - Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0932) + + - Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-0933) + + - Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-0941) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_56.nasl +2023-A-0119-S +2023/02/25 +2023/05/23 +Microsoft Edge (Chromium) < 110.0.1587.56 Multiple Vulnerabilities +2023/02/27 +local +Low +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0927 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0932 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0933 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0941 +Upgrade to Microsoft Edge version 110.0.1587.56 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/22 +IAVA:2023-A-0119-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.56 + + + +365 - 730 days +2022/11/18 +cpe:/a:microsoft:edge +CVE-2022-3723 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3723 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.26. It is, therefore, affected by a vulnerability as referenced in the October 31, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3723) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_26.nasl +2022-A-0453-S +2022/10/31 +2023/10/06 +Microsoft Edge (Chromium) < 107.0.1418.26 Vulnerability +2022/11/01 +local +Low +Critical +1.6 +http://www.nessus.org/u?ff54e40b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3723 +Upgrade to Microsoft Edge version 107.0.1418.26 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/10/27 +CISA-KNOWN-EXPLOITED:2022/11/18 +IAVA:2022-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.61 (Extended Stable Channel) / 107.0.1418.26 (Stable Channel) + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21719 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N +3.6 +7.8 +CVE-2023-21719 +5.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.61. It is, therefore, affected by a vulnerability as referenced in the January 19, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2023-21719) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_61.nasl +2023-A-0051-S +2023/01/19 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.61 Security Feature Bypass (CVE-2023-21719) +2023/01/27 +local +Low +High +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21719 +Upgrade to Microsoft Edge version 109.0.1518.61 or later. +I +The remote host has an web browser installed that is affected by security feature bypass. +Very Low +No recorded events +No recorded events +3.6 +2023/01/19 +IAVA:2023-A-0051-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.61 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0696 +CVE-2023-0697 +CVE-2023-0698 +CVE-2023-0699 +CVE-2023-0700 +CVE-2023-0701 +CVE-2023-0702 +CVE-2023-0703 +CVE-2023-0704 +CVE-2023-0705 +CVE-2023-21794 +CVE-2023-23374 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-0703 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.41. It is, therefore, affected by multiple vulnerabilities as referenced in the February 9, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0696) + + - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0697) + + - Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0698) + + - Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) (CVE-2023-0699) + + - Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0700) + + - Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) (CVE-2023-0701) + + - Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0702) + + - Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. + (Chromium security severity: Medium) (CVE-2023-0703) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0704) + + - Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_41.nasl +current +2023-A-0074-S +2023-A-0075-S +2023/02/09 +2023/09/05 +Microsoft Edge (Chromium) < 110.0.1587.41 Multiple Vulnerabilities +2023/02/09 +local +Low +Critical +1.9 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0696 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0697 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0698 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0699 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0700 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0701 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21794 +Upgrade to Microsoft Edge version 110.0.1587.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2023/02/07 +IAVA:2023-A-0074-S +IAVA:2023-A-0075-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21795 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +7.6 +CVE-2023-21795 +5.6 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.52. It is, therefore, affected by a vulnerability as referenced in the January 13, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. (CVE-2023-21795) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_52.nasl +2023-A-0034-S +2023/01/17 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.52 Elevation of Privilege (CVE-2023-21795) +2023/01/30 +local +Low +High +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21795 +Upgrade to Microsoft Edge version 109.0.1518.52 or later. +I +The remote host has an web browser installed that is affected by elevation of privilege. +Very Low +No recorded events +No recorded events +8.1 +2023/01/13 +IAVA:2023-A-0034-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.52 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.70 / 108.0.1462.95. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0471) + + - Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0472) + + - Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0473) + + - Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. + (Chromium security severity: Medium) (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_70.nasl +2023/01/26 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.70 / 108.0.1462.95 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.0 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1518.70 / 108.0.1462.95 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.70 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1343.27. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport. (CVE-2023-0471) + + - Use after free in WebRTC. (CVE-2023-0472) + + - Type Confusion in ServiceWorker API. (CVE-2023-0473) + + - Use after free in GuestView. (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1343_27.nasl +current +2023/01/26 +2023/02/07 +Microsoft Edge (Chromium) < 109.0.1343.27 Multiple Vulnerabilities +2023/01/27 +local +Low +Critical +1.1 +http://www.nessus.org/u?a883970b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1343.27 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1343.27 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.42. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-44688) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-44708) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_42.nasl +2022/12/05 +2023/09/04 +Microsoft Edge (Chromium) < 108.0.1462.42 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.42 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.42 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0129 +CVE-2023-0130 +CVE-2023-0131 +CVE-2023-0132 +CVE-2023-0133 +CVE-2023-0134 +CVE-2023-0135 +CVE-2023-0136 +CVE-2023-0138 +CVE-2023-0139 +CVE-2023-0140 +CVE-2023-0141 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0138 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.49 / 108.0.1462.83. It is, therefore, affected by multiple vulnerabilities as referenced in the January 12, 2023 advisory. + + - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-0130) + + - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-0131) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133) + + - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136) + + - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138) + + - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139) + + - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2023-21775) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. (CVE-2023-21796) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_49.nasl +2023-A-0034-S +2023-A-0029-S +2023/01/12 +2023/10/24 +Microsoft Edge (Chromium) < 109.0.1518.49 / 108.0.1462.83 Multiple Vulnerabilities +2023/01/13 +local +Low +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0132 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0140 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0141 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21775 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21796 +Upgrade to Microsoft Edge version 109.0.1518.49 / 108.0.1462.83 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/10 +IAVA:2023-A-0034-S +IAVA:2023-A-0029-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.49 + + + +180 - 365 days +2023/05/08 +cpe:/a:microsoft:edge +CVE-2023-2033 +CVE-2023-29334 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2033 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.48. It is, therefore, affected by a vulnerability as referenced in the April 15, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033) + + - A spoofing vulnerability could allow an attacker to bypass the Edge security warning message feature. + (CVE-2023-29334) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_112_0_1722_48.nasl +2023-A-0204-S +2023-A-0203-S +2023-A-0232-S +2023/04/15 +2023/07/20 +Microsoft Edge (Chromium) < 112.0.1722.48 +2023/04/20 +local +Medium +Critical +1.13 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033 +Upgrade to Microsoft Edge version 112.0.1722.48 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.0 +2023/04/14 +IAVA:2023-A-0204-S +IAVA:2023-A-0203-S +IAVA:2023-A-0232-S +CISA-KNOWN-EXPLOITED:2023/05/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.100 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1213 +CVE-2023-1214 +CVE-2023-1215 +CVE-2023-1216 +CVE-2023-1217 +CVE-2023-1218 +CVE-2023-1219 +CVE-2023-1220 +CVE-2023-1221 +CVE-2023-1222 +CVE-2023-1223 +CVE-2023-1224 +CVE-2023-1228 +CVE-2023-1229 +CVE-2023-1230 +CVE-2023-1231 +CVE-2023-1232 +CVE-2023-1233 +CVE-2023-1234 +CVE-2023-1235 +CVE-2023-1236 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1222 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.41 / 110.0.1587.69. It is, therefore, affected by multiple vulnerabilities as referenced in the March 13, 2023 advisory. + + - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1213) + + - Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1214) + + - Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1215) + + - Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1216) + + - Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1217) + + - Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1218) + + - Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1219) + + - Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1220) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-1221) + + - Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1222) + + - Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1223) + + - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1224) + + - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1228) + + - Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1229) + + - Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1230) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1231) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1232) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2023-1233) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1234) + + - Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. + (Chromium security severity: Low) (CVE-2023-1235) + + - Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1236) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_41.nasl +2023-A-0131-S +2023/03/13 +2023/10/24 +Microsoft Edge (Chromium) < 111.0.1661.41 / 110.0.1587.69 Multiple Vulnerabilities +2023/03/15 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1220 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1221 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1233 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1234 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1235 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1236 +Upgrade to Microsoft Edge version 111.0.1661.41 / 110.0.1587.69 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/07 +IAVA:2023-A-0131-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1528 +CVE-2023-1529 +CVE-2023-1530 +CVE-2023-1531 +CVE-2023-1532 +CVE-2023-1533 +CVE-2023-1534 +CVE-2023-28261 +CVE-2023-28286 +9.8 +CVE-2023-1529 +8.8 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1534 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.54 / 110.0.1587.78. It is, therefore, affected by multiple vulnerabilities as referenced in the March 24, 2023 advisory. + + - Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1528) + + - Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) (CVE-2023-1529) + + - Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530) + + - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531) + + - Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1532) + + - Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1533) + + - Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1534) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_54.nasl +2023-A-0161-S +2023/03/24 +2023/05/23 +Microsoft Edge (Chromium) < 111.0.1661.54 / 110.0.1587.78 Multiple Vulnerabilities +2023/03/30 +local +Low +Critical +1.11 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28286 +Upgrade to Microsoft Edge version 111.0.1661.54 / 110.0.1587.78 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/21 +IAVA:2023-A-0161-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2459 +CVE-2023-2460 +CVE-2023-2462 +CVE-2023-2463 +CVE-2023-2464 +CVE-2023-2465 +CVE-2023-2466 +CVE-2023-2467 +CVE-2023-2468 +CVE-2023-29350 +CVE-2023-29354 +7.5 +CVE-2023-29350 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.5 +CVE-2023-2460 +6.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.35. It is, therefore, affected by multiple vulnerabilities as referenced in the May 5, 2023 advisory. + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2459) + + - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2460) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2462) + + - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2463) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2464) + + - Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2465) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-2466) + + - Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: + Low) (CVE-2023-2467) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-2468) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-29350) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-29354) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_113_0_1774_35.nasl +2023-A-0240-S +2023/05/05 +2023/07/20 +Microsoft Edge (Chromium) < 113.0.1774.35 Multiple Vulnerabilities +2023/05/11 +local +Low +High +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2459 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2460 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2462 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2464 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2465 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2468 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29354 +Upgrade to Microsoft Edge version 113.0.1774.35 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/02 +IAVA:2023-A-0240-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.35 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2133 +CVE-2023-2134 +CVE-2023-2135 +CVE-2023-2137 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2137 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.58. It is, therefore, affected by multiple vulnerabilities as referenced in the April 21, 2023 advisory. + + - Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2133, CVE-2023-2134) + + - Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2135) + + - Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2137) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_58.nasl +2023-A-0223-S +2023/04/20 +2023/10/23 +Microsoft Edge (Chromium) < 112.0.1722.58 Multiple Vulnerabilities +2023/04/27 +local +Medium +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2137 +Upgrade to Microsoft Edge version 112.0.1722.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/04/18 +IAVA:2023-A-0223-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.58 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3214 +CVE-2023-3215 +CVE-2023-3216 +CVE-2023-3217 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3217 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.51. It is, therefore, affected by multiple vulnerabilities as referenced in the June 15, 2023 advisory. + + - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-3214) + + - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215) + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216) + + - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_114_0_1823_51.nasl +current +2023/06/15 +2023/07/18 +Microsoft Edge (Chromium) < 114.0.1823.51 Multiple Vulnerabilities +2023/06/22 +local +Medium +Critical +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3217 +http://www.nessus.org/u?a084dba4 +Upgrade to Microsoft Edge version 114.0.1823.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/06/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.51 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-2312 +CVE-2023-4349 +CVE-2023-4350 +CVE-2023-4351 +CVE-2023-4352 +CVE-2023-4353 +CVE-2023-4354 +CVE-2023-4355 +CVE-2023-4356 +CVE-2023-4357 +CVE-2023-4358 +CVE-2023-4359 +CVE-2023-4360 +CVE-2023-4361 +CVE-2023-4362 +CVE-2023-4363 +CVE-2023-4364 +CVE-2023-4365 +CVE-2023-4366 +CVE-2023-4367 +CVE-2023-4368 +CVE-2023-36787 +CVE-2023-38158 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4368 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.54. It is, therefore, affected by multiple vulnerabilities as referenced in the August 21, 2023 advisory. + + - Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2312) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36787) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-38158) + + - Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4349) + + - Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4350) + + - Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4351) + + - Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4352) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4353) + + - Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4354) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4355) + + - Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4356) + + - Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4357) + + - Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4358) + + - Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4359) + + - Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4360) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4361) + + - Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4362) + + - Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4363) + + - Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4364) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4365) + + - Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-4366) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4367, CVE-2023-4368) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_54.nasl +current +2023-A-0438-S +2023/08/21 +2023/09/18 +Microsoft Edge (Chromium) < 116.0.1938.54 Multiple Vulnerabilities +2023/08/23 +local +Medium +Critical +1.3 +http://www.nessus.org/u?9ae99e73 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36787 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4349 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4351 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4352 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4353 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4354 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4355 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4356 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4357 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4358 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4359 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4360 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4361 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4362 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4363 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4365 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4366 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4367 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4368 +Upgrade to Microsoft Edge version 116.0.1938.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +8.4 +2023/08/15 +IAVA:2023-A-0438-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-4068 +CVE-2023-4069 +CVE-2023-4070 +CVE-2023-4071 +CVE-2023-4072 +CVE-2023-4073 +CVE-2023-4074 +CVE-2023-4075 +CVE-2023-4076 +CVE-2023-4077 +CVE-2023-4078 +CVE-2023-38157 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4078 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.106 / 115.0.1901.200. It is, therefore, affected by multiple vulnerabilities as referenced in the August 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-38157) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069) + + - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071) + + - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072) + + - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4073) + + - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074) + + - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075) + + - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076) + + - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077) + + - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_115_0_1901_200.nasl +current +2023-A-0401-S +2023/08/07 +2023/10/23 +Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities +2023/08/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?ccceaa60 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4070 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4073 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4075 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4077 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4078 +Upgrade to Microsoft Edge version 114.0.1823.106 / 115.0.1901.200 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +Social Media +9.0 +2023/08/02 +IAVA:2023-A-0401-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.200 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-36883 +CVE-2023-36887 +CVE-2023-36888 +7.8 +CVE-2023-36887 +7.0 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.5 +CVE-2023-36888 +5.9 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.82. It is, therefore, affected by multiple vulnerabilities as referenced in the July 13, 2023 advisory. + + - Microsoft Edge for Android (Chromium-based) Tampering Vulnerability (CVE-2023-36888) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2023-36883) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36887) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_114_0_1823_82.nasl +current +2023-A-0358-S +2023/07/13 +2023/08/02 +Microsoft Edge (Chromium) < 114.0.1823.82 Multiple Vulnerabilities +2023/07/14 +local +Low +High +1.5 +http://www.nessus.org/u?74e8a4a1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888 +Upgrade to Microsoft Edge version 114.0.1823.82 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/13 +IAVA:2023-A-0358-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.82 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4761 +CVE-2023-4762 +CVE-2023-4763 +CVE-2023-4764 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4763 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.76. It is, therefore, affected by multiple vulnerabilities as referenced in the September 7, 2023 advisory. + + - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4761) + + - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762) + + - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763) + + - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_76.nasl +current +2023-A-0457-S +2023/09/07 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.76 Multiple Vulnerabilities +2023/09/07 +local +Medium +Critical +1.6 +http://www.nessus.org/u?0c1fe891 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4761 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4763 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4764 +Upgrade to Microsoft Edge version 116.0.1938.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +6.7 +2023/09/05 +IAVA:2023-A-0457-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.76 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3727 +CVE-2023-3728 +CVE-2023-3730 +CVE-2023-3732 +CVE-2023-3733 +CVE-2023-3734 +CVE-2023-3735 +CVE-2023-3736 +CVE-2023-3737 +CVE-2023-3738 +CVE-2023-3740 +CVE-2023-35392 +CVE-2023-38173 +CVE-2023-38187 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3732 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-35392) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2023-38173) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-38187) + + - Use after free in WebRTC. (CVE-2023-3727, CVE-2023-3728) + + - Use after free in Tab Groups. (CVE-2023-3730) + + - Out of bounds memory access in Mojo. (CVE-2023-3732) + + - Inappropriate implementation in WebApp Installs. (CVE-2023-3733) + + - Inappropriate implementation in Picture In Picture. (CVE-2023-3734) + + - Inappropriate implementation in Web API Permission Prompts. (CVE-2023-3735) + + - Inappropriate implementation in Custom Tabs. (CVE-2023-3736) + + - Inappropriate implementation in Notifications. (CVE-2023-3737) + + - Inappropriate implementation in Autofill. (CVE-2023-3738) + + - Insufficient validation of untrusted input in Themes. (CVE-2023-3740) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_115_0_1901_183.nasl +current +2023-A-0380-S +2023/07/21 +2023/08/11 +Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities +2023/07/21 +local +Low +Critical +1.3 +http://www.nessus.org/u?09d3506d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35392 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3728 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3730 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3732 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3733 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3734 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3736 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3737 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3738 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3740 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38187 +Upgrade to Microsoft Edge version 114.0.1901.183 / 115.0.1901.183 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/18 +IAVA:2023-A-0380-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.183 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4427 +CVE-2023-4428 +CVE-2023-4429 +CVE-2023-4430 +CVE-2023-4431 +CVE-2023-36741 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4430 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the August 25, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36741) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4427) + + - Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4428) + + - Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429) + + - Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430) + + - Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4431) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_62.nasl +current +2023-A-0453-S +2023/08/25 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.62 Multiple Vulnerabilities +2023/08/26 +local +Low +Critical +1.3 +http://www.nessus.org/u?22854207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4427 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4428 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4429 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4430 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4431 +Upgrade to Microsoft Edge version 116.0.1938.62 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/08/22 +IAVA:2023-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.62 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +CVE-2023-4900 +CVE-2023-4901 +CVE-2023-4902 +CVE-2023-4903 +CVE-2023-4904 +CVE-2023-4905 +CVE-2023-4906 +CVE-2023-4907 +CVE-2023-4908 +CVE-2023-4909 +CVE-2023-36562 +CVE-2023-36727 +CVE-2023-36735 +9.6 +CVE-2023-36735 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36562, CVE-2023-36735) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-36727) + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + + - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4900) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4901) + + - Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902) + + - Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4903) + + - Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: + Medium) (CVE-2023-4904) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4906) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4907) + + - Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4908) + + - Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4909) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_117_0_2045_31.nasl +former +2023/09/15 +2023/10/06 +Microsoft Edge (Chromium) < 117.0.2045.31 Multiple Vulnerabilities +2023/09/15 +local +High +Critical +1.8 +http://www.nessus.org/u?db9a43f1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4901 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4902 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4903 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4904 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4906 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4907 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4909 +Upgrade to Microsoft Edge version 117.0.2045.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.31 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2721 +CVE-2023-2722 +CVE-2023-2723 +CVE-2023-2724 +CVE-2023-2725 +CVE-2023-2726 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2726 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.50 / 112.0.1722.84. It is, therefore, affected by multiple vulnerabilities as referenced in the May 18, 2023 advisory. + + - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-2721) + + - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-2722) + + - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2723) + + - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724) + + - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2725) + + - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2726) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_113_0_1774_50.nasl +2023-A-0265-S +2023/05/18 +2023/07/07 +Microsoft Edge (Chromium) < 113.0.1774.50 / 112.0.1722.84 Multiple Vulnerabilities +2023/05/23 +local +Medium +Critical +1.4 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2722 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2723 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2724 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2725 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2726 +Upgrade to Microsoft Edge version 113.0.1774.50 / 112.0.1722.84 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/16 +IAVA:2023-A-0265-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.50 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4572 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4572 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.69. It is, therefore, affected by a vulnerability as referenced in the August 31, 2023 advisory. + + - Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4572) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_69.nasl +current +2023/08/31 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.69 (CVE-2023-4572) +2023/08/31 +local +Medium +Critical +1.2 +http://www.nessus.org/u?3a086c3d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4572 +Upgrade to Microsoft Edge version 116.0.1938.69 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/08/29 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.69 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-24935 +CVE-2023-28284 +CVE-2023-28301 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2023-24935 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.34. It is, therefore, affected by multiple vulnerabilities as referenced in the April 6, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-28284) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-24935) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-28301) + + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_34.nasl +2023-A-0180-S +2023/04/06 +2023/05/23 +Microsoft Edge (Chromium) < 112.0.1722.34 Multiple Vulnerabilities +2023/04/14 +local +Low +Medium +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24935 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28284 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28301 +Upgrade to Microsoft Edge version 112.0.1722.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2023/04/06 +IAVA:2023-A-0180-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.34 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3420 +CVE-2023-3421 +CVE-2023-3422 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3422 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.67. It is, therefore, affected by multiple vulnerabilities as referenced in the June 29, 2023 advisory. + + - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3420) + + - Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3421) + + - Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-3422) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_114_0_1823_67.nasl +current +2023/06/29 +2023/07/06 +Microsoft Edge (Chromium) < 114.0.1823.67 Multiple Vulnerabilities +2023/06/30 +local +Low +Critical +1.1 +http://www.nessus.org/u?12f91dd6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3420 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3421 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3422 +Upgrade to Microsoft Edge version 114.0.1823.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +8.4 +2023/06/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.67 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5472 +CVE-2023-44323 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5472 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.76. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2023 advisory. + + - Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5472) + + - Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-44323) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_76.nasl +current +2023-A-0600-S +2023/10/27 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.76 Multiple Vulnerabilities +2023/10/27 +local +Medium +Critical +1.4 +http://www.nessus.org/u?4f5c8cf8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44323 +Upgrade to Microsoft Edge version 118.0.2088.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/24 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.76 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-36014 +CVE-2023-36024 +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.102 / 119.0.2151.58. It is, therefore, affected by multiple vulnerabilities as referenced in the November 9, 2023 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36014) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36024) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_58.nasl +current +2023-A-0610-S +2023/11/09 +2024/01/26 +Microsoft Edge (Chromium) < 118.0.2088.102 / 119.0.2151.58 Multiple Vulnerabilities +2023/11/09 +local +Medium +Critical +1.6 +http://www.nessus.org/u?683f1aad +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5996 +Upgrade to Microsoft Edge version 118.0.2088.102 / 119.0.2151.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +6.7 +2023/11/07 +IAVA:2023-A-0610-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.58 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5480 +CVE-2023-5482 +CVE-2023-5849 +CVE-2023-5850 +CVE-2023-5851 +CVE-2023-5852 +CVE-2023-5853 +CVE-2023-5854 +CVE-2023-5855 +CVE-2023-5856 +CVE-2023-5857 +CVE-2023-5858 +CVE-2023-5859 +CVE-2023-36022 +CVE-2023-36029 +CVE-2023-36034 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5857 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.88 / 119.0.2151.44. It is, therefore, affected by multiple vulnerabilities as referenced in the November 2, 2023 advisory. + + - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) (CVE-2023-5480) + + - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5482) + + - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5851) + + - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5852) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853) + + - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5854) + + - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5855) + + - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5856) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) (CVE-2023-5857) + + - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5858) + + - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) (CVE-2023-5859) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_44.nasl +current +2023-A-0600-S +2023/11/02 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.88 / 119.0.2151.44 Multiple Vulnerabilities +2023/11/03 +local +Medium +Critical +1.3 +http://www.nessus.org/u?c1b5e0e7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36029 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36034 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5849 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5850 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5851 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5859 +Upgrade to Microsoft Edge version 118.0.2088.88 / 119.0.2151.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/31 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.44 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5346 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5346 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.55. It is, therefore, affected by a vulnerability as referenced in the October 4, 2023 advisory. + + - Type Confusion in V8. (CVE-2023-5346) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_117_0_2045_55.nasl +current +2023/10/04 +2023/10/09 +Microsoft Edge (Chromium) < 117.0.2045.55 (CVE-2023-5346) +2023/10/04 +local +Low +Critical +1.2 +http://www.nessus.org/u?91471929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5346 +Upgrade to Microsoft Edge version 117.0.2045.55 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +120 to 365 days +No recorded events +6.7 +2023/10/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.55 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory. + + - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0222) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0223) + + - Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0224) + + - Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_121.nasl +current +2024-A-0009-S +2024/01/05 +2024/01/18 +Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities +2024/01/05 +local +Low +Critical +1.3 +http://www.nessus.org/u?4aae3ac8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0225 +Upgrade to Microsoft Edge version 120.0.2210.121 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +No recorded events +6.7 +2024/01/03 +IAVA:2024-A-0009-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.121 + + + +7 - 30 days +2024/02/07 +cpe:/a:microsoft:edge +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.144. It is, therefore, affected by multiple vulnerabilities as referenced in the January 17, 2024 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0517) + + - Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0518) + + - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_120_0_2210_144.nasl +current +2024-A-0040-S +2024/01/17 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.144 Multiple Vulnerabilities +2024/01/17 +local +Low +Critical +1.3 +http://www.nessus.org/u?baa12a23 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519 +Upgrade to Microsoft Edge version 120.0.2210.144 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media +9.2 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.144 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +CVE-2023-35618 +CVE-2023-36880 +CVE-2023-38174 +9.6 +CVE-2023-35618 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-35618) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-36880, CVE-2023-38174) + + - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6508) + + - Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) (CVE-2023-6509) + + - Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2023-6510) + + - Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_61.nasl +current +2023-A-0677-S +2023/12/07 +2023/12/22 +Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities +2023/12/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?7f2952a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36880 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6512 +Upgrade to Microsoft Edge version 120.0.2210.61 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2023/12/05 +IAVA:2023-A-0677-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.61 + + + +60 - 180 days +2023/12/21 +cpe:/a:microsoft:edge +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.122 / 119.0.2151.97. It is, therefore, affected by multiple vulnerabilities as referenced in the November 29, 2023 advisory. + + - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) (CVE-2023-6345) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6346) + + - Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6347) + + - Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6348) + + - Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) (CVE-2023-6350, CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_119_0_2151_97.nasl +current +2023/11/29 +2023/12/06 +Microsoft Edge (Chromium) < 118.0.2088.122 / 119.0.2151.97 Multiple Vulnerabilities +2023/11/29 +local +Medium +Critical +1.3 +http://www.nessus.org/u?88d07bbe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6345 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6346 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6347 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6348 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6351 +Upgrade to Microsoft Edge version 118.0.2088.122 / 119.0.2151.97 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.97 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.81. It is, therefore, affected by a vulnerability as referenced in the September 12, 2023 advisory. + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_116_0_1938_81.nasl +current +2023-A-0494-S +2023/09/12 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.81 (CVE-2023-4863) +2023/09/12 +local +High +Critical +1.5 +http://www.nessus.org/u?2bde7861 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +Upgrade to Microsoft Edge version 116.0.1938.81 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 +IAVA:2023-A-0494-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.81 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5997 +CVE-2023-6112 +CVE-2023-36008 +CVE-2023-36026 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.109 / 119.0.2151.72. It is, therefore, affected by multiple vulnerabilities as referenced in the November 16, 2023 advisory. + + - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997) + + - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_119_0_2151_72.nasl +current +2023-A-0649-S +2023/11/16 +2024/01/29 +Microsoft Edge (Chromium) < 118.0.2088.109 / 119.0.2151.72 Multiple Vulnerabilities +2023/11/16 +local +Medium +Critical +1.4 +http://www.nessus.org/u?7feca339 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36026 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6112 +Upgrade to Microsoft Edge version 118.0.2088.109 / 119.0.2151.72 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/11/14 +IAVA:2023-A-0649-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.72 + + + +30 - 60 days +2024/01/23 +cpe:/a:microsoft:edge +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.91. It is, therefore, affected by a vulnerability as referenced in the December 21, 2023 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_120_0_2210_91.nasl +current +2023/12/21 +2024/01/02 +Microsoft Edge (Chromium) < 120.0.2210.91 (CVE-2023-7024) +2023/12/21 +local +Medium +Critical +1.3 +http://www.nessus.org/u?eaceba1a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-7024 +Upgrade to Microsoft Edge version 120.0.2210.91 or later. +The remote host has an web browser installed that is affected by a vulnerability. +High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.91 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0333 +CVE-2024-20675 +CVE-2024-20709 +CVE-2024-20721 +CVE-2024-21337 +6.3 +5.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L +3.7 +7.5 +CVE-2024-20675 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.133. It is, therefore, affected by multiple vulnerabilities as referenced in the January 11, 2024 advisory. + + - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0333) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675) + + - Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20709, CVE-2024-20721) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_133.nasl +current +2024-A-0040-S +2024/01/11 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.133 Multiple Vulnerabilities +2024/01/18 +local +Low +High +1.2 +http://www.nessus.org/u?3844aad0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337 +Upgrade to Microsoft Edge version 120.0.2210.133 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +4.9 +2024/01/09 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.133 + + + +0 - 7 days +cpe:/a:microsoft:edge +CVE-2024-21388 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L +3.7 +5.1 +CVE-2024-21388 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by a vulnerability as referenced in the January 30, 2024 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21388) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_121_0_2277_83.nasl +current +2024-A-0060 +2024/01/25 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) +2024/01/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?d0503752 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388 +Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +4.9 +2024/01/23 +IAVA:2024-A-0060 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 121.0.2277.83 + + + +60 - 180 days +2023/10/23 +cpe:/a:microsoft:edge +CVE-2023-1999 +CVE-2023-5186 +CVE-2023-5187 +CVE-2023-5217 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5217 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.98 / 117.0.2045.47. It is, therefore, affected by multiple vulnerabilities as referenced in the September 29, 2023 advisory. + + - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. (CVE-2023-1999) + + - Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) (CVE-2023-5186) + + - Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-5187) + + - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_117_0_2045_47.nasl +current +2023-A-0523-S +2023/09/29 +2023/10/23 +Microsoft Edge (Chromium) < 116.0.1938.98 / 117.0.2045.47 Multiple Vulnerabilities +2023/10/02 +local +Very High +Critical +1.3 +http://www.nessus.org/u?f89fc291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217 +Upgrade to Microsoft Edge version 116.0.1938.98 / 117.0.2045.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.2 +2023/04/11 +CISA-KNOWN-EXPLOITED:2023/10/23 +IAVA:2023-A-0523-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.47 + + + +180 - 365 days +2023/06/28 +cpe:/a:microsoft:edge +CVE-2023-3079 +CVE-2023-33145 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3079 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 6, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079) + + - An information disclosure vulnerability. (CVE-2023-33145) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_114_0_1823_41.nasl +2023-A-0274-S +2023-A-0302-S +2023/06/06 +2023/07/20 +Microsoft Edge (Chromium) < 114.0.1823.41 Multiple Vulnerabilities +2023/06/07 +local +Medium +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3079 +Upgrade to Microsoft Edge version 114.0.1823.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +9.0 +2023/06/05 +CISA-KNOWN-EXPLOITED:2023/06/28 +IAVA:2023-A-0274-S +IAVA:2023-A-0302-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.41 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +CVE-2023-36878 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.77. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-36878) + + - Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-6706) + + - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-6707) + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_77.nasl +current +2023-A-0696-S +2023/12/14 +2024/01/12 +Microsoft Edge (Chromium) < 120.0.2210.77 Multiple Vulnerabilities +2023/12/15 +local +Low +Critical +1.3 +http://www.nessus.org/u?11cef5be +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6706 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6707 +Upgrade to Microsoft Edge version 120.0.2210.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/12/12 +IAVA:2023-A-0696-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.77 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16016 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16016 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.68. It is, therefore, affected by a vulnerability as referenced in the ADV200002-11-11-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_86_0_622_68.nasl +2020/11/11 +2021/01/12 +Microsoft Edge (Chromium) < 86.0.622.68 Vulnerability +2020/11/12 +local +Low +Medium +1.4 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.68 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.5 +2020/11/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.68 + + + +730 days + +CEA-2020-0124 +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16004 +CVE-2020-16005 +CVE-2020-16006 +CVE-2020-16007 +CVE-2020-16008 +CVE-2020-16009 +CVE-2020-16011 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2020-16011 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.63. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-4-2020 advisory. + + - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16004) + + - Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16005) + + - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16006, CVE-2020-16009) + + - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. (CVE-2020-16007) + + - Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. (CVE-2020-16008) + + - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2020-16011) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_63.nasl +2020/11/04 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.63 Multiple Vulnerabilities +2020/11/04 +local +High +Medium +1.10 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2020/11/02 +CISA-KNOWN-EXPLOITED:2022/05/03 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2019-8075 +CVE-2020-16012 +CVE-2020-16014 +CVE-2020-16015 +CVE-2020-16018 +CVE-2020-16022 +CVE-2020-16023 +CVE-2020-16024 +CVE-2020-16025 +CVE-2020-16026 +CVE-2020-16027 +CVE-2020-16028 +CVE-2020-16029 +CVE-2020-16030 +CVE-2020-16031 +CVE-2020-16032 +CVE-2020-16033 +CVE-2020-16034 +CVE-2020-16036 +9.6 +CVE-2020-16025 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16029 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.41. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-19-2020 advisory. + + - Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. + Successful exploitation could lead to Information Disclosure in the context of the current user. + (CVE-2019-8075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_87_0_664_41.nasl +2020/11/19 +2022/05/11 +Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities +2020/11/20 +local +Low +Medium +1.6 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.41 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2019/06/11 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.41 + + + +730 days + +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16013 +CVE-2020-16017 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16017 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-13-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_69.nasl +2020/11/13 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.69 Multiple Vulnerabilities +2020/11/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2020/11/11 +CISA-KNOWN-EXPLOITED:2022/05/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.69 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-15995 +CVE-2020-16043 +CVE-2021-21106 +CVE-2021-21107 +CVE-2021-21108 +CVE-2021-21109 +CVE-2021-21110 +CVE-2021-21111 +CVE-2021-21112 +CVE-2021-21113 +CVE-2021-21114 +CVE-2021-21115 +CVE-2021-21116 +9.6 +CVE-2021-21115 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +9.3 +CVE-2021-21106 +6.9 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.75. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-1-7-2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15995) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_87_0_664_75.nasl +2021/01/07 +2024/01/30 +Microsoft Edge (Chromium) < 87.0.664.75 Multiple Vulnerabilities +2021/01/08 +local +Medium +High +1.5 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.75 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2020/11/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.75 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21142 +CVE-2021-21143 +CVE-2021-21144 +CVE-2021-21145 +CVE-2021-21146 +CVE-2021-21147 +CVE-2021-24113 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21146 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.62. It is, therefore, affected by multiple vulnerabilities as referenced in the February 4, 2021 advisory. + + - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142) + + - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21143) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21144) + + - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21145) + + - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21146) + + - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_88_0_705_62.nasl +2021/02/04 +2021/02/12 +Microsoft Edge (Chromium) < 88.0.705.62 Multiple Vulnerabilities +2021/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?f6e795b0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21142 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21144 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21147 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24113 +Upgrade to Microsoft Edge version 88.0.705.62 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/02/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.62 + + + +730 days + +CEA-2021-0007 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21148 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21148 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.63. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-21148 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_88_0_705_63.nasl +2021/02/05 +2023/04/25 +Microsoft Edge (Chromium) < 88.0.705.63 Vulnerability +2021/02/08 +local +Medium +Medium +1.9 +http://www.nessus.org/u?c8284af6 +Upgrade to Microsoft Edge version 88.0.705.63 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2021/02/04 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2021-0007 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16044 +CVE-2021-21118 +CVE-2021-21119 +CVE-2021-21120 +CVE-2021-21121 +CVE-2021-21122 +CVE-2021-21123 +CVE-2021-21124 +CVE-2021-21125 +CVE-2021-21126 +CVE-2021-21127 +CVE-2021-21128 +CVE-2021-21129 +CVE-2021-21130 +CVE-2021-21131 +CVE-2021-21132 +CVE-2021-21133 +CVE-2021-21134 +CVE-2021-21135 +CVE-2021-21136 +CVE-2021-21137 +CVE-2021-21139 +CVE-2021-21140 +CVE-2021-21141 +9.6 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21132 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.50. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_88_0_705_50.nasl +2021/01/21 +2024/01/26 +Microsoft Edge (Chromium) < 88.0.705.50 Multiple Vulnerabilities +2021/01/26 +local +Low +Medium +1.5 +http://www.nessus.org/u?f11ddceb +http://www.nessus.org/u?e38b0261 +http://www.nessus.org/u?956993df +http://www.nessus.org/u?86ccd1a7 +http://www.nessus.org/u?ea65fbbf +http://www.nessus.org/u?d945c5fd +http://www.nessus.org/u?804c6012 +http://www.nessus.org/u?6df00137 +http://www.nessus.org/u?8e925c70 +http://www.nessus.org/u?f33d1708 +http://www.nessus.org/u?e453c1c0 +http://www.nessus.org/u?d644083b +http://www.nessus.org/u?04560b20 +http://www.nessus.org/u?3dbc72e7 +http://www.nessus.org/u?3be82d62 +http://www.nessus.org/u?776bc7e6 +http://www.nessus.org/u?858149b3 +http://www.nessus.org/u?3838b7fb +http://www.nessus.org/u?1c282efb +http://www.nessus.org/u?b1321a9c +http://www.nessus.org/u?970b384a +http://www.nessus.org/u?a6495027 +http://www.nessus.org/u?ef57ee24 +http://www.nessus.org/u?a674cb6c +Upgrade to Microsoft Edge version 88.0.705.50 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/01/12 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16037 +CVE-2020-16038 +CVE-2020-16039 +CVE-2020-16040 +CVE-2020-16041 +CVE-2020-16042 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +9.3 +CVE-2020-16039 +8.1 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_87_0_664_57.nasl +2020-A-0571-S +Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase +2020/12/07 +2021/04/20 +Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities +2020/12/09 +local +Low +High +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +7.4 +2020/12/02 +IAVA:2020-A-0571-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.57 + + + +730 days + +CEA-2020-0124 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-15999 +CVE-2020-16000 +CVE-2020-16001 +CVE-2020-16002 +CVE-2020-16003 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +6.8 +CVE-2020-16003 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_86_0_622_51.nasl +2020/10/22 +2022/12/05 +Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities +2020/10/22 +local +High +Medium +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +7.2 +2020/10/20 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.51 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21194 +CVE-2021-21195 +CVE-2021-21196 +CVE-2021-21197 +CVE-2021-21198 +CVE-2021-21199 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21199 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.68. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_89_0_774_68.nasl +2021-A-0152-S +2021/04/01 +2021/06/07 +Microsoft Edge (Chromium) < 89.0.774.68 Multiple Vulnerabilities +2021/04/02 +local +Low +Medium +1.6 +http://www.nessus.org/u?d3ce740a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21199 +Upgrade to Microsoft Edge version 89.0.774.68 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/03/30 +IAVA:2021-A-0152-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.68 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5218 +CVE-2023-5473 +CVE-2023-5474 +CVE-2023-5475 +CVE-2023-5476 +CVE-2023-5477 +CVE-2023-5478 +CVE-2023-5479 +CVE-2023-5481 +CVE-2023-5483 +CVE-2023-5484 +CVE-2023-5485 +CVE-2023-5486 +CVE-2023-5487 +CVE-2023-36559 +CVE-2023-36409 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5476 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 13, 2023 advisory. + + - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-5218) + + - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5473) + + - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474) + + - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475) + + - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5476) + + - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) (CVE-2023-5477) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5479) + + - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5481) + + - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5483) + + - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5484) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485) + + - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5487) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_46.nasl +current +2023-A-0566-S +2023-A-0578-S +2023/10/13 +2023/11/09 +Microsoft Edge (Chromium) < 118.0.2088.46 Multiple Vulnerabilities +2023/10/13 +local +Low +Critical +1.6 +http://www.nessus.org/u?2945f274 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36409 +Upgrade to Microsoft Edge version 118.0.2088.46 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/10/10 +IAVA:2023-A-0566-S +IAVA:2023-A-0578-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-27844 +CVE-2021-21159 +CVE-2021-21160 +CVE-2021-21161 +CVE-2021-21162 +CVE-2021-21163 +CVE-2021-21164 +CVE-2021-21165 +CVE-2021-21166 +CVE-2021-21167 +CVE-2021-21168 +CVE-2021-21169 +CVE-2021-21170 +CVE-2021-21171 +CVE-2021-21172 +CVE-2021-21173 +CVE-2021-21174 +CVE-2021-21175 +CVE-2021-21176 +CVE-2021-21177 +CVE-2021-21178 +CVE-2021-21179 +CVE-2021-21180 +CVE-2021-21181 +CVE-2021-21182 +CVE-2021-21183 +CVE-2021-21184 +CVE-2021-21185 +CVE-2021-21186 +CVE-2021-21187 +CVE-2021-21188 +CVE-2021-21189 +CVE-2021-21190 +8.8 +CVE-2021-21190 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.3 +CVE-2020-27844 +6.9 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected by multiple vulnerabilities as referenced in the March 4, 2021 advisory. + + - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27844) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_45.nasl +2021/03/04 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities +2021/03/08 +local +Medium +High +1.9 +http://www.nessus.org/u?b2e30009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-27844 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21159 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21166 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21167 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21168 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21169 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21170 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21171 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21172 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21176 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21190 +Upgrade to Microsoft Edge version 89.0.774.45 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/01/05 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.45 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21191 +CVE-2021-21192 +CVE-2021-21193 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21193 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.54. It is, therefore, affected by multiple vulnerabilities as referenced in the March 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_54.nasl +2021/03/15 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.54 Multiple Vulnerabilities +2021/03/16 +local +Medium +Medium +1.8 +http://www.nessus.org/u?5072e34e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21193 +Upgrade to Microsoft Edge version 89.0.774.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/03/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21201 +CVE-2021-21202 +CVE-2021-21203 +CVE-2021-21204 +CVE-2021-21205 +CVE-2021-21207 +CVE-2021-21208 +CVE-2021-21209 +CVE-2021-21210 +CVE-2021-21211 +CVE-2021-21212 +CVE-2021-21213 +CVE-2021-21214 +CVE-2021-21215 +CVE-2021-21216 +CVE-2021-21217 +CVE-2021-21218 +CVE-2021-21219 +CVE-2021-21221 +9.6 +CVE-2021-21201 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21214 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_39.nasl +2021/04/15 +2022/05/10 +Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities +2021/04/16 +local +Medium +Medium +1.4 +http://www.nessus.org/u?de6e5227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221 +Upgrade to Microsoft Edge version 90.0.818.39 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/04/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.39 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21227 +CVE-2021-21228 +CVE-2021-21229 +CVE-2021-21230 +CVE-2021-21231 +CVE-2021-21232 +CVE-2021-21233 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21233 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 29, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_51.nasl +2021/04/29 +2021/05/03 +Microsoft Edge (Chromium) < 90.0.818.51 Multiple Vulnerabilities +2021/04/29 +local +Medium +Medium +1.3 +http://www.nessus.org/u?82d8e204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21233 +Upgrade to Microsoft Edge version 90.0.818.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/04/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.51 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21206 +CVE-2021-21220 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21220 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.77. It is, therefore, affected by multiple vulnerabilities as referenced in the April 14, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_89_0_774_77.nasl +2021-A-0176-S +Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE +2021/04/14 +2021/11/30 +Microsoft Edge (Chromium) < 89.0.774.77 Multiple Vulnerabilities +2021/04/15 +local +Low +Medium +1.9 +http://www.nessus.org/u?119280b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21206 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21220 +Upgrade to Microsoft Edge version 89.0.774.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.6 +2021/04/13 +IAVA:2021-A-0176-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.77 + + + +730 days + +2022/07/18 +cpe:/a:microsoft:edge +CVE-2021-30521 +CVE-2021-30522 +CVE-2021-30523 +CVE-2021-30524 +CVE-2021-30525 +CVE-2021-30526 +CVE-2021-30527 +CVE-2021-30528 +CVE-2021-30529 +CVE-2021-30530 +CVE-2021-30531 +CVE-2021-30532 +CVE-2021-30533 +CVE-2021-30534 +CVE-2021-30535 +CVE-2021-30536 +CVE-2021-30537 +CVE-2021-30538 +CVE-2021-30539 +CVE-2021-30540 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30535 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_91_0_864_37.nasl +2021/05/27 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities +2021/06/02 +local +Low +Medium +1.5 +http://www.nessus.org/u?0c14a42a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982 +Upgrade to Microsoft Edge version 91.0.864.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/25 +CISA-KNOWN-EXPLOITED:2022/07/18 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.37 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-33741 +8.2 +7.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N +4.7 +5.1 +CVE-2021-33741 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.41. It is, therefore, affected by a vulnerability as referenced in the June 4, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_41.nasl +2021/06/04 +2023/12/27 +Microsoft Edge (Chromium) < 91.0.864.41 Vulnerability +2021/06/04 +local +Low +Medium +1.4 +http://www.nessus.org/u?aa1e84f8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33741 +Upgrade to Microsoft Edge version 91.0.864.41 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2021/06/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2021-34475 +CVE-2021-34506 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2021-34506 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.59. It is, therefore, affected by multiple vulnerabilities as referenced in the June 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_59.nasl +2021/06/24 +2023/12/12 +Microsoft Edge (Chromium) < 91.0.864.59 Multiple Vulnerabilities +2021/06/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?fcf1608e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506 +Upgrade to Microsoft Edge version 91.0.864.59 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2021/06/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.59 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30565 +CVE-2021-30566 +CVE-2021-30567 +CVE-2021-30568 +CVE-2021-30569 +CVE-2021-30571 +CVE-2021-30572 +CVE-2021-30573 +CVE-2021-30574 +CVE-2021-30575 +CVE-2021-30576 +CVE-2021-30577 +CVE-2021-30578 +CVE-2021-30579 +CVE-2021-30580 +CVE-2021-30581 +CVE-2021-30582 +CVE-2021-30583 +CVE-2021-30584 +CVE-2021-30585 +CVE-2021-30586 +CVE-2021-30587 +CVE-2021-30588 +CVE-2021-30589 +9.6 +CVE-2021-30571 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30588 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_55.nasl +2021-A-0346-S +2021/07/22 +2023/12/07 +Microsoft Edge (Chromium) < 92.0.902.55 Multiple Vulnerabilities +2021/07/22 +local +Low +Medium +1.8 +http://www.nessus.org/u?dc471fea +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30565 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30566 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30567 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30568 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30569 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30571 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30572 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30573 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30574 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30575 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30576 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30577 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30578 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30579 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30580 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30581 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30582 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30583 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30584 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30585 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30586 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30587 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30588 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30589 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36931 +Upgrade to Microsoft Edge version 92.0.902.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/07/20 +IAVA:2021-A-0346-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.55 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21222 +CVE-2021-21223 +CVE-2021-21224 +CVE-2021-21225 +CVE-2021-21226 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21226 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected by multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_90_0_818_46.nasl +2021/04/22 +2021/11/30 +Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities +2021/04/22 +local +Medium +Medium +1.6 +http://www.nessus.org/u?0027f192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21225 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21226 +Upgrade to Microsoft Edge version 90.0.818.46 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.2 +2021/04/20 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30541 +CVE-2021-30559 +CVE-2021-30560 +CVE-2021-30561 +CVE-2021-30562 +CVE-2021-30563 +CVE-2021-30564 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30564 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 19, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_71.nasl +2021/07/19 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.71 Multiple Vulnerabilities +2021/07/19 +local +Low +Medium +1.5 +http://www.nessus.org/u?06a51872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30541 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30559 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30560 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30561 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30563 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30564 +Upgrade to Microsoft Edge version 91.0.864.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/07/15 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.71 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30598 +CVE-2021-30599 +CVE-2021-30601 +CVE-2021-30602 +CVE-2021-30603 +CVE-2021-30604 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30604 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.78. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2021 advisory. + + - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30604) + + - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599) + + - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30601) + + - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30602) + + - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30603) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_78.nasl +2021/08/19 +2021/09/24 +Microsoft Edge (Chromium) < 92.0.902.78 Multiple Vulnerabilities +2021/08/19 +local +Low +Medium +1.6 +http://www.nessus.org/u?97c3a98d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30599 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30601 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30602 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30604 +Upgrade to Microsoft Edge version 92.0.902.78 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.78 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30554 +CVE-2021-30555 +CVE-2021-30556 +CVE-2021-30557 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30557 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected by multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_91_0_864_54.nasl +2021/06/18 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities +2021/06/18 +local +Low +Medium +1.7 +http://www.nessus.org/u?fe8ae1a6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30556 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30557 +Upgrade to Microsoft Edge version 91.0.864.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/06/17 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30590 +CVE-2021-30591 +CVE-2021-30592 +CVE-2021-30593 +CVE-2021-30594 +CVE-2021-30596 +CVE-2021-30597 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30592 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.67. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_67.nasl +2021/08/05 +2023/12/06 +Microsoft Edge (Chromium) < 92.0.902.67 Multiple Vulnerabilities +2021/08/05 +local +Low +Medium +1.4 +http://www.nessus.org/u?c2b02534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30590 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30591 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30592 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30593 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30594 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30596 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30597 +Upgrade to Microsoft Edge version 92.0.902.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.67 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38669 +6.4 +5.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N +2.7 +7.5 +CVE-2021-38669 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.44. It is, therefore, affected by a vulnerability as referenced in the September 9, 2021 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2021-38669) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_44.nasl +2021-A-0432-S +2021/09/09 +2023/12/29 +Microsoft Edge (Chromium) < 93.0.961.44 Vulnerability +2021/09/14 +local +Low +High +1.7 +http://www.nessus.org/u?5b26fe9e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38669 +Upgrade to Microsoft Edge version 93.0.961.44 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +3.8 +2021/09/14 +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.44 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30544 +CVE-2021-30545 +CVE-2021-30546 +CVE-2021-30547 +CVE-2021-30548 +CVE-2021-30549 +CVE-2021-30550 +CVE-2021-30551 +CVE-2021-30552 +CVE-2021-30553 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30553 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected by multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_48.nasl +2021/06/11 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities +2021/06/11 +local +Low +Medium +1.6 +http://www.nessus.org/u?294d93d8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30544 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30545 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30546 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30547 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30548 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30549 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30550 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30551 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30552 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30553 +Upgrade to Microsoft Edge version 91.0.864.48 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/06/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.48 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30506 +CVE-2021-30507 +CVE-2021-30508 +CVE-2021-30509 +CVE-2021-30510 +CVE-2021-30511 +CVE-2021-30512 +CVE-2021-30513 +CVE-2021-30514 +CVE-2021-30515 +CVE-2021-30516 +CVE-2021-30517 +CVE-2021-30518 +CVE-2021-30519 +CVE-2021-30520 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30520 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_90_0_xxxxxx.nasl +2021/05/13 +2024/01/02 +Microsoft Edge (Chromium) < 90.0.xxxxxx Multiple Vulnerabilities +2021/05/14 +local +Low +Medium +1.4 +http://www.nessus.org/u?9cc1dc08 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30506 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30507 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30513 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30514 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30515 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30516 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30519 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30520 +Upgrade to Microsoft Edge version 90.0.xxxxxx or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.xxxxxx + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37956 +CVE-2021-37957 +CVE-2021-37958 +CVE-2021-37959 +CVE-2021-37961 +CVE-2021-37962 +CVE-2021-37963 +CVE-2021-37964 +CVE-2021-37965 +CVE-2021-37966 +CVE-2021-37967 +CVE-2021-37968 +CVE-2021-37969 +CVE-2021-37970 +CVE-2021-37971 +CVE-2021-37972 +CVE-2021-37973 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37973 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. + + - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37973) + + - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37956) + + - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957) + + - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958) + + - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37959) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_31.nasl +2021-A-0448-S +2021/09/24 +2024/01/16 +Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities +2021/09/24 +local +Medium +Medium +1.11 +http://www.nessus.org/u?6dbcb9b7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973 +Upgrade to Microsoft Edge version 94.0.992.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/21 +IAVA:2021-A-0448-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.31 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30625 +CVE-2021-30626 +CVE-2021-30627 +CVE-2021-30628 +CVE-2021-30629 +CVE-2021-30630 +CVE-2021-30633 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30633 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.52. It is, therefore, affected by multiple vulnerabilities as referenced in the September 16, 2021 advisory. + + - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-30633) + + - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30625) + + - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626) + + - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627) + + - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_93_0_961_52.nasl +2021/09/16 +2024/01/16 +Microsoft Edge (Chromium) < 93.0.961.52 Multiple Vulnerabilities +2021/09/17 +local +Low +Medium +1.9 +http://www.nessus.org/u?603235a5 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30625 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30626 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30627 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30628 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30629 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30630 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30633 +Upgrade to Microsoft Edge version 93.0.961.52 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.52 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37997 +CVE-2021-37998 +CVE-2021-37999 +CVE-2021-38000 +CVE-2021-38001 +CVE-2021-38002 +CVE-2021-38003 +9.6 +CVE-2021-38002 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-38003 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory. + + - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003) + + - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997) + + - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998) + + - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. + (CVE-2021-37999) + + - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. + (CVE-2021-38000) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_95_0_1020_40.nasl +2021-A-0522-S +2021/10/29 +2023/04/25 +Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities +2021/10/29 +local +Medium +Medium +1.13 +http://www.nessus.org/u?dd5c7f7f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37998 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38000 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38001 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38002 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38003 +Upgrade to Microsoft Edge version 95.0.1020.40 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/10/28 +IAVA:2021-A-0522-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.40 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37977 +CVE-2021-37978 +CVE-2021-37979 +CVE-2021-37980 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37979 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 11, 2021 advisory. + + - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37979) + + - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977) + + - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978) + + - Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. (CVE-2021-37980) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_94_0_992_47.nasl +2021-A-0459-S +2021/10/11 +2023/11/28 +Microsoft Edge (Chromium) < 94.0.992.47 Multiple Vulnerabilities +2021/10/11 +local +Medium +Medium +1.7 +http://www.nessus.org/u?3a3f355a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37980 +Upgrade to Microsoft Edge version 94.0.992.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/10/07 +IAVA:2021-A-0459-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.47 + + + +365 - 730 days +2021/12/29 +cpe:/a:microsoft:edge +CVE-2021-4098 +CVE-2021-4099 +CVE-2021-4100 +CVE-2021-4101 +CVE-2021-4102 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4102 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.57. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4102) + + - Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-4098) + + - Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4099) + + - Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4100) + + - Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4101) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_96_0_1054_57.nasl +2021-A-0576-S +2021/12/14 +2023/04/25 +Microsoft Edge (Chromium) < 96.0.1054.57 Multiple Vulnerabilities +2021/12/14 +local +Low +Medium +1.10 +http://www.nessus.org/u?f5dd1e14 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4102 +Upgrade to Microsoft Edge version 96.0.1054.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +7.4 +2021/12/13 +CISA-KNOWN-EXPLOITED:2021/12/29 +IAVA:2021-A-0576-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.57 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1052_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities +2021/11/20 +local +Medium +Medium +1.9 +http://www.nessus.org/u?95dce263 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1052.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/15 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1052.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37981 +CVE-2021-37982 +CVE-2021-37983 +CVE-2021-37984 +CVE-2021-37985 +CVE-2021-37986 +CVE-2021-37987 +CVE-2021-37988 +CVE-2021-37989 +CVE-2021-37990 +CVE-2021-37991 +CVE-2021-37992 +CVE-2021-37993 +CVE-2021-37994 +CVE-2021-37995 +CVE-2021-37996 +CVE-2021-42307 +9.6 +CVE-2021-37981 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37993 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.30. It is, therefore, affected by multiple vulnerabilities as referenced in the October 21, 2021 advisory. + + - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993) + + - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37981) + + - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982) + + - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983) + + - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_95_0_1020_30.nasl +2021-A-0491-S +2021-A-0544-S +2021/10/21 +2023/10/06 +Microsoft Edge (Chromium) < 95.0.1020.30 Multiple Vulnerabilities +2021/10/21 +local +Low +Medium +1.8 +http://www.nessus.org/u?6d633bfe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37981 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37982 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37983 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37984 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37985 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37986 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37987 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37988 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37989 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37990 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37991 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37992 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37993 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37994 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37995 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37996 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42307 +Upgrade to Microsoft Edge version 95.0.1020.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/10/19 +IAVA:2021-A-0491-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.30 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37974 +CVE-2021-37975 +CVE-2021-37976 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37975 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.38. It is, therefore, affected by multiple vulnerabilities as referenced in the October 1, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975) + + - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37974) + + - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_38.nasl +2021-A-0449-S +2021/10/01 +2023/04/25 +Microsoft Edge (Chromium) < 94.0.992.38 Multiple Vulnerabilities +2021/10/01 +local +Medium +Medium +1.10 +http://www.nessus.org/u?fc68e93b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37976 +Upgrade to Microsoft Edge version 94.0.992.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/09/30 +IAVA:2021-A-0449-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.38 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30632 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30632 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.47. It is, therefore, affected by a vulnerability as referenced in the September 14, 2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30632) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_93_0_961_47.nasl +2021/09/14 +2021/11/30 +Microsoft Edge (Chromium) < 93.0.961.47 Vulnerability +2021/09/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?78d37aa2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30632 +Upgrade to Microsoft Edge version 93.0.4577.82 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +9.0 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.47 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-23264 +4.7 +4.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N +1.4 +5.0 +CVE-2022-23264 +3.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.50. It is, therefore, affected by a vulnerability as referenced in the February 10, 2022 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-23264) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_50.nasl +2023-A-0071-S +2022/02/10 +2023/11/09 +Microsoft Edge (Chromium) < 98.0.1108.50 Vulnerability +2022/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?fe909fdc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23264 +Upgrade to Microsoft Edge version 98.0.1108.50 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +1.6 +2022/02/10 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2022-23258 +4.3 +3.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N +1.4 +4.3 +CVE-2022-23258 +3.2 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected by multiple vulnerabilities as referenced in the January 20, 2022 advisory. + + - Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_97_0_1072_69.nasl +2022/01/20 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities +2022/01/20 +local +Low +Medium +1.5 +http://www.nessus.org/u?4c365598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311 +Upgrade to Microsoft Edge version 97.0.1072.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +1.4 +2022/01/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.69 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0096 +CVE-2022-0097 +CVE-2022-0098 +CVE-2022-0099 +CVE-2022-0100 +CVE-2022-0101 +CVE-2022-0102 +CVE-2022-0103 +CVE-2022-0104 +CVE-2022-0105 +CVE-2022-0106 +CVE-2022-0107 +CVE-2022-0108 +CVE-2022-0109 +CVE-2022-0110 +CVE-2022-0111 +CVE-2022-0112 +CVE-2022-0113 +CVE-2022-0114 +CVE-2022-0115 +CVE-2022-0116 +CVE-2022-0117 +CVE-2022-0118 +CVE-2022-0120 +CVE-2022-21929 +CVE-2022-21930 +CVE-2022-21931 +CVE-2022-21954 +CVE-2022-21970 +9.6 +CVE-2022-0097 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +8.3 +CVE-2022-21970 +6.5 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory. + + - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107) + + - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096) + + - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097) + + - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098) + + - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. + (CVE-2022-0099) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_97_0_1072_55.nasl +2022/01/06 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities +2022/01/06 +local +Low +High +1.8 +http://www.nessus.org/u?10ad4694 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0096 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0097 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0102 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0103 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0104 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0105 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0106 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0107 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0108 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0109 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0110 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0111 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0112 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0113 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0114 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0116 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0117 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0118 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0120 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21970 +Upgrade to Microsoft Edge version 97.0.1072.55 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2022/01/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0971 +CVE-2022-0972 +CVE-2022-0973 +CVE-2022-0974 +CVE-2022-0975 +CVE-2022-0976 +CVE-2022-0977 +CVE-2022-0978 +CVE-2022-0979 +CVE-2022-0980 +CVE-2022-26899 +9.6 +CVE-2022-0977 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-26899 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.46. It is, therefore, affected by multiple vulnerabilities as referenced in the March 17, 2022 advisory. + + - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980) + + - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0971) + + - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0972) + + - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973) + + - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_99_0_1150_46.nasl +2022-A-0120-S +2021-A-0544-S +2022/03/17 +2023/11/06 +Microsoft Edge (Chromium) < 99.0.1150.46 Multiple Vulnerabilities +2022/03/17 +local +Low +Critical +1.8 +http://www.nessus.org/u?0cc84aae +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0973 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0976 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0980 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26899 +Upgrade to Microsoft Edge version 99.0.1150.46 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/03/15 +IAVA:2022-A-0120-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.46 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0789 +CVE-2022-0790 +CVE-2022-0791 +CVE-2022-0792 +CVE-2022-0793 +CVE-2022-0794 +CVE-2022-0795 +CVE-2022-0796 +CVE-2022-0797 +CVE-2022-0798 +CVE-2022-0799 +CVE-2022-0800 +CVE-2022-0801 +CVE-2022-0802 +CVE-2022-0803 +CVE-2022-0804 +CVE-2022-0805 +CVE-2022-0806 +CVE-2022-0807 +CVE-2022-0808 +CVE-2022-0809 +9.6 +CVE-2022-0790 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0809 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.30. It is, therefore, affected by multiple vulnerabilities as referenced in the March 3, 2022 advisory. + + - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789) + + - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790) + + - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. + (CVE-2022-0791) + + - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_99_0_1150_30.nasl +2022-A-0096-S +2022/03/03 +2023/01/10 +Microsoft Edge (Chromium) < 99.0.1150.30 Multiple Vulnerabilities +2022/03/03 +local +Low +Medium +1.7 +http://www.nessus.org/u?764ee88a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0789 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0790 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0791 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0792 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0793 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0794 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0795 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0796 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0797 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0798 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0799 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0800 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0801 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0802 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0803 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0804 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0805 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0806 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0807 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0808 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0809 +Upgrade to Microsoft Edge version 99.0.1150.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/01 +IAVA:2022-A-0096-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.30 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-4052 +CVE-2021-4053 +CVE-2021-4054 +CVE-2021-4055 +CVE-2021-4056 +CVE-2021-4057 +CVE-2021-4058 +CVE-2021-4059 +CVE-2021-4061 +CVE-2021-4062 +CVE-2021-4063 +CVE-2021-4064 +CVE-2021-4065 +CVE-2021-4066 +CVE-2021-4067 +CVE-2021-4068 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4067 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.53. It is, therefore, affected by multiple vulnerabilities as referenced in the December 10, 2021 advisory. + + - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067) + + - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (CVE-2021-4052) + + - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053) + + - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054) + + - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_96_0_1054_53.nasl +2021/12/10 +2022/01/11 +Microsoft Edge (Chromium) < 96.0.1054.53 Multiple Vulnerabilities +2021/12/11 +local +Medium +Medium +1.5 +http://www.nessus.org/u?10871512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4052 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4059 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4061 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4062 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4063 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4064 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4065 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4066 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4067 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4068 +Upgrade to Microsoft Edge version 96.0.1054.53 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/12/06 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.53 + + + +365 - 730 days +2022/04/18 +cpe:/a:microsoft:edge +CVE-2022-1096 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1096 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.55. It is, therefore, affected by a vulnerability as referenced in the March 26, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_99_0_1150_55.nasl +2022-A-0126-S +2021-A-0544-S +2022/03/26 +2023/11/03 +Microsoft Edge (Chromium) < 99.0.1150.55 Vulnerability +2022/03/26 +local +Low +Critical +1.9 +http://www.nessus.org/u?991726b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096 +Upgrade to Microsoft Edge version 99.0.1150.55 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/03/25 +CISA-KNOWN-EXPLOITED:2022/04/18 +IAVA:2022-A-0126-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-23261 +CVE-2022-23262 +CVE-2022-23263 +7.7 +CVE-2022-23263 +6.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2022-23262 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.43. It is, therefore, affected by multiple vulnerabilities as referenced in the February 3, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. (CVE-2022-23263) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. (CVE-2022-23262) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability. (CVE-2022-23261) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_43.nasl +2022/02/03 +2022/05/06 +Microsoft Edge (Chromium) < 98.0.1108.43 Multiple Vulnerabilities +2022/02/03 +local +Low +Medium +1.5 +http://www.nessus.org/u?c8cf985b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23263 +Upgrade to Microsoft Edge version 98.0.1108.43 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/02/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.43 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-42308 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + + - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009) + + - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. + (CVE-2021-38010) + + - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013) + + - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014) + + - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015) + + - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016) + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019) + + - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (CVE-2021-38020) + + - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021) + + - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2021-42308) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2021-43221) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1054_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1054.29 Multiple Vulnerabilities +2023/02/10 +local +Medium +Medium +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1054.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/10 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-26436 +CVE-2021-26439 +CVE-2021-30606 +CVE-2021-30607 +CVE-2021-30608 +CVE-2021-30609 +CVE-2021-30610 +CVE-2021-30611 +CVE-2021-30612 +CVE-2021-30613 +CVE-2021-30614 +CVE-2021-30615 +CVE-2021-30616 +CVE-2021-30617 +CVE-2021-30618 +CVE-2021-30619 +CVE-2021-30620 +CVE-2021-30621 +CVE-2021-30622 +CVE-2021-30623 +CVE-2021-30624 +CVE-2021-36930 +CVE-2021-38641 +CVE-2021-38642 +8.8 +CVE-2021-30624 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-36930 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436) + + - Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439) + + - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606) + + - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607) + + - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608) + + - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609) + + - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610) + + - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611) + + - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612) + + - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613) + + - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614) + + - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615) + + - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616) + + - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617) + + - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618) + + - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619) + + - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620) + + - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621) + + - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622) + + - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623) + + - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_38.nasl +2021-A-0401-S +2021-A-0432-S +2021/09/02 +2022/05/06 +Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities +2021/11/18 +local +Medium +Medium +1.4 +http://www.nessus.org/u?eab98635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38641 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38642 +Upgrade to Microsoft Edge version 93.0.961.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/08/31 +IAVA:2021-A-0401-S +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.38 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2852 +CVE-2022-2853 +CVE-2022-2854 +CVE-2022-2855 +CVE-2022-2857 +CVE-2022-2858 +CVE-2022-2860 +CVE-2022-2861 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2858 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.63. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2022 advisory. + + - Use after free in FedCM. (CVE-2022-2852) + + - Heap buffer overflow in Downloads. (CVE-2022-2853) + + - Use after free in SwiftShader. (CVE-2022-2854) + + - Use after free in ANGLE. (CVE-2022-2855) + + - Use after free in Blink. (CVE-2022-2857) + + - Use after free in Sign-In Flow. (CVE-2022-2858) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2860) + + - Inappropriate implementation in Extensions API. (CVE-2022-2861) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_104_0_1293_63.nasl +2022/08/19 +2022/10/21 +Microsoft Edge (Chromium) < 104.0.1293.63 Multiple Vulnerabilities +2022/08/19 +local +Low +Critical +1.4 +http://www.nessus.org/u?4ce23d54 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2860 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2861 +Upgrade to Microsoft Edge version 104.0.1293.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.63 + + + +365 - 730 days +2022/03/01 +cpe:/a:microsoft:edge +CVE-2022-0603 +CVE-2022-0604 +CVE-2022-0605 +CVE-2022-0606 +CVE-2022-0607 +CVE-2022-0608 +CVE-2022-0609 +CVE-2022-0610 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0610 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.55. It is, therefore, affected by multiple vulnerabilities as referenced in the February 16, 2022 advisory. + + - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610) + + - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604) + + - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605) + + - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_98_0_1108_55.nasl +2022-A-0086-S +2022/02/16 +2022/05/03 +Microsoft Edge (Chromium) < 98.0.1108.55 Multiple Vulnerabilities +2022/02/16 +local +Low +Medium +1.6 +http://www.nessus.org/u?e17239f6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0610 +Upgrade to Microsoft Edge version 98.0.1108.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.0 +2022/02/14 +CISA-KNOWN-EXPLOITED:2022/03/01 +IAVA:2022-A-0086-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.55 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21149 +CVE-2021-21150 +CVE-2021-21151 +CVE-2021-21152 +CVE-2021-21153 +CVE-2021-21154 +CVE-2021-21155 +CVE-2021-21156 +CVE-2021-21157 +9.6 +CVE-2021-21155 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21157 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.74. It is, therefore, affected by multiple vulnerabilities as referenced in the February 17, 2021 advisory. + + - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149) + + - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21150) + + - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151) + + - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152) + + - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153) + + - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21154) + + - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21155) + + - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. (CVE-2021-21156) + + - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_88_0_705_74.nasl +2021/02/17 +2022/05/10 +Microsoft Edge (Chromium) < 88.0.705.74 Multiple Vulnerabilities +2021/02/19 +local +Low +Medium +1.7 +http://www.nessus.org/u?18ef2264 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21149 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21150 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21151 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21152 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21153 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21154 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21155 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21157 +Upgrade to Microsoft Edge version 88.0.705.74 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/02/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.74 + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 86.0.622.38 + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled. +microsoft_ie_esc_detect.nbin +True +True +2024/01/16 +Microsoft Internet Explorer Enhanced Security Configuration Detection +2014/03/07 +local +None +1.261 +http://www.nessus.org/u?a9c4c131 +n/a +The remote host supports IE Enhanced Security Configuration. + + Type : Admin Groups + Is Enabled : True + + Type : User Groups + Is Enabled : True + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.4690.0 + .NET Version : 4.8 + Associated KB : 5033914 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Full + Release : 528449 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Client + Release : 528449 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.39 : f8-ff-c2-37-57-48 +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +c731be8b40f05ea2f2d1880405e46173 + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + username : SYSTEM + os : Windows_NT + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ + tmp : %SystemRoot%\TEMP + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules + windir : %SystemRoot% + +Active User Environment Variables + - S-1-5-21-746496990-2641142201-3713043312-500 + temp : %USERPROFILE%\AppData\Local\Temp + path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; + tmp : %USERPROFILE%\AppData\Local\Temp + +b832544bd268ec74c9bd669b3f12564e +182392767cfa4df248be6d5d4e205bd9 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +5ebcb7b6a7ddac56f4261d500234847f + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect and report the PowerShell execution policy for the remote Windows host. +microsoft_windows_powershell_execution_policy.nasl +2020/06/12 +Microsoft Windows PowerShell Execution Policy +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report the PowerShell execution policy for the remote host. +HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned +HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.170,SOT-WIN2K22-02,<00>,UNIQUE,Registered,00:50:56:2E:96:56 +192.168.40.170,WORKGROUP,<00>,GROUP,Registered,00:50:56:2E:96:56 +192.168.40.170,SOT-WIN2K22-02,<20>,UNIQUE,Registered,00:50:56:2E:96:56 + + + +b28a54df444594e5fa59df1e8cc4dc3f + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\Windows\\System32\\mstsc.exe + Version : 10.0.20348.1850 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\e: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \??\volume{17c6c8ff-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\d: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{17c6c900-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\c: + Data : DMIO:ID:1wA*p + Raw data : 444d494f3a49443af4ec3102b5e877419fa219a9aa2ae270 + + Name : \dosdevices\a: + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5012170, Installed on: 2024/02/02 +KB5022507, Installed on: 2023/04/04 +KB5033914, Installed on: 2024/02/02 +KB5034439, Installed on: 2024/02/02 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Google Chrome + Best Confidence Version : 121.0.6167.140 + Version Confidence Level : 3 + All Possible Versions : 121.0.6167.140 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files\Google\Chrome\Application\chrome.exe + Parsed File Version : 121.0.6167.140 + [InstallLocation] : + Raw Value : C:\Program Files\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe" --uninstall --system-level + Parsed File Path : C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe + Parsed File Version : 121.0.6167.140 + [VersionMinor] : + Raw Value : 140 + [Version] : + Raw Value : 121.0.6167.140 + [VersionMajor] : + Raw Value : 6167 + [DisplayVersion] : + Raw Value : 121.0.6167.140 + [DisplayName] : + Raw Value : Google Chrome + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.0.22234872 + Version Confidence Level : 2 + All Possible Versions : 12.3.0.22234872 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523200 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{AF174E64-22CF-4386-A9EC-73F285739998} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 12.3.0.22234872 + [VersionMinor] : + Raw Value : 3 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.135.41 + Version Confidence Level : 2 + All Possible Versions : 1.3.135.41 + Other Version Data + [Version] : + Raw Value : 1.3.135.41 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.135.41 + + - Microsoft Edge + Best Confidence Version : 86.0.622.38 + Version Confidence Level : 3 + All Possible Versions : 86.0.622.38 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 86.0.622.38 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe" --uninstall --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe + Parsed File Version : 86.0.622.38 + [VersionMinor] : + Raw Value : 38 + [Version] : + Raw Value : 86.0.622.38 + [VersionMajor] : + Raw Value : 622 + [DisplayVersion] : + Raw Value : 86.0.622.38 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 121.0.6167.140] [installed on 2024/02/02] +Microsoft Edge [version 86.0.622.38] [installed on 2024/02/02] +Microsoft Edge Update [version 1.3.135.41] +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +VMware Tools [version 12.3.0.22234872] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.18.9.23 + + + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/2/2 9:34 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2024/01/31 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.47 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : S-1-5-21-746496990-2641142201-3713043312 + +The value of 'RestrictAnonymous' setting is : 0 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{1EE8143C-C1E7-11EE-9DF4-0050562E9656}#0000000000100000 + + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry +Logged on users : + - S-1-5-21-746496990-2641142201-3713043312-500 + Domain : SOT-WIN2K22-02 + Username : soteria + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\Windows\system32\MRT.exe + Version : 5.120.24010.1001 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +60 - 180 days +cpe:/a:vmware:tools +CVE-2023-34058 +7.5 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2023-34058 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C +The version of VMware Tools installed on the remote Windows host is 10.3.x, 11.x or 12.x prior to 12.3.5. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +vmware_tools_win_vmsa-2023-0024.nasl +2023-A-0590 +2023/10/26 +2023/11/02 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) +2023/11/01 +local +Medium +Medium +1.2 +https://www.vmware.com/security/advisories/VMSA-2023-0024.html +Upgrade to VMware Tools version 12.3.5 or later. +I +The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability. +Very Low +No recorded events +No recorded events +2023-0024 +7.4 +2023/10/26 +VMSA:2023-0024 +IAVA:2023-A-0590 + + Path : C:\Program Files\VMware\VMware Tools\ + Installed version : 12.3.0.44994 + Fixed version : 12.3.5 + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.0.44994 + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_SOT-WIN2K22-02.csv : lists the loaded modules for each process. + +d82dda63e4efa2bee6b9f74d2dc1b581 + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- smss.exe (300) + 0 : Registry (100) + 0 : MicrosoftEdgeUpdate.exe (3220) + 0 : csrss.exe (420) + 1 : explorer.exe (4420) + 1 : |- AzureArcSysTray.exe (1140) + 1 : |- vmtoolsd.exe (1860) + 0 : wininit.exe (536) + 0 : |- services.exe (676) + 0 : |- svchost.exe (1076) + 0 : |- svchost.exe (1176) + 0 : |- svchost.exe (1196) + 0 : |- svchost.exe (1216) + 0 : |- svchost.exe (1268) + 0 : |- svchost.exe (1340) + 1 : |- sihost.exe (4860) + 0 : |- svchost.exe (1352) + 1 : |- svchost.exe (1400) + 0 : |- svchost.exe (1424) + 0 : |- svchost.exe (1464) + 0 : |- svchost.exe (1484) + 0 : |- svchost.exe (1492) + 0 : |- svchost.exe (1508) + 0 : |- svchost.exe (1556) + 1 : |- taskhostw.exe (3400) + 1 : |- taskhostw.exe (4424) + 0 : |- GoogleUpdate.exe (4996) + 0 : |- svchost.exe (1644) + 0 : |- svchost.exe (1680) + 0 : |- svchost.exe (1708) + 0 : |- svchost.exe (1724) + 0 : |- TrustedInstaller.exe (1800) + 0 : |- svchost.exe (1808) + 0 : |- svchost.exe (1828) + 0 : |- svchost.exe (1896) + 0 : |- svchost.exe (1908) + 0 : |- svchost.exe (1964) + 0 : |- spoolsv.exe (2236) + 0 : |- svchost.exe (2284) + 0 : |- svchost.exe (2292) + 0 : |- AggregatorHost.exe (3176) + 0 : |- svchost.exe (2312) + 0 : |- svchost.exe (2412) + 0 : |- svchost.exe (2428) + 0 : |- svchost.exe (2436) + 0 : |- svchost.exe (2444) + 0 : |- svchost.exe (2456) + 0 : |- VGAuthService.exe (2484) + 0 : |- vm3dservice.exe (2524) + 1 : |- vm3dservice.exe (2824) + 0 : |- vmtoolsd.exe (2556) + 0 : |- svchost.exe (2572) + 0 : |- MsMpEng.exe (2596) + 0 : |- svchost.exe (2640) + 0 : |- svchost.exe (2660) + 0 : |- svchost.exe (2748) + 0 : |- dllhost.exe (3276) + 0 : |- svchost.exe (3344) + 0 : |- svchost.exe (3708) + 0 : |- msdtc.exe (3736) + 0 : |- svchost.exe (3972) + 1 : |- ctfmon.exe (4792) + 0 : |- NisSrv.exe (4080) + 1 : |- svchost.exe (4232) + 0 : |- svchost.exe (4288) + 1 : |- svchost.exe (4476) + 0 : |- svchost.exe (4480) + 0 : |- svchost.exe (4588) + 0 : |- svchost.exe (4724) + 0 : |- svchost.exe (4836) + 0 : |- svchost.exe (4864) + 0 : |- svchost.exe (4968) + 0 : |- svchost.exe (5012) + 0 : |- svchost.exe (528) + 0 : |- svchost.exe (576) + 0 : |- svchost.exe (704) + 0 : |- svchost.exe (748) + 0 : |- svchost.exe (796) + 1 : |- SearchApp.exe (1436) + 1 : |- RuntimeBroker.exe (1736) + 0 : |- WmiPrvSE.exe (2172) + 0 : |- WmiPrvSE.exe (2708) + 1 : |- TextInputHost.exe (2772) + 1 : |- StartMenuExperienceHost.exe (3404) + 0 : |- WmiPrvSE.exe (3536) + 1 : |- RuntimeBroker.exe (3636) + 1 : |- RuntimeBroker.exe (408) + 1 : |- dllhost.exe (4844) + 0 : |- TiWorker.exe (5060) + 0 : |- svchost.exe (832) + 0 : |- svchost.exe (904) + 0 : |- svchost.exe (968) + 0 : |- lsass.exe (688) + 0 : |- fontdrvhost.exe (816) + 1 : csrss.exe (548) + 1 : winlogon.exe (628) + 1 : |- dwm.exe (1016) + 1 : |- fontdrvhost.exe (824) + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : VMware, Inc. + Version : VMW201.00V.21805430.B64.2305221830 + Release date : 20230522000000.000000+000 + UUID : 240E4D56-3AF4-A03F-F53C-33F38988C97D + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +96d0e718bdcd94e2463db36083e61c77 + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +141e985f6f3e551bd1ca5d6e55f497ad + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\themeservice.dll,-8192 : Themes +@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker +@combase.dll,-5010 : Remote Procedure Call (RPC) +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness +@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@combase.dll,-5012 : DCOM Server Process Launcher +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%windir%\system32\lsm.dll,-1001 : Local Session Manager +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\spoolsv.exe,-1 : Print Spooler +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\umpo.dll,-100 : Power +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\usermgr.dll,-100 : User Manager +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@gpapi.dll,-112 : Group Policy Client +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\profsvc.dll,-300 : User Profile Service +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation +c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame +c:\windows\regedit.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation +c:\windows\explorer.exe.friendlyappname : Windows Explorer +c:\windows\explorer.exe.applicationcompany : Microsoft Corporation +langid : . +c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console +c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation +c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll +c:\windows\regedit.exe.friendlyappname : Registry Editor +c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\appresolver.dll.friendlyappname : App Resolver +@%systemroot%\system32\themeservice.dll,-8192 : Themes +@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker +@combase.dll,-5010 : Remote Procedure Call (RPC) +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness +@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@combase.dll,-5012 : DCOM Server Process Launcher +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%windir%\system32\lsm.dll,-1001 : Local Session Manager +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\spoolsv.exe,-1 : Print Spooler +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\umpo.dll,-100 : Power +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\usermgr.dll,-100 : User Manager +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@gpapi.dll,-112 : Group Policy Client +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\profsvc.dll,-300 : User Profile Service +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search + +MUICache report attached. + +f9a56c32c9f6adecf41915578cae91df + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below : + + - Administrative Tools + - AppData + - Cache + - CD Burning + - Cookies + - Desktop + - Favorites + - Fonts + - History + - Local AppData + - My Music + - My Pictures + - My Video + - NetHood + - Personal + - PrintHood + - Programs + - Recent + - SendTo + - Start Menu + - Startup + - Templates +microsoft_windows_shellfolder_settings.nasl +2018/05/16 +User Shell Folders Settings +2016/07/19 +local +None +1.5 +https://technet.microsoft.com/en-us/library/cc962613.aspx +n/a +Nessus was able to find the folder paths for user folders on the remote host. +soteria + - {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches + - {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries + - {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads + - recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent + - my video : C:\Users\Administrator\Videos + - my music : C:\Users\Administrator\Music + - {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts + - {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links + - {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow + - sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo + - start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu + - cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies + - personal : C:\Users\Administrator\Documents + - administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools + - startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup + - nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts + - history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History + - {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games + - {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles + - !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead + - local appdata : C:\Users\Administrator\AppData\Local + - my pictures : C:\Users\Administrator\Pictures + - templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates + - printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts + - cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache + - desktop : C:\Users\Administrator\Desktop + - programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs + - fonts : C:\Windows\Fonts + - cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn + - favorites : C:\Users\Administrator\Favorites + - appdata : C:\Users\Administrator\AppData\Roaming + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence of files opened by file type from the remote host. +microsoft_windows_recent_files.nasl +2018/11/15 +Recent File History +2016/07/19 +local +None +1.7 +https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html +n/a +Nessus was able to enumerate recently opened files on the remote host. +C:\\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Recent\System.lnk + +Recent files found in registry and appdata attached. + +4f8ad2ab88997272b32b3cb63def1f25 +0409b86ac9ed24d82d1cf4ecaa974d30 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Administrator\Downloads\desktop.ini +C:\\Users\degthat\Downloads\desktop.ini +C:\\Users\degthat.WIN-95GFQRRMAS4\Downloads\desktop.ini +C:\\Users\Public\Downloads\desktop.ini + +Download folder content report attached. + +5699da73297fce020d8b43680ac05977 + + +windows +cpe:/o:microsoft:windows +Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user. +microsoft_windows_regedit_lastkey.nasl +2018/11/15 +Registry Editor Last Accessed +2016/07/19 +local +None +1.6 +https://support.microsoft.com/en-us/help/244004 +n/a +Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host. +soteria + - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. +microsoft.windows.controlpanel +windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel +microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5} +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk +{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk +microsoft.windows.search_cw5n1h2txyewy!cortanaui +c:\users\administrator\desktop\chromestandalonesetup64.exe +microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy!app +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk +ueme_ctlcuacount:ctor +{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe +microsoft.windows.explorer +{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemtemp\gum47e0.tmp\googleupdate.exe +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe +ueme_ctlsession +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\registry editor.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe +chrome + +Extended userassist report attached. + +29f0328a8a5409cb513401f0375055c1 + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-544 +Members : + Name : soteria + Domain : SOT-WIN2K22-02 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Name : degthat + Domain : SOT-WIN2K22-02 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + +Group Name : Backup Operators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-551 +Members : + +Group Name : Certificate Service DCOM Access +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-574 +Members : + +Group Name : Cryptographic Operators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-569 +Members : + +Group Name : Device Owners +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-583 +Members : + +Group Name : Distributed COM Users +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-546 +Members : + Name : Guest + Domain : SOT-WIN2K22-02 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-501 + +Group Name : Hyper-V Administrators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-568 +Members : + Name : IUSR + Domain : SOT-WIN2K22-02 + Class : Win32_SystemAccount + SID : S-1-5-17 + +Group Name : Network Configuration Operators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-558 +Members : + +Group Name : Power Users +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-547 +Members : + +Group Name : Print Operators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-550 +Members : + +Group Name : RDS Endpoint Servers +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-576 +Members : + +Group Name : RDS Management Servers +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-577 +Members : + +Group Name : RDS Remote Access Servers +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-575 +Members : + +Group Name : Remote Desktop Users +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-552 +Members : + +Group Name : Storage Replica Administrators +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-582 +Members : + +Group Name : System Managed Accounts Group +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : SOT-WIN2K22-02 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + +Group Name : Users +Host Name : SOT-WIN2K22-02 +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : SOT-WIN2K22-02 + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : SOT-WIN2K22-02 + Class : Win32_SystemAccount + SID : S-1-5-11 + + + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware20,1 + Computer SerialNumber : VMware-56 4d 0e 24 f4 3a 3f a0-f5 3c 33 f3 89 88 c9 7d + Computer Type : Other + + Computer Physical CPU's : 2 + Computer Logical CPU's : 2 + CPU0 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + CPU1 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + + Computer Memory : 4095 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 4096 MB + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.3 + Driver Date : 04/28/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +windows +True +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI. +wmi_enum_qfes.nbin +2024/01/16 +WMI QuickFixEngineering (QFE) Enumeration +2011/02/16 +local +None +1.220 +http://www.nessus.org/u?0c4ec249 +n/a +The remote Windows host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + ++ KB5033914 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5012170 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034129 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034286 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5034439 + - Description : Security Update + - InstalledOn : 2/2/2024 + +Note that for detailed information on installed QFE's such as InstalledBy, Caption, +and so on, please run the scan with 'Report Verbosity' set to 'verbose'. + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d 0e 24 f4 3a 3f a0-f5 3c 33 f3 89 88 c9 7d + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware20,1 + - UUID : 240E4D56-3AF4-A03F-F53C-33F38988C97D + - Version : None + + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-VMK7H + +Note that all but the final portion of the key has been obfuscated. + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - .NET Framework 4.8 + - .NET Framework 4.8 Features + - Azure Arc Setup + - File and Storage Services + - Microsoft Defender Antivirus + - Storage Services + - System Data Archiver + - TCP Port Sharing + - WCF Services + - Windows PowerShell + - Windows PowerShell 5.1 + - WoW64 Support + - XPS Viewer + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.1.20348.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.20348 +Architecture = x64 +Build lab extended = 20348.1.amd64fre.fe_release.210507-1500 + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 536). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3708). + +This process 'svchost.exe' (pid 3708) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 676). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1708). + +This process 'svchost.exe' (pid 1708) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1556). + +This process 'svchost.exe' (pid 1556) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2236). + +This process 'spoolsv.exe' (pid 2236) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2640). + +This process 'svchost.exe' (pid 2640) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2572). + +This process 'svchost.exe' (pid 2572) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 904). + +This process 'svchost.exe' (pid 904) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1708). + +This process 'svchost.exe' (pid 1708) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 688). + +This process 'lsass.exe' (pid 688) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1196). + +This process 'svchost.exe' (pid 1196) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 576). + +This process 'svchost.exe' (pid 576) is hosting the following Windows services : +PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3708). + +This process 'svchost.exe' (pid 3708) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: DefaultAccount + SID: S-1-5-21-746496990-2641142201-3713043312-503 + DisableCMD: Unset + +Username: soteria + SID: S-1-5-21-746496990-2641142201-3713043312-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-746496990-2641142201-3713043312-504 + DisableCMD: Unset + +Username: Guest + SID: S-1-5-21-746496990-2641142201-3713043312-501 + DisableCMD: Unset + +Username: degthat + SID: S-1-5-21-746496990-2641142201-3713043312-1001 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : DefaultAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : degthat + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Guest + SID : S-1-5-21-746496990-2641142201-3713043312-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : soteria + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-746496990-2641142201-3713043312-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 5 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 20 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 62287/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 62286/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 47001/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5985/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:50:56:2E:96:56 + - IPAddress/IPSubnet = 192.168.40.170/255.255.255.0 + - IPAddress/IPSubnet = fe80::e5ae:ef42:549c:7ffb/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.170 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows Server 2022 Standard + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +Nessus was able to obtain the following information about the host, by +parsing the SMB2 Protocol's NTLM SSP message: + + Target Name: SOT-WIN2K22-02 + NetBIOS Domain Name: SOT-WIN2K22-02 + NetBIOS Computer Name: SOT-WIN2K22-02 + DNS Domain Name: SOT-WIN2K22-02 + DNS Computer Name: SOT-WIN2K22-02 + DNS Tree Name: unknown + Product Version: 10.0.20348 + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 3 NetBIOS names have been gathered : + + SOT-WIN2K22-02 = Computer name + WORKGROUP = Workgroup / Domain name + SOT-WIN2K22-02 = File Server Service + +The remote host has the following MAC address on its adapter : + + 00:50:56:2e:96:56 + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 62286 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Remote RPC service +TCP Port : 62286 +IP : 192.168.40.170 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.170 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.170 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.170 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.170 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.170 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.170 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.170 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-02 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-02 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a111f1c5-5923-47c0-9a68-d0bafb577901, version 1.0 +Description : Unknown RPC service +Annotation : NetSetup API +Type : Local RPC service +Named pipe : LRPC-a69f92f2d9314e38e6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-a24e2fea5ced3700d0 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB86E089A999B89348467D17FBA42 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-813a3d11b35c2d687d + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB86E089A999B89348467D17FBA42 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-813a3d11b35c2d687d + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB86E089A999B89348467D17FBA42 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-813a3d11b35c2d687d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d8140e00-5c46-4ae6-80ac-2f9a76df224c, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ea1659fdc779bbc8a2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d249bd56-4cc0-4fd3-8ce6-6fe050d590cb, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ea1659fdc779bbc8a2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 +Description : Unknown RPC service +Annotation : PcaSvc +Type : Local RPC service +Named pipe : LRPC-9867adf4206e9fba2a + +Object UUID : 8261d809-2d4b-4cb9-a475-bcd01ff9f65c +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-79c4a03f85d77f1a0d + +Object UUID : f28d3f08-153d-464a-8aad-971c0ecbfc52 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-79c4a03f85d77f1a0d + +Object UUID : 2fd5224e-df9c-4906-b6c7-5063d084b4f1 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-79c4a03f85d77f1a0d + +Object UUID : 92bb3217-7cec-440c-b9d4-7ec95c8dea47 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLE450214B5597311031C8BD0B97B67 + +Object UUID : 92bb3217-7cec-440c-b9d4-7ec95c8dea47 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-2a67c42939903dc494 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7df1ceae-de4e-4e6f-ab14-49636e7c2052, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-30a3a7ecda77be93bf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE021E2F50677A2EEE9040D3DB84BC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5fd39ed8de006a4ac9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-0cfea1ac9a6fc2b936 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-0cfea1ac9a6fc2b936 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-d9076b6800d9ac331a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-1d358c6f66d31021c8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-1d358c6f66d31021c8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-1d358c6f66d31021c8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-1d358c6f66d31021c8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLE8B0F32E8B5E9C6425B5DDA793AA5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-483a51aaf5997349de + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-483a51aaf5997349de + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-483a51aaf5997349de + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-483a51aaf5997349de + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-483a51aaf5997349de + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-1bbf82c962e28efdd8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-1bbf82c962e28efdd8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-820160523147a8d392 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-1bbf82c962e28efdd8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-820160523147a8d392 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-3ce06ccc6653a119c0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-1bbf82c962e28efdd8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-820160523147a8d392 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-3ce06ccc6653a119c0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-d6d05571d6fb939ecc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEDAF6B07926B6194DD6872FB865CC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-c89a8f4a44ecd4f9be + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEDAF6B07926B6194DD6872FB865CC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-c89a8f4a44ecd4f9be + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE022C43E59434279AAEA3FD36B444 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f5a4bb1b99cf098db2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE022C43E59434279AAEA3FD36B444 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f5a4bb1b99cf098db2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE022C43E59434279AAEA3FD36B444 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f5a4bb1b99cf098db2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE022C43E59434279AAEA3FD36B444 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f5a4bb1b99cf098db2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE022C43E59434279AAEA3FD36B444 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f5a4bb1b99cf098db2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-4df568d999d29e3ccc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-4df568d999d29e3ccc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-4df568d999d29e3ccc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : OLECDA3A0CB1FF73AEEE50A157A0872 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : LRPC-0a6c5b91b2daabbaa5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-98deb7497b4b2ab709 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : 12871795-1408-48c0-b702-2bfbf92b1ec0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-4256fa1d7914e93a3e + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-eaa7086979f50b4733 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-9784db31b9fc3dc3fb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-9784db31b9fc3dc3fb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-9784db31b9fc3dc3fb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9784db31b9fc3dc3fb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7f167ddf275a26482a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9784db31b9fc3dc3fb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7f167ddf275a26482a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-9784db31b9fc3dc3fb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7f167ddf275a26482a + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 6c637067-6569-746e-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-2d3dc3a8aff6f89dc2 + +Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 +UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 +Description : Unknown RPC service +Annotation : Group Policy RPC Interface +Type : Local RPC service +Named pipe : LRPC-d9de6ee15e0b919158 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-3c408150941e4b57a9 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE9C9F389B68C3E1580A7274174480 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e3a9a2ddfc46da3380 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1990a545e33154b974 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1990a545e33154b974 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7cf1cf5e71eda586c4 + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-17477248be67104b0e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2bf8c2001a645f3d84 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-17477248be67104b0e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLE36BD320416BC802EFC6422B0EDC3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-73b8e14f3191955810 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5c7433f00f4cd36d77 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A4881 + +Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 +UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 +Description : Unknown RPC service +Annotation : Secure Desktop LRPC interface +Type : Local RPC service +Named pipe : WMsgKRpc0A4881 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-0f9abf0fc43d6b8158 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-d0cbe8dcb2ac815494 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-d0cbe8dcb2ac815494 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45da2e338c7c07d638 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-d0cbe8dcb2ac815494 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45da2e338c7c07d638 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-d0cbe8dcb2ac815494 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45da2e338c7c07d638 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-0e1a61c880f71a6bdc + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-d0cbe8dcb2ac815494 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45da2e338c7c07d638 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-0e1a61c880f71a6bdc + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-812f40fc8917f31034 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE157EFDA37BECB4280C574B6CADFF + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-307a350f490bdca852 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-d0cbe8dcb2ac815494 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-45da2e338c7c07d638 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-0e1a61c880f71a6bdc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : dabrpc + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A16B0 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A16B0 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + +1706896087 +Fri Feb 2 09:48:07 2024 +983 +0 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024): Upgrade to VMware Tools version 12.3.5 or later. +CVE-2024-21388, CVE-2024-21337, CVE-2024-20721, CVE-2024-20709, CVE-2024-20675, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996, CVE-2023-5859, CVE-2023-5858, CVE-2023-5857, CVE-2023-5856, CVE-2023-5855, CVE-2023-5854, CVE-2023-5853, CVE-2023-5852, CVE-2023-5851, CVE-2023-5850, CVE-2023-5849, CVE-2023-5487, CVE-2023-5486, CVE-2023-5485, CVE-2023-5484, CVE-2023-5483, CVE-2023-5482, CVE-2023-5481, CVE-2023-5480, CVE-2023-5479, CVE-2023-5478, CVE-2023-5477, CVE-2023-5476, CVE-2023-5475, CVE-2023-5474, CVE-2023-5473, CVE-2023-5472, CVE-2023-5346, CVE-2023-5218, CVE-2023-5217, CVE-2023-5187, CVE-2023-5186, CVE-2023-4909, CVE-2023-4908, CVE-2023-4907, CVE-2023-4906, CVE-2023-4905, CVE-2023-4904, CVE-2023-4903, CVE-2023-4902, CVE-2023-4901, CVE-2023-4900, CVE-2023-4863, CVE-2023-4764, CVE-2023-4763, CVE-2023-4762, CVE-2023-4761, CVE-2023-4572, CVE-2023-44323, CVE-2023-4431, CVE-2023-4430, CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4368, CVE-2023-4367, CVE-2023-4366, CVE-2023-4365, CVE-2023-4364, CVE-2023-4363, CVE-2023-4362, CVE-2023-4361, CVE-2023-4360, CVE-2023-4359, CVE-2023-4358, CVE-2023-4357, CVE-2023-4356, CVE-2023-4355, CVE-2023-4354, CVE-2023-4353, CVE-2023-4352, CVE-2023-4351, CVE-2023-4350, CVE-2023-4349, CVE-2023-4078, CVE-2023-4077, CVE-2023-4076, CVE-2023-4075, CVE-2023-4074, CVE-2023-4073, CVE-2023-4072, CVE-2023-4071, CVE-2023-4070, CVE-2023-4069, CVE-2023-4068, CVE-2023-38187, CVE-2023-38174, CVE-2023-38173, CVE-2023-38158, CVE-2023-38157, CVE-2023-3740, CVE-2023-3738, CVE-2023-3737, CVE-2023-3736, CVE-2023-3735, CVE-2023-3734, CVE-2023-3733, CVE-2023-3732, CVE-2023-3730, CVE-2023-3728, CVE-2023-3727, CVE-2023-36888, CVE-2023-36887, CVE-2023-36883, CVE-2023-36880, CVE-2023-36878, CVE-2023-36787, CVE-2023-36741, CVE-2023-36735, CVE-2023-36727, CVE-2023-36562, CVE-2023-36559, CVE-2023-36409, CVE-2023-36034, CVE-2023-36029, CVE-2023-36026, CVE-2023-36024, CVE-2023-36022, CVE-2023-36014, CVE-2023-36008, CVE-2023-35618, CVE-2023-35392, CVE-2023-3422, CVE-2023-3421, CVE-2023-3420, CVE-2023-33145, CVE-2023-3217, CVE-2023-3216, CVE-2023-3215, CVE-2023-3214, CVE-2023-3079, CVE-2023-29354, CVE-2023-29350, CVE-2023-29334, CVE-2023-28301, CVE-2023-28286, CVE-2023-28284, CVE-2023-28261, CVE-2023-2726, CVE-2023-2725, CVE-2023-2724, CVE-2023-2723, CVE-2023-2722, CVE-2023-2721, CVE-2023-24935, CVE-2023-2468, CVE-2023-2467, CVE-2023-2466, CVE-2023-2465, CVE-2023-2464, CVE-2023-2463, CVE-2023-2462, CVE-2023-2460, CVE-2023-2459, CVE-2023-23374, CVE-2023-2312, CVE-2023-21795, CVE-2023-21794, CVE-2023-21720, CVE-2023-21719, CVE-2023-2137, CVE-2023-2135, CVE-2023-2134, CVE-2023-2133, CVE-2023-2033, CVE-2023-1999, CVE-2023-1534, CVE-2023-1533, CVE-2023-1532, CVE-2023-1531, CVE-2023-1530, CVE-2023-1529, CVE-2023-1528, CVE-2023-1236, CVE-2023-1235, CVE-2023-1234, CVE-2023-1233, CVE-2023-1232, CVE-2023-1231, CVE-2023-1230, CVE-2023-1229, CVE-2023-1228, CVE-2023-1224, CVE-2023-1223, CVE-2023-1222, CVE-2023-1221, CVE-2023-1220, CVE-2023-1219, CVE-2023-1218, CVE-2023-1217, CVE-2023-1216, CVE-2023-1215, CVE-2023-1214, CVE-2023-1213, CVE-2023-0941, CVE-2023-0933, CVE-2023-0932, CVE-2023-0931, CVE-2023-0930, CVE-2023-0929, CVE-2023-0928, CVE-2023-0927, CVE-2023-0705, CVE-2023-0704, CVE-2023-0703, CVE-2023-0702, CVE-2023-0701, CVE-2023-0700, CVE-2023-0699, CVE-2023-0698, CVE-2023-0697, CVE-2023-0696, CVE-2023-0474, CVE-2023-0473, CVE-2023-0472, CVE-2023-0471, CVE-2023-0141, CVE-2023-0140, CVE-2023-0139, CVE-2023-0138, CVE-2023-0136, CVE-2023-0135, CVE-2023-0134, CVE-2023-0133, CVE-2023-0132, CVE-2023-0131, CVE-2023-0130, CVE-2023-0129, CVE-2022-44708, CVE-2022-44688, CVE-2022-4440, CVE-2022-4439, CVE-2022-4438, CVE-2022-4437, CVE-2022-4436, CVE-2022-4262, CVE-2022-4195, CVE-2022-4194, CVE-2022-4193, CVE-2022-4192, CVE-2022-4191, CVE-2022-4190, CVE-2022-4189, CVE-2022-4188, CVE-2022-4187, CVE-2022-4186, CVE-2022-4185, CVE-2022-4184, CVE-2022-4183, CVE-2022-4182, CVE-2022-4181, CVE-2022-4180, CVE-2022-4179, CVE-2022-4178, CVE-2022-4177, CVE-2022-4175, CVE-2022-4174, CVE-2022-4135, CVE-2022-41115, CVE-2022-3890, CVE-2022-3889, CVE-2022-3888, CVE-2022-3887, CVE-2022-3886, CVE-2022-3885, CVE-2022-38012, CVE-2022-3723, CVE-2022-3661, CVE-2022-3660, CVE-2022-3657, CVE-2022-3656, CVE-2022-3655, CVE-2022-3654, CVE-2022-3653, CVE-2022-3652, CVE-2022-35796, CVE-2022-3450, CVE-2022-3449, CVE-2022-3447, CVE-2022-3446, CVE-2022-3445, CVE-2022-3373, CVE-2022-3370, CVE-2022-33680, CVE-2022-33649, CVE-2022-33639, CVE-2022-33636, CVE-2022-3200, CVE-2022-3199, CVE-2022-3198, CVE-2022-3197, CVE-2022-3196, CVE-2022-3195, CVE-2022-3075, CVE-2022-3058, CVE-2022-3057, CVE-2022-3056, CVE-2022-3055, CVE-2022-3054, CVE-2022-3053, CVE-2022-3047, CVE-2022-3046, CVE-2022-3045, CVE-2022-3044, CVE-2022-3041, CVE-2022-3040, CVE-2022-3039, CVE-2022-3038, CVE-2022-30128, CVE-2022-30127, CVE-2022-29147, CVE-2022-29146, CVE-2022-29144, CVE-2022-2861, CVE-2022-2860, CVE-2022-2858, CVE-2022-2857, CVE-2022-2856, CVE-2022-2855, CVE-2022-2854, CVE-2022-2853, CVE-2022-2852, CVE-2022-26912, CVE-2022-26909, CVE-2022-26908, CVE-2022-26905, CVE-2022-26900, CVE-2022-26899, CVE-2022-26895, CVE-2022-26894, CVE-2022-26891, CVE-2022-2624, CVE-2022-2623, CVE-2022-2622, CVE-2022-2621, CVE-2022-2619, CVE-2022-2618, CVE-2022-2617, CVE-2022-2616, CVE-2022-2615, CVE-2022-2614, CVE-2022-2612, CVE-2022-2611, CVE-2022-2610, CVE-2022-2606, CVE-2022-2605, CVE-2022-2604, CVE-2022-2603, CVE-2022-2481, CVE-2022-2480, CVE-2022-2479, CVE-2022-2478, CVE-2022-2477, CVE-2022-24523, CVE-2022-24475, CVE-2022-23264, CVE-2022-23263, CVE-2022-23262, CVE-2022-23261, CVE-2022-23258, CVE-2022-2294, CVE-2022-22021, CVE-2022-21970, CVE-2022-21954, CVE-2022-21931, CVE-2022-21930, CVE-2022-21929, CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, CVE-2022-2007, CVE-2022-1876, CVE-2022-1875, CVE-2022-1874, CVE-2022-1873, CVE-2022-1872, CVE-2022-1871, CVE-2022-1870, CVE-2022-1869, CVE-2022-1868, CVE-2022-1867, CVE-2022-1865, CVE-2022-1864, CVE-2022-1863, CVE-2022-1862, CVE-2022-1859, CVE-2022-1858, CVE-2022-1857, CVE-2022-1856, CVE-2022-1855, CVE-2022-1854, CVE-2022-1853, CVE-2022-1640, CVE-2022-1639, CVE-2022-1638, CVE-2022-1637, CVE-2022-1636, CVE-2022-1635, CVE-2022-1634, CVE-2022-1501, CVE-2022-1500, CVE-2022-1499, CVE-2022-1498, CVE-2022-1497, CVE-2022-1495, CVE-2022-1494, CVE-2022-1493, CVE-2022-1492, CVE-2022-1491, CVE-2022-1490, CVE-2022-1488, CVE-2022-1487, CVE-2022-1486, CVE-2022-1485, CVE-2022-1484, CVE-2022-1483, CVE-2022-1482, CVE-2022-1481, CVE-2022-1479, CVE-2022-1478, CVE-2022-1477, CVE-2022-1364, CVE-2022-1314, CVE-2022-1313, CVE-2022-1312, CVE-2022-1310, CVE-2022-1309, CVE-2022-1308, CVE-2022-1307, CVE-2022-1306, CVE-2022-1305, CVE-2022-1232, CVE-2022-1146, CVE-2022-1145, CVE-2022-1143, CVE-2022-1139, CVE-2022-1138, CVE-2022-1137, CVE-2022-1136, CVE-2022-1135, CVE-2022-1134, CVE-2022-1133, CVE-2022-1131, CVE-2022-1130, CVE-2022-1129, CVE-2022-1128, CVE-2022-1127, CVE-2022-1125, CVE-2022-1096, CVE-2022-0980, CVE-2022-0979, CVE-2022-0978, CVE-2022-0977, CVE-2022-0976, CVE-2022-0975, CVE-2022-0974, CVE-2022-0973, CVE-2022-0972, CVE-2022-0971, CVE-2022-0809, CVE-2022-0808, CVE-2022-0807, CVE-2022-0806, CVE-2022-0805, CVE-2022-0804, CVE-2022-0803, CVE-2022-0802, CVE-2022-0801, CVE-2022-0800, CVE-2022-0799, CVE-2022-0798, CVE-2022-0797, CVE-2022-0796, CVE-2022-0795, CVE-2022-0794, CVE-2022-0793, CVE-2022-0792, CVE-2022-0791, CVE-2022-0790, CVE-2022-0789, CVE-2022-0610, CVE-2022-0609, CVE-2022-0608, CVE-2022-0607, CVE-2022-0606, CVE-2022-0605, CVE-2022-0604, CVE-2022-0603, CVE-2022-0120, CVE-2022-0118, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0109, CVE-2022-0108, CVE-2022-0107, CVE-2022-0106, CVE-2022-0105, CVE-2022-0104, CVE-2022-0103, CVE-2022-0102, CVE-2022-0101, CVE-2022-0100, CVE-2022-0099, CVE-2022-0098, CVE-2022-0097, CVE-2022-0096, CVE-2021-43221, CVE-2021-42308, CVE-2021-42307, CVE-2021-4102, CVE-2021-4101, CVE-2021-4100, CVE-2021-4099, CVE-2021-4098, CVE-2021-4068, CVE-2021-4067, CVE-2021-4066, CVE-2021-4065, CVE-2021-4064, CVE-2021-4063, CVE-2021-4062, CVE-2021-4061, CVE-2021-4059, CVE-2021-4058, CVE-2021-4057, CVE-2021-4056, CVE-2021-4055, CVE-2021-4054, CVE-2021-4053, CVE-2021-4052, CVE-2021-38669, CVE-2021-38642, CVE-2021-38641, CVE-2021-38022, CVE-2021-38021, CVE-2021-38020, CVE-2021-38019, CVE-2021-38018, CVE-2021-38017, CVE-2021-38016, CVE-2021-38015, CVE-2021-38014, CVE-2021-38013, CVE-2021-38012, CVE-2021-38011, CVE-2021-38010, CVE-2021-38009, CVE-2021-38008, CVE-2021-38007, CVE-2021-38006, CVE-2021-38005, CVE-2021-38003, CVE-2021-38002, CVE-2021-38001, CVE-2021-38000, CVE-2021-37999, CVE-2021-37998, CVE-2021-37997, CVE-2021-37996, CVE-2021-37995, CVE-2021-37994, CVE-2021-37993, CVE-2021-37992, CVE-2021-37991, CVE-2021-37990, CVE-2021-37989, CVE-2021-37988, CVE-2021-37987, CVE-2021-37986, CVE-2021-37985, CVE-2021-37984, CVE-2021-37983, CVE-2021-37982, CVE-2021-37981, CVE-2021-37980, CVE-2021-37979, CVE-2021-37978, CVE-2021-37977, CVE-2021-37976, CVE-2021-37975, CVE-2021-37974, CVE-2021-37973, CVE-2021-37972, CVE-2021-37971, CVE-2021-37970, CVE-2021-37969, CVE-2021-37968, CVE-2021-37967, CVE-2021-37966, CVE-2021-37965, CVE-2021-37964, CVE-2021-37963, CVE-2021-37962, CVE-2021-37961, CVE-2021-37959, CVE-2021-37958, CVE-2021-37957, CVE-2021-37956, CVE-2021-36930, CVE-2021-34506, CVE-2021-34475, CVE-2021-33741, CVE-2021-30633, CVE-2021-30632, CVE-2021-30630, CVE-2021-30629, CVE-2021-30628, CVE-2021-30627, CVE-2021-30626, CVE-2021-30625, CVE-2021-30624, CVE-2021-30623, CVE-2021-30622, CVE-2021-30621, CVE-2021-30620, CVE-2021-30619, CVE-2021-30618, CVE-2021-30617, CVE-2021-30616, CVE-2021-30615, CVE-2021-30614, CVE-2021-30613, CVE-2021-30612, CVE-2021-30611, CVE-2021-30610, CVE-2021-30609, CVE-2021-30608, CVE-2021-30607, CVE-2021-30606, CVE-2021-30604, CVE-2021-30603, CVE-2021-30602, CVE-2021-30601, CVE-2021-30599, CVE-2021-30598, CVE-2021-30597, CVE-2021-30596, CVE-2021-30594, CVE-2021-30593, CVE-2021-30592, CVE-2021-30591, CVE-2021-30590, CVE-2021-30589, CVE-2021-30588, CVE-2021-30587, CVE-2021-30586, CVE-2021-30585, CVE-2021-30584, CVE-2021-30583, CVE-2021-30582, CVE-2021-30581, CVE-2021-30580, CVE-2021-30579, CVE-2021-30578, CVE-2021-30577, CVE-2021-30576, CVE-2021-30575, CVE-2021-30574, CVE-2021-30573, CVE-2021-30572, CVE-2021-30571, CVE-2021-30569, CVE-2021-30568, CVE-2021-30567, CVE-2021-30566, CVE-2021-30565, CVE-2021-30564, CVE-2021-30563, CVE-2021-30562, CVE-2021-30561, CVE-2021-30560, CVE-2021-30559, CVE-2021-30557, CVE-2021-30556, CVE-2021-30555, CVE-2021-30554, CVE-2021-30553, CVE-2021-30552, CVE-2021-30551, CVE-2021-30550, CVE-2021-30549, CVE-2021-30548, CVE-2021-30547, CVE-2021-30546, CVE-2021-30545, CVE-2021-30544, CVE-2021-30541, CVE-2021-30540, CVE-2021-30539, CVE-2021-30538, CVE-2021-30537, CVE-2021-30536, CVE-2021-30535, CVE-2021-30534, CVE-2021-30533, CVE-2021-30532, CVE-2021-30531, CVE-2021-30530, CVE-2021-30529, CVE-2021-30528, CVE-2021-30527, CVE-2021-30526, CVE-2021-30525, CVE-2021-30524, CVE-2021-30523, CVE-2021-30522, CVE-2021-30521, CVE-2021-30520, CVE-2021-30519, CVE-2021-30518, CVE-2021-30517, CVE-2021-30516, CVE-2021-30515, CVE-2021-30514, CVE-2021-30513, CVE-2021-30512, CVE-2021-30511, CVE-2021-30510, CVE-2021-30509, CVE-2021-30508, CVE-2021-30507, CVE-2021-30506, CVE-2021-26439, CVE-2021-26436, CVE-2021-24113, CVE-2021-21233, CVE-2021-21232, CVE-2021-21231, CVE-2021-21230, CVE-2021-21229, CVE-2021-21228, CVE-2021-21227, CVE-2021-21226, CVE-2021-21225, CVE-2021-21224, CVE-2021-21223, CVE-2021-21222, CVE-2021-21221, CVE-2021-21220, CVE-2021-21219, CVE-2021-21218, CVE-2021-21217, CVE-2021-21216, CVE-2021-21215, CVE-2021-21214, CVE-2021-21213, CVE-2021-21212, CVE-2021-21211, CVE-2021-21210, CVE-2021-21209, CVE-2021-21208, CVE-2021-21207, CVE-2021-21206, CVE-2021-21205, CVE-2021-21204, CVE-2021-21203, CVE-2021-21202, CVE-2021-21201, CVE-2021-21199, CVE-2021-21198, CVE-2021-21197, CVE-2021-21196, CVE-2021-21195, CVE-2021-21194, CVE-2021-21193, CVE-2021-21192, CVE-2021-21191, CVE-2021-21190, CVE-2021-21189, CVE-2021-21188, CVE-2021-21187, CVE-2021-21186, CVE-2021-21185, CVE-2021-21184, CVE-2021-21183, CVE-2021-21182, CVE-2021-21181, CVE-2021-21180, CVE-2021-21179, CVE-2021-21178, CVE-2021-21177, CVE-2021-21176, CVE-2021-21175, CVE-2021-21174, CVE-2021-21173, CVE-2021-21172, CVE-2021-21171, CVE-2021-21170, CVE-2021-21169, CVE-2021-21168, CVE-2021-21167, CVE-2021-21166, CVE-2021-21165, CVE-2021-21164, CVE-2021-21163, CVE-2021-21162, CVE-2021-21161, CVE-2021-21160, CVE-2021-21159, CVE-2021-21157, CVE-2021-21156, CVE-2021-21155, CVE-2021-21154, CVE-2021-21153, CVE-2021-21152, CVE-2021-21151, CVE-2021-21150, CVE-2021-21149, CVE-2021-21148, CVE-2021-21147, CVE-2021-21146, CVE-2021-21145, CVE-2021-21144, CVE-2021-21143, CVE-2021-21142, CVE-2021-21141, CVE-2021-21140, CVE-2021-21139, CVE-2021-21137, CVE-2021-21136, CVE-2021-21135, CVE-2021-21134, CVE-2021-21133, CVE-2021-21132, CVE-2021-21131, CVE-2021-21130, CVE-2021-21129, CVE-2021-21128, CVE-2021-21127, CVE-2021-21126, CVE-2021-21125, CVE-2021-21124, CVE-2021-21123, CVE-2021-21122, CVE-2021-21121, CVE-2021-21120, CVE-2021-21119, CVE-2021-21118, CVE-2021-21116, CVE-2021-21115, CVE-2021-21114, CVE-2021-21113, CVE-2021-21112, CVE-2021-21111, CVE-2021-21110, CVE-2021-21109, CVE-2021-21108, CVE-2021-21107, CVE-2021-21106, CVE-2020-27844, CVE-2020-16044, CVE-2020-16043, CVE-2020-16042, CVE-2020-16041, CVE-2020-16040, CVE-2020-16039, CVE-2020-16038, CVE-2020-16037, CVE-2020-16036, CVE-2020-16034, CVE-2020-16033, CVE-2020-16032, CVE-2020-16031, CVE-2020-16030, CVE-2020-16029, CVE-2020-16028, CVE-2020-16027, CVE-2020-16026, CVE-2020-16025, CVE-2020-16024, CVE-2020-16023, CVE-2020-16022, CVE-2020-16018, CVE-2020-16017, CVE-2020-16016, CVE-2020-16015, CVE-2020-16014, CVE-2020-16013, CVE-2020-16012, CVE-2020-16011, CVE-2020-16009, CVE-2020-16008, CVE-2020-16007, CVE-2020-16006, CVE-2020-16005, CVE-2020-16004, CVE-2020-16003, CVE-2020-16002, CVE-2020-16001, CVE-2020-16000, CVE-2020-15999, CVE-2020-15995, CVE-2019-8075 +933 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388): Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +1706896087 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"SOT-WIN2K22-01","sources":["get_host_fqdn()"]}] +00:50:56:2F:AE:28 +general-purpose +Microsoft Windows Server 2022 Standard Build 20348 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-02-02","Signature version":"1.403.3098.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +SOT-WIN2K22-01 +WORKGROUP +SOT-WIN2K22-01 +21394D56-792D-63B3-3974-36FDC1918C5F +[{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 7},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 29}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190704_7_p=49667 +SOT-WIN2K22-01 +true +192.168.40.169\degthat +smb +192.168.40.169 +1706895231 +Fri Feb 2 09:33:51 2024 + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 2 actions : + + +[ Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) (189605) ] + ++ Action to take : Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. + ++Impact : Taking this action will resolve 933 different vulnerabilities (CVEs). + + + +[ VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) (184130) ] + ++ Action to take : Upgrade to VMware Tools version 12.3.5 or later. + + + + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202402021215 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria all SVR scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.39 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 3.084 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.169\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/2/2 9:34 Pacific Standard Time +Scan duration : 845 sec +Scan for malware : no + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. +AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-746496990-2641142201-3713043312-500 + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\Windows\system32\mshtml.dll + Version : 11.0.20348.2227 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-02-02T11:30:59-05:00 (20240202113059.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv2 + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + C$ : + + - C:\Windows\System32\MSDRM\MsoIrmProtector.doc + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc + - C:\Windows\System32\MSDRM\MsoIrmProtector.ppt + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt + - C:\Windows\System32\MSDRM\MsoIrmProtector.xls + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Announcement.docx + + + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +ADFS +appcompat +apppatch +AppReadiness +assembly +AzureArcSetup +bcastdvr +bfsvc.exe +Boot +bootstat.dat +Branding +BrowserCore +CbsTemp +Containers +Cursors +debug +diagnostics +DiagTrack +DigitalLocker +Downloaded Program Files +drivers +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +IME +ImmersiveControlPanel +INF +InputMethod +Installer +L2Schemas +LiveKernelReports +Logs +lsasetup.log +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServerStandard.xml +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 +SystemApps +SystemResources +SystemTemp +SysWOW64 +TAPI +Tasks +Temp +tracing +twain_32 +twain_32.dll +Vss +WaaS +Web +win.ini +WindowsShell.Manifest + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +$WINRE_BACKUP_PARTITION.MARKER +Documents and Settings +DumpStack.log.tmp +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +System Volume Information +Users +Windows + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - IPC$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - SOT-WIN2K22-01\soteria (User) + - SOT-WIN2K22-01\degthat (User) + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.3098.0 + Antispyware signature version : 1.403.3098.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows Server 2022 21H2 + Vendor : Microsoft + Product : Windows Server + Release : 2022 21H2 + Edition : Standard + Version : 10.0.20348.2227 + Role : server + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_server_2022:10.0.20348.2227:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:-:any:*:standard:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Feb. 2, 2024 at 08:51:48 GMT + Malware Signature Version : 1.403.3098.0 + Signatures Last Updated : Feb. 2, 2024 at 15:11:46 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CDPUserSvc_1932f0 startup parameters : + Display name : Connected Devices Platform User Service_1932f0 + Service name : CDPUserSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k smbsvcs + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\Windows\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UALSVC startup parameters : + Display name : User Access Logging Service + Service name : UALSVC + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : WinMgmt/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WpnUserService_1932f0 startup parameters : + Display name : Windows Push Notifications User Service_1932f0 + Service name : WpnUserService_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + cbdhsvc_1932f0 startup parameters : + Display name : Clipboard User Service_1932f0 + Service name : cbdhsvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/nsi/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\sppsvc.exe + Dependencies : RpcSs/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\vm3dservice.exe + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CaptureService_1932f0 startup parameters : + Display name : CaptureService_1932f0 + Service name : CaptureService_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + ConsentUxUserSvc_1932f0 startup parameters : + Display name : ConsentUX User Service_1932f0 + Service name : ConsentUxUserSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + CredentialEnrollmentManagerUserSvc_1932f0 startup parameters : + Display name : CredentialEnrollmentManagerUserSvc_1932f0 + Service name : CredentialEnrollmentManagerUserSvc_1932f0 + Executable path : C:\Windows\system32\CredentialEnrollmentManager.exe + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceAssociationBrokerSvc_1932f0 startup parameters : + Display name : DeviceAssociationBroker_1932f0 + Service name : DeviceAssociationBrokerSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + DevicesFlowUserSvc_1932f0 startup parameters : + Display name : DevicesFlow_1932f0 + Service name : DevicesFlowUserSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\Windows\System32\lsass.exe + Dependencies : RPCSS/ + + EapHost startup parameters : + Display name : Extensible Authentication Protocol + Service name : EapHost + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + FrameServerMonitor startup parameters : + Display name : Windows Camera Frame Server Monitor + Service name : FrameServerMonitor + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k CameraMonitor + Dependencies : rpcss/ + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\elevation_service.exe" + Dependencies : RPCSS/ + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + KPSSVC startup parameters : + Display name : KDC Proxy Server service (KPS) + Service name : KPSSVC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup + Dependencies : rpcss/http/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\elevation_service.exe" + Dependencies : RPCSS/ + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PimIndexMaintenanceSvc_1932f0 startup parameters : + Display name : Contact Data_1932f0 + Service name : PimIndexMaintenanceSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PrintWorkflowUserSvc_1932f0 startup parameters : + Display name : PrintWorkflow_1932f0 + Service name : PrintWorkflowUserSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RSoPProv startup parameters : + Display name : Resultant Set of Policy Provider + Service name : RSoPProv + Log on as : LocalSystem + Executable path : C:\Windows\system32\RSoPProv.exe + Dependencies : RPCSS/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\snmptrap.exe + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\Windows\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + StiSvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : StiSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k termsvcs + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\Windows\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/BrokerInfrastructure/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\Windows\servicing\TrustedInstaller.exe + + UdkUserSvc_1932f0 startup parameters : + Display name : Udk User Service_1932f0 + Service name : UdkUserSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k UdkSvcGroup + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + UnistoreSvc_1932f0 startup parameters : + Display name : User Data Storage_1932f0 + Service name : UnistoreSvc_1932f0 + Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup + + UserDataSvc_1932f0 startup parameters : + Display name : User Data Access_1932f0 + Service name : UserDataSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\Windows\system32\vssvc.exe + Dependencies : RPCSS/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : rpcss/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WarpJITSvc startup parameters : + Display name : Warp JIT Service + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\Windows\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + sacsvr startup parameters : + Display name : Special Administration Console Helper + Service name : sacsvr + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + tapisrv startup parameters : + Display name : Telephony + Service name : tapisrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\Windows\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{A5870C72-0E69-4482-ABA6-6ED4CEC56E1D} + Dependencies : rpcss/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\Windows\system32\wbem\WmiApSrv.exe + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\Windows\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevicePickerUserSvc_1932f0 startup parameters : + Display name : DevicePicker_1932f0 + Service name : DevicePickerUserSvc_1932f0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\Windows\System32\SensorDataService.exe + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\Windows\system32\AgentService.exe + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k appmodel -p + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + ssh-agent startup parameters : + Display name : OpenSSH Authentication Agent + Service name : ssh-agent + Log on as : LocalSystem + Executable path : C:\Windows\System32\OpenSSH\ssh-agent.exe + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\soteria + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +Base Filtering Engine [ BFE ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Capability Access Manager Service [ camsvc ] +Connected Devices Platform Service [ CDPSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +DHCP Client [ Dhcp ] +Connected User Experiences and Telemetry [ DiagTrack ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Diagnostic Policy Service [ DPS ] +Device Setup Manager [ DsmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Windows Font Cache Service [ FontCache ] +Group Policy Client [ gpsvc ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +Network Connection Broker [ NcbService ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Program Compatibility Assistant Service [ PcaSvc ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +State Repository Service [ StateRepository ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Themes [ Themes ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Windows Modules Installer [ TrustedInstaller ] +User Access Logging Service [ UALSVC ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic System Host [ WdiSystemHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Push Notifications System Service [ WpnService ] +Clipboard User Service_1932f0 [ cbdhsvc_1932f0 ] +Connected Devices Platform User Service_1932f0 [ CDPUserSvc_1932f0 ] +Windows Push Notifications User Service_1932f0 [ WpnUserService_1932f0 ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Information [ Appinfo ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +Background Intelligent Transfer Service [ BITS ] +Bluetooth Support Service [ bthserv ] +Certificate Propagation [ CertPropSvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Association Service [ DeviceAssociationService ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Delivery Optimization [ DoSvc ] +Wired AutoConfig [ dot3svc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ EapHost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Camera Frame Server [ FrameServer ] +Windows Camera Frame Server Monitor [ FrameServerMonitor ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Microsoft Store Install Service [ InstallService ] +KDC Proxy Server service (KPS) [ KPSSVC ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Windows License Manager Service [ LicenseManager ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Performance Counter DLL Host [ PerfHost ] +Performance Logs & Alerts [ pla ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Remote Access Connection Manager [ RasMan ] +Routing and Remote Access [ RemoteAccess ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Resultant Set of Policy Provider [ RSoPProv ] +Special Administration Console Helper [ sacsvr ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +SNMP Trap [ SNMPTRAP ] +Software Protection [ sppsvc ] +SSDP Discovery [ SSDPSRV ] +OpenSSH Authentication Agent [ ssh-agent ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +Windows Image Acquisition (WIA) [ StiSvc ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Telephony [ tapisrv ] +Remote Desktop Services [ TermService ] +Storage Tiers Management [ TieringEngineService ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +UPnP Device Host [ upnphost ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +Windows Update Medic Service [ WaaSMedicSvc ] +WalletService [ WalletService ] +Warp JIT Service [ WarpJITSvc ] +Windows Biometric Service [ WbioSrvc ] +Diagnostic Service Host [ WdiServiceHost ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Insider Service [ wisvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Search [ WSearch ] +Windows Update [ wuauserv ] +CaptureService_1932f0 [ CaptureService_1932f0 ] +ConsentUX User Service_1932f0 [ ConsentUxUserSvc_1932f0 ] +CredentialEnrollmentManagerUserSvc_1932f0 [ CredentialEnrollmentManagerUserSvc_1932f0 ] +DeviceAssociationBroker_1932f0 [ DeviceAssociationBrokerSvc_1932f0 ] +DevicePicker_1932f0 [ DevicePickerUserSvc_1932f0 ] +DevicesFlow_1932f0 [ DevicesFlowUserSvc_1932f0 ] +Contact Data_1932f0 [ PimIndexMaintenanceSvc_1932f0 ] +PrintWorkflow_1932f0 [ PrintWorkflowUserSvc_1932f0 ] +Udk User Service_1932f0 [ UdkUserSvc_1932f0 ] +User Data Storage_1932f0 [ UnistoreSvc_1932f0 ] +User Data Access_1932f0 [ UserDataSvc_1932f0 ] + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 0 +Password history len: 0 +Maximum password age (d): No limit +Password must meet complexity requirements: Enabled +Minimum password age (d): 0 +Forced logoff time (s): Not set +Locked account time (s): 600 +Time between failed logon (s): 600 +Number of invalid logon before locked out (s): 10 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user accounts have been disabled : + + - DefaultAccount + - Guest + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never logged into their accounts. +smb_users_neverloggedon.nasl +2018/08/13 +Microsoft Windows - Users Information : User Has Never Logged In +2002/03/15 +local +None +1.20 +Delete accounts that are not needed. +At least one user has never logged into his or her account. + +The following users have never logged in : + + - DefaultAccount + - Guest + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never changed their passwords. +smb_users_lastpwchange.nasl +2018/08/13 +Microsoft Windows - Users Information : Never Changed Password +2002/03/15 +local +None +1.23 +Allow or require users to change their passwords regularly. +At least one user has never changed his or her password. + +The following users have never changed their passwords : + + - DefaultAccount + - Guest + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following users have passwords that never expire : + + - degthat + - soteria + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - DefaultAccount (id S-1-5-21-746496990-2641142201-503, A user account managed by the system.) + - degthat (id S-1-5-21-746496990-2641142201-1001, degthat) + - Guest (id S-1-5-21-746496990-2641142201-501, Built-in account for guest access to the computer/domain, Guest account) + - soteria (id S-1-5-21-746496990-2641142201-500, Built-in account for administering the computer/domain, Administrator account) + - WDAGUtilityAccount (id S-1-5-21-746496990-2641142201-504, A user account managed and used by the system for Windows Defender Application Guard scenarios.) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows x64 + + Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows NT x86 + +--- Microsoft Print To PDF --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + +--- Microsoft XPS Document Writer v4 --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 01_2024 [KB5034129] + Cumulative Rollup : 12_2023 + Cumulative Rollup : 11_2023 + Cumulative Rollup : 10_2023 + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + Cumulative Rollup : 10_2022 + Cumulative Rollup : 09_2022 + Cumulative Rollup : 08_2022 + Cumulative Rollup : 07_2022 + Cumulative Rollup : 06_2022 + Cumulative Rollup : 05_2022 + Cumulative Rollup : 04_2022 + Cumulative Rollup : 03_2022 + Cumulative Rollup : 02_2022 + Cumulative Rollup : 01_2022 + Cumulative Rollup : 12_2021 + Cumulative Rollup : 11_2021 + Cumulative Rollup : 10_2021 + + Latest effective update level : 01_2024 + File checked : C:\Windows\system32\ntoskrnl.exe + File version : 10.0.20348.2227 + Associated KB : 5034129 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Foundation +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.20348.380 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.1668 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1070 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Staged +Release Type : Language Pack +Install Time : + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~~10.0.20348.617 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerStandard-GVLK-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:44 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1668 +State : Superseded +Release Type : Language Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.2227 +State : Installed +Release Type : Language Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.20348.1194 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Superseded +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1787 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4614.6 +State : Superseded +Release Type : Update +Install Time : 4/5/2023 12:21 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4690.3 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:10 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~20348.880.1.1 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:08 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.1668.1.8 +State : Superseded +Release Type : Security Update +Install Time : 4/5/2023 12:33 AM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.2227.1.4 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:23 PM + +Package : Package_for_ServicingStack_2200~31bf3856ad364e35~amd64~~20348.2200.1.0 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:11 PM + +Package : Package_for_WinREServicing~31bf3856ad364e35~amd64~~20348.2201.1.18 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:26 PM + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files\Google\Chrome\Application + Version : 121.0.6167.140 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +365 - 730 days +2022/05/06 +cpe:/a:microsoft:edge +CVE-2022-1305 +CVE-2022-1306 +CVE-2022-1307 +CVE-2022-1308 +CVE-2022-1309 +CVE-2022-1310 +CVE-2022-1312 +CVE-2022-1313 +CVE-2022-1314 +CVE-2022-1364 +CVE-2022-29144 +9.6 +CVE-2022-1312 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1364 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.44. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2022 advisory. + + - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313) + + - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1305) + + - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306) + + - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307) + + - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1308) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_44.nasl +2022-A-0156-S +2022/04/15 +2023/11/01 +Microsoft Edge (Chromium) < 100.0.1185.44 Multiple Vulnerabilities +2022/04/18 +local +Low +Critical +1.7 +http://www.nessus.org/u?84a20f12 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144 +Upgrade to Microsoft Edge version 100.0.1185.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/04/11 +CISA-KNOWN-EXPLOITED:2022/05/06 +IAVA:2022-A-0156-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1232 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1232 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.36. It is, therefore, affected by a vulnerability as referenced in the April 7, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1232) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_36.nasl +2022-A-0133-S +2022/04/07 +2023/11/02 +Microsoft Edge (Chromium) < 100.0.1185.36 Vulnerability +2022/04/07 +local +Low +Critical +1.7 +http://www.nessus.org/u?cc9eba61 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1232 +Upgrade to Microsoft Edge version 100.0.1185.36 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.7 +2022/04/04 +IAVA:2022-A-0133-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.36 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33639 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33639 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected by multiple vulnerabilities as referenced in the June 23, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_37.nasl +2022/06/23 +2023/03/21 +Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities +2022/06/23 +local +Low +Medium +1.9 +http://www.nessus.org/u?2b2d4e0f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638 +Upgrade to Microsoft Edge version 103.0.1264.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/06/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.37 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2007 +CVE-2022-2008 +CVE-2022-2010 +CVE-2022-2011 +9.3 +CVE-2022-2010 +8.4 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H +5.8 +10.0 +CVE-2022-2011 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2022 advisory. + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011) + + - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007) + + - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008) + + - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2022-2010) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_102_0_1245_41.nasl +2022-A-0231-S +2022/06/13 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities +2022/06/13 +local +Low +Critical +1.9 +http://www.nessus.org/u?c00d2c8a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011 +Upgrade to Microsoft Edge version 102.0.1245.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.1 +2022/06/09 +IAVA:2022-A-0231-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-22021 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-22021 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.39. It is, therefore, affected by a vulnerability as referenced in the June 9, 2022 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_102_0_1245_39.nasl +2022/06/09 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.39 Vulnerability +2022/06/09 +local +Low +Medium +1.6 +http://www.nessus.org/u?c8dc918f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22021 +Upgrade to Microsoft Edge version 102.0.1245.39 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.39 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1125 +CVE-2022-1127 +CVE-2022-1128 +CVE-2022-1129 +CVE-2022-1130 +CVE-2022-1131 +CVE-2022-1133 +CVE-2022-1134 +CVE-2022-1135 +CVE-2022-1136 +CVE-2022-1137 +CVE-2022-1138 +CVE-2022-1139 +CVE-2022-1143 +CVE-2022-1145 +CVE-2022-1146 +CVE-2022-24475 +CVE-2022-24523 +CVE-2022-26891 +CVE-2022-26894 +CVE-2022-26895 +CVE-2022-26900 +CVE-2022-26908 +CVE-2022-26909 +CVE-2022-26912 +8.8 +CVE-2022-1143 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +5.1 +CVE-2022-26912 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.29. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-24475) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26891) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26894) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26895) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_100_0_1185_29.nasl +2021-A-0544-S +2022/04/01 +2023/11/03 +Microsoft Edge (Chromium) < 100.0.1185.29 Multiple Vulnerabilities +2022/04/01 +local +Low +Medium +1.8 +http://www.nessus.org/u?471a8cda +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1125 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1128 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1137 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26894 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26895 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26909 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26912 +Upgrade to Microsoft Edge version 100.0.1185.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/29 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.29 + + + +365 - 730 days +2022/09/15 +cpe:/a:microsoft:edge +CVE-2022-2294 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2294 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory. + + - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_103_0_1264_49.nasl +2022-A-0262-S +2022/07/06 +2023/10/19 +Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability +2022/07/07 +local +Very High +Critical +1.7 +http://www.nessus.org/u?c255ed38 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295 +Upgrade to Microsoft Edge version 103.0.1264.49 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/07/04 +IAVA:2022-A-0262-S +CISA-KNOWN-EXPLOITED:2022/09/15 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.49 + + + +365 - 730 days +2022/09/08 +cpe:/a:microsoft:edge +CVE-2022-2856 +6.5 +6.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +7.8 +CVE-2022-2856 +6.8 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.60. It is, therefore, affected by a vulnerability as referenced in the August 17, 2022 advisory. + + - Insufficient validation of untrusted input in Intents. (CVE-2022-2856) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_104_0_1293_60.nasl +2022/08/17 +2023/10/13 +Microsoft Edge (Chromium) < 104.0.1293.60 Vulnerability +2022/08/18 +local +Low +High +1.6 +http://www.nessus.org/u?b53011a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2856 +Upgrade to Microsoft Edge version 104.0.1293.60 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2022/08/16 +CISA-KNOWN-EXPLOITED:2022/09/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.60 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-1477 +CVE-2022-1478 +CVE-2022-1479 +CVE-2022-1481 +CVE-2022-1482 +CVE-2022-1483 +CVE-2022-1484 +CVE-2022-1485 +CVE-2022-1486 +CVE-2022-1487 +CVE-2022-1488 +CVE-2022-1490 +CVE-2022-1491 +CVE-2022-1492 +CVE-2022-1493 +CVE-2022-1494 +CVE-2022-1495 +CVE-2022-1497 +CVE-2022-1498 +CVE-2022-1499 +CVE-2022-1500 +CVE-2022-1501 +CVE-2022-29146 +CVE-2022-29147 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1493 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.32. It is, therefore, affected by multiple vulnerabilities as referenced in the April 28, 2022 advisory. + + - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493) + + - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1477) + + - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478) + + - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1479) + + - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_101_0_1210_32.nasl +2022-A-0183-S +2022/04/28 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.32 Multiple Vulnerabilities +2022/04/28 +local +Low +Critical +1.9 +http://www.nessus.org/u?436625dd +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1481 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1483 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1484 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1485 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1486 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1487 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1488 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1490 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1491 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1492 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1493 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1494 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1495 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1497 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1498 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1499 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1500 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1501 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29147 +Upgrade to Microsoft Edge version 101.0.1210.32 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/04/26 +IAVA:2022-A-0183-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.32 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33680 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33680 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.44. It is, therefore, affected by a vulnerability as referenced in the June 30, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639. (CVE-2022-33680) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_44.nasl +2022/06/30 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.44 Vulnerability +2022/06/30 +local +Low +Medium +1.5 +http://www.nessus.org/u?83620a15 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33680 +Upgrade to Microsoft Edge version 103.0.1264.44 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/30 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1634 +CVE-2022-1635 +CVE-2022-1636 +CVE-2022-1637 +CVE-2022-1638 +CVE-2022-1639 +CVE-2022-1640 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1640 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.47. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2022 advisory. + + - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1640) + + - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1634) + + - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1635) + + - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636) + + - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_101_0_1210_47.nasl +2022/05/13 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.47 Multiple Vulnerabilities +2022/05/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?3405acc7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1634 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1637 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1638 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1639 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1640 +Upgrade to Microsoft Edge version 101.0.1210.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2603 +CVE-2022-2604 +CVE-2022-2605 +CVE-2022-2606 +CVE-2022-2610 +CVE-2022-2611 +CVE-2022-2612 +CVE-2022-2614 +CVE-2022-2615 +CVE-2022-2616 +CVE-2022-2617 +CVE-2022-2618 +CVE-2022-2619 +CVE-2022-2621 +CVE-2022-2622 +CVE-2022-2623 +CVE-2022-2624 +CVE-2022-33636 +CVE-2022-33649 +CVE-2022-35796 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-33649 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.47. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2022 advisory. + + - Use after free in Omnibox. (CVE-2022-2603) + + - Use after free in Safe Browsing. (CVE-2022-2604) + + - Out of bounds read in Dawn. (CVE-2022-2605) + + - Use after free in Managed devices API. (CVE-2022-2606) + + - Insufficient policy enforcement in Background Fetch. (CVE-2022-2610) + + - Inappropriate implementation in Fullscreen API. (CVE-2022-2611) + + - Side-channel information leakage in Keyboard input. (CVE-2022-2612) + + - Use after free in Sign-In Flow. (CVE-2022-2614) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2615) + + - Inappropriate implementation in Extensions API. (CVE-2022-2616) + + - Use after free in Extensions API. (CVE-2022-2617) + + - Insufficient validation of untrusted input in Internals. (CVE-2022-2618) + + - Insufficient validation of untrusted input in Settings. (CVE-2022-2619) + + - Use after free in Extensions. (CVE-2022-2621) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-2622) + + - Use after free in Offline. (CVE-2022-2623) + + - Heap buffer overflow in PDF. (CVE-2022-2624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_104_0_1293_47.nasl +2022/08/05 +2023/10/25 +Microsoft Edge (Chromium) < 104.0.1293.47 Multiple Vulnerabilities +2022/08/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?d822b1dc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796 +Upgrade to Microsoft Edge version 104.0.1293.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3370 +CVE-2022-3373 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3373 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected by multiple vulnerabilities as referenced in the October 3, 2022 advisory. + + - Use after free in CSS. (CVE-2022-3304) + + - Use after free in Media. (CVE-2022-3307) + + - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308) + + - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310) + + - Use after free in Import. (CVE-2022-3311) + + - Incorrect security UI in Full Screen. (CVE-2022-3313) + + - Type confusion in Blink. (CVE-2022-3315) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316) + + - Insufficient validation of untrusted input in Intents. (CVE-2022-3317) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_34.nasl +2022-A-0396-S +2022/10/03 +2023/10/25 +Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities +2022/10/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?2c48e7f3 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3311 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3316 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3317 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035 +Upgrade to Microsoft Edge version 106.0.1370.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/27 +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.34 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3195 +CVE-2022-3196 +CVE-2022-3197 +CVE-2022-3198 +CVE-2022-3199 +CVE-2022-3200 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3200 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2022 advisory. + + - Out of bounds write in Storage. (CVE-2022-3195) + + - Use after free in PDF. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198) + + - Use after free in Frames. (CVE-2022-3199) + + - Heap buffer overflow in Internals. (CVE-2022-3200) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_42.nasl +2022-A-0379-S +2022-A-0396-S +2022/09/15 +2023/10/25 +Microsoft Edge (Chromium) < 105.0.1343.42 Multiple Vulnerabilities +2022/09/16 +local +Low +Critical +1.9 +http://www.nessus.org/u?e8ee04b1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3199 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3200 +Upgrade to Microsoft Edge version 105.0.1343.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/14 +IAVA:2022-A-0379-S +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.42 + + + +365 - 730 days +2022/09/29 +cpe:/a:microsoft:edge +CVE-2022-3075 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3075 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.27. It is, therefore, affected by a vulnerability as referenced in the September 2, 2022 advisory. + + - Insufficient data validation in Mojo. (CVE-2022-3075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_105_0_1343_27.nasl +2022-A-0351-S +2022-A-0361-S +2022/09/02 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.27 Vulnerability +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?7aa022b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075 +Upgrade to Microsoft Edge version 105.0.1343.27 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/09/02 +CISA-KNOWN-EXPLOITED:2022/09/29 +IAVA:2022-A-0351-S +IAVA:2022-A-0361-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.27 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3652 +CVE-2022-3653 +CVE-2022-3654 +CVE-2022-3655 +CVE-2022-3656 +CVE-2022-3657 +CVE-2022-3660 +CVE-2022-3661 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3657 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3652) + + - Heap buffer overflow in Vulkan. (CVE-2022-3653) + + - Use after free in Layout. (CVE-2022-3654) + + - Heap buffer overflow in Media Galleries. (CVE-2022-3655) + + - Insufficient data validation in File System. (CVE-2022-3656) + + - Use after free in Extensions. (CVE-2022-3657) + + - Inappropriate implementation in Full screen mode. (CVE-2022-3660) + + - Insufficient data validation in Extensions. (CVE-2022-3661) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_107_0_1418_24.nasl +2022-A-0446-S +2022-A-0454-S +2022/10/27 +2022/11/28 +Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities +2022/10/27 +local +Low +Critical +1.8 +http://www.nessus.org/u?57027261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3652 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3653 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3654 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3655 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3656 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3657 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3660 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3661 +Upgrade to Microsoft Edge version 107.0.1418.24 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/25 +IAVA:2022-A-0446-S +IAVA:2022-A-0454-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.24 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3885 +CVE-2022-3886 +CVE-2022-3887 +CVE-2022-3888 +CVE-2022-3889 +CVE-2022-3890 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3890 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.42. It is, therefore, affected by multiple vulnerabilities as referenced in the November 10, 2022 advisory. + + - Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3885) + + - Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3886) + + - Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3887) + + - Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3888) + + - Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3889) + + - Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3890) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_107_0_1418_42.nasl +2022-A-0493-S +2022/11/10 +2023/10/25 +Microsoft Edge (Chromium) < 107.0.1418.42 Multiple Vulnerabilities +2022/11/10 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3885 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3886 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3888 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3889 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3890 +Upgrade to Microsoft Edge version 107.0.1418.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/11/08 +IAVA:2022-A-0493-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.42 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2477 +CVE-2022-2478 +CVE-2022-2479 +CVE-2022-2480 +CVE-2022-2481 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2481 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2022 advisory. + + - : Use after free in Guest View. (CVE-2022-2477) + + - : Use after free in PDF. (CVE-2022-2478) + + - : Insufficient validation of untrusted input in File. (CVE-2022-2479) + + - : Use after free in Service Worker API. (CVE-2022-2480) + + - Use after free in Views. (CVE-2022-2481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_103_0_1264_71.nasl +2022/07/22 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.71 Multiple Vulnerabilities +2022/07/23 +local +Low +Critical +1.5 +http://www.nessus.org/u?4d376e5a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2481 +Upgrade to Microsoft Edge version 103.0.1264.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/07/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.71 + + + +365 - 730 days +2022/12/19 +cpe:/a:microsoft:edge +CVE-2022-4135 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4135 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.62. It is, therefore, affected by a vulnerability as referenced in the November 28, 2022 advisory. + + - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (Chromium security severity: High) (CVE-2022-4135) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_62.nasl +2022-A-0501-S +2022-A-0502-S +2022/11/28 +2023/09/20 +Microsoft Edge (Chromium) < 107.0.1418.62 Vulnerability +2022/11/29 +local +Medium +Critical +1.8 +http://www.nessus.org/u?2fa4911e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4135 +Upgrade to Microsoft Edge version 107.0.1418.62 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/11/24 +CISA-KNOWN-EXPLOITED:2022/12/19 +IAVA:2022-A-0501-S +IAVA:2022-A-0502-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.62 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1853 +CVE-2022-1854 +CVE-2022-1855 +CVE-2022-1856 +CVE-2022-1857 +CVE-2022-1858 +CVE-2022-1859 +CVE-2022-1862 +CVE-2022-1863 +CVE-2022-1864 +CVE-2022-1865 +CVE-2022-1867 +CVE-2022-1868 +CVE-2022-1869 +CVE-2022-1870 +CVE-2022-1871 +CVE-2022-1872 +CVE-2022-1873 +CVE-2022-1874 +CVE-2022-1875 +CVE-2022-1876 +CVE-2022-26905 +CVE-2022-30127 +CVE-2022-30128 +9.6 +CVE-2022-1853 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-30128 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.30. It is, therefore, affected by multiple vulnerabilities as referenced in the May 31, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. (CVE-2022-30128) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. (CVE-2022-30127) + + - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853) + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1854) + + - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_102_0_1245_30.nasl +2022/05/31 +2023/10/26 +Microsoft Edge (Chromium) < 102.0.1245.30 Multiple Vulnerabilities +2022/05/31 +local +Low +Medium +1.8 +http://www.nessus.org/u?ae294315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1859 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1862 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1864 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1865 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1867 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1868 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1869 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1870 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1871 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1873 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1874 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1875 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1876 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30128 +Upgrade to Microsoft Edge version 102.0.1245.30 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/05/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.30 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-41115 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.41. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_41.nasl +current +2022-A-0507-S +2022-A-0510-S +2022/12/05 +2023/09/20 +Microsoft Edge (Chromium) < 108.0.1462.41 Multiple Vulnerabilities +2022/12/05 +local +Low +Critical +1.8 +http://www.nessus.org/u?26b297b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 +IAVA:2022-A-0507-S +IAVA:2022-A-0510-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.41 + + + +365 - 730 days +2023/04/20 +cpe:/a:microsoft:edge +CVE-2022-3038 +CVE-2022-3039 +CVE-2022-3040 +CVE-2022-3041 +CVE-2022-3044 +CVE-2022-3045 +CVE-2022-3046 +CVE-2022-3047 +CVE-2022-3053 +CVE-2022-3054 +CVE-2022-3055 +CVE-2022-3056 +CVE-2022-3057 +CVE-2022-3058 +CVE-2022-38012 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3058 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory. + + - Use after free in Network Service. (CVE-2022-3038) + + - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041) + + - Use after free in Layout. (CVE-2022-3040) + + - Inappropriate implementation in Site Isolation. (CVE-2022-3044) + + - Insufficient validation of untrusted input in V8. (CVE-2022-3045) + + - Use after free in Browser Tag. (CVE-2022-3046) + + - Insufficient policy enforcement in Extensions API. (CVE-2022-3047) + + - Inappropriate implementation in Pointer Lock. (CVE-2022-3053) + + - Insufficient policy enforcement in DevTools. (CVE-2022-3054) + + - Use after free in Passwords. (CVE-2022-3055) + + - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056) + + - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057) + + - Use after free in Sign-In Flow. (CVE-2022-3058) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_25.nasl +2022-A-0361-S +2022/09/01 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?31d28038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3039 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3040 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3041 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3044 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3045 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3046 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3047 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012 +Upgrade to Microsoft Edge version 105.0.1343.25 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/30 +IAVA:2022-A-0361-S +CISA-KNOWN-EXPLOITED:2023/04/20 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.25 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3445 +CVE-2022-3446 +CVE-2022-3447 +CVE-2022-3449 +CVE-2022-3450 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3450 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 14, 2022 advisory. + + - Use after free in Skia. (CVE-2022-3445) + + - Heap buffer overflow in WebSQL. (CVE-2022-3446) + + - Inappropriate implementation in Custom Tabs. (CVE-2022-3447) + + - Use after free in Safe Browsing. (CVE-2022-3449) + + - Use after free in Peer Connection. (CVE-2022-3450) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_47.nasl +2022-A-0437-S +2022/10/14 +2022/11/11 +Microsoft Edge (Chromium) < 106.0.1370.47 Multiple Vulnerabilities +2022/10/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?e2630fd9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3445 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3446 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3447 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3449 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3450 +Upgrade to Microsoft Edge version 106.0.1370.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/11 +IAVA:2022-A-0437-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-4436 +CVE-2022-4437 +CVE-2022-4438 +CVE-2022-4439 +CVE-2022-4440 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-4440 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.54. It is, therefore, affected by multiple vulnerabilities as referenced in the December 16, 2022 advisory. + + - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4436) + + - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4437) + + - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4438) + + - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) (CVE-2022-4439) + + - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4440) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_108_0_1462_54.nasl +2023-A-0003-S +2022/12/16 +2023/02/10 +Microsoft Edge (Chromium) < 108.0.1462.54 Multiple Vulnerabilities +2022/12/16 +local +Low +Critical +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4437 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4438 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4440 +Upgrade to Microsoft Edge version 108.0.1462.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/12/13 +IAVA:2023-A-0003-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-21720 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H +3.6 +5.4 +CVE-2023-21720 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.78. It is, therefore, affected by a vulnerability as referenced in the February 2, 2023 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-21720) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_78.nasl +2023-A-0071-S +2023/02/03 +2023/02/16 +Microsoft Edge (Chromium) < 109.0.1518.78 Tampering (CVE-2023-21720) +2023/02/10 +local +Low +Medium +1.1 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720 +Upgrade to Microsoft Edge version 109.0.1518.78 or later. +I +The remote host has an web browser installed that is affected by tampering. +Very Low +No recorded events +No recorded events +4.4 +2023/02/02 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.78 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0927 +CVE-2023-0928 +CVE-2023-0929 +CVE-2023-0930 +CVE-2023-0931 +CVE-2023-0932 +CVE-2023-0933 +CVE-2023-0941 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0941 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.56. It is, therefore, affected by multiple vulnerabilities as referenced in the February 25, 2023 advisory. + + - Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0927) + + - Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0928) + + - Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0929) + + - Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0930) + + - Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0931) + + - Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0932) + + - Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-0933) + + - Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-0941) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_56.nasl +2023-A-0119-S +2023/02/25 +2023/05/23 +Microsoft Edge (Chromium) < 110.0.1587.56 Multiple Vulnerabilities +2023/02/27 +local +Low +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0927 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0932 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0933 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0941 +Upgrade to Microsoft Edge version 110.0.1587.56 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/22 +IAVA:2023-A-0119-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.56 + + + +365 - 730 days +2022/11/18 +cpe:/a:microsoft:edge +CVE-2022-3723 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3723 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.26. It is, therefore, affected by a vulnerability as referenced in the October 31, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3723) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_26.nasl +2022-A-0453-S +2022/10/31 +2023/10/06 +Microsoft Edge (Chromium) < 107.0.1418.26 Vulnerability +2022/11/01 +local +Low +Critical +1.6 +http://www.nessus.org/u?ff54e40b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3723 +Upgrade to Microsoft Edge version 107.0.1418.26 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/10/27 +CISA-KNOWN-EXPLOITED:2022/11/18 +IAVA:2022-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.61 (Extended Stable Channel) / 107.0.1418.26 (Stable Channel) + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21719 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N +3.6 +7.8 +CVE-2023-21719 +5.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.61. It is, therefore, affected by a vulnerability as referenced in the January 19, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2023-21719) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_61.nasl +2023-A-0051-S +2023/01/19 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.61 Security Feature Bypass (CVE-2023-21719) +2023/01/27 +local +Low +High +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21719 +Upgrade to Microsoft Edge version 109.0.1518.61 or later. +I +The remote host has an web browser installed that is affected by security feature bypass. +Very Low +No recorded events +No recorded events +3.6 +2023/01/19 +IAVA:2023-A-0051-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.61 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0696 +CVE-2023-0697 +CVE-2023-0698 +CVE-2023-0699 +CVE-2023-0700 +CVE-2023-0701 +CVE-2023-0702 +CVE-2023-0703 +CVE-2023-0704 +CVE-2023-0705 +CVE-2023-21794 +CVE-2023-23374 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-0703 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.41. It is, therefore, affected by multiple vulnerabilities as referenced in the February 9, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0696) + + - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0697) + + - Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0698) + + - Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) (CVE-2023-0699) + + - Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0700) + + - Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) (CVE-2023-0701) + + - Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0702) + + - Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. + (Chromium security severity: Medium) (CVE-2023-0703) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0704) + + - Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_41.nasl +current +2023-A-0074-S +2023-A-0075-S +2023/02/09 +2023/09/05 +Microsoft Edge (Chromium) < 110.0.1587.41 Multiple Vulnerabilities +2023/02/09 +local +Low +Critical +1.9 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0696 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0697 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0698 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0699 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0700 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0701 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21794 +Upgrade to Microsoft Edge version 110.0.1587.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2023/02/07 +IAVA:2023-A-0074-S +IAVA:2023-A-0075-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21795 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +7.6 +CVE-2023-21795 +5.6 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.52. It is, therefore, affected by a vulnerability as referenced in the January 13, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. (CVE-2023-21795) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_52.nasl +2023-A-0034-S +2023/01/17 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.52 Elevation of Privilege (CVE-2023-21795) +2023/01/30 +local +Low +High +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21795 +Upgrade to Microsoft Edge version 109.0.1518.52 or later. +I +The remote host has an web browser installed that is affected by elevation of privilege. +Very Low +No recorded events +No recorded events +8.1 +2023/01/13 +IAVA:2023-A-0034-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.52 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.70 / 108.0.1462.95. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0471) + + - Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0472) + + - Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0473) + + - Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. + (Chromium security severity: Medium) (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_70.nasl +2023/01/26 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.70 / 108.0.1462.95 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.0 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1518.70 / 108.0.1462.95 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.70 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1343.27. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport. (CVE-2023-0471) + + - Use after free in WebRTC. (CVE-2023-0472) + + - Type Confusion in ServiceWorker API. (CVE-2023-0473) + + - Use after free in GuestView. (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1343_27.nasl +current +2023/01/26 +2023/02/07 +Microsoft Edge (Chromium) < 109.0.1343.27 Multiple Vulnerabilities +2023/01/27 +local +Low +Critical +1.1 +http://www.nessus.org/u?a883970b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1343.27 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1343.27 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.42. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-44688) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-44708) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_42.nasl +2022/12/05 +2023/09/04 +Microsoft Edge (Chromium) < 108.0.1462.42 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.42 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.42 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0129 +CVE-2023-0130 +CVE-2023-0131 +CVE-2023-0132 +CVE-2023-0133 +CVE-2023-0134 +CVE-2023-0135 +CVE-2023-0136 +CVE-2023-0138 +CVE-2023-0139 +CVE-2023-0140 +CVE-2023-0141 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0138 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.49 / 108.0.1462.83. It is, therefore, affected by multiple vulnerabilities as referenced in the January 12, 2023 advisory. + + - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-0130) + + - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-0131) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133) + + - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136) + + - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138) + + - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139) + + - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2023-21775) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. (CVE-2023-21796) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_49.nasl +2023-A-0034-S +2023-A-0029-S +2023/01/12 +2023/10/24 +Microsoft Edge (Chromium) < 109.0.1518.49 / 108.0.1462.83 Multiple Vulnerabilities +2023/01/13 +local +Low +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0132 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0140 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0141 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21775 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21796 +Upgrade to Microsoft Edge version 109.0.1518.49 / 108.0.1462.83 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/10 +IAVA:2023-A-0034-S +IAVA:2023-A-0029-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.49 + + + +180 - 365 days +2023/05/08 +cpe:/a:microsoft:edge +CVE-2023-2033 +CVE-2023-29334 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2033 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.48. It is, therefore, affected by a vulnerability as referenced in the April 15, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033) + + - A spoofing vulnerability could allow an attacker to bypass the Edge security warning message feature. + (CVE-2023-29334) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_112_0_1722_48.nasl +2023-A-0204-S +2023-A-0203-S +2023-A-0232-S +2023/04/15 +2023/07/20 +Microsoft Edge (Chromium) < 112.0.1722.48 +2023/04/20 +local +Medium +Critical +1.13 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033 +Upgrade to Microsoft Edge version 112.0.1722.48 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.0 +2023/04/14 +IAVA:2023-A-0204-S +IAVA:2023-A-0203-S +IAVA:2023-A-0232-S +CISA-KNOWN-EXPLOITED:2023/05/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.100 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1213 +CVE-2023-1214 +CVE-2023-1215 +CVE-2023-1216 +CVE-2023-1217 +CVE-2023-1218 +CVE-2023-1219 +CVE-2023-1220 +CVE-2023-1221 +CVE-2023-1222 +CVE-2023-1223 +CVE-2023-1224 +CVE-2023-1228 +CVE-2023-1229 +CVE-2023-1230 +CVE-2023-1231 +CVE-2023-1232 +CVE-2023-1233 +CVE-2023-1234 +CVE-2023-1235 +CVE-2023-1236 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1222 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.41 / 110.0.1587.69. It is, therefore, affected by multiple vulnerabilities as referenced in the March 13, 2023 advisory. + + - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1213) + + - Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1214) + + - Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1215) + + - Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1216) + + - Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1217) + + - Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1218) + + - Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1219) + + - Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1220) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-1221) + + - Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1222) + + - Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1223) + + - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1224) + + - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1228) + + - Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1229) + + - Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1230) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1231) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1232) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2023-1233) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1234) + + - Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. + (Chromium security severity: Low) (CVE-2023-1235) + + - Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1236) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_41.nasl +2023-A-0131-S +2023/03/13 +2023/10/24 +Microsoft Edge (Chromium) < 111.0.1661.41 / 110.0.1587.69 Multiple Vulnerabilities +2023/03/15 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1220 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1221 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1233 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1234 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1235 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1236 +Upgrade to Microsoft Edge version 111.0.1661.41 / 110.0.1587.69 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/07 +IAVA:2023-A-0131-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1528 +CVE-2023-1529 +CVE-2023-1530 +CVE-2023-1531 +CVE-2023-1532 +CVE-2023-1533 +CVE-2023-1534 +CVE-2023-28261 +CVE-2023-28286 +9.8 +CVE-2023-1529 +8.8 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1534 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.54 / 110.0.1587.78. It is, therefore, affected by multiple vulnerabilities as referenced in the March 24, 2023 advisory. + + - Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1528) + + - Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) (CVE-2023-1529) + + - Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530) + + - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531) + + - Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1532) + + - Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1533) + + - Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1534) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_54.nasl +2023-A-0161-S +2023/03/24 +2023/05/23 +Microsoft Edge (Chromium) < 111.0.1661.54 / 110.0.1587.78 Multiple Vulnerabilities +2023/03/30 +local +Low +Critical +1.11 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28286 +Upgrade to Microsoft Edge version 111.0.1661.54 / 110.0.1587.78 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/21 +IAVA:2023-A-0161-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2459 +CVE-2023-2460 +CVE-2023-2462 +CVE-2023-2463 +CVE-2023-2464 +CVE-2023-2465 +CVE-2023-2466 +CVE-2023-2467 +CVE-2023-2468 +CVE-2023-29350 +CVE-2023-29354 +7.5 +CVE-2023-29350 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.5 +CVE-2023-2460 +6.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.35. It is, therefore, affected by multiple vulnerabilities as referenced in the May 5, 2023 advisory. + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2459) + + - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2460) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2462) + + - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2463) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2464) + + - Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2465) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-2466) + + - Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: + Low) (CVE-2023-2467) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-2468) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-29350) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-29354) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_113_0_1774_35.nasl +2023-A-0240-S +2023/05/05 +2023/07/20 +Microsoft Edge (Chromium) < 113.0.1774.35 Multiple Vulnerabilities +2023/05/11 +local +Low +High +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2459 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2460 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2462 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2464 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2465 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2468 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29354 +Upgrade to Microsoft Edge version 113.0.1774.35 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/02 +IAVA:2023-A-0240-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.35 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2133 +CVE-2023-2134 +CVE-2023-2135 +CVE-2023-2137 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2137 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.58. It is, therefore, affected by multiple vulnerabilities as referenced in the April 21, 2023 advisory. + + - Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2133, CVE-2023-2134) + + - Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2135) + + - Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2137) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_58.nasl +2023-A-0223-S +2023/04/20 +2023/10/23 +Microsoft Edge (Chromium) < 112.0.1722.58 Multiple Vulnerabilities +2023/04/27 +local +Medium +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2137 +Upgrade to Microsoft Edge version 112.0.1722.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/04/18 +IAVA:2023-A-0223-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.58 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3214 +CVE-2023-3215 +CVE-2023-3216 +CVE-2023-3217 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3217 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.51. It is, therefore, affected by multiple vulnerabilities as referenced in the June 15, 2023 advisory. + + - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-3214) + + - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215) + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216) + + - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_114_0_1823_51.nasl +current +2023/06/15 +2023/07/18 +Microsoft Edge (Chromium) < 114.0.1823.51 Multiple Vulnerabilities +2023/06/22 +local +Medium +Critical +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3217 +http://www.nessus.org/u?a084dba4 +Upgrade to Microsoft Edge version 114.0.1823.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/06/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.51 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-2312 +CVE-2023-4349 +CVE-2023-4350 +CVE-2023-4351 +CVE-2023-4352 +CVE-2023-4353 +CVE-2023-4354 +CVE-2023-4355 +CVE-2023-4356 +CVE-2023-4357 +CVE-2023-4358 +CVE-2023-4359 +CVE-2023-4360 +CVE-2023-4361 +CVE-2023-4362 +CVE-2023-4363 +CVE-2023-4364 +CVE-2023-4365 +CVE-2023-4366 +CVE-2023-4367 +CVE-2023-4368 +CVE-2023-36787 +CVE-2023-38158 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4368 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.54. It is, therefore, affected by multiple vulnerabilities as referenced in the August 21, 2023 advisory. + + - Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2312) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36787) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-38158) + + - Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4349) + + - Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4350) + + - Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4351) + + - Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4352) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4353) + + - Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4354) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4355) + + - Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4356) + + - Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4357) + + - Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4358) + + - Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4359) + + - Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4360) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4361) + + - Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4362) + + - Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4363) + + - Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4364) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4365) + + - Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-4366) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4367, CVE-2023-4368) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_54.nasl +current +2023-A-0438-S +2023/08/21 +2023/09/18 +Microsoft Edge (Chromium) < 116.0.1938.54 Multiple Vulnerabilities +2023/08/23 +local +Medium +Critical +1.3 +http://www.nessus.org/u?9ae99e73 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36787 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4349 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4351 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4352 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4353 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4354 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4355 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4356 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4357 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4358 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4359 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4360 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4361 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4362 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4363 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4365 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4366 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4367 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4368 +Upgrade to Microsoft Edge version 116.0.1938.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +8.4 +2023/08/15 +IAVA:2023-A-0438-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-4068 +CVE-2023-4069 +CVE-2023-4070 +CVE-2023-4071 +CVE-2023-4072 +CVE-2023-4073 +CVE-2023-4074 +CVE-2023-4075 +CVE-2023-4076 +CVE-2023-4077 +CVE-2023-4078 +CVE-2023-38157 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4078 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.106 / 115.0.1901.200. It is, therefore, affected by multiple vulnerabilities as referenced in the August 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-38157) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069) + + - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071) + + - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072) + + - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4073) + + - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074) + + - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075) + + - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076) + + - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077) + + - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_115_0_1901_200.nasl +current +2023-A-0401-S +2023/08/07 +2023/10/23 +Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities +2023/08/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?ccceaa60 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4070 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4073 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4075 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4077 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4078 +Upgrade to Microsoft Edge version 114.0.1823.106 / 115.0.1901.200 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +Social Media +9.0 +2023/08/02 +IAVA:2023-A-0401-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.200 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-36883 +CVE-2023-36887 +CVE-2023-36888 +7.8 +CVE-2023-36887 +7.0 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.5 +CVE-2023-36888 +5.9 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.82. It is, therefore, affected by multiple vulnerabilities as referenced in the July 13, 2023 advisory. + + - Microsoft Edge for Android (Chromium-based) Tampering Vulnerability (CVE-2023-36888) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2023-36883) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36887) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_114_0_1823_82.nasl +current +2023-A-0358-S +2023/07/13 +2023/08/02 +Microsoft Edge (Chromium) < 114.0.1823.82 Multiple Vulnerabilities +2023/07/14 +local +Low +High +1.5 +http://www.nessus.org/u?74e8a4a1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888 +Upgrade to Microsoft Edge version 114.0.1823.82 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/13 +IAVA:2023-A-0358-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.82 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4761 +CVE-2023-4762 +CVE-2023-4763 +CVE-2023-4764 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4763 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.76. It is, therefore, affected by multiple vulnerabilities as referenced in the September 7, 2023 advisory. + + - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4761) + + - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762) + + - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763) + + - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_76.nasl +current +2023-A-0457-S +2023/09/07 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.76 Multiple Vulnerabilities +2023/09/07 +local +Medium +Critical +1.6 +http://www.nessus.org/u?0c1fe891 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4761 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4763 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4764 +Upgrade to Microsoft Edge version 116.0.1938.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +6.7 +2023/09/05 +IAVA:2023-A-0457-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.76 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3727 +CVE-2023-3728 +CVE-2023-3730 +CVE-2023-3732 +CVE-2023-3733 +CVE-2023-3734 +CVE-2023-3735 +CVE-2023-3736 +CVE-2023-3737 +CVE-2023-3738 +CVE-2023-3740 +CVE-2023-35392 +CVE-2023-38173 +CVE-2023-38187 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3732 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-35392) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2023-38173) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-38187) + + - Use after free in WebRTC. (CVE-2023-3727, CVE-2023-3728) + + - Use after free in Tab Groups. (CVE-2023-3730) + + - Out of bounds memory access in Mojo. (CVE-2023-3732) + + - Inappropriate implementation in WebApp Installs. (CVE-2023-3733) + + - Inappropriate implementation in Picture In Picture. (CVE-2023-3734) + + - Inappropriate implementation in Web API Permission Prompts. (CVE-2023-3735) + + - Inappropriate implementation in Custom Tabs. (CVE-2023-3736) + + - Inappropriate implementation in Notifications. (CVE-2023-3737) + + - Inappropriate implementation in Autofill. (CVE-2023-3738) + + - Insufficient validation of untrusted input in Themes. (CVE-2023-3740) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_115_0_1901_183.nasl +current +2023-A-0380-S +2023/07/21 +2023/08/11 +Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities +2023/07/21 +local +Low +Critical +1.3 +http://www.nessus.org/u?09d3506d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35392 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3728 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3730 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3732 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3733 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3734 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3736 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3737 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3738 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3740 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38187 +Upgrade to Microsoft Edge version 114.0.1901.183 / 115.0.1901.183 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/18 +IAVA:2023-A-0380-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.183 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4427 +CVE-2023-4428 +CVE-2023-4429 +CVE-2023-4430 +CVE-2023-4431 +CVE-2023-36741 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4430 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the August 25, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36741) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4427) + + - Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4428) + + - Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429) + + - Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430) + + - Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4431) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_62.nasl +current +2023-A-0453-S +2023/08/25 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.62 Multiple Vulnerabilities +2023/08/26 +local +Low +Critical +1.3 +http://www.nessus.org/u?22854207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4427 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4428 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4429 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4430 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4431 +Upgrade to Microsoft Edge version 116.0.1938.62 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/08/22 +IAVA:2023-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.62 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +CVE-2023-4900 +CVE-2023-4901 +CVE-2023-4902 +CVE-2023-4903 +CVE-2023-4904 +CVE-2023-4905 +CVE-2023-4906 +CVE-2023-4907 +CVE-2023-4908 +CVE-2023-4909 +CVE-2023-36562 +CVE-2023-36727 +CVE-2023-36735 +9.6 +CVE-2023-36735 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36562, CVE-2023-36735) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-36727) + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + + - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4900) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4901) + + - Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902) + + - Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4903) + + - Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: + Medium) (CVE-2023-4904) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4906) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4907) + + - Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4908) + + - Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4909) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_117_0_2045_31.nasl +former +2023/09/15 +2023/10/06 +Microsoft Edge (Chromium) < 117.0.2045.31 Multiple Vulnerabilities +2023/09/15 +local +High +Critical +1.8 +http://www.nessus.org/u?db9a43f1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4901 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4902 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4903 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4904 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4906 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4907 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4909 +Upgrade to Microsoft Edge version 117.0.2045.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.31 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2721 +CVE-2023-2722 +CVE-2023-2723 +CVE-2023-2724 +CVE-2023-2725 +CVE-2023-2726 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2726 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.50 / 112.0.1722.84. It is, therefore, affected by multiple vulnerabilities as referenced in the May 18, 2023 advisory. + + - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-2721) + + - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-2722) + + - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2723) + + - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724) + + - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2725) + + - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2726) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_113_0_1774_50.nasl +2023-A-0265-S +2023/05/18 +2023/07/07 +Microsoft Edge (Chromium) < 113.0.1774.50 / 112.0.1722.84 Multiple Vulnerabilities +2023/05/23 +local +Medium +Critical +1.4 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2722 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2723 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2724 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2725 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2726 +Upgrade to Microsoft Edge version 113.0.1774.50 / 112.0.1722.84 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/16 +IAVA:2023-A-0265-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.50 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4572 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4572 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.69. It is, therefore, affected by a vulnerability as referenced in the August 31, 2023 advisory. + + - Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4572) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_69.nasl +current +2023/08/31 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.69 (CVE-2023-4572) +2023/08/31 +local +Medium +Critical +1.2 +http://www.nessus.org/u?3a086c3d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4572 +Upgrade to Microsoft Edge version 116.0.1938.69 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/08/29 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.69 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-24935 +CVE-2023-28284 +CVE-2023-28301 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2023-24935 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.34. It is, therefore, affected by multiple vulnerabilities as referenced in the April 6, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-28284) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-24935) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-28301) + + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_34.nasl +2023-A-0180-S +2023/04/06 +2023/05/23 +Microsoft Edge (Chromium) < 112.0.1722.34 Multiple Vulnerabilities +2023/04/14 +local +Low +Medium +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24935 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28284 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28301 +Upgrade to Microsoft Edge version 112.0.1722.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2023/04/06 +IAVA:2023-A-0180-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.34 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3420 +CVE-2023-3421 +CVE-2023-3422 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3422 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.67. It is, therefore, affected by multiple vulnerabilities as referenced in the June 29, 2023 advisory. + + - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3420) + + - Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3421) + + - Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-3422) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_114_0_1823_67.nasl +current +2023/06/29 +2023/07/06 +Microsoft Edge (Chromium) < 114.0.1823.67 Multiple Vulnerabilities +2023/06/30 +local +Low +Critical +1.1 +http://www.nessus.org/u?12f91dd6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3420 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3421 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3422 +Upgrade to Microsoft Edge version 114.0.1823.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +8.4 +2023/06/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.67 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5472 +CVE-2023-44323 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5472 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.76. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2023 advisory. + + - Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5472) + + - Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-44323) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_76.nasl +current +2023-A-0600-S +2023/10/27 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.76 Multiple Vulnerabilities +2023/10/27 +local +Medium +Critical +1.4 +http://www.nessus.org/u?4f5c8cf8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44323 +Upgrade to Microsoft Edge version 118.0.2088.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/24 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.76 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-36014 +CVE-2023-36024 +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.102 / 119.0.2151.58. It is, therefore, affected by multiple vulnerabilities as referenced in the November 9, 2023 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36014) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36024) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_58.nasl +current +2023-A-0610-S +2023/11/09 +2024/01/26 +Microsoft Edge (Chromium) < 118.0.2088.102 / 119.0.2151.58 Multiple Vulnerabilities +2023/11/09 +local +Medium +Critical +1.6 +http://www.nessus.org/u?683f1aad +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5996 +Upgrade to Microsoft Edge version 118.0.2088.102 / 119.0.2151.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +6.7 +2023/11/07 +IAVA:2023-A-0610-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.58 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5480 +CVE-2023-5482 +CVE-2023-5849 +CVE-2023-5850 +CVE-2023-5851 +CVE-2023-5852 +CVE-2023-5853 +CVE-2023-5854 +CVE-2023-5855 +CVE-2023-5856 +CVE-2023-5857 +CVE-2023-5858 +CVE-2023-5859 +CVE-2023-36022 +CVE-2023-36029 +CVE-2023-36034 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5857 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.88 / 119.0.2151.44. It is, therefore, affected by multiple vulnerabilities as referenced in the November 2, 2023 advisory. + + - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) (CVE-2023-5480) + + - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5482) + + - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5851) + + - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5852) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853) + + - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5854) + + - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5855) + + - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5856) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) (CVE-2023-5857) + + - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5858) + + - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) (CVE-2023-5859) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_44.nasl +current +2023-A-0600-S +2023/11/02 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.88 / 119.0.2151.44 Multiple Vulnerabilities +2023/11/03 +local +Medium +Critical +1.3 +http://www.nessus.org/u?c1b5e0e7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36029 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36034 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5849 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5850 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5851 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5859 +Upgrade to Microsoft Edge version 118.0.2088.88 / 119.0.2151.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/31 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.44 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5346 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5346 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.55. It is, therefore, affected by a vulnerability as referenced in the October 4, 2023 advisory. + + - Type Confusion in V8. (CVE-2023-5346) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_117_0_2045_55.nasl +current +2023/10/04 +2023/10/09 +Microsoft Edge (Chromium) < 117.0.2045.55 (CVE-2023-5346) +2023/10/04 +local +Low +Critical +1.2 +http://www.nessus.org/u?91471929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5346 +Upgrade to Microsoft Edge version 117.0.2045.55 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +120 to 365 days +No recorded events +6.7 +2023/10/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.55 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory. + + - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0222) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0223) + + - Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0224) + + - Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_121.nasl +current +2024-A-0009-S +2024/01/05 +2024/01/18 +Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities +2024/01/05 +local +Low +Critical +1.3 +http://www.nessus.org/u?4aae3ac8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0225 +Upgrade to Microsoft Edge version 120.0.2210.121 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +No recorded events +6.7 +2024/01/03 +IAVA:2024-A-0009-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.121 + + + +7 - 30 days +2024/02/07 +cpe:/a:microsoft:edge +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.144. It is, therefore, affected by multiple vulnerabilities as referenced in the January 17, 2024 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0517) + + - Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0518) + + - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_120_0_2210_144.nasl +current +2024-A-0040-S +2024/01/17 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.144 Multiple Vulnerabilities +2024/01/17 +local +Low +Critical +1.3 +http://www.nessus.org/u?baa12a23 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519 +Upgrade to Microsoft Edge version 120.0.2210.144 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media +9.2 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.144 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +CVE-2023-35618 +CVE-2023-36880 +CVE-2023-38174 +9.6 +CVE-2023-35618 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-35618) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-36880, CVE-2023-38174) + + - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6508) + + - Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) (CVE-2023-6509) + + - Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2023-6510) + + - Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_61.nasl +current +2023-A-0677-S +2023/12/07 +2023/12/22 +Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities +2023/12/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?7f2952a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36880 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6512 +Upgrade to Microsoft Edge version 120.0.2210.61 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2023/12/05 +IAVA:2023-A-0677-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.61 + + + +60 - 180 days +2023/12/21 +cpe:/a:microsoft:edge +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.122 / 119.0.2151.97. It is, therefore, affected by multiple vulnerabilities as referenced in the November 29, 2023 advisory. + + - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) (CVE-2023-6345) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6346) + + - Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6347) + + - Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6348) + + - Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) (CVE-2023-6350, CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_119_0_2151_97.nasl +current +2023/11/29 +2023/12/06 +Microsoft Edge (Chromium) < 118.0.2088.122 / 119.0.2151.97 Multiple Vulnerabilities +2023/11/29 +local +Medium +Critical +1.3 +http://www.nessus.org/u?88d07bbe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6345 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6346 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6347 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6348 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6351 +Upgrade to Microsoft Edge version 118.0.2088.122 / 119.0.2151.97 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.97 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.81. It is, therefore, affected by a vulnerability as referenced in the September 12, 2023 advisory. + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_116_0_1938_81.nasl +current +2023-A-0494-S +2023/09/12 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.81 (CVE-2023-4863) +2023/09/12 +local +High +Critical +1.5 +http://www.nessus.org/u?2bde7861 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +Upgrade to Microsoft Edge version 116.0.1938.81 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 +IAVA:2023-A-0494-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.81 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5997 +CVE-2023-6112 +CVE-2023-36008 +CVE-2023-36026 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.109 / 119.0.2151.72. It is, therefore, affected by multiple vulnerabilities as referenced in the November 16, 2023 advisory. + + - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997) + + - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_119_0_2151_72.nasl +current +2023-A-0649-S +2023/11/16 +2024/01/29 +Microsoft Edge (Chromium) < 118.0.2088.109 / 119.0.2151.72 Multiple Vulnerabilities +2023/11/16 +local +Medium +Critical +1.4 +http://www.nessus.org/u?7feca339 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36026 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6112 +Upgrade to Microsoft Edge version 118.0.2088.109 / 119.0.2151.72 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/11/14 +IAVA:2023-A-0649-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.72 + + + +30 - 60 days +2024/01/23 +cpe:/a:microsoft:edge +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.91. It is, therefore, affected by a vulnerability as referenced in the December 21, 2023 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_120_0_2210_91.nasl +current +2023/12/21 +2024/01/02 +Microsoft Edge (Chromium) < 120.0.2210.91 (CVE-2023-7024) +2023/12/21 +local +Medium +Critical +1.3 +http://www.nessus.org/u?eaceba1a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-7024 +Upgrade to Microsoft Edge version 120.0.2210.91 or later. +The remote host has an web browser installed that is affected by a vulnerability. +High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.91 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0333 +CVE-2024-20675 +CVE-2024-20709 +CVE-2024-20721 +CVE-2024-21337 +6.3 +5.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L +3.7 +7.5 +CVE-2024-20675 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.133. It is, therefore, affected by multiple vulnerabilities as referenced in the January 11, 2024 advisory. + + - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0333) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675) + + - Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20709, CVE-2024-20721) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_133.nasl +current +2024-A-0040-S +2024/01/11 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.133 Multiple Vulnerabilities +2024/01/18 +local +Low +High +1.2 +http://www.nessus.org/u?3844aad0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337 +Upgrade to Microsoft Edge version 120.0.2210.133 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +4.9 +2024/01/09 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.133 + + + +0 - 7 days +cpe:/a:microsoft:edge +CVE-2024-21388 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L +3.7 +5.1 +CVE-2024-21388 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by a vulnerability as referenced in the January 30, 2024 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21388) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_121_0_2277_83.nasl +current +2024-A-0060 +2024/01/25 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) +2024/01/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?d0503752 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388 +Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +4.9 +2024/01/23 +IAVA:2024-A-0060 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 121.0.2277.83 + + + +60 - 180 days +2023/10/23 +cpe:/a:microsoft:edge +CVE-2023-1999 +CVE-2023-5186 +CVE-2023-5187 +CVE-2023-5217 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5217 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.98 / 117.0.2045.47. It is, therefore, affected by multiple vulnerabilities as referenced in the September 29, 2023 advisory. + + - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. (CVE-2023-1999) + + - Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) (CVE-2023-5186) + + - Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-5187) + + - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_117_0_2045_47.nasl +current +2023-A-0523-S +2023/09/29 +2023/10/23 +Microsoft Edge (Chromium) < 116.0.1938.98 / 117.0.2045.47 Multiple Vulnerabilities +2023/10/02 +local +Very High +Critical +1.3 +http://www.nessus.org/u?f89fc291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217 +Upgrade to Microsoft Edge version 116.0.1938.98 / 117.0.2045.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.2 +2023/04/11 +CISA-KNOWN-EXPLOITED:2023/10/23 +IAVA:2023-A-0523-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.47 + + + +180 - 365 days +2023/06/28 +cpe:/a:microsoft:edge +CVE-2023-3079 +CVE-2023-33145 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3079 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 6, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079) + + - An information disclosure vulnerability. (CVE-2023-33145) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_114_0_1823_41.nasl +2023-A-0274-S +2023-A-0302-S +2023/06/06 +2023/07/20 +Microsoft Edge (Chromium) < 114.0.1823.41 Multiple Vulnerabilities +2023/06/07 +local +Medium +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3079 +Upgrade to Microsoft Edge version 114.0.1823.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +9.0 +2023/06/05 +CISA-KNOWN-EXPLOITED:2023/06/28 +IAVA:2023-A-0274-S +IAVA:2023-A-0302-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.41 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +CVE-2023-36878 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.77. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-36878) + + - Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-6706) + + - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-6707) + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_77.nasl +current +2023-A-0696-S +2023/12/14 +2024/01/12 +Microsoft Edge (Chromium) < 120.0.2210.77 Multiple Vulnerabilities +2023/12/15 +local +Low +Critical +1.3 +http://www.nessus.org/u?11cef5be +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6706 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6707 +Upgrade to Microsoft Edge version 120.0.2210.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/12/12 +IAVA:2023-A-0696-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.77 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16016 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16016 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.68. It is, therefore, affected by a vulnerability as referenced in the ADV200002-11-11-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_86_0_622_68.nasl +2020/11/11 +2021/01/12 +Microsoft Edge (Chromium) < 86.0.622.68 Vulnerability +2020/11/12 +local +Low +Medium +1.4 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.68 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.5 +2020/11/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.68 + + + +730 days + +CEA-2020-0124 +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16004 +CVE-2020-16005 +CVE-2020-16006 +CVE-2020-16007 +CVE-2020-16008 +CVE-2020-16009 +CVE-2020-16011 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2020-16011 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.63. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-4-2020 advisory. + + - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16004) + + - Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16005) + + - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16006, CVE-2020-16009) + + - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. (CVE-2020-16007) + + - Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. (CVE-2020-16008) + + - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2020-16011) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_63.nasl +2020/11/04 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.63 Multiple Vulnerabilities +2020/11/04 +local +High +Medium +1.10 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2020/11/02 +CISA-KNOWN-EXPLOITED:2022/05/03 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2019-8075 +CVE-2020-16012 +CVE-2020-16014 +CVE-2020-16015 +CVE-2020-16018 +CVE-2020-16022 +CVE-2020-16023 +CVE-2020-16024 +CVE-2020-16025 +CVE-2020-16026 +CVE-2020-16027 +CVE-2020-16028 +CVE-2020-16029 +CVE-2020-16030 +CVE-2020-16031 +CVE-2020-16032 +CVE-2020-16033 +CVE-2020-16034 +CVE-2020-16036 +9.6 +CVE-2020-16025 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16029 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.41. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-19-2020 advisory. + + - Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. + Successful exploitation could lead to Information Disclosure in the context of the current user. + (CVE-2019-8075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_87_0_664_41.nasl +2020/11/19 +2022/05/11 +Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities +2020/11/20 +local +Low +Medium +1.6 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.41 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2019/06/11 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.41 + + + +730 days + +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16013 +CVE-2020-16017 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16017 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-13-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_69.nasl +2020/11/13 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.69 Multiple Vulnerabilities +2020/11/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2020/11/11 +CISA-KNOWN-EXPLOITED:2022/05/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.69 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-15995 +CVE-2020-16043 +CVE-2021-21106 +CVE-2021-21107 +CVE-2021-21108 +CVE-2021-21109 +CVE-2021-21110 +CVE-2021-21111 +CVE-2021-21112 +CVE-2021-21113 +CVE-2021-21114 +CVE-2021-21115 +CVE-2021-21116 +9.6 +CVE-2021-21115 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +9.3 +CVE-2021-21106 +6.9 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.75. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-1-7-2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15995) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_87_0_664_75.nasl +2021/01/07 +2024/01/30 +Microsoft Edge (Chromium) < 87.0.664.75 Multiple Vulnerabilities +2021/01/08 +local +Medium +High +1.5 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.75 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2020/11/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.75 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21142 +CVE-2021-21143 +CVE-2021-21144 +CVE-2021-21145 +CVE-2021-21146 +CVE-2021-21147 +CVE-2021-24113 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21146 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.62. It is, therefore, affected by multiple vulnerabilities as referenced in the February 4, 2021 advisory. + + - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142) + + - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21143) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21144) + + - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21145) + + - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21146) + + - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_88_0_705_62.nasl +2021/02/04 +2021/02/12 +Microsoft Edge (Chromium) < 88.0.705.62 Multiple Vulnerabilities +2021/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?f6e795b0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21142 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21144 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21147 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24113 +Upgrade to Microsoft Edge version 88.0.705.62 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/02/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.62 + + + +730 days + +CEA-2021-0007 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21148 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21148 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.63. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-21148 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_88_0_705_63.nasl +2021/02/05 +2023/04/25 +Microsoft Edge (Chromium) < 88.0.705.63 Vulnerability +2021/02/08 +local +Medium +Medium +1.9 +http://www.nessus.org/u?c8284af6 +Upgrade to Microsoft Edge version 88.0.705.63 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2021/02/04 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2021-0007 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16044 +CVE-2021-21118 +CVE-2021-21119 +CVE-2021-21120 +CVE-2021-21121 +CVE-2021-21122 +CVE-2021-21123 +CVE-2021-21124 +CVE-2021-21125 +CVE-2021-21126 +CVE-2021-21127 +CVE-2021-21128 +CVE-2021-21129 +CVE-2021-21130 +CVE-2021-21131 +CVE-2021-21132 +CVE-2021-21133 +CVE-2021-21134 +CVE-2021-21135 +CVE-2021-21136 +CVE-2021-21137 +CVE-2021-21139 +CVE-2021-21140 +CVE-2021-21141 +9.6 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21132 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.50. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_88_0_705_50.nasl +2021/01/21 +2024/01/26 +Microsoft Edge (Chromium) < 88.0.705.50 Multiple Vulnerabilities +2021/01/26 +local +Low +Medium +1.5 +http://www.nessus.org/u?f11ddceb +http://www.nessus.org/u?e38b0261 +http://www.nessus.org/u?956993df +http://www.nessus.org/u?86ccd1a7 +http://www.nessus.org/u?ea65fbbf +http://www.nessus.org/u?d945c5fd +http://www.nessus.org/u?804c6012 +http://www.nessus.org/u?6df00137 +http://www.nessus.org/u?8e925c70 +http://www.nessus.org/u?f33d1708 +http://www.nessus.org/u?e453c1c0 +http://www.nessus.org/u?d644083b +http://www.nessus.org/u?04560b20 +http://www.nessus.org/u?3dbc72e7 +http://www.nessus.org/u?3be82d62 +http://www.nessus.org/u?776bc7e6 +http://www.nessus.org/u?858149b3 +http://www.nessus.org/u?3838b7fb +http://www.nessus.org/u?1c282efb +http://www.nessus.org/u?b1321a9c +http://www.nessus.org/u?970b384a +http://www.nessus.org/u?a6495027 +http://www.nessus.org/u?ef57ee24 +http://www.nessus.org/u?a674cb6c +Upgrade to Microsoft Edge version 88.0.705.50 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/01/12 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16037 +CVE-2020-16038 +CVE-2020-16039 +CVE-2020-16040 +CVE-2020-16041 +CVE-2020-16042 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +9.3 +CVE-2020-16039 +8.1 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_87_0_664_57.nasl +2020-A-0571-S +Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase +2020/12/07 +2021/04/20 +Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities +2020/12/09 +local +Low +High +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +7.4 +2020/12/02 +IAVA:2020-A-0571-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.57 + + + +730 days + +CEA-2020-0124 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-15999 +CVE-2020-16000 +CVE-2020-16001 +CVE-2020-16002 +CVE-2020-16003 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +6.8 +CVE-2020-16003 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_86_0_622_51.nasl +2020/10/22 +2022/12/05 +Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities +2020/10/22 +local +High +Medium +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +7.2 +2020/10/20 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.51 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5218 +CVE-2023-5473 +CVE-2023-5474 +CVE-2023-5475 +CVE-2023-5476 +CVE-2023-5477 +CVE-2023-5478 +CVE-2023-5479 +CVE-2023-5481 +CVE-2023-5483 +CVE-2023-5484 +CVE-2023-5485 +CVE-2023-5486 +CVE-2023-5487 +CVE-2023-36559 +CVE-2023-36409 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5476 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 13, 2023 advisory. + + - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-5218) + + - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5473) + + - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474) + + - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475) + + - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5476) + + - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) (CVE-2023-5477) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5479) + + - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5481) + + - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5483) + + - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5484) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485) + + - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5487) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_46.nasl +current +2023-A-0566-S +2023-A-0578-S +2023/10/13 +2023/11/09 +Microsoft Edge (Chromium) < 118.0.2088.46 Multiple Vulnerabilities +2023/10/13 +local +Low +Critical +1.6 +http://www.nessus.org/u?2945f274 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36409 +Upgrade to Microsoft Edge version 118.0.2088.46 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/10/10 +IAVA:2023-A-0566-S +IAVA:2023-A-0578-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-27844 +CVE-2021-21159 +CVE-2021-21160 +CVE-2021-21161 +CVE-2021-21162 +CVE-2021-21163 +CVE-2021-21164 +CVE-2021-21165 +CVE-2021-21166 +CVE-2021-21167 +CVE-2021-21168 +CVE-2021-21169 +CVE-2021-21170 +CVE-2021-21171 +CVE-2021-21172 +CVE-2021-21173 +CVE-2021-21174 +CVE-2021-21175 +CVE-2021-21176 +CVE-2021-21177 +CVE-2021-21178 +CVE-2021-21179 +CVE-2021-21180 +CVE-2021-21181 +CVE-2021-21182 +CVE-2021-21183 +CVE-2021-21184 +CVE-2021-21185 +CVE-2021-21186 +CVE-2021-21187 +CVE-2021-21188 +CVE-2021-21189 +CVE-2021-21190 +8.8 +CVE-2021-21190 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.3 +CVE-2020-27844 +6.9 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected by multiple vulnerabilities as referenced in the March 4, 2021 advisory. + + - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27844) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_45.nasl +2021/03/04 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities +2021/03/08 +local +Medium +High +1.9 +http://www.nessus.org/u?b2e30009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-27844 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21159 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21166 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21167 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21168 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21169 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21170 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21171 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21172 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21176 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21190 +Upgrade to Microsoft Edge version 89.0.774.45 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/01/05 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.45 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21194 +CVE-2021-21195 +CVE-2021-21196 +CVE-2021-21197 +CVE-2021-21198 +CVE-2021-21199 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21199 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.68. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_89_0_774_68.nasl +2021-A-0152-S +2021/04/01 +2021/06/07 +Microsoft Edge (Chromium) < 89.0.774.68 Multiple Vulnerabilities +2021/04/02 +local +Low +Medium +1.6 +http://www.nessus.org/u?d3ce740a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21199 +Upgrade to Microsoft Edge version 89.0.774.68 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/03/30 +IAVA:2021-A-0152-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.68 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21191 +CVE-2021-21192 +CVE-2021-21193 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21193 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.54. It is, therefore, affected by multiple vulnerabilities as referenced in the March 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_54.nasl +2021/03/15 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.54 Multiple Vulnerabilities +2021/03/16 +local +Medium +Medium +1.8 +http://www.nessus.org/u?5072e34e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21193 +Upgrade to Microsoft Edge version 89.0.774.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/03/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21201 +CVE-2021-21202 +CVE-2021-21203 +CVE-2021-21204 +CVE-2021-21205 +CVE-2021-21207 +CVE-2021-21208 +CVE-2021-21209 +CVE-2021-21210 +CVE-2021-21211 +CVE-2021-21212 +CVE-2021-21213 +CVE-2021-21214 +CVE-2021-21215 +CVE-2021-21216 +CVE-2021-21217 +CVE-2021-21218 +CVE-2021-21219 +CVE-2021-21221 +9.6 +CVE-2021-21201 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21214 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_39.nasl +2021/04/15 +2022/05/10 +Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities +2021/04/16 +local +Medium +Medium +1.4 +http://www.nessus.org/u?de6e5227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221 +Upgrade to Microsoft Edge version 90.0.818.39 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/04/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.39 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21227 +CVE-2021-21228 +CVE-2021-21229 +CVE-2021-21230 +CVE-2021-21231 +CVE-2021-21232 +CVE-2021-21233 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21233 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 29, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_51.nasl +2021/04/29 +2021/05/03 +Microsoft Edge (Chromium) < 90.0.818.51 Multiple Vulnerabilities +2021/04/29 +local +Medium +Medium +1.3 +http://www.nessus.org/u?82d8e204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21233 +Upgrade to Microsoft Edge version 90.0.818.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/04/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.51 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21206 +CVE-2021-21220 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21220 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.77. It is, therefore, affected by multiple vulnerabilities as referenced in the April 14, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_89_0_774_77.nasl +2021-A-0176-S +Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE +2021/04/14 +2021/11/30 +Microsoft Edge (Chromium) < 89.0.774.77 Multiple Vulnerabilities +2021/04/15 +local +Low +Medium +1.9 +http://www.nessus.org/u?119280b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21206 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21220 +Upgrade to Microsoft Edge version 89.0.774.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.6 +2021/04/13 +IAVA:2021-A-0176-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.77 + + + +730 days + +2022/07/18 +cpe:/a:microsoft:edge +CVE-2021-30521 +CVE-2021-30522 +CVE-2021-30523 +CVE-2021-30524 +CVE-2021-30525 +CVE-2021-30526 +CVE-2021-30527 +CVE-2021-30528 +CVE-2021-30529 +CVE-2021-30530 +CVE-2021-30531 +CVE-2021-30532 +CVE-2021-30533 +CVE-2021-30534 +CVE-2021-30535 +CVE-2021-30536 +CVE-2021-30537 +CVE-2021-30538 +CVE-2021-30539 +CVE-2021-30540 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30535 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_91_0_864_37.nasl +2021/05/27 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities +2021/06/02 +local +Low +Medium +1.5 +http://www.nessus.org/u?0c14a42a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982 +Upgrade to Microsoft Edge version 91.0.864.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/25 +CISA-KNOWN-EXPLOITED:2022/07/18 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.37 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-33741 +8.2 +7.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N +4.7 +5.1 +CVE-2021-33741 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.41. It is, therefore, affected by a vulnerability as referenced in the June 4, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_41.nasl +2021/06/04 +2023/12/27 +Microsoft Edge (Chromium) < 91.0.864.41 Vulnerability +2021/06/04 +local +Low +Medium +1.4 +http://www.nessus.org/u?aa1e84f8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33741 +Upgrade to Microsoft Edge version 91.0.864.41 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2021/06/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2021-34475 +CVE-2021-34506 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2021-34506 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.59. It is, therefore, affected by multiple vulnerabilities as referenced in the June 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_59.nasl +2021/06/24 +2023/12/12 +Microsoft Edge (Chromium) < 91.0.864.59 Multiple Vulnerabilities +2021/06/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?fcf1608e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506 +Upgrade to Microsoft Edge version 91.0.864.59 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2021/06/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.59 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30565 +CVE-2021-30566 +CVE-2021-30567 +CVE-2021-30568 +CVE-2021-30569 +CVE-2021-30571 +CVE-2021-30572 +CVE-2021-30573 +CVE-2021-30574 +CVE-2021-30575 +CVE-2021-30576 +CVE-2021-30577 +CVE-2021-30578 +CVE-2021-30579 +CVE-2021-30580 +CVE-2021-30581 +CVE-2021-30582 +CVE-2021-30583 +CVE-2021-30584 +CVE-2021-30585 +CVE-2021-30586 +CVE-2021-30587 +CVE-2021-30588 +CVE-2021-30589 +9.6 +CVE-2021-30571 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30588 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_55.nasl +2021-A-0346-S +2021/07/22 +2023/12/07 +Microsoft Edge (Chromium) < 92.0.902.55 Multiple Vulnerabilities +2021/07/22 +local +Low +Medium +1.8 +http://www.nessus.org/u?dc471fea +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30565 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30566 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30567 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30568 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30569 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30571 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30572 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30573 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30574 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30575 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30576 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30577 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30578 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30579 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30580 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30581 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30582 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30583 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30584 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30585 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30586 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30587 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30588 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30589 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36931 +Upgrade to Microsoft Edge version 92.0.902.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/07/20 +IAVA:2021-A-0346-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.55 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21222 +CVE-2021-21223 +CVE-2021-21224 +CVE-2021-21225 +CVE-2021-21226 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21226 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected by multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_90_0_818_46.nasl +2021/04/22 +2021/11/30 +Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities +2021/04/22 +local +Medium +Medium +1.6 +http://www.nessus.org/u?0027f192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21225 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21226 +Upgrade to Microsoft Edge version 90.0.818.46 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.2 +2021/04/20 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30541 +CVE-2021-30559 +CVE-2021-30560 +CVE-2021-30561 +CVE-2021-30562 +CVE-2021-30563 +CVE-2021-30564 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30564 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 19, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_71.nasl +2021/07/19 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.71 Multiple Vulnerabilities +2021/07/19 +local +Low +Medium +1.5 +http://www.nessus.org/u?06a51872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30541 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30559 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30560 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30561 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30563 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30564 +Upgrade to Microsoft Edge version 91.0.864.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/07/15 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.71 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30598 +CVE-2021-30599 +CVE-2021-30601 +CVE-2021-30602 +CVE-2021-30603 +CVE-2021-30604 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30604 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.78. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2021 advisory. + + - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30604) + + - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599) + + - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30601) + + - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30602) + + - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30603) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_78.nasl +2021/08/19 +2021/09/24 +Microsoft Edge (Chromium) < 92.0.902.78 Multiple Vulnerabilities +2021/08/19 +local +Low +Medium +1.6 +http://www.nessus.org/u?97c3a98d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30599 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30601 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30602 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30604 +Upgrade to Microsoft Edge version 92.0.902.78 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.78 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30554 +CVE-2021-30555 +CVE-2021-30556 +CVE-2021-30557 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30557 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected by multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_91_0_864_54.nasl +2021/06/18 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities +2021/06/18 +local +Low +Medium +1.7 +http://www.nessus.org/u?fe8ae1a6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30556 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30557 +Upgrade to Microsoft Edge version 91.0.864.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/06/17 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30590 +CVE-2021-30591 +CVE-2021-30592 +CVE-2021-30593 +CVE-2021-30594 +CVE-2021-30596 +CVE-2021-30597 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30592 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.67. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_67.nasl +2021/08/05 +2023/12/06 +Microsoft Edge (Chromium) < 92.0.902.67 Multiple Vulnerabilities +2021/08/05 +local +Low +Medium +1.4 +http://www.nessus.org/u?c2b02534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30590 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30591 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30592 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30593 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30594 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30596 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30597 +Upgrade to Microsoft Edge version 92.0.902.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.67 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38669 +6.4 +5.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N +2.7 +7.5 +CVE-2021-38669 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.44. It is, therefore, affected by a vulnerability as referenced in the September 9, 2021 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2021-38669) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_44.nasl +2021-A-0432-S +2021/09/09 +2023/12/29 +Microsoft Edge (Chromium) < 93.0.961.44 Vulnerability +2021/09/14 +local +Low +High +1.7 +http://www.nessus.org/u?5b26fe9e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38669 +Upgrade to Microsoft Edge version 93.0.961.44 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +3.8 +2021/09/14 +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.44 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30544 +CVE-2021-30545 +CVE-2021-30546 +CVE-2021-30547 +CVE-2021-30548 +CVE-2021-30549 +CVE-2021-30550 +CVE-2021-30551 +CVE-2021-30552 +CVE-2021-30553 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30553 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected by multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_48.nasl +2021/06/11 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities +2021/06/11 +local +Low +Medium +1.6 +http://www.nessus.org/u?294d93d8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30544 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30545 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30546 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30547 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30548 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30549 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30550 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30551 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30552 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30553 +Upgrade to Microsoft Edge version 91.0.864.48 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/06/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.48 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30506 +CVE-2021-30507 +CVE-2021-30508 +CVE-2021-30509 +CVE-2021-30510 +CVE-2021-30511 +CVE-2021-30512 +CVE-2021-30513 +CVE-2021-30514 +CVE-2021-30515 +CVE-2021-30516 +CVE-2021-30517 +CVE-2021-30518 +CVE-2021-30519 +CVE-2021-30520 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30520 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_90_0_xxxxxx.nasl +2021/05/13 +2024/01/02 +Microsoft Edge (Chromium) < 90.0.xxxxxx Multiple Vulnerabilities +2021/05/14 +local +Low +Medium +1.4 +http://www.nessus.org/u?9cc1dc08 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30506 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30507 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30513 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30514 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30515 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30516 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30519 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30520 +Upgrade to Microsoft Edge version 90.0.xxxxxx or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.xxxxxx + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37956 +CVE-2021-37957 +CVE-2021-37958 +CVE-2021-37959 +CVE-2021-37961 +CVE-2021-37962 +CVE-2021-37963 +CVE-2021-37964 +CVE-2021-37965 +CVE-2021-37966 +CVE-2021-37967 +CVE-2021-37968 +CVE-2021-37969 +CVE-2021-37970 +CVE-2021-37971 +CVE-2021-37972 +CVE-2021-37973 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37973 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. + + - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37973) + + - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37956) + + - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957) + + - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958) + + - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37959) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_31.nasl +2021-A-0448-S +2021/09/24 +2024/01/16 +Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities +2021/09/24 +local +Medium +Medium +1.11 +http://www.nessus.org/u?6dbcb9b7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973 +Upgrade to Microsoft Edge version 94.0.992.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/21 +IAVA:2021-A-0448-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.31 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30625 +CVE-2021-30626 +CVE-2021-30627 +CVE-2021-30628 +CVE-2021-30629 +CVE-2021-30630 +CVE-2021-30633 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30633 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.52. It is, therefore, affected by multiple vulnerabilities as referenced in the September 16, 2021 advisory. + + - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-30633) + + - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30625) + + - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626) + + - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627) + + - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_93_0_961_52.nasl +2021/09/16 +2024/01/16 +Microsoft Edge (Chromium) < 93.0.961.52 Multiple Vulnerabilities +2021/09/17 +local +Low +Medium +1.9 +http://www.nessus.org/u?603235a5 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30625 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30626 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30627 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30628 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30629 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30630 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30633 +Upgrade to Microsoft Edge version 93.0.961.52 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.52 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37997 +CVE-2021-37998 +CVE-2021-37999 +CVE-2021-38000 +CVE-2021-38001 +CVE-2021-38002 +CVE-2021-38003 +9.6 +CVE-2021-38002 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-38003 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory. + + - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003) + + - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997) + + - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998) + + - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. + (CVE-2021-37999) + + - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. + (CVE-2021-38000) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_95_0_1020_40.nasl +2021-A-0522-S +2021/10/29 +2023/04/25 +Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities +2021/10/29 +local +Medium +Medium +1.13 +http://www.nessus.org/u?dd5c7f7f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37998 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38000 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38001 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38002 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38003 +Upgrade to Microsoft Edge version 95.0.1020.40 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/10/28 +IAVA:2021-A-0522-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.40 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37977 +CVE-2021-37978 +CVE-2021-37979 +CVE-2021-37980 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37979 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 11, 2021 advisory. + + - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37979) + + - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977) + + - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978) + + - Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. (CVE-2021-37980) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_94_0_992_47.nasl +2021-A-0459-S +2021/10/11 +2023/11/28 +Microsoft Edge (Chromium) < 94.0.992.47 Multiple Vulnerabilities +2021/10/11 +local +Medium +Medium +1.7 +http://www.nessus.org/u?3a3f355a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37980 +Upgrade to Microsoft Edge version 94.0.992.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/10/07 +IAVA:2021-A-0459-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.47 + + + +365 - 730 days +2021/12/29 +cpe:/a:microsoft:edge +CVE-2021-4098 +CVE-2021-4099 +CVE-2021-4100 +CVE-2021-4101 +CVE-2021-4102 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4102 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.57. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4102) + + - Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-4098) + + - Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4099) + + - Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4100) + + - Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4101) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_96_0_1054_57.nasl +2021-A-0576-S +2021/12/14 +2023/04/25 +Microsoft Edge (Chromium) < 96.0.1054.57 Multiple Vulnerabilities +2021/12/14 +local +Low +Medium +1.10 +http://www.nessus.org/u?f5dd1e14 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4102 +Upgrade to Microsoft Edge version 96.0.1054.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +7.4 +2021/12/13 +CISA-KNOWN-EXPLOITED:2021/12/29 +IAVA:2021-A-0576-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.57 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1052_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities +2021/11/20 +local +Medium +Medium +1.9 +http://www.nessus.org/u?95dce263 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1052.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/15 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1052.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37981 +CVE-2021-37982 +CVE-2021-37983 +CVE-2021-37984 +CVE-2021-37985 +CVE-2021-37986 +CVE-2021-37987 +CVE-2021-37988 +CVE-2021-37989 +CVE-2021-37990 +CVE-2021-37991 +CVE-2021-37992 +CVE-2021-37993 +CVE-2021-37994 +CVE-2021-37995 +CVE-2021-37996 +CVE-2021-42307 +9.6 +CVE-2021-37981 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37993 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.30. It is, therefore, affected by multiple vulnerabilities as referenced in the October 21, 2021 advisory. + + - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993) + + - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37981) + + - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982) + + - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983) + + - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_95_0_1020_30.nasl +2021-A-0491-S +2021-A-0544-S +2021/10/21 +2023/10/06 +Microsoft Edge (Chromium) < 95.0.1020.30 Multiple Vulnerabilities +2021/10/21 +local +Low +Medium +1.8 +http://www.nessus.org/u?6d633bfe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37981 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37982 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37983 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37984 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37985 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37986 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37987 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37988 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37989 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37990 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37991 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37992 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37993 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37994 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37995 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37996 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42307 +Upgrade to Microsoft Edge version 95.0.1020.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/10/19 +IAVA:2021-A-0491-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.30 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37974 +CVE-2021-37975 +CVE-2021-37976 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37975 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.38. It is, therefore, affected by multiple vulnerabilities as referenced in the October 1, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975) + + - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37974) + + - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_38.nasl +2021-A-0449-S +2021/10/01 +2023/04/25 +Microsoft Edge (Chromium) < 94.0.992.38 Multiple Vulnerabilities +2021/10/01 +local +Medium +Medium +1.10 +http://www.nessus.org/u?fc68e93b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37976 +Upgrade to Microsoft Edge version 94.0.992.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/09/30 +IAVA:2021-A-0449-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.38 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30632 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30632 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.47. It is, therefore, affected by a vulnerability as referenced in the September 14, 2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30632) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_93_0_961_47.nasl +2021/09/14 +2021/11/30 +Microsoft Edge (Chromium) < 93.0.961.47 Vulnerability +2021/09/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?78d37aa2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30632 +Upgrade to Microsoft Edge version 93.0.4577.82 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +9.0 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.47 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-23264 +4.7 +4.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N +1.4 +5.0 +CVE-2022-23264 +3.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.50. It is, therefore, affected by a vulnerability as referenced in the February 10, 2022 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-23264) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_50.nasl +2023-A-0071-S +2022/02/10 +2023/11/09 +Microsoft Edge (Chromium) < 98.0.1108.50 Vulnerability +2022/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?fe909fdc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23264 +Upgrade to Microsoft Edge version 98.0.1108.50 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +1.6 +2022/02/10 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2022-23258 +4.3 +3.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N +1.4 +4.3 +CVE-2022-23258 +3.2 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected by multiple vulnerabilities as referenced in the January 20, 2022 advisory. + + - Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_97_0_1072_69.nasl +2022/01/20 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities +2022/01/20 +local +Low +Medium +1.5 +http://www.nessus.org/u?4c365598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311 +Upgrade to Microsoft Edge version 97.0.1072.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +1.4 +2022/01/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.69 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0096 +CVE-2022-0097 +CVE-2022-0098 +CVE-2022-0099 +CVE-2022-0100 +CVE-2022-0101 +CVE-2022-0102 +CVE-2022-0103 +CVE-2022-0104 +CVE-2022-0105 +CVE-2022-0106 +CVE-2022-0107 +CVE-2022-0108 +CVE-2022-0109 +CVE-2022-0110 +CVE-2022-0111 +CVE-2022-0112 +CVE-2022-0113 +CVE-2022-0114 +CVE-2022-0115 +CVE-2022-0116 +CVE-2022-0117 +CVE-2022-0118 +CVE-2022-0120 +CVE-2022-21929 +CVE-2022-21930 +CVE-2022-21931 +CVE-2022-21954 +CVE-2022-21970 +9.6 +CVE-2022-0097 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +8.3 +CVE-2022-21970 +6.5 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory. + + - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107) + + - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096) + + - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097) + + - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098) + + - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. + (CVE-2022-0099) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_97_0_1072_55.nasl +2022/01/06 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities +2022/01/06 +local +Low +High +1.8 +http://www.nessus.org/u?10ad4694 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0096 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0097 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0102 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0103 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0104 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0105 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0106 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0107 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0108 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0109 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0110 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0111 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0112 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0113 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0114 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0116 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0117 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0118 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0120 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21970 +Upgrade to Microsoft Edge version 97.0.1072.55 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2022/01/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0971 +CVE-2022-0972 +CVE-2022-0973 +CVE-2022-0974 +CVE-2022-0975 +CVE-2022-0976 +CVE-2022-0977 +CVE-2022-0978 +CVE-2022-0979 +CVE-2022-0980 +CVE-2022-26899 +9.6 +CVE-2022-0977 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-26899 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.46. It is, therefore, affected by multiple vulnerabilities as referenced in the March 17, 2022 advisory. + + - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980) + + - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0971) + + - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0972) + + - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973) + + - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_99_0_1150_46.nasl +2022-A-0120-S +2021-A-0544-S +2022/03/17 +2023/11/06 +Microsoft Edge (Chromium) < 99.0.1150.46 Multiple Vulnerabilities +2022/03/17 +local +Low +Critical +1.8 +http://www.nessus.org/u?0cc84aae +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0973 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0976 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0980 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26899 +Upgrade to Microsoft Edge version 99.0.1150.46 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/03/15 +IAVA:2022-A-0120-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.46 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0789 +CVE-2022-0790 +CVE-2022-0791 +CVE-2022-0792 +CVE-2022-0793 +CVE-2022-0794 +CVE-2022-0795 +CVE-2022-0796 +CVE-2022-0797 +CVE-2022-0798 +CVE-2022-0799 +CVE-2022-0800 +CVE-2022-0801 +CVE-2022-0802 +CVE-2022-0803 +CVE-2022-0804 +CVE-2022-0805 +CVE-2022-0806 +CVE-2022-0807 +CVE-2022-0808 +CVE-2022-0809 +9.6 +CVE-2022-0790 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0809 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.30. It is, therefore, affected by multiple vulnerabilities as referenced in the March 3, 2022 advisory. + + - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789) + + - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790) + + - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. + (CVE-2022-0791) + + - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_99_0_1150_30.nasl +2022-A-0096-S +2022/03/03 +2023/01/10 +Microsoft Edge (Chromium) < 99.0.1150.30 Multiple Vulnerabilities +2022/03/03 +local +Low +Medium +1.7 +http://www.nessus.org/u?764ee88a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0789 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0790 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0791 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0792 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0793 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0794 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0795 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0796 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0797 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0798 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0799 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0800 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0801 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0802 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0803 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0804 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0805 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0806 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0807 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0808 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0809 +Upgrade to Microsoft Edge version 99.0.1150.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/01 +IAVA:2022-A-0096-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.30 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-4052 +CVE-2021-4053 +CVE-2021-4054 +CVE-2021-4055 +CVE-2021-4056 +CVE-2021-4057 +CVE-2021-4058 +CVE-2021-4059 +CVE-2021-4061 +CVE-2021-4062 +CVE-2021-4063 +CVE-2021-4064 +CVE-2021-4065 +CVE-2021-4066 +CVE-2021-4067 +CVE-2021-4068 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4067 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.53. It is, therefore, affected by multiple vulnerabilities as referenced in the December 10, 2021 advisory. + + - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067) + + - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (CVE-2021-4052) + + - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053) + + - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054) + + - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_96_0_1054_53.nasl +2021/12/10 +2022/01/11 +Microsoft Edge (Chromium) < 96.0.1054.53 Multiple Vulnerabilities +2021/12/11 +local +Medium +Medium +1.5 +http://www.nessus.org/u?10871512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4052 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4059 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4061 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4062 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4063 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4064 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4065 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4066 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4067 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4068 +Upgrade to Microsoft Edge version 96.0.1054.53 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/12/06 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.53 + + + +365 - 730 days +2022/04/18 +cpe:/a:microsoft:edge +CVE-2022-1096 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1096 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.55. It is, therefore, affected by a vulnerability as referenced in the March 26, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_99_0_1150_55.nasl +2022-A-0126-S +2021-A-0544-S +2022/03/26 +2023/11/03 +Microsoft Edge (Chromium) < 99.0.1150.55 Vulnerability +2022/03/26 +local +Low +Critical +1.9 +http://www.nessus.org/u?991726b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096 +Upgrade to Microsoft Edge version 99.0.1150.55 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/03/25 +CISA-KNOWN-EXPLOITED:2022/04/18 +IAVA:2022-A-0126-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-23261 +CVE-2022-23262 +CVE-2022-23263 +7.7 +CVE-2022-23263 +6.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2022-23262 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.43. It is, therefore, affected by multiple vulnerabilities as referenced in the February 3, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. (CVE-2022-23263) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. (CVE-2022-23262) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability. (CVE-2022-23261) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_43.nasl +2022/02/03 +2022/05/06 +Microsoft Edge (Chromium) < 98.0.1108.43 Multiple Vulnerabilities +2022/02/03 +local +Low +Medium +1.5 +http://www.nessus.org/u?c8cf985b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23263 +Upgrade to Microsoft Edge version 98.0.1108.43 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/02/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.43 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-42308 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + + - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009) + + - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. + (CVE-2021-38010) + + - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013) + + - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014) + + - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015) + + - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016) + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019) + + - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (CVE-2021-38020) + + - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021) + + - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2021-42308) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2021-43221) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1054_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1054.29 Multiple Vulnerabilities +2023/02/10 +local +Medium +Medium +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1054.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/10 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-26436 +CVE-2021-26439 +CVE-2021-30606 +CVE-2021-30607 +CVE-2021-30608 +CVE-2021-30609 +CVE-2021-30610 +CVE-2021-30611 +CVE-2021-30612 +CVE-2021-30613 +CVE-2021-30614 +CVE-2021-30615 +CVE-2021-30616 +CVE-2021-30617 +CVE-2021-30618 +CVE-2021-30619 +CVE-2021-30620 +CVE-2021-30621 +CVE-2021-30622 +CVE-2021-30623 +CVE-2021-30624 +CVE-2021-36930 +CVE-2021-38641 +CVE-2021-38642 +8.8 +CVE-2021-30624 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-36930 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436) + + - Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439) + + - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606) + + - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607) + + - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608) + + - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609) + + - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610) + + - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611) + + - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612) + + - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613) + + - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614) + + - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615) + + - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616) + + - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617) + + - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618) + + - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619) + + - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620) + + - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621) + + - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622) + + - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623) + + - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_38.nasl +2021-A-0401-S +2021-A-0432-S +2021/09/02 +2022/05/06 +Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities +2021/11/18 +local +Medium +Medium +1.4 +http://www.nessus.org/u?eab98635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38641 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38642 +Upgrade to Microsoft Edge version 93.0.961.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/08/31 +IAVA:2021-A-0401-S +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.38 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2852 +CVE-2022-2853 +CVE-2022-2854 +CVE-2022-2855 +CVE-2022-2857 +CVE-2022-2858 +CVE-2022-2860 +CVE-2022-2861 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2858 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.63. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2022 advisory. + + - Use after free in FedCM. (CVE-2022-2852) + + - Heap buffer overflow in Downloads. (CVE-2022-2853) + + - Use after free in SwiftShader. (CVE-2022-2854) + + - Use after free in ANGLE. (CVE-2022-2855) + + - Use after free in Blink. (CVE-2022-2857) + + - Use after free in Sign-In Flow. (CVE-2022-2858) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2860) + + - Inappropriate implementation in Extensions API. (CVE-2022-2861) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_104_0_1293_63.nasl +2022/08/19 +2022/10/21 +Microsoft Edge (Chromium) < 104.0.1293.63 Multiple Vulnerabilities +2022/08/19 +local +Low +Critical +1.4 +http://www.nessus.org/u?4ce23d54 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2860 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2861 +Upgrade to Microsoft Edge version 104.0.1293.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.63 + + + +365 - 730 days +2022/03/01 +cpe:/a:microsoft:edge +CVE-2022-0603 +CVE-2022-0604 +CVE-2022-0605 +CVE-2022-0606 +CVE-2022-0607 +CVE-2022-0608 +CVE-2022-0609 +CVE-2022-0610 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0610 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.55. It is, therefore, affected by multiple vulnerabilities as referenced in the February 16, 2022 advisory. + + - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610) + + - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604) + + - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605) + + - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_98_0_1108_55.nasl +2022-A-0086-S +2022/02/16 +2022/05/03 +Microsoft Edge (Chromium) < 98.0.1108.55 Multiple Vulnerabilities +2022/02/16 +local +Low +Medium +1.6 +http://www.nessus.org/u?e17239f6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0610 +Upgrade to Microsoft Edge version 98.0.1108.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.0 +2022/02/14 +CISA-KNOWN-EXPLOITED:2022/03/01 +IAVA:2022-A-0086-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.55 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21149 +CVE-2021-21150 +CVE-2021-21151 +CVE-2021-21152 +CVE-2021-21153 +CVE-2021-21154 +CVE-2021-21155 +CVE-2021-21156 +CVE-2021-21157 +9.6 +CVE-2021-21155 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21157 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.74. It is, therefore, affected by multiple vulnerabilities as referenced in the February 17, 2021 advisory. + + - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149) + + - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21150) + + - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151) + + - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152) + + - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153) + + - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21154) + + - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21155) + + - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. (CVE-2021-21156) + + - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_88_0_705_74.nasl +2021/02/17 +2022/05/10 +Microsoft Edge (Chromium) < 88.0.705.74 Multiple Vulnerabilities +2021/02/19 +local +Low +Medium +1.7 +http://www.nessus.org/u?18ef2264 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21149 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21150 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21151 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21152 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21153 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21154 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21155 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21157 +Upgrade to Microsoft Edge version 88.0.705.74 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/02/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.74 + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 86.0.622.38 + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled. +microsoft_ie_esc_detect.nbin +True +True +2024/01/16 +Microsoft Internet Explorer Enhanced Security Configuration Detection +2014/03/07 +local +None +1.261 +http://www.nessus.org/u?a9c4c131 +n/a +The remote host supports IE Enhanced Security Configuration. + + Type : Admin Groups + Is Enabled : True + + Type : User Groups + Is Enabled : True + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.4690.0 + .NET Version : 4.8 + Associated KB : 5033914 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Full + Release : 528449 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Client + Release : 528449 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.39 : f8-ff-c2-37-57-48 +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +b833660ecf813968300795c0037233c7 + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + username : SYSTEM + os : Windows_NT + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ + tmp : %SystemRoot%\TEMP + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules + windir : %SystemRoot% + +Active User Environment Variables + - S-1-5-21-746496990-2641142201-3713043312-500 + temp : %USERPROFILE%\AppData\Local\Temp + path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; + tmp : %USERPROFILE%\AppData\Local\Temp + +b832544bd268ec74c9bd669b3f12564e +182392767cfa4df248be6d5d4e205bd9 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +5ebcb7b6a7ddac56f4261d500234847f + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect and report the PowerShell execution policy for the remote Windows host. +microsoft_windows_powershell_execution_policy.nasl +2020/06/12 +Microsoft Windows PowerShell Execution Policy +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report the PowerShell execution policy for the remote host. +HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned +HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.169,SOT-WIN2K22-01,<00>,UNIQUE,Registered,00:50:56:2F:AE:28 +192.168.40.169,WORKGROUP,<00>,GROUP,Registered,00:50:56:2F:AE:28 +192.168.40.169,SOT-WIN2K22-01,<20>,UNIQUE,Registered,00:50:56:2F:AE:28 + + + +fe0c5015311d0669e78c282b774b5339 + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\Windows\\System32\\mstsc.exe + Version : 10.0.20348.1850 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\e: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \??\volume{17c6c8ff-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\d: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{17c6c900-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\c: + Data : DMIO:ID:1wA*p + Raw data : 444d494f3a49443af4ec3102b5e877419fa219a9aa2ae270 + + Name : \dosdevices\a: + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5012170, Installed on: 2024/02/02 +KB5022507, Installed on: 2023/04/04 +KB5033914, Installed on: 2024/02/02 +KB5034439, Installed on: 2024/02/02 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Google Chrome + Best Confidence Version : 121.0.6167.140 + Version Confidence Level : 3 + All Possible Versions : 121.0.6167.140 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files\Google\Chrome\Application\chrome.exe + Parsed File Version : 121.0.6167.140 + [InstallLocation] : + Raw Value : C:\Program Files\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe" --uninstall --system-level + Parsed File Path : C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe + Parsed File Version : 121.0.6167.140 + [VersionMinor] : + Raw Value : 140 + [Version] : + Raw Value : 121.0.6167.140 + [VersionMajor] : + Raw Value : 6167 + [DisplayVersion] : + Raw Value : 121.0.6167.140 + [DisplayName] : + Raw Value : Google Chrome + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.0.22234872 + Version Confidence Level : 2 + All Possible Versions : 12.3.0.22234872 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523200 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{AF174E64-22CF-4386-A9EC-73F285739998} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 12.3.0.22234872 + [VersionMinor] : + Raw Value : 3 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.135.41 + Version Confidence Level : 2 + All Possible Versions : 1.3.135.41 + Other Version Data + [Version] : + Raw Value : 1.3.135.41 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.135.41 + + - Microsoft Edge + Best Confidence Version : 86.0.622.38 + Version Confidence Level : 3 + All Possible Versions : 86.0.622.38 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 86.0.622.38 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe" --uninstall --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe + Parsed File Version : 86.0.622.38 + [VersionMinor] : + Raw Value : 38 + [Version] : + Raw Value : 86.0.622.38 + [VersionMajor] : + Raw Value : 622 + [DisplayVersion] : + Raw Value : 86.0.622.38 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 121.0.6167.140] [installed on 2024/02/02] +Microsoft Edge [version 86.0.622.38] [installed on 2024/02/02] +Microsoft Edge Update [version 1.3.135.41] +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +VMware Tools [version 12.3.0.22234872] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.18.9.23 + + + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/2/2 9:34 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2024/01/31 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.47 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : S-1-5-21-746496990-2641142201-3713043312 + +The value of 'RestrictAnonymous' setting is : 0 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{0AA30483-C1E7-11EE-9DF4-0050562FAE28}#0000000000100000 + + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry +Logged on users : + - S-1-5-21-746496990-2641142201-3713043312-500 + Domain : SOT-WIN2K22-01 + Username : soteria + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\Windows\system32\MRT.exe + Version : 5.120.24010.1001 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +60 - 180 days +cpe:/a:vmware:tools +CVE-2023-34058 +7.5 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2023-34058 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C +The version of VMware Tools installed on the remote Windows host is 10.3.x, 11.x or 12.x prior to 12.3.5. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +vmware_tools_win_vmsa-2023-0024.nasl +2023-A-0590 +2023/10/26 +2023/11/02 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) +2023/11/01 +local +Medium +Medium +1.2 +https://www.vmware.com/security/advisories/VMSA-2023-0024.html +Upgrade to VMware Tools version 12.3.5 or later. +I +The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability. +Very Low +No recorded events +No recorded events +2023-0024 +7.4 +2023/10/26 +VMSA:2023-0024 +IAVA:2023-A-0590 + + Path : C:\Program Files\VMware\VMware Tools\ + Installed version : 12.3.0.44994 + Fixed version : 12.3.5 + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.0.44994 + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-VMK7H + +Note that all but the final portion of the key has been obfuscated. + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_SOT-WIN2K22-01.csv : lists the loaded modules for each process. + +ab253666b737c9072e081aadc26b5e64 + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- smss.exe (304) + 0 : Registry (100) + 1 : explorer.exe (3040) + 1 : |- vmtoolsd.exe (5600) + 1 : |- AzureArcSysTray.exe (5660) + 0 : MicrosoftEdgeUpdate.exe (3280) + 0 : csrss.exe (416) + 0 : wininit.exe (516) + 0 : |- services.exe (652) + 0 : |- svchost.exe (1028) + 0 : |- svchost.exe (1044) + 0 : |- svchost.exe (1048) + 1 : |- sihost.exe (1340) + 1 : |- svchost.exe (1076) + 0 : |- svchost.exe (1152) + 0 : |- svchost.exe (1180) + 0 : |- svchost.exe (1188) + 0 : |- svchost.exe (1324) + 0 : |- svchost.exe (1372) + 0 : |- svchost.exe (1388) + 0 : |- svchost.exe (1412) + 0 : |- svchost.exe (1452) + 0 : |- svchost.exe (1464) + 0 : |- svchost.exe (1496) + 0 : |- svchost.exe (1540) + 0 : |- svchost.exe (1548) + 1 : |- taskhostw.exe (2700) + 1 : |- taskhostw.exe (3092) + 0 : |- svchost.exe (1628) + 0 : |- svchost.exe (1648) + 0 : |- svchost.exe (1684) + 0 : |- svchost.exe (1692) + 0 : |- svchost.exe (1764) + 0 : |- svchost.exe (1860) + 0 : |- svchost.exe (1868) + 0 : |- svchost.exe (1912) + 0 : |- svchost.exe (1948) + 0 : |- svchost.exe (2076) + 0 : |- svchost.exe (2132) + 0 : |- spoolsv.exe (2192) + 0 : |- svchost.exe (2212) + 0 : |- svchost.exe (2228) + 0 : |- svchost.exe (2244) + 0 : |- AggregatorHost.exe (3204) + 0 : |- svchost.exe (2292) + 0 : |- svchost.exe (2368) + 0 : |- svchost.exe (2396) + 0 : |- svchost.exe (2404) + 0 : |- svchost.exe (2416) + 0 : |- svchost.exe (2444) + 0 : |- VGAuthService.exe (2452) + 0 : |- vm3dservice.exe (2460) + 1 : |- vm3dservice.exe (2796) + 0 : |- svchost.exe (2476) + 0 : |- vmtoolsd.exe (2512) + 0 : |- MsMpEng.exe (2548) + 0 : |- svchost.exe (2564) + 0 : |- WMIADAP.exe (2620) + 0 : |- svchost.exe (2624) + 0 : |- svchost.exe (2720) + 0 : |- svchost.exe (3104) + 1 : |- svchost.exe (3188) + 0 : |- svchost.exe (3256) + 1 : |- ctfmon.exe (3572) + 0 : |- svchost.exe (3260) + 0 : |- dllhost.exe (3288) + 0 : |- svchost.exe (360) + 0 : |- msdtc.exe (3732) + 0 : |- svchost.exe (380) + 0 : |- svchost.exe (3884) + 0 : |- NisSrv.exe (3964) + 0 : |- svchost.exe (4092) + 1 : |- svchost.exe (4808) + 0 : |- svchost.exe (5752) + 0 : |- svchost.exe (5968) + 0 : |- svchost.exe (684) + 0 : |- svchost.exe (700) + 0 : |- svchost.exe (776) + 0 : |- WmiPrvSE.exe (2008) + 0 : |- WmiPrvSE.exe (3468) + 1 : |- TextInputHost.exe (4164) + 1 : |- StartMenuExperienceHost.exe (4184) + 1 : |- RuntimeBroker.exe (4356) + 1 : |- dllhost.exe (4412) + 1 : |- SearchApp.exe (4456) + 1 : |- RuntimeBroker.exe (4580) + 0 : |- WmiPrvSE.exe (4960) + 1 : |- RuntimeBroker.exe (5476) + 0 : |- svchost.exe (884) + 0 : |- svchost.exe (944) + 0 : |- lsass.exe (668) + 0 : |- fontdrvhost.exe (808) + 1 : csrss.exe (524) + 1 : winlogon.exe (612) + 1 : |- dwm.exe (1012) + 1 : |- fontdrvhost.exe (800) + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : VMware, Inc. + Version : VMW201.00V.21805430.B64.2305221830 + Release date : 20230522000000.000000+000 + UUID : 21394D56-792D-63B3-3974-36FDC1918C5F + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +6f2c7a3202459d973a5c99154a4426f0 + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +141e985f6f3e551bd1ca5d6e55f497ad + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\themeservice.dll,-8192 : Themes +@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker +@combase.dll,-5010 : Remote Procedure Call (RPC) +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness +@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@combase.dll,-5012 : DCOM Server Process Launcher +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%windir%\system32\lsm.dll,-1001 : Local Session Manager +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\spoolsv.exe,-1 : Print Spooler +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\umpo.dll,-100 : Power +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\usermgr.dll,-100 : User Manager +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@gpapi.dll,-112 : Group Policy Client +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\profsvc.dll,-300 : User Profile Service +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation +c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame +c:\windows\regedit.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation +c:\windows\explorer.exe.friendlyappname : Windows Explorer +c:\windows\explorer.exe.applicationcompany : Microsoft Corporation +langid : . +c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console +c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation +c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll +c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt +c:\windows\regedit.exe.friendlyappname : Registry Editor +c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\appresolver.dll.friendlyappname : App Resolver +@%systemroot%\system32\themeservice.dll,-8192 : Themes +@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker +@combase.dll,-5010 : Remote Procedure Call (RPC) +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness +@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@combase.dll,-5012 : DCOM Server Process Launcher +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%windir%\system32\lsm.dll,-1001 : Local Session Manager +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\spoolsv.exe,-1 : Print Spooler +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\umpo.dll,-100 : Power +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\usermgr.dll,-100 : User Manager +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@gpapi.dll,-112 : Group Policy Client +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\profsvc.dll,-300 : User Profile Service +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search + +MUICache report attached. + +ac502e0424c78f1b42173f8007f8aee4 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below : + + - Administrative Tools + - AppData + - Cache + - CD Burning + - Cookies + - Desktop + - Favorites + - Fonts + - History + - Local AppData + - My Music + - My Pictures + - My Video + - NetHood + - Personal + - PrintHood + - Programs + - Recent + - SendTo + - Start Menu + - Startup + - Templates +microsoft_windows_shellfolder_settings.nasl +2018/05/16 +User Shell Folders Settings +2016/07/19 +local +None +1.5 +https://technet.microsoft.com/en-us/library/cc962613.aspx +n/a +Nessus was able to find the folder paths for user folders on the remote host. +soteria + - {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches + - {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries + - {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads + - recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent + - my video : C:\Users\Administrator\Videos + - my music : C:\Users\Administrator\Music + - {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts + - {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links + - {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow + - sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo + - start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu + - cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies + - personal : C:\Users\Administrator\Documents + - administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools + - startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup + - nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts + - history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History + - {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games + - {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles + - !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead + - local appdata : C:\Users\Administrator\AppData\Local + - my pictures : C:\Users\Administrator\Pictures + - templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates + - printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts + - cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache + - desktop : C:\Users\Administrator\Desktop + - programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs + - fonts : C:\Windows\Fonts + - cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn + - favorites : C:\Users\Administrator\Favorites + - appdata : C:\Users\Administrator\AppData\Roaming + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence of files opened by file type from the remote host. +microsoft_windows_recent_files.nasl +2018/11/15 +Recent File History +2016/07/19 +local +None +1.7 +https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html +n/a +Nessus was able to enumerate recently opened files on the remote host. +C:\\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Recent\System.lnk + +Recent files found in registry and appdata attached. + +180ce4e1aa2ac894ea609ed77f02146f +0409b86ac9ed24d82d1cf4ecaa974d30 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Administrator\Downloads\desktop.ini +C:\\Users\degthat\Downloads\desktop.ini +C:\\Users\degthat.WIN-95GFQRRMAS4\Downloads\desktop.ini +C:\\Users\Public\Downloads\desktop.ini + +Download folder content report attached. + +5699da73297fce020d8b43680ac05977 + + +windows +cpe:/o:microsoft:windows +Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user. +microsoft_windows_regedit_lastkey.nasl +2018/11/15 +Registry Editor Last Accessed +2016/07/19 +local +None +1.6 +https://support.microsoft.com/en-us/help/244004 +n/a +Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host. +soteria + - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. +microsoft.windows.controlpanel +windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel +microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5} +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe +{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk +microsoft.windows.search_cw5n1h2txyewy!cortanaui +c:\users\administrator\desktop\chromestandalonesetup64.exe +microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy!app +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk +ueme_ctlcuacount:ctor +{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe +{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemtemp\gum9559.tmp\googleupdate.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe +microsoft.windows.explorer +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe +ueme_ctlsession +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\registry editor.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe +chrome + +Extended userassist report attached. + +8db410e71c9d6e1c16d8859f38a8132a + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-544 +Members : + Name : soteria + Domain : SOT-WIN2K22-01 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Name : degthat + Domain : SOT-WIN2K22-01 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + +Group Name : Backup Operators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-551 +Members : + +Group Name : Certificate Service DCOM Access +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-574 +Members : + +Group Name : Cryptographic Operators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-569 +Members : + +Group Name : Device Owners +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-583 +Members : + +Group Name : Distributed COM Users +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-546 +Members : + Name : Guest + Domain : SOT-WIN2K22-01 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-501 + +Group Name : Hyper-V Administrators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-568 +Members : + Name : IUSR + Domain : SOT-WIN2K22-01 + Class : Win32_SystemAccount + SID : S-1-5-17 + +Group Name : Network Configuration Operators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-558 +Members : + +Group Name : Power Users +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-547 +Members : + +Group Name : Print Operators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-550 +Members : + +Group Name : RDS Endpoint Servers +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-576 +Members : + +Group Name : RDS Management Servers +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-577 +Members : + +Group Name : RDS Remote Access Servers +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-575 +Members : + +Group Name : Remote Desktop Users +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-552 +Members : + +Group Name : Storage Replica Administrators +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-582 +Members : + +Group Name : System Managed Accounts Group +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : SOT-WIN2K22-01 + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + +Group Name : Users +Host Name : SOT-WIN2K22-01 +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : SOT-WIN2K22-01 + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : SOT-WIN2K22-01 + Class : Win32_SystemAccount + SID : S-1-5-11 + + + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware20,1 + Computer SerialNumber : VMware-56 4d 39 21 2d 79 b3 63-39 74 36 fd c1 91 8c 5f + Computer Type : Other + + Computer Physical CPU's : 2 + Computer Logical CPU's : 2 + CPU0 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + CPU1 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + + Computer Memory : 4095 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 4096 MB + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.3 + Driver Date : 04/28/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +windows +True +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI. +wmi_enum_qfes.nbin +2024/01/16 +WMI QuickFixEngineering (QFE) Enumeration +2011/02/16 +local +None +1.220 +http://www.nessus.org/u?0c4ec249 +n/a +The remote Windows host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + ++ KB5033914 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5012170 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034129 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034286 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5034439 + - Description : Security Update + - InstalledOn : 2/2/2024 + +Note that for detailed information on installed QFE's such as InstalledBy, Caption, +and so on, please run the scan with 'Report Verbosity' set to 'verbose'. + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d 39 21 2d 79 b3 63-39 74 36 fd c1 91 8c 5f + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware20,1 + - UUID : 21394D56-792D-63B3-3974-36FDC1918C5F + - Version : None + + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - .NET Framework 4.8 + - .NET Framework 4.8 Features + - Azure Arc Setup + - File and Storage Services + - Microsoft Defender Antivirus + - Storage Services + - System Data Archiver + - TCP Port Sharing + - WCF Services + - Windows PowerShell + - Windows PowerShell 5.1 + - WoW64 Support + - XPS Viewer + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.1.20348.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.20348 +Architecture = x64 +Build lab extended = 20348.1.amd64fre.fe_release.210507-1500 + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 516). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 5968). + +This process 'svchost.exe' (pid 5968) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 652). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1684). + +This process 'svchost.exe' (pid 1684) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1548). + +This process 'svchost.exe' (pid 1548) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2416). + +This process 'svchost.exe' (pid 2416) is hosting the following Windows services : +PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2192). + +This process 'spoolsv.exe' (pid 2192) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2476). + +This process 'svchost.exe' (pid 2476) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 884). + +This process 'svchost.exe' (pid 884) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1684). + +This process 'svchost.exe' (pid 1684) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 668). + +This process 'lsass.exe' (pid 668) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1152). + +This process 'svchost.exe' (pid 1152) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2564). + +This process 'svchost.exe' (pid 2564) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 5968). + +This process 'svchost.exe' (pid 5968) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: DefaultAccount + SID: S-1-5-21-746496990-2641142201-3713043312-503 + DisableCMD: Unset + +Username: soteria + SID: S-1-5-21-746496990-2641142201-3713043312-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-746496990-2641142201-3713043312-504 + DisableCMD: Unset + +Username: Guest + SID: S-1-5-21-746496990-2641142201-3713043312-501 + DisableCMD: Unset + +Username: degthat + SID: S-1-5-21-746496990-2641142201-3713043312-1001 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : DefaultAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : degthat + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Guest + SID : S-1-5-21-746496990-2641142201-3713043312-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : soteria + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-746496990-2641142201-3713043312-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 5 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 20 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 64480/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 64479/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 47001/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5985/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:50:56:2F:AE:28 + - IPAddress/IPSubnet = 192.168.40.169/255.255.255.0 + - IPAddress/IPSubnet = fe80::b954:40ae:e055:e821/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.169 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows Server 2022 Standard + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +Nessus was able to obtain the following information about the host, by +parsing the SMB2 Protocol's NTLM SSP message: + + Target Name: SOT-WIN2K22-01 + NetBIOS Domain Name: SOT-WIN2K22-01 + NetBIOS Computer Name: SOT-WIN2K22-01 + DNS Domain Name: SOT-WIN2K22-01 + DNS Computer Name: SOT-WIN2K22-01 + DNS Tree Name: unknown + Product Version: 10.0.20348 + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 3 NetBIOS names have been gathered : + + SOT-WIN2K22-01 = Computer name + WORKGROUP = Workgroup / Domain name + SOT-WIN2K22-01 = File Server Service + +The remote host has the following MAC address on its adapter : + + 00:50:56:2f:ae:28 + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 64479 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Remote RPC service +TCP Port : 64479 +IP : 192.168.40.169 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.169 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.169 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.169 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.169 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.169 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.169 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.169 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-01 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-01 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a111f1c5-5923-47c0-9a68-d0bafb577901, version 1.0 +Description : Unknown RPC service +Annotation : NetSetup API +Type : Local RPC service +Named pipe : LRPC-26b5f64b6c48607deb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-5832130e4ee2f46af0 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE240D1B2B3AEEBF9C6CD4C2F05E6A + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c0829186c2da00b009 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE240D1B2B3AEEBF9C6CD4C2F05E6A + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c0829186c2da00b009 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE240D1B2B3AEEBF9C6CD4C2F05E6A + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-c0829186c2da00b009 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d8140e00-5c46-4ae6-80ac-2f9a76df224c, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-33d4082f90af74f65b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d249bd56-4cc0-4fd3-8ce6-6fe050d590cb, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-33d4082f90af74f65b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 +Description : Unknown RPC service +Annotation : PcaSvc +Type : Local RPC service +Named pipe : LRPC-f77a552fc397ad42a0 + +Object UUID : 8261d809-2d4b-4cb9-a475-bcd01ff9f65c +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-3d6fde2e728e63fc0c + +Object UUID : f28d3f08-153d-464a-8aad-971c0ecbfc52 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-3d6fde2e728e63fc0c + +Object UUID : 2fd5224e-df9c-4906-b6c7-5063d084b4f1 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-3d6fde2e728e63fc0c + +Object UUID : 8caed748-f749-4a0d-9221-47db37782c82 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLE55B7C64E8833089E6073E5506AF7 + +Object UUID : 8caed748-f749-4a0d-9221-47db37782c82 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-b4e5e13fab70ed1b58 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-44bee28df9e2bc51c3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7df1ceae-de4e-4e6f-ab14-49636e7c2052, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6c5d01811bf3f19c56 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE36FD06A0059EA0C20BE5B6FCB6D1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72d90197bd5b29c117 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-bdaf91bd011128db21 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-bdaf91bd011128db21 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-b2b1da0a3d0f6cc00f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-b2b1da0a3d0f6cc00f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-b2b1da0a3d0f6cc00f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-b2b1da0a3d0f6cc00f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLEAD341D02C3B625C763131EF7FFD2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-dbb819f5401aad4913 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dbb819f5401aad4913 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dbb819f5401aad4913 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dbb819f5401aad4913 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-dbb819f5401aad4913 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLED1D45A63E2631679BE1E8EF33629 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-00c1785c68d085fe8a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLED1D45A63E2631679BE1E8EF33629 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-00c1785c68d085fe8a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE014783DCB6D918449ACF08BB7478 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-47e4e11479a6946693 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE014783DCB6D918449ACF08BB7478 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-47e4e11479a6946693 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE014783DCB6D918449ACF08BB7478 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-47e4e11479a6946693 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE014783DCB6D918449ACF08BB7478 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-47e4e11479a6946693 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE014783DCB6D918449ACF08BB7478 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-47e4e11479a6946693 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-7ba2f34f8b45457dd0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7ba2f34f8b45457dd0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-f8cd1e5eb7361168e7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7ba2f34f8b45457dd0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-f8cd1e5eb7361168e7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-342eb97f33cd6cbc8a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7ba2f34f8b45457dd0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-f8cd1e5eb7361168e7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-342eb97f33cd6cbc8a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-da75e6701e781574ce + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-673645130704ca0468 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-673645130704ca0468 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-673645130704ca0468 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : OLEDB5A3FADA2769668CC1864DE49A7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : LRPC-4e220fbfb86023dc58 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-47cf826ea4d9433bdc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : add29f32-dfee-46f6-8729-bf7ffe9c9621 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-4e84415a9ac9d961ec + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-67dfd3af842e0a7ad0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-2b738f139df3146a78 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-2b738f139df3146a78 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-2b738f139df3146a78 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2b738f139df3146a78 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2e0b50809ccb534956 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2b738f139df3146a78 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2e0b50809ccb534956 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2b738f139df3146a78 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2e0b50809ccb534956 + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 6c637067-6569-746e-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-b3d167bd3f69f7267e + +Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 +UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 +Description : Unknown RPC service +Annotation : Group Policy RPC Interface +Type : Local RPC service +Named pipe : LRPC-ce4b6b1e2cac53c0d6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-2f62602f377c84de15 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE624DF6E5694DC0687AE01BEC04AE + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ce1674c621474ca625 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2a1f928a118c4ac0f7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1ac51d21182f2886fe + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-2a1f928a118c4ac0f7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLE905E5DFE4E9B0AE19884BA3925FC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-42c29421f0121e2357 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7f3fb41ada38c30e4c + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3547ccf82587ddbf20 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3547ccf82587ddbf20 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5f077a04fe51f7e6c7 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A5A51 + +Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 +UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 +Description : Unknown RPC service +Annotation : Secure Desktop LRPC interface +Type : Local RPC service +Named pipe : WMsgKRpc0A5A51 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-745c41ab54500a2c0e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ac32b1052da0aebbd4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ac32b1052da0aebbd4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a795631afaecfb793c + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ac32b1052da0aebbd4 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a795631afaecfb793c + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ac32b1052da0aebbd4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a795631afaecfb793c + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a34fcd5d121ac7badb + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ac32b1052da0aebbd4 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a795631afaecfb793c + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a34fcd5d121ac7badb + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cc5fbee4b32e4d1097 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE8B45F644E9C34E2E668D657BA4A0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2c5905167d28a2077d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-ac32b1052da0aebbd4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a795631afaecfb793c + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a34fcd5d121ac7badb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : dabrpc + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A2890 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A2890 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + +CVE-2023-32027, CVE-2023-32026, CVE-2023-32025, CVE-2023-29356, CVE-2023-29349, CVE-2023-28304, CVE-2023-23375 +7 +Security Updates for Microsoft SQL Server ODBC Driver (June 2023): Microsoft has released security updates for the Microsoft SQL Driver. +1706896092 +Fri Feb 2 09:48:12 2024 +1001 +0 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024): Upgrade to VMware Tools version 12.3.5 or later. +CVE-2024-21388, CVE-2024-21337, CVE-2024-20721, CVE-2024-20709, CVE-2024-20675, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996, CVE-2023-5859, CVE-2023-5858, CVE-2023-5857, CVE-2023-5856, CVE-2023-5855, CVE-2023-5854, CVE-2023-5853, CVE-2023-5852, CVE-2023-5851, CVE-2023-5850, CVE-2023-5849, CVE-2023-5487, CVE-2023-5486, CVE-2023-5485, CVE-2023-5484, CVE-2023-5483, CVE-2023-5482, CVE-2023-5481, CVE-2023-5480, CVE-2023-5479, CVE-2023-5478, CVE-2023-5477, CVE-2023-5476, CVE-2023-5475, CVE-2023-5474, CVE-2023-5473, CVE-2023-5472, CVE-2023-5346, CVE-2023-5218, CVE-2023-5217, CVE-2023-5187, CVE-2023-5186, CVE-2023-4909, CVE-2023-4908, CVE-2023-4907, CVE-2023-4906, CVE-2023-4905, CVE-2023-4904, CVE-2023-4903, CVE-2023-4902, CVE-2023-4901, CVE-2023-4900, CVE-2023-4863, CVE-2023-4764, CVE-2023-4763, CVE-2023-4762, CVE-2023-4761, CVE-2023-4572, CVE-2023-44323, CVE-2023-4431, CVE-2023-4430, CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4368, CVE-2023-4367, CVE-2023-4366, CVE-2023-4365, CVE-2023-4364, CVE-2023-4363, CVE-2023-4362, CVE-2023-4361, CVE-2023-4360, CVE-2023-4359, CVE-2023-4358, CVE-2023-4357, CVE-2023-4356, CVE-2023-4355, CVE-2023-4354, CVE-2023-4353, CVE-2023-4352, CVE-2023-4351, CVE-2023-4350, CVE-2023-4349, CVE-2023-4078, CVE-2023-4077, CVE-2023-4076, CVE-2023-4075, CVE-2023-4074, CVE-2023-4073, CVE-2023-4072, CVE-2023-4071, CVE-2023-4070, CVE-2023-4069, CVE-2023-4068, CVE-2023-38187, CVE-2023-38174, CVE-2023-38173, CVE-2023-38158, CVE-2023-38157, CVE-2023-3740, CVE-2023-3738, CVE-2023-3737, CVE-2023-3736, CVE-2023-3735, CVE-2023-3734, CVE-2023-3733, CVE-2023-3732, CVE-2023-3730, CVE-2023-3728, CVE-2023-3727, CVE-2023-36888, CVE-2023-36887, CVE-2023-36883, CVE-2023-36880, CVE-2023-36878, CVE-2023-36787, CVE-2023-36741, CVE-2023-36735, CVE-2023-36727, CVE-2023-36562, CVE-2023-36559, CVE-2023-36409, CVE-2023-36034, CVE-2023-36029, CVE-2023-36026, CVE-2023-36024, CVE-2023-36022, CVE-2023-36014, CVE-2023-36008, CVE-2023-35618, CVE-2023-35392, CVE-2023-3422, CVE-2023-3421, CVE-2023-3420, CVE-2023-33145, CVE-2023-3217, CVE-2023-3216, CVE-2023-3215, CVE-2023-3214, CVE-2023-3079, CVE-2023-29354, CVE-2023-29350, CVE-2023-29334, CVE-2023-28301, CVE-2023-28286, CVE-2023-28284, CVE-2023-28261, CVE-2023-2726, CVE-2023-2725, CVE-2023-2724, CVE-2023-2723, CVE-2023-2722, CVE-2023-2721, CVE-2023-24935, CVE-2023-2468, CVE-2023-2467, CVE-2023-2466, CVE-2023-2465, CVE-2023-2464, CVE-2023-2463, CVE-2023-2462, CVE-2023-2460, CVE-2023-2459, CVE-2023-23374, CVE-2023-2312, CVE-2023-21795, CVE-2023-21794, CVE-2023-21720, CVE-2023-21719, CVE-2023-2137, CVE-2023-2135, CVE-2023-2134, CVE-2023-2133, CVE-2023-2033, CVE-2023-1999, CVE-2023-1534, CVE-2023-1533, CVE-2023-1532, CVE-2023-1531, CVE-2023-1530, CVE-2023-1529, CVE-2023-1528, CVE-2023-1236, CVE-2023-1235, CVE-2023-1234, CVE-2023-1233, CVE-2023-1232, CVE-2023-1231, CVE-2023-1230, CVE-2023-1229, CVE-2023-1228, CVE-2023-1224, CVE-2023-1223, CVE-2023-1222, CVE-2023-1221, CVE-2023-1220, CVE-2023-1219, CVE-2023-1218, CVE-2023-1217, CVE-2023-1216, CVE-2023-1215, CVE-2023-1214, CVE-2023-1213, CVE-2023-0941, CVE-2023-0933, CVE-2023-0932, CVE-2023-0931, CVE-2023-0930, CVE-2023-0929, CVE-2023-0928, CVE-2023-0927, CVE-2023-0705, CVE-2023-0704, CVE-2023-0703, CVE-2023-0702, CVE-2023-0701, CVE-2023-0700, CVE-2023-0699, CVE-2023-0698, CVE-2023-0697, CVE-2023-0696, CVE-2023-0474, CVE-2023-0473, CVE-2023-0472, CVE-2023-0471, CVE-2023-0141, CVE-2023-0140, CVE-2023-0139, CVE-2023-0138, CVE-2023-0136, CVE-2023-0135, CVE-2023-0134, CVE-2023-0133, CVE-2023-0132, CVE-2023-0131, CVE-2023-0130, CVE-2023-0129, CVE-2022-44708, CVE-2022-44688, CVE-2022-4440, CVE-2022-4439, CVE-2022-4438, CVE-2022-4437, CVE-2022-4436, CVE-2022-4262, CVE-2022-4195, CVE-2022-4194, CVE-2022-4193, CVE-2022-4192, CVE-2022-4191, CVE-2022-4190, CVE-2022-4189, CVE-2022-4188, CVE-2022-4187, CVE-2022-4186, CVE-2022-4185, CVE-2022-4184, CVE-2022-4183, CVE-2022-4182, CVE-2022-4181, CVE-2022-4180, CVE-2022-4179, CVE-2022-4178, CVE-2022-4177, CVE-2022-4175, CVE-2022-4174, CVE-2022-4135, CVE-2022-41115, CVE-2022-3890, CVE-2022-3889, CVE-2022-3888, CVE-2022-3887, CVE-2022-3886, CVE-2022-3885, CVE-2022-38012, CVE-2022-3723, CVE-2022-3661, CVE-2022-3660, CVE-2022-3657, CVE-2022-3656, CVE-2022-3655, CVE-2022-3654, CVE-2022-3653, CVE-2022-3652, CVE-2022-35796, CVE-2022-3450, CVE-2022-3449, CVE-2022-3447, CVE-2022-3446, CVE-2022-3445, CVE-2022-3373, CVE-2022-3370, CVE-2022-33680, CVE-2022-33649, CVE-2022-33639, CVE-2022-33636, CVE-2022-3200, CVE-2022-3199, CVE-2022-3198, CVE-2022-3197, CVE-2022-3196, CVE-2022-3195, CVE-2022-3075, CVE-2022-3058, CVE-2022-3057, CVE-2022-3056, CVE-2022-3055, CVE-2022-3054, CVE-2022-3053, CVE-2022-3047, CVE-2022-3046, CVE-2022-3045, CVE-2022-3044, CVE-2022-3041, CVE-2022-3040, CVE-2022-3039, CVE-2022-3038, CVE-2022-30128, CVE-2022-30127, CVE-2022-29147, CVE-2022-29146, CVE-2022-29144, CVE-2022-2861, CVE-2022-2860, CVE-2022-2858, CVE-2022-2857, CVE-2022-2856, CVE-2022-2855, CVE-2022-2854, CVE-2022-2853, CVE-2022-2852, CVE-2022-26912, CVE-2022-26909, CVE-2022-26908, CVE-2022-26905, CVE-2022-26900, CVE-2022-26899, CVE-2022-26895, CVE-2022-26894, CVE-2022-26891, CVE-2022-2624, CVE-2022-2623, CVE-2022-2622, CVE-2022-2621, CVE-2022-2619, CVE-2022-2618, CVE-2022-2617, CVE-2022-2616, CVE-2022-2615, CVE-2022-2614, CVE-2022-2612, CVE-2022-2611, CVE-2022-2610, CVE-2022-2606, CVE-2022-2605, CVE-2022-2604, CVE-2022-2603, CVE-2022-2481, CVE-2022-2480, CVE-2022-2479, CVE-2022-2478, CVE-2022-2477, CVE-2022-24523, CVE-2022-24475, CVE-2022-23264, CVE-2022-23263, CVE-2022-23262, CVE-2022-23261, CVE-2022-23258, CVE-2022-2294, CVE-2022-22021, CVE-2022-21970, CVE-2022-21954, CVE-2022-21931, CVE-2022-21930, CVE-2022-21929, CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, CVE-2022-2007, CVE-2022-1876, CVE-2022-1875, CVE-2022-1874, CVE-2022-1873, CVE-2022-1872, CVE-2022-1871, CVE-2022-1870, CVE-2022-1869, CVE-2022-1868, CVE-2022-1867, CVE-2022-1865, CVE-2022-1864, CVE-2022-1863, CVE-2022-1862, CVE-2022-1859, CVE-2022-1858, CVE-2022-1857, CVE-2022-1856, CVE-2022-1855, CVE-2022-1854, CVE-2022-1853, CVE-2022-1640, CVE-2022-1639, CVE-2022-1638, CVE-2022-1637, CVE-2022-1636, CVE-2022-1635, CVE-2022-1634, CVE-2022-1501, CVE-2022-1500, CVE-2022-1499, CVE-2022-1498, CVE-2022-1497, CVE-2022-1495, CVE-2022-1494, CVE-2022-1493, CVE-2022-1492, CVE-2022-1491, CVE-2022-1490, CVE-2022-1488, CVE-2022-1487, CVE-2022-1486, CVE-2022-1485, CVE-2022-1484, CVE-2022-1483, CVE-2022-1482, CVE-2022-1481, CVE-2022-1479, CVE-2022-1478, CVE-2022-1477, CVE-2022-1364, CVE-2022-1314, CVE-2022-1313, CVE-2022-1312, CVE-2022-1310, CVE-2022-1309, CVE-2022-1308, CVE-2022-1307, CVE-2022-1306, CVE-2022-1305, CVE-2022-1232, CVE-2022-1146, CVE-2022-1145, CVE-2022-1143, CVE-2022-1139, CVE-2022-1138, CVE-2022-1137, CVE-2022-1136, CVE-2022-1135, CVE-2022-1134, CVE-2022-1133, CVE-2022-1131, CVE-2022-1130, CVE-2022-1129, CVE-2022-1128, CVE-2022-1127, CVE-2022-1125, CVE-2022-1096, CVE-2022-0980, CVE-2022-0979, CVE-2022-0978, CVE-2022-0977, CVE-2022-0976, CVE-2022-0975, CVE-2022-0974, CVE-2022-0973, CVE-2022-0972, CVE-2022-0971, CVE-2022-0809, CVE-2022-0808, CVE-2022-0807, CVE-2022-0806, CVE-2022-0805, CVE-2022-0804, CVE-2022-0803, CVE-2022-0802, CVE-2022-0801, CVE-2022-0800, CVE-2022-0799, CVE-2022-0798, CVE-2022-0797, CVE-2022-0796, CVE-2022-0795, CVE-2022-0794, CVE-2022-0793, CVE-2022-0792, CVE-2022-0791, CVE-2022-0790, CVE-2022-0789, CVE-2022-0610, CVE-2022-0609, CVE-2022-0608, CVE-2022-0607, CVE-2022-0606, CVE-2022-0605, CVE-2022-0604, CVE-2022-0603, CVE-2022-0120, CVE-2022-0118, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0109, CVE-2022-0108, CVE-2022-0107, CVE-2022-0106, CVE-2022-0105, CVE-2022-0104, CVE-2022-0103, CVE-2022-0102, CVE-2022-0101, CVE-2022-0100, CVE-2022-0099, CVE-2022-0098, CVE-2022-0097, CVE-2022-0096, CVE-2021-43221, CVE-2021-42308, CVE-2021-42307, CVE-2021-4102, CVE-2021-4101, CVE-2021-4100, CVE-2021-4099, CVE-2021-4098, CVE-2021-4068, CVE-2021-4067, CVE-2021-4066, CVE-2021-4065, CVE-2021-4064, CVE-2021-4063, CVE-2021-4062, CVE-2021-4061, CVE-2021-4059, CVE-2021-4058, CVE-2021-4057, CVE-2021-4056, CVE-2021-4055, CVE-2021-4054, CVE-2021-4053, CVE-2021-4052, CVE-2021-38669, CVE-2021-38642, CVE-2021-38641, CVE-2021-38022, CVE-2021-38021, CVE-2021-38020, CVE-2021-38019, CVE-2021-38018, CVE-2021-38017, CVE-2021-38016, CVE-2021-38015, CVE-2021-38014, CVE-2021-38013, CVE-2021-38012, CVE-2021-38011, CVE-2021-38010, CVE-2021-38009, CVE-2021-38008, CVE-2021-38007, CVE-2021-38006, CVE-2021-38005, CVE-2021-38003, CVE-2021-38002, CVE-2021-38001, CVE-2021-38000, CVE-2021-37999, CVE-2021-37998, CVE-2021-37997, CVE-2021-37996, CVE-2021-37995, CVE-2021-37994, CVE-2021-37993, CVE-2021-37992, CVE-2021-37991, CVE-2021-37990, CVE-2021-37989, CVE-2021-37988, CVE-2021-37987, CVE-2021-37986, CVE-2021-37985, CVE-2021-37984, CVE-2021-37983, CVE-2021-37982, CVE-2021-37981, CVE-2021-37980, CVE-2021-37979, CVE-2021-37978, CVE-2021-37977, CVE-2021-37976, CVE-2021-37975, CVE-2021-37974, CVE-2021-37973, CVE-2021-37972, CVE-2021-37971, CVE-2021-37970, CVE-2021-37969, CVE-2021-37968, CVE-2021-37967, CVE-2021-37966, CVE-2021-37965, CVE-2021-37964, CVE-2021-37963, CVE-2021-37962, CVE-2021-37961, CVE-2021-37959, CVE-2021-37958, CVE-2021-37957, CVE-2021-37956, CVE-2021-36930, CVE-2021-34506, CVE-2021-34475, CVE-2021-33741, CVE-2021-30633, CVE-2021-30632, CVE-2021-30630, CVE-2021-30629, CVE-2021-30628, CVE-2021-30627, CVE-2021-30626, CVE-2021-30625, CVE-2021-30624, CVE-2021-30623, CVE-2021-30622, CVE-2021-30621, CVE-2021-30620, CVE-2021-30619, CVE-2021-30618, CVE-2021-30617, CVE-2021-30616, CVE-2021-30615, CVE-2021-30614, CVE-2021-30613, CVE-2021-30612, CVE-2021-30611, CVE-2021-30610, CVE-2021-30609, CVE-2021-30608, CVE-2021-30607, CVE-2021-30606, CVE-2021-30604, CVE-2021-30603, CVE-2021-30602, CVE-2021-30601, CVE-2021-30599, CVE-2021-30598, CVE-2021-30597, CVE-2021-30596, CVE-2021-30594, CVE-2021-30593, CVE-2021-30592, CVE-2021-30591, CVE-2021-30590, CVE-2021-30589, CVE-2021-30588, CVE-2021-30587, CVE-2021-30586, CVE-2021-30585, CVE-2021-30584, CVE-2021-30583, CVE-2021-30582, CVE-2021-30581, CVE-2021-30580, CVE-2021-30579, CVE-2021-30578, CVE-2021-30577, CVE-2021-30576, CVE-2021-30575, CVE-2021-30574, CVE-2021-30573, CVE-2021-30572, CVE-2021-30571, CVE-2021-30569, CVE-2021-30568, CVE-2021-30567, CVE-2021-30566, CVE-2021-30565, CVE-2021-30564, CVE-2021-30563, CVE-2021-30562, CVE-2021-30561, CVE-2021-30560, CVE-2021-30559, CVE-2021-30557, CVE-2021-30556, CVE-2021-30555, CVE-2021-30554, CVE-2021-30553, CVE-2021-30552, CVE-2021-30551, CVE-2021-30550, CVE-2021-30549, CVE-2021-30548, CVE-2021-30547, CVE-2021-30546, CVE-2021-30545, CVE-2021-30544, CVE-2021-30541, CVE-2021-30540, CVE-2021-30539, CVE-2021-30538, CVE-2021-30537, CVE-2021-30536, CVE-2021-30535, CVE-2021-30534, CVE-2021-30533, CVE-2021-30532, CVE-2021-30531, CVE-2021-30530, CVE-2021-30529, CVE-2021-30528, CVE-2021-30527, CVE-2021-30526, CVE-2021-30525, CVE-2021-30524, CVE-2021-30523, CVE-2021-30522, CVE-2021-30521, CVE-2021-30520, CVE-2021-30519, CVE-2021-30518, CVE-2021-30517, CVE-2021-30516, CVE-2021-30515, CVE-2021-30514, CVE-2021-30513, CVE-2021-30512, CVE-2021-30511, CVE-2021-30510, CVE-2021-30509, CVE-2021-30508, CVE-2021-30507, CVE-2021-30506, CVE-2021-26439, CVE-2021-26436, CVE-2021-24113, CVE-2021-21233, CVE-2021-21232, CVE-2021-21231, CVE-2021-21230, CVE-2021-21229, CVE-2021-21228, CVE-2021-21227, CVE-2021-21226, CVE-2021-21225, CVE-2021-21224, CVE-2021-21223, CVE-2021-21222, CVE-2021-21221, CVE-2021-21220, CVE-2021-21219, CVE-2021-21218, CVE-2021-21217, CVE-2021-21216, CVE-2021-21215, CVE-2021-21214, CVE-2021-21213, CVE-2021-21212, CVE-2021-21211, CVE-2021-21210, CVE-2021-21209, CVE-2021-21208, CVE-2021-21207, CVE-2021-21206, CVE-2021-21205, CVE-2021-21204, CVE-2021-21203, CVE-2021-21202, CVE-2021-21201, CVE-2021-21199, CVE-2021-21198, CVE-2021-21197, CVE-2021-21196, CVE-2021-21195, CVE-2021-21194, CVE-2021-21193, CVE-2021-21192, CVE-2021-21191, CVE-2021-21190, CVE-2021-21189, CVE-2021-21188, CVE-2021-21187, CVE-2021-21186, CVE-2021-21185, CVE-2021-21184, CVE-2021-21183, CVE-2021-21182, CVE-2021-21181, CVE-2021-21180, CVE-2021-21179, CVE-2021-21178, CVE-2021-21177, CVE-2021-21176, CVE-2021-21175, CVE-2021-21174, CVE-2021-21173, CVE-2021-21172, CVE-2021-21171, CVE-2021-21170, CVE-2021-21169, CVE-2021-21168, CVE-2021-21167, CVE-2021-21166, CVE-2021-21165, CVE-2021-21164, CVE-2021-21163, CVE-2021-21162, CVE-2021-21161, CVE-2021-21160, CVE-2021-21159, CVE-2021-21157, CVE-2021-21156, CVE-2021-21155, CVE-2021-21154, CVE-2021-21153, CVE-2021-21152, CVE-2021-21151, CVE-2021-21150, CVE-2021-21149, CVE-2021-21148, CVE-2021-21147, CVE-2021-21146, CVE-2021-21145, CVE-2021-21144, CVE-2021-21143, CVE-2021-21142, CVE-2021-21141, CVE-2021-21140, CVE-2021-21139, CVE-2021-21137, CVE-2021-21136, CVE-2021-21135, CVE-2021-21134, CVE-2021-21133, CVE-2021-21132, CVE-2021-21131, CVE-2021-21130, CVE-2021-21129, CVE-2021-21128, CVE-2021-21127, CVE-2021-21126, CVE-2021-21125, CVE-2021-21124, CVE-2021-21123, CVE-2021-21122, CVE-2021-21121, CVE-2021-21120, CVE-2021-21119, CVE-2021-21118, CVE-2021-21116, CVE-2021-21115, CVE-2021-21114, CVE-2021-21113, CVE-2021-21112, CVE-2021-21111, CVE-2021-21110, CVE-2021-21109, CVE-2021-21108, CVE-2021-21107, CVE-2021-21106, CVE-2020-27844, CVE-2020-16044, CVE-2020-16043, CVE-2020-16042, CVE-2020-16041, CVE-2020-16040, CVE-2020-16039, CVE-2020-16038, CVE-2020-16037, CVE-2020-16036, CVE-2020-16034, CVE-2020-16033, CVE-2020-16032, CVE-2020-16031, CVE-2020-16030, CVE-2020-16029, CVE-2020-16028, CVE-2020-16027, CVE-2020-16026, CVE-2020-16025, CVE-2020-16024, CVE-2020-16023, CVE-2020-16022, CVE-2020-16018, CVE-2020-16017, CVE-2020-16016, CVE-2020-16015, CVE-2020-16014, CVE-2020-16013, CVE-2020-16012, CVE-2020-16011, CVE-2020-16009, CVE-2020-16008, CVE-2020-16007, CVE-2020-16006, CVE-2020-16005, CVE-2020-16004, CVE-2020-16003, CVE-2020-16002, CVE-2020-16001, CVE-2020-16000, CVE-2020-15999, CVE-2020-15995, CVE-2019-8075 +933 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388): Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +1706896092 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"SOT-WIN2K22-SQL","sources":["get_host_fqdn()"]}] +00:50:56:3C:01:08 +general-purpose +Microsoft Windows Server 2022 Standard Build 20348 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-02-02","Signature version":"1.403.3098.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +SOT-WIN2K22-SQL +WORKGROUP +SOT-WIN2K22-SQL +49864D56-90AE-AE92-3262-D4BB39A19CB8 +[{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 7},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 29}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190704_7_p=49667 +SOT-WIN2K22-SQL +true +192.168.40.168\degthat +smb +192.168.40.168 +1706895219 +Fri Feb 2 09:33:39 2024 + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 3 actions : + + +[ Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) (189605) ] + ++ Action to take : Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. + ++Impact : Taking this action will resolve 933 different vulnerabilities (CVEs). + + + +[ Security Updates for Microsoft SQL Server ODBC Driver (June 2023) (178851) ] + ++ Action to take : Microsoft has released security updates for the Microsoft SQL Driver. + ++Impact : Taking this action will resolve 7 different vulnerabilities (CVEs). + + + +[ VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) (184130) ] + ++ Action to take : Upgrade to VMware Tools version 12.3.5 or later. + + + + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202402021215 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria all SVR scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.39 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 3.960 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.168\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/2/2 9:33 Pacific Standard Time +Scan duration : 860 sec +Scan for malware : no + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. +AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-746496990-2641142201-3713043312-500 + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\Windows\system32\mshtml.dll + Version : 11.0.20348.2227 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +180 - 365 days +cpe:/a:microsoft:sql_server +CVE-2023-23384 +7.3 +6.4 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L +3.4 +7.5 +CVE-2023-23384 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-23384) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms23_apr_mssql.nasl +2023-A-0189-S +MS23-5020863 +MS23-5021037 +MS23-5021045 +MS23-5021112 +MS23-5021123 +MS23-5021124 +MS23-5021125 +MS23-5021126 +MS23-5021127 +MS23-5021128 +MS23-5021129 +MS23-5021522 +5020863 +5021037 +5021045 +5021112 +5021123 +5021124 +5021125 +5021126 +5021127 +5021128 +5021129 +5021522 +2023/04/11 +2023/08/11 +Security Updates for Microsoft SQL Server (April 2023) +2023/05/12 +local +Low +High +1.4 +https://support.microsoft.com/en-us/help/5020863 +https://support.microsoft.com/en-us/help/5021037 +https://support.microsoft.com/en-us/help/5021045 +https://support.microsoft.com/en-us/help/5021112 +https://support.microsoft.com/en-us/help/5021123 +https://support.microsoft.com/en-us/help/5021124 +https://support.microsoft.com/en-us/help/5021125 +https://support.microsoft.com/en-us/help/5021126 +https://support.microsoft.com/en-us/help/5021127 +https://support.microsoft.com/en-us/help/5021128 +https://support.microsoft.com/en-us/help/5021129 +https://support.microsoft.com/en-us/help/5021522 +Microsoft has released security updates for Microsoft SQL Server. +I +The Microsoft SQL Server installation on the remote host is missing a security update. +true +Very Low +No recorded events +No recorded events +4.2 +2023/04/11 +MSKB:5020863 +MSKB:5021037 +MSKB:5021045 +MSKB:5021112 +MSKB:5021123 +MSKB:5021124 +MSKB:5021125 +MSKB:5021126 +MSKB:5021127 +MSKB:5021128 +MSKB:5021129 +MSKB:5021522 +MSFT:MS23-5020863 +MSFT:MS23-5021037 +MSFT:MS23-5021045 +MSFT:MS23-5021112 +MSFT:MS23-5021123 +MSFT:MS23-5021124 +MSFT:MS23-5021125 +MSFT:MS23-5021126 +MSFT:MS23-5021127 +MSFT:MS23-5021128 +MSFT:MS23-5021129 +MSFT:MS23-5021522 +IAVA:2023-A-0189-S + + + KB : 5021522 + - E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\sqlservr.exe has not been patched. + Remote version : 2022.160.1000.6 + Should be : 2022.160.1050.5 + + SQL Server Version : 16.0.1000.6 Express Edition + SQL Server Instance : SQLEXPRESS + + + + +180 - 365 days +cpe:/a:microsoft:sql_server +CVE-2023-21528 +CVE-2023-21568 +CVE-2023-21704 +CVE-2023-21705 +CVE-2023-21713 +CVE-2023-21718 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H +5.9 +9.0 +CVE-2023-21713 +7.4 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C +The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-21528, CVE-2023-21568, CVE-2023-21704, CVE-2023-21705, CVE-2023-21713, CVE-2023-21718) +true +Unproven +Exploits are available +smb_nt_ms23_feb_mssql.nasl +2023-A-0086 +MS23-5020863 +MS23-5021112 +MS23-5021126 +MS23-5021129 +MS23-5021522 +MS23-5021127 +MS23-5021045 +MS23-5021037 +MS23-5021128 +MS23-5021124 +MS23-5021125 +5020863 +5021112 +5021126 +5021129 +5021522 +5021127 +5021045 +5021037 +5021128 +5021123 +5021124 +5021125 +2023/02/14 +2023/09/04 +Security Updates for Microsoft SQL Server (February 2023) +2023/02/17 +local +Low +High +1.5 +https://support.microsoft.com/en-us/help/5020863 +https://support.microsoft.com/en-us/help/5021112 +https://support.microsoft.com/en-us/help/5021126 +https://support.microsoft.com/en-us/help/5021129 +https://support.microsoft.com/en-us/help/5021522 +https://support.microsoft.com/en-us/help/5021127 +https://support.microsoft.com/en-us/help/5021045 +https://support.microsoft.com/en-us/help/5021037 +https://support.microsoft.com/en-us/help/5021128 +https://support.microsoft.com/en-us/help/5021123 +https://support.microsoft.com/en-us/help/5021124 +https://support.microsoft.com/en-us/help/5021125 +Microsoft has released the following security updates to address this issue: + -KB5021126 + -KB5021129 + -KB5021522 + -KB5021127 + -KB5021045 + -KB5021037 + -KB5021128 + -KB5021124 + -KB5021125 + -KB5020863 + -KB5021112 + -KB5021123 +I +The Microsoft SQL Server installation on the remote host is affected by multiple vulnerabilities. +true +Very Low +No recorded events +No recorded events +6.7 +2023/02/14 +MSKB:5020863 +MSKB:5021112 +MSKB:5021126 +MSKB:5021129 +MSKB:5021522 +MSKB:5021127 +MSKB:5021045 +MSKB:5021037 +MSKB:5021128 +MSKB:5021123 +MSKB:5021124 +MSKB:5021125 +MSFT:MS23-5020863 +MSFT:MS23-5021112 +MSFT:MS23-5021126 +MSFT:MS23-5021129 +MSFT:MS23-5021522 +MSFT:MS23-5021127 +MSFT:MS23-5021045 +MSFT:MS23-5021037 +MSFT:MS23-5021128 +MSFT:MS23-5021124 +MSFT:MS23-5021125 +IAVA:2023-A-0086 + + + KB : 5021522 + - E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\sqlservr.exe has not been patched. + Remote version : 2022.160.1000.6 + Should be : 2022.160.1050.5 + + SQL Server Version : 16.0.1000.6 Express Edition + SQL Server Instance : SQLEXPRESS + + + + +60 - 180 days +cpe:/a:microsoft:sql_server +CVE-2023-36728 +5.5 +4.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H +3.6 +4.6 +CVE-2023-36728 +3.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C +The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: + + - A Denial of Service vulnerability. An attacker could impact availability of the service resulting in Denial of Service (DoS) (CVE-2023-36728) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +smb_nt_ms23_oct_mssql.nasl +2023-A-0541-S +MS23-5029184 +MS23-5029185 +MS23-5029186 +MS23-5029187 +MS23-5029375 +MS23-5029376 +MS23-5029377 +MS23-5029378 +MS23-5029379 +MS23-5029503 +5029184 +5029185 +5029186 +5029187 +5029375 +5029376 +5029377 +5029378 +5029379 +5029503 +2023/10/10 +2024/01/12 +Security Updates for Microsoft SQL Server (October 2023) +2023/10/12 +local +Medium +Medium +1.3 +https://support.microsoft.com/en-us/help/5029184 +https://support.microsoft.com/en-us/help/5029185 +https://support.microsoft.com/en-us/help/5029186 +https://support.microsoft.com/en-us/help/5029187 +https://support.microsoft.com/en-us/help/5029375 +https://support.microsoft.com/en-us/help/5029376 +https://support.microsoft.com/en-us/help/5029377 +https://support.microsoft.com/en-us/help/5029378 +https://support.microsoft.com/en-us/help/5029379 +https://support.microsoft.com/en-us/help/5029503 +Microsoft has released security updates for Microsoft SQL Server. +I +The Microsoft SQL Server installation on the remote host is missing a security update. +true +Very Low +No recorded events +No recorded events +3.6 +2023/10/10 +MSKB:5029184 +MSKB:5029185 +MSKB:5029186 +MSKB:5029187 +MSKB:5029375 +MSKB:5029376 +MSKB:5029377 +MSKB:5029378 +MSKB:5029379 +MSKB:5029503 +MSFT:MS23-5029184 +MSFT:MS23-5029185 +MSFT:MS23-5029186 +MSFT:MS23-5029187 +MSFT:MS23-5029375 +MSFT:MS23-5029376 +MSFT:MS23-5029377 +MSFT:MS23-5029378 +MSFT:MS23-5029379 +MSFT:MS23-5029503 +IAVA:2023-A-0541-S + + + KB : 5029379 + - E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\sqlservr.exe has not been patched. + Remote version : 2022.160.1000.6 + Should be : 2022.160.1105.1 + + SQL Server Version : 16.0.1000.6 Express Edition + SQL Server Instance : SQLEXPRESS + + + + +7 - 30 days +cpe:/a:microsoft:sql_server +CVE-2024-0056 +8.7 +7.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N +5.8 +7.1 +CVE-2024-0056 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N +The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: + + - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. (CVE-2024-0056) +false +Unproven +No known exploits are available +smb_nt_ms24_jan_mssql.nasl +2024-A-0014 +MS24-5032968 +MS24-5033592 +5032968 +5033592 +2024/01/09 +2024/01/12 +Security Updates for Microsoft SQL Server (January 2024) +2024/01/09 +local +High +High +1.2 +https://support.microsoft.com/en-us/help/5032968 +https://support.microsoft.com/en-us/help/5033592 +Microsoft has released security updates for Microsoft SQL Server. +I +The Microsoft SQL Server installation on the remote host is missing a security update. +true +Very Low +No recorded events +No recorded events +7.1 +2024/01/09 +MSKB:5032968 +MSKB:5033592 +MSFT:MS24-5032968 +MSFT:MS24-5033592 +IAVA:2024-A-0014 + + + KB : 5032968 + - E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\sqlservr.exe has not been patched. + Remote version : 2022.160.1000.6 + Should be : 2022.160.1110.1 + + SQL Server Version : 16.0.1000.6 Express Edition + SQL Server Instance : SQLEXPRESS + + + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-02-02T11:33:58-05:00 (20240202113358.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv2 + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + C$ : + + - C:\Windows\System32\MSDRM\MsoIrmProtector.doc + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc + - C:\Windows\System32\MSDRM\MsoIrmProtector.ppt + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt + - C:\Windows\System32\MSDRM\MsoIrmProtector.xls + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Announcement.docx + + + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +ADFS +appcompat +apppatch +AppReadiness +assembly +AzureArcSetup +bcastdvr +bfsvc.exe +Boot +bootstat.dat +Branding +BrowserCore +CbsTemp +Containers +Cursors +debug +diagnostics +DiagTrack +DigitalLocker +Downloaded Program Files +drivers +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +IME +ImmersiveControlPanel +INF +InputMethod +Installer +L2Schemas +LiveKernelReports +Logs +lsasetup.log +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServerStandard.xml +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 +SystemApps +SystemResources +SystemTemp +SysWOW64 +TAPI +Tasks +Temp +tracing +twain_32 +twain_32.dll +Vss +WaaS +Web +win.ini +WindowsShell.Manifest + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +$WINRE_BACKUP_PARTITION.MARKER +Documents and Settings +DumpStack.log.tmp +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +System Volume Information +Users +Windows + +- E$ - (readable,writable) + + Content of this share : +Program Files +Program Files (x86) +SQL2022 +System Volume Information + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - E$ + - IPC$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - SOT-WIN2K22-SQL\soteria (User) + - SOT-WIN2K22-SQL\degthat (User) + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.3098.0 + Antispyware signature version : 1.403.3098.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows Server 2022 21H2 + Vendor : Microsoft + Product : Windows Server + Release : 2022 21H2 + Edition : Standard + Version : 10.0.20348.2227 + Role : server + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_server_2022:10.0.20348.2227:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:-:any:*:standard:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Feb. 2, 2024 at 08:51:48 GMT + Malware Signature Version : 1.403.3098.0 + Signatures Last Updated : Feb. 2, 2024 at 15:11:46 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + AzureAttestService startup parameters : + Display name : AzureAttestService + Service name : AzureAttestService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k AzureAttestService + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CDPUserSvc_e56a0 startup parameters : + Display name : Connected Devices Platform User Service_e56a0 + Service name : CDPUserSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k smbsvcs + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + MSSQL$SQLEXPRESS startup parameters : + Display name : SQL Server (SQLEXPRESS) + Service name : MSSQL$SQLEXPRESS + Log on as : NT Service\MSSQL$SQLEXPRESS + Executable path : "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS + Dependencies : KEYISO/ + + MSSQLLaunchpad$SQLEXPRESS startup parameters : + Display name : SQL Server Launchpad (SQLEXPRESS) + Service name : MSSQLLaunchpad$SQLEXPRESS + Log on as : NT Service\MSSQLLaunchpad$SQLEXPRESS + Executable path : "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\launchpad.exe" -launcher RLauncher.dll -launcher Pythonlauncher.dll -launcher commonlauncher.dll -pipename sqlsatellitelaunchSQLEXPRESS -timeout 600000 -logPath "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\LOG\ExtensibilityLog" -workingDir "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\ExtensibilityData" -externalLanguagesTempDir "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\ExternalLanguagesTemp" -externalLanguagesDir "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\ExternalLanguages" -externalLibrariesTempDir "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\ExternalLibrariesTemp" -externalLibrariesDir "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\ExternalLibraries" -satelliteDllPath "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\sqlsatellite.dll" -sqlInstanceName SQLEXPRESS + Dependencies : MSSQL$SQLEXPRESS/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SQLTELEMETRY$SQLEXPRESS startup parameters : + Display name : SQL Server CEIP service (SQLEXPRESS) + Service name : SQLTELEMETRY$SQLEXPRESS + Log on as : NT Service\SQLTELEMETRY$SQLEXPRESS + Executable path : "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\sqlceip.exe" -Service SQLEXPRESS + + SQLWriter startup parameters : + Display name : SQL Server VSS Writer + Service name : SQLWriter + Log on as : LocalSystem + Executable path : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\Windows\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UALSVC startup parameters : + Display name : User Access Logging Service + Service name : UALSVC + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : WinMgmt/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WpnUserService_e56a0 startup parameters : + Display name : Windows Push Notifications User Service_e56a0 + Service name : WpnUserService_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + cbdhsvc_e56a0 startup parameters : + Display name : Clipboard User Service_e56a0 + Service name : cbdhsvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/nsi/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\sppsvc.exe + Dependencies : RpcSs/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\vm3dservice.exe + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CaptureService_e56a0 startup parameters : + Display name : CaptureService_e56a0 + Service name : CaptureService_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + ConsentUxUserSvc_e56a0 startup parameters : + Display name : ConsentUX User Service_e56a0 + Service name : ConsentUxUserSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + CredentialEnrollmentManagerUserSvc_e56a0 startup parameters : + Display name : CredentialEnrollmentManagerUserSvc_e56a0 + Service name : CredentialEnrollmentManagerUserSvc_e56a0 + Executable path : C:\Windows\system32\CredentialEnrollmentManager.exe + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceAssociationBrokerSvc_e56a0 startup parameters : + Display name : DeviceAssociationBroker_e56a0 + Service name : DeviceAssociationBrokerSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + DevicesFlowUserSvc_e56a0 startup parameters : + Display name : DevicesFlow_e56a0 + Service name : DevicesFlowUserSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\Windows\System32\lsass.exe + Dependencies : RPCSS/ + + EapHost startup parameters : + Display name : Extensible Authentication Protocol + Service name : EapHost + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + FrameServerMonitor startup parameters : + Display name : Windows Camera Frame Server Monitor + Service name : FrameServerMonitor + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k CameraMonitor + Dependencies : rpcss/ + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\elevation_service.exe" + Dependencies : RPCSS/ + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + KPSSVC startup parameters : + Display name : KDC Proxy Server service (KPS) + Service name : KPSSVC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup + Dependencies : rpcss/http/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + MSSQLFDLauncher$SQLEXPRESS startup parameters : + Display name : SQL Full-text Filter Daemon Launcher (SQLEXPRESS) + Service name : MSSQLFDLauncher$SQLEXPRESS + Log on as : NT Service\MSSQLFDLauncher$SQLEXPRESS + Executable path : "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe" -s MSSQL16.SQLEXPRESS + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\elevation_service.exe" + Dependencies : RPCSS/ + + MsMpiLaunchSvc startup parameters : + Display name : MS-MPI Launch Service + Service name : MsMpiLaunchSvc + Log on as : LocalSystem + Executable path : "C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe" + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PimIndexMaintenanceSvc_e56a0 startup parameters : + Display name : Contact Data_e56a0 + Service name : PimIndexMaintenanceSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PrintWorkflowUserSvc_e56a0 startup parameters : + Display name : PrintWorkflow_e56a0 + Service name : PrintWorkflowUserSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RSoPProv startup parameters : + Display name : Resultant Set of Policy Provider + Service name : RSoPProv + Log on as : LocalSystem + Executable path : C:\Windows\system32\RSoPProv.exe + Dependencies : RPCSS/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\snmptrap.exe + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\Windows\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + StiSvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : StiSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k termsvcs + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\Windows\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/BrokerInfrastructure/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\Windows\servicing\TrustedInstaller.exe + + UdkUserSvc_e56a0 startup parameters : + Display name : Udk User Service_e56a0 + Service name : UdkUserSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k UdkSvcGroup + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + UnistoreSvc_e56a0 startup parameters : + Display name : User Data Storage_e56a0 + Service name : UnistoreSvc_e56a0 + Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup + + UserDataSvc_e56a0 startup parameters : + Display name : User Data Access_e56a0 + Service name : UserDataSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\Windows\system32\vssvc.exe + Dependencies : RPCSS/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : rpcss/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WarpJITSvc startup parameters : + Display name : Warp JIT Service + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\Windows\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + sacsvr startup parameters : + Display name : Special Administration Console Helper + Service name : sacsvr + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + tapisrv startup parameters : + Display name : Telephony + Service name : tapisrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\Windows\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{A5870C72-0E69-4482-ABA6-6ED4CEC56E1D} + Dependencies : rpcss/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\Windows\system32\wbem\WmiApSrv.exe + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\Windows\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevicePickerUserSvc_e56a0 startup parameters : + Display name : DevicePicker_e56a0 + Service name : DevicePickerUserSvc_e56a0 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SQLAgent$SQLEXPRESS startup parameters : + Display name : SQL Server Agent (SQLEXPRESS) + Service name : SQLAgent$SQLEXPRESS + Log on as : NT AUTHORITY\NETWORKSERVICE + Executable path : "E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS + Dependencies : MSSQL$SQLEXPRESS/ + + SQLBrowser startup parameters : + Display name : SQL Server Browser + Service name : SQLBrowser + Log on as : NT AUTHORITY\LOCALSERVICE + Executable path : "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\Windows\System32\SensorDataService.exe + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\Windows\system32\AgentService.exe + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k appmodel -p + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + ssh-agent startup parameters : + Display name : OpenSSH Authentication Agent + Service name : ssh-agent + Log on as : LocalSystem + Executable path : C:\Windows\System32\OpenSSH\ssh-agent.exe + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\soteria + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +AzureAttestService [ AzureAttestService ] +Base Filtering Engine [ BFE ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Capability Access Manager Service [ camsvc ] +Connected Devices Platform Service [ CDPSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +DHCP Client [ Dhcp ] +Connected User Experiences and Telemetry [ DiagTrack ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Diagnostic Policy Service [ DPS ] +Device Setup Manager [ DsmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Windows Font Cache Service [ FontCache ] +Group Policy Client [ gpsvc ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +SQL Server (SQLEXPRESS) [ MSSQL$SQLEXPRESS ] +SQL Full-text Filter Daemon Launcher (SQLEXPRESS) [ MSSQLFDLauncher$SQLEXPRESS ] +SQL Server Launchpad (SQLEXPRESS) [ MSSQLLaunchpad$SQLEXPRESS ] +Network Connection Broker [ NcbService ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Program Compatibility Assistant Service [ PcaSvc ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +SQL Server CEIP service (SQLEXPRESS) [ SQLTELEMETRY$SQLEXPRESS ] +SQL Server VSS Writer [ SQLWriter ] +State Repository Service [ StateRepository ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Themes [ Themes ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Windows Modules Installer [ TrustedInstaller ] +User Access Logging Service [ UALSVC ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic System Host [ WdiSystemHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Push Notifications System Service [ WpnService ] +Clipboard User Service_e56a0 [ cbdhsvc_e56a0 ] +Connected Devices Platform User Service_e56a0 [ CDPUserSvc_e56a0 ] +Windows Push Notifications User Service_e56a0 [ WpnUserService_e56a0 ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Information [ Appinfo ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +Background Intelligent Transfer Service [ BITS ] +Bluetooth Support Service [ bthserv ] +Certificate Propagation [ CertPropSvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Association Service [ DeviceAssociationService ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Delivery Optimization [ DoSvc ] +Wired AutoConfig [ dot3svc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ EapHost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Camera Frame Server [ FrameServer ] +Windows Camera Frame Server Monitor [ FrameServerMonitor ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Microsoft Store Install Service [ InstallService ] +KDC Proxy Server service (KPS) [ KPSSVC ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Windows License Manager Service [ LicenseManager ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +MS-MPI Launch Service [ MsMpiLaunchSvc ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Performance Counter DLL Host [ PerfHost ] +Performance Logs & Alerts [ pla ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Remote Access Connection Manager [ RasMan ] +Routing and Remote Access [ RemoteAccess ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Resultant Set of Policy Provider [ RSoPProv ] +Special Administration Console Helper [ sacsvr ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +SNMP Trap [ SNMPTRAP ] +Software Protection [ sppsvc ] +SQL Server Agent (SQLEXPRESS) [ SQLAgent$SQLEXPRESS ] +SQL Server Browser [ SQLBrowser ] +SSDP Discovery [ SSDPSRV ] +OpenSSH Authentication Agent [ ssh-agent ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +Windows Image Acquisition (WIA) [ StiSvc ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Telephony [ tapisrv ] +Remote Desktop Services [ TermService ] +Storage Tiers Management [ TieringEngineService ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +UPnP Device Host [ upnphost ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +Windows Update Medic Service [ WaaSMedicSvc ] +WalletService [ WalletService ] +Warp JIT Service [ WarpJITSvc ] +Windows Biometric Service [ WbioSrvc ] +Diagnostic Service Host [ WdiServiceHost ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Insider Service [ wisvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Search [ WSearch ] +Windows Update [ wuauserv ] +CaptureService_e56a0 [ CaptureService_e56a0 ] +ConsentUX User Service_e56a0 [ ConsentUxUserSvc_e56a0 ] +CredentialEnrollmentManagerUserSvc_e56a0 [ CredentialEnrollmentManagerUserSvc_e56a0 ] +DeviceAssociationBroker_e56a0 [ DeviceAssociationBrokerSvc_e56a0 ] +DevicePicker_e56a0 [ DevicePickerUserSvc_e56a0 ] +DevicesFlow_e56a0 [ DevicesFlowUserSvc_e56a0 ] +Contact Data_e56a0 [ PimIndexMaintenanceSvc_e56a0 ] +PrintWorkflow_e56a0 [ PrintWorkflowUserSvc_e56a0 ] +Udk User Service_e56a0 [ UdkUserSvc_e56a0 ] +User Data Storage_e56a0 [ UnistoreSvc_e56a0 ] +User Data Access_e56a0 [ UserDataSvc_e56a0 ] + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 0 +Password history len: 0 +Maximum password age (d): No limit +Password must meet complexity requirements: Enabled +Minimum password age (d): 0 +Forced logoff time (s): Not set +Locked account time (s): 600 +Time between failed logon (s): 600 +Number of invalid logon before locked out (s): 10 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user accounts have been disabled : + + - DefaultAccount + - Guest + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never logged into their accounts. +smb_users_neverloggedon.nasl +2018/08/13 +Microsoft Windows - Users Information : User Has Never Logged In +2002/03/15 +local +None +1.20 +Delete accounts that are not needed. +At least one user has never logged into his or her account. + +The following users have never logged in : + + - DefaultAccount + - Guest + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never changed their passwords. +smb_users_lastpwchange.nasl +2018/08/13 +Microsoft Windows - Users Information : Never Changed Password +2002/03/15 +local +None +1.23 +Allow or require users to change their passwords regularly. +At least one user has never changed his or her password. + +The following users have never changed their passwords : + + - DefaultAccount + - Guest + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following users have passwords that never expire : + + - degthat + - soteria + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - DefaultAccount (id S-1-5-21-746496990-2641142201-503, A user account managed by the system.) + - degthat (id S-1-5-21-746496990-2641142201-1001, degthat) + - Guest (id S-1-5-21-746496990-2641142201-501, Built-in account for guest access to the computer/domain, Guest account) + - soteria (id S-1-5-21-746496990-2641142201-500, Built-in account for administering the computer/domain, Administrator account) + - WDAGUtilityAccount (id S-1-5-21-746496990-2641142201-504, A user account managed and used by the system for Windows Defender Application Guard scenarios.) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows x64 + + Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows NT x86 + +--- Microsoft Print To PDF --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + +--- Microsoft XPS Document Writer v4 --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 01_2024 [KB5034129] + Cumulative Rollup : 12_2023 + Cumulative Rollup : 11_2023 + Cumulative Rollup : 10_2023 + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + Cumulative Rollup : 10_2022 + Cumulative Rollup : 09_2022 + Cumulative Rollup : 08_2022 + Cumulative Rollup : 07_2022 + Cumulative Rollup : 06_2022 + Cumulative Rollup : 05_2022 + Cumulative Rollup : 04_2022 + Cumulative Rollup : 03_2022 + Cumulative Rollup : 02_2022 + Cumulative Rollup : 01_2022 + Cumulative Rollup : 12_2021 + Cumulative Rollup : 11_2021 + Cumulative Rollup : 10_2021 + + Latest effective update level : 01_2024 + File checked : C:\Windows\system32\ntoskrnl.exe + File version : 10.0.20348.2227 + Associated KB : 5034129 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Foundation +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.20348.380 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.1668 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1070 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Staged +Release Type : Language Pack +Install Time : + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~~10.0.20348.617 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerStandard-GVLK-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:44 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1668 +State : Superseded +Release Type : Language Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.2227 +State : Installed +Release Type : Language Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.20348.1194 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Superseded +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1787 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4614.6 +State : Superseded +Release Type : Update +Install Time : 4/5/2023 12:21 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4690.3 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:10 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~20348.880.1.1 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:08 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.1668.1.8 +State : Superseded +Release Type : Security Update +Install Time : 4/5/2023 12:33 AM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.2227.1.4 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:23 PM + +Package : Package_for_ServicingStack_2200~31bf3856ad364e35~amd64~~20348.2200.1.0 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:11 PM + +Package : Package_for_WinREServicing~31bf3856ad364e35~amd64~~20348.2201.1.18 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:26 PM + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files\Google\Chrome\Application + Version : 121.0.6167.140 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +365 - 730 days +2022/05/06 +cpe:/a:microsoft:edge +CVE-2022-1305 +CVE-2022-1306 +CVE-2022-1307 +CVE-2022-1308 +CVE-2022-1309 +CVE-2022-1310 +CVE-2022-1312 +CVE-2022-1313 +CVE-2022-1314 +CVE-2022-1364 +CVE-2022-29144 +9.6 +CVE-2022-1312 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1364 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.44. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2022 advisory. + + - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313) + + - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1305) + + - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306) + + - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307) + + - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1308) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_44.nasl +2022-A-0156-S +2022/04/15 +2023/11/01 +Microsoft Edge (Chromium) < 100.0.1185.44 Multiple Vulnerabilities +2022/04/18 +local +Low +Critical +1.7 +http://www.nessus.org/u?84a20f12 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144 +Upgrade to Microsoft Edge version 100.0.1185.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/04/11 +CISA-KNOWN-EXPLOITED:2022/05/06 +IAVA:2022-A-0156-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1232 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1232 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.36. It is, therefore, affected by a vulnerability as referenced in the April 7, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1232) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_36.nasl +2022-A-0133-S +2022/04/07 +2023/11/02 +Microsoft Edge (Chromium) < 100.0.1185.36 Vulnerability +2022/04/07 +local +Low +Critical +1.7 +http://www.nessus.org/u?cc9eba61 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1232 +Upgrade to Microsoft Edge version 100.0.1185.36 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.7 +2022/04/04 +IAVA:2022-A-0133-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.36 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33639 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33639 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected by multiple vulnerabilities as referenced in the June 23, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_37.nasl +2022/06/23 +2023/03/21 +Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities +2022/06/23 +local +Low +Medium +1.9 +http://www.nessus.org/u?2b2d4e0f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638 +Upgrade to Microsoft Edge version 103.0.1264.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/06/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.37 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2007 +CVE-2022-2008 +CVE-2022-2010 +CVE-2022-2011 +9.3 +CVE-2022-2010 +8.4 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H +5.8 +10.0 +CVE-2022-2011 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2022 advisory. + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011) + + - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007) + + - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008) + + - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2022-2010) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_102_0_1245_41.nasl +2022-A-0231-S +2022/06/13 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities +2022/06/13 +local +Low +Critical +1.9 +http://www.nessus.org/u?c00d2c8a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011 +Upgrade to Microsoft Edge version 102.0.1245.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.1 +2022/06/09 +IAVA:2022-A-0231-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-22021 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-22021 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.39. It is, therefore, affected by a vulnerability as referenced in the June 9, 2022 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_102_0_1245_39.nasl +2022/06/09 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.39 Vulnerability +2022/06/09 +local +Low +Medium +1.6 +http://www.nessus.org/u?c8dc918f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22021 +Upgrade to Microsoft Edge version 102.0.1245.39 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.39 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1125 +CVE-2022-1127 +CVE-2022-1128 +CVE-2022-1129 +CVE-2022-1130 +CVE-2022-1131 +CVE-2022-1133 +CVE-2022-1134 +CVE-2022-1135 +CVE-2022-1136 +CVE-2022-1137 +CVE-2022-1138 +CVE-2022-1139 +CVE-2022-1143 +CVE-2022-1145 +CVE-2022-1146 +CVE-2022-24475 +CVE-2022-24523 +CVE-2022-26891 +CVE-2022-26894 +CVE-2022-26895 +CVE-2022-26900 +CVE-2022-26908 +CVE-2022-26909 +CVE-2022-26912 +8.8 +CVE-2022-1143 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +5.1 +CVE-2022-26912 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.29. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-24475) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26891) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26894) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26895) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_100_0_1185_29.nasl +2021-A-0544-S +2022/04/01 +2023/11/03 +Microsoft Edge (Chromium) < 100.0.1185.29 Multiple Vulnerabilities +2022/04/01 +local +Low +Medium +1.8 +http://www.nessus.org/u?471a8cda +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1125 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1128 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1137 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26894 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26895 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26909 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26912 +Upgrade to Microsoft Edge version 100.0.1185.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/29 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.29 + + + +365 - 730 days +2022/09/15 +cpe:/a:microsoft:edge +CVE-2022-2294 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2294 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory. + + - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_103_0_1264_49.nasl +2022-A-0262-S +2022/07/06 +2023/10/19 +Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability +2022/07/07 +local +Very High +Critical +1.7 +http://www.nessus.org/u?c255ed38 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295 +Upgrade to Microsoft Edge version 103.0.1264.49 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/07/04 +IAVA:2022-A-0262-S +CISA-KNOWN-EXPLOITED:2022/09/15 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.49 + + + +365 - 730 days +2022/09/08 +cpe:/a:microsoft:edge +CVE-2022-2856 +6.5 +6.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +7.8 +CVE-2022-2856 +6.8 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.60. It is, therefore, affected by a vulnerability as referenced in the August 17, 2022 advisory. + + - Insufficient validation of untrusted input in Intents. (CVE-2022-2856) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_104_0_1293_60.nasl +2022/08/17 +2023/10/13 +Microsoft Edge (Chromium) < 104.0.1293.60 Vulnerability +2022/08/18 +local +Low +High +1.6 +http://www.nessus.org/u?b53011a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2856 +Upgrade to Microsoft Edge version 104.0.1293.60 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2022/08/16 +CISA-KNOWN-EXPLOITED:2022/09/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.60 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-1477 +CVE-2022-1478 +CVE-2022-1479 +CVE-2022-1481 +CVE-2022-1482 +CVE-2022-1483 +CVE-2022-1484 +CVE-2022-1485 +CVE-2022-1486 +CVE-2022-1487 +CVE-2022-1488 +CVE-2022-1490 +CVE-2022-1491 +CVE-2022-1492 +CVE-2022-1493 +CVE-2022-1494 +CVE-2022-1495 +CVE-2022-1497 +CVE-2022-1498 +CVE-2022-1499 +CVE-2022-1500 +CVE-2022-1501 +CVE-2022-29146 +CVE-2022-29147 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1493 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.32. It is, therefore, affected by multiple vulnerabilities as referenced in the April 28, 2022 advisory. + + - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493) + + - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1477) + + - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478) + + - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1479) + + - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_101_0_1210_32.nasl +2022-A-0183-S +2022/04/28 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.32 Multiple Vulnerabilities +2022/04/28 +local +Low +Critical +1.9 +http://www.nessus.org/u?436625dd +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1481 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1483 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1484 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1485 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1486 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1487 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1488 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1490 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1491 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1492 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1493 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1494 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1495 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1497 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1498 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1499 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1500 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1501 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29147 +Upgrade to Microsoft Edge version 101.0.1210.32 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/04/26 +IAVA:2022-A-0183-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.32 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33680 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33680 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.44. It is, therefore, affected by a vulnerability as referenced in the June 30, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639. (CVE-2022-33680) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_44.nasl +2022/06/30 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.44 Vulnerability +2022/06/30 +local +Low +Medium +1.5 +http://www.nessus.org/u?83620a15 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33680 +Upgrade to Microsoft Edge version 103.0.1264.44 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/30 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1634 +CVE-2022-1635 +CVE-2022-1636 +CVE-2022-1637 +CVE-2022-1638 +CVE-2022-1639 +CVE-2022-1640 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1640 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.47. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2022 advisory. + + - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1640) + + - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1634) + + - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1635) + + - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636) + + - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_101_0_1210_47.nasl +2022/05/13 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.47 Multiple Vulnerabilities +2022/05/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?3405acc7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1634 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1637 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1638 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1639 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1640 +Upgrade to Microsoft Edge version 101.0.1210.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2603 +CVE-2022-2604 +CVE-2022-2605 +CVE-2022-2606 +CVE-2022-2610 +CVE-2022-2611 +CVE-2022-2612 +CVE-2022-2614 +CVE-2022-2615 +CVE-2022-2616 +CVE-2022-2617 +CVE-2022-2618 +CVE-2022-2619 +CVE-2022-2621 +CVE-2022-2622 +CVE-2022-2623 +CVE-2022-2624 +CVE-2022-33636 +CVE-2022-33649 +CVE-2022-35796 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-33649 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.47. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2022 advisory. + + - Use after free in Omnibox. (CVE-2022-2603) + + - Use after free in Safe Browsing. (CVE-2022-2604) + + - Out of bounds read in Dawn. (CVE-2022-2605) + + - Use after free in Managed devices API. (CVE-2022-2606) + + - Insufficient policy enforcement in Background Fetch. (CVE-2022-2610) + + - Inappropriate implementation in Fullscreen API. (CVE-2022-2611) + + - Side-channel information leakage in Keyboard input. (CVE-2022-2612) + + - Use after free in Sign-In Flow. (CVE-2022-2614) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2615) + + - Inappropriate implementation in Extensions API. (CVE-2022-2616) + + - Use after free in Extensions API. (CVE-2022-2617) + + - Insufficient validation of untrusted input in Internals. (CVE-2022-2618) + + - Insufficient validation of untrusted input in Settings. (CVE-2022-2619) + + - Use after free in Extensions. (CVE-2022-2621) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-2622) + + - Use after free in Offline. (CVE-2022-2623) + + - Heap buffer overflow in PDF. (CVE-2022-2624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_104_0_1293_47.nasl +2022/08/05 +2023/10/25 +Microsoft Edge (Chromium) < 104.0.1293.47 Multiple Vulnerabilities +2022/08/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?d822b1dc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796 +Upgrade to Microsoft Edge version 104.0.1293.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3370 +CVE-2022-3373 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3373 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected by multiple vulnerabilities as referenced in the October 3, 2022 advisory. + + - Use after free in CSS. (CVE-2022-3304) + + - Use after free in Media. (CVE-2022-3307) + + - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308) + + - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310) + + - Use after free in Import. (CVE-2022-3311) + + - Incorrect security UI in Full Screen. (CVE-2022-3313) + + - Type confusion in Blink. (CVE-2022-3315) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316) + + - Insufficient validation of untrusted input in Intents. (CVE-2022-3317) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_34.nasl +2022-A-0396-S +2022/10/03 +2023/10/25 +Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities +2022/10/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?2c48e7f3 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3311 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3316 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3317 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035 +Upgrade to Microsoft Edge version 106.0.1370.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/27 +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.34 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3195 +CVE-2022-3196 +CVE-2022-3197 +CVE-2022-3198 +CVE-2022-3199 +CVE-2022-3200 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3200 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2022 advisory. + + - Out of bounds write in Storage. (CVE-2022-3195) + + - Use after free in PDF. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198) + + - Use after free in Frames. (CVE-2022-3199) + + - Heap buffer overflow in Internals. (CVE-2022-3200) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_42.nasl +2022-A-0379-S +2022-A-0396-S +2022/09/15 +2023/10/25 +Microsoft Edge (Chromium) < 105.0.1343.42 Multiple Vulnerabilities +2022/09/16 +local +Low +Critical +1.9 +http://www.nessus.org/u?e8ee04b1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3199 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3200 +Upgrade to Microsoft Edge version 105.0.1343.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/14 +IAVA:2022-A-0379-S +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.42 + + + +365 - 730 days +2022/09/29 +cpe:/a:microsoft:edge +CVE-2022-3075 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3075 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.27. It is, therefore, affected by a vulnerability as referenced in the September 2, 2022 advisory. + + - Insufficient data validation in Mojo. (CVE-2022-3075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_105_0_1343_27.nasl +2022-A-0351-S +2022-A-0361-S +2022/09/02 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.27 Vulnerability +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?7aa022b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075 +Upgrade to Microsoft Edge version 105.0.1343.27 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/09/02 +CISA-KNOWN-EXPLOITED:2022/09/29 +IAVA:2022-A-0351-S +IAVA:2022-A-0361-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.27 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3652 +CVE-2022-3653 +CVE-2022-3654 +CVE-2022-3655 +CVE-2022-3656 +CVE-2022-3657 +CVE-2022-3660 +CVE-2022-3661 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3657 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3652) + + - Heap buffer overflow in Vulkan. (CVE-2022-3653) + + - Use after free in Layout. (CVE-2022-3654) + + - Heap buffer overflow in Media Galleries. (CVE-2022-3655) + + - Insufficient data validation in File System. (CVE-2022-3656) + + - Use after free in Extensions. (CVE-2022-3657) + + - Inappropriate implementation in Full screen mode. (CVE-2022-3660) + + - Insufficient data validation in Extensions. (CVE-2022-3661) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_107_0_1418_24.nasl +2022-A-0446-S +2022-A-0454-S +2022/10/27 +2022/11/28 +Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities +2022/10/27 +local +Low +Critical +1.8 +http://www.nessus.org/u?57027261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3652 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3653 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3654 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3655 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3656 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3657 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3660 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3661 +Upgrade to Microsoft Edge version 107.0.1418.24 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/25 +IAVA:2022-A-0446-S +IAVA:2022-A-0454-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.24 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3885 +CVE-2022-3886 +CVE-2022-3887 +CVE-2022-3888 +CVE-2022-3889 +CVE-2022-3890 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3890 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.42. It is, therefore, affected by multiple vulnerabilities as referenced in the November 10, 2022 advisory. + + - Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3885) + + - Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3886) + + - Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3887) + + - Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3888) + + - Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3889) + + - Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3890) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_107_0_1418_42.nasl +2022-A-0493-S +2022/11/10 +2023/10/25 +Microsoft Edge (Chromium) < 107.0.1418.42 Multiple Vulnerabilities +2022/11/10 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3885 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3886 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3888 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3889 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3890 +Upgrade to Microsoft Edge version 107.0.1418.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/11/08 +IAVA:2022-A-0493-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.42 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2477 +CVE-2022-2478 +CVE-2022-2479 +CVE-2022-2480 +CVE-2022-2481 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2481 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2022 advisory. + + - : Use after free in Guest View. (CVE-2022-2477) + + - : Use after free in PDF. (CVE-2022-2478) + + - : Insufficient validation of untrusted input in File. (CVE-2022-2479) + + - : Use after free in Service Worker API. (CVE-2022-2480) + + - Use after free in Views. (CVE-2022-2481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_103_0_1264_71.nasl +2022/07/22 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.71 Multiple Vulnerabilities +2022/07/23 +local +Low +Critical +1.5 +http://www.nessus.org/u?4d376e5a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2481 +Upgrade to Microsoft Edge version 103.0.1264.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/07/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.71 + + + +365 - 730 days +2022/12/19 +cpe:/a:microsoft:edge +CVE-2022-4135 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4135 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.62. It is, therefore, affected by a vulnerability as referenced in the November 28, 2022 advisory. + + - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (Chromium security severity: High) (CVE-2022-4135) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_62.nasl +2022-A-0501-S +2022-A-0502-S +2022/11/28 +2023/09/20 +Microsoft Edge (Chromium) < 107.0.1418.62 Vulnerability +2022/11/29 +local +Medium +Critical +1.8 +http://www.nessus.org/u?2fa4911e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4135 +Upgrade to Microsoft Edge version 107.0.1418.62 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/11/24 +CISA-KNOWN-EXPLOITED:2022/12/19 +IAVA:2022-A-0501-S +IAVA:2022-A-0502-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.62 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1853 +CVE-2022-1854 +CVE-2022-1855 +CVE-2022-1856 +CVE-2022-1857 +CVE-2022-1858 +CVE-2022-1859 +CVE-2022-1862 +CVE-2022-1863 +CVE-2022-1864 +CVE-2022-1865 +CVE-2022-1867 +CVE-2022-1868 +CVE-2022-1869 +CVE-2022-1870 +CVE-2022-1871 +CVE-2022-1872 +CVE-2022-1873 +CVE-2022-1874 +CVE-2022-1875 +CVE-2022-1876 +CVE-2022-26905 +CVE-2022-30127 +CVE-2022-30128 +9.6 +CVE-2022-1853 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-30128 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.30. It is, therefore, affected by multiple vulnerabilities as referenced in the May 31, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. (CVE-2022-30128) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. (CVE-2022-30127) + + - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853) + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1854) + + - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_102_0_1245_30.nasl +2022/05/31 +2023/10/26 +Microsoft Edge (Chromium) < 102.0.1245.30 Multiple Vulnerabilities +2022/05/31 +local +Low +Medium +1.8 +http://www.nessus.org/u?ae294315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1859 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1862 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1864 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1865 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1867 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1868 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1869 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1870 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1871 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1873 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1874 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1875 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1876 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30128 +Upgrade to Microsoft Edge version 102.0.1245.30 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/05/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.30 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-41115 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.41. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_41.nasl +current +2022-A-0507-S +2022-A-0510-S +2022/12/05 +2023/09/20 +Microsoft Edge (Chromium) < 108.0.1462.41 Multiple Vulnerabilities +2022/12/05 +local +Low +Critical +1.8 +http://www.nessus.org/u?26b297b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 +IAVA:2022-A-0507-S +IAVA:2022-A-0510-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.41 + + + +365 - 730 days +2023/04/20 +cpe:/a:microsoft:edge +CVE-2022-3038 +CVE-2022-3039 +CVE-2022-3040 +CVE-2022-3041 +CVE-2022-3044 +CVE-2022-3045 +CVE-2022-3046 +CVE-2022-3047 +CVE-2022-3053 +CVE-2022-3054 +CVE-2022-3055 +CVE-2022-3056 +CVE-2022-3057 +CVE-2022-3058 +CVE-2022-38012 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3058 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory. + + - Use after free in Network Service. (CVE-2022-3038) + + - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041) + + - Use after free in Layout. (CVE-2022-3040) + + - Inappropriate implementation in Site Isolation. (CVE-2022-3044) + + - Insufficient validation of untrusted input in V8. (CVE-2022-3045) + + - Use after free in Browser Tag. (CVE-2022-3046) + + - Insufficient policy enforcement in Extensions API. (CVE-2022-3047) + + - Inappropriate implementation in Pointer Lock. (CVE-2022-3053) + + - Insufficient policy enforcement in DevTools. (CVE-2022-3054) + + - Use after free in Passwords. (CVE-2022-3055) + + - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056) + + - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057) + + - Use after free in Sign-In Flow. (CVE-2022-3058) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_25.nasl +2022-A-0361-S +2022/09/01 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?31d28038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3039 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3040 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3041 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3044 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3045 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3046 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3047 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012 +Upgrade to Microsoft Edge version 105.0.1343.25 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/30 +IAVA:2022-A-0361-S +CISA-KNOWN-EXPLOITED:2023/04/20 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.25 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3445 +CVE-2022-3446 +CVE-2022-3447 +CVE-2022-3449 +CVE-2022-3450 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3450 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 14, 2022 advisory. + + - Use after free in Skia. (CVE-2022-3445) + + - Heap buffer overflow in WebSQL. (CVE-2022-3446) + + - Inappropriate implementation in Custom Tabs. (CVE-2022-3447) + + - Use after free in Safe Browsing. (CVE-2022-3449) + + - Use after free in Peer Connection. (CVE-2022-3450) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_47.nasl +2022-A-0437-S +2022/10/14 +2022/11/11 +Microsoft Edge (Chromium) < 106.0.1370.47 Multiple Vulnerabilities +2022/10/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?e2630fd9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3445 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3446 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3447 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3449 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3450 +Upgrade to Microsoft Edge version 106.0.1370.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/11 +IAVA:2022-A-0437-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-4436 +CVE-2022-4437 +CVE-2022-4438 +CVE-2022-4439 +CVE-2022-4440 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-4440 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.54. It is, therefore, affected by multiple vulnerabilities as referenced in the December 16, 2022 advisory. + + - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4436) + + - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4437) + + - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4438) + + - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) (CVE-2022-4439) + + - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4440) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_108_0_1462_54.nasl +2023-A-0003-S +2022/12/16 +2023/02/10 +Microsoft Edge (Chromium) < 108.0.1462.54 Multiple Vulnerabilities +2022/12/16 +local +Low +Critical +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4437 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4438 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4440 +Upgrade to Microsoft Edge version 108.0.1462.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/12/13 +IAVA:2023-A-0003-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-21720 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H +3.6 +5.4 +CVE-2023-21720 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.78. It is, therefore, affected by a vulnerability as referenced in the February 2, 2023 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-21720) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_78.nasl +2023-A-0071-S +2023/02/03 +2023/02/16 +Microsoft Edge (Chromium) < 109.0.1518.78 Tampering (CVE-2023-21720) +2023/02/10 +local +Low +Medium +1.1 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720 +Upgrade to Microsoft Edge version 109.0.1518.78 or later. +I +The remote host has an web browser installed that is affected by tampering. +Very Low +No recorded events +No recorded events +4.4 +2023/02/02 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.78 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0927 +CVE-2023-0928 +CVE-2023-0929 +CVE-2023-0930 +CVE-2023-0931 +CVE-2023-0932 +CVE-2023-0933 +CVE-2023-0941 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0941 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.56. It is, therefore, affected by multiple vulnerabilities as referenced in the February 25, 2023 advisory. + + - Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0927) + + - Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0928) + + - Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0929) + + - Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0930) + + - Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0931) + + - Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0932) + + - Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-0933) + + - Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-0941) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_56.nasl +2023-A-0119-S +2023/02/25 +2023/05/23 +Microsoft Edge (Chromium) < 110.0.1587.56 Multiple Vulnerabilities +2023/02/27 +local +Low +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0927 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0932 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0933 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0941 +Upgrade to Microsoft Edge version 110.0.1587.56 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/22 +IAVA:2023-A-0119-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.56 + + + +365 - 730 days +2022/11/18 +cpe:/a:microsoft:edge +CVE-2022-3723 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3723 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.26. It is, therefore, affected by a vulnerability as referenced in the October 31, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3723) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_26.nasl +2022-A-0453-S +2022/10/31 +2023/10/06 +Microsoft Edge (Chromium) < 107.0.1418.26 Vulnerability +2022/11/01 +local +Low +Critical +1.6 +http://www.nessus.org/u?ff54e40b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3723 +Upgrade to Microsoft Edge version 107.0.1418.26 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/10/27 +CISA-KNOWN-EXPLOITED:2022/11/18 +IAVA:2022-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.61 (Extended Stable Channel) / 107.0.1418.26 (Stable Channel) + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21719 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N +3.6 +7.8 +CVE-2023-21719 +5.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.61. It is, therefore, affected by a vulnerability as referenced in the January 19, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2023-21719) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_61.nasl +2023-A-0051-S +2023/01/19 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.61 Security Feature Bypass (CVE-2023-21719) +2023/01/27 +local +Low +High +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21719 +Upgrade to Microsoft Edge version 109.0.1518.61 or later. +I +The remote host has an web browser installed that is affected by security feature bypass. +Very Low +No recorded events +No recorded events +3.6 +2023/01/19 +IAVA:2023-A-0051-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.61 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0696 +CVE-2023-0697 +CVE-2023-0698 +CVE-2023-0699 +CVE-2023-0700 +CVE-2023-0701 +CVE-2023-0702 +CVE-2023-0703 +CVE-2023-0704 +CVE-2023-0705 +CVE-2023-21794 +CVE-2023-23374 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-0703 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.41. It is, therefore, affected by multiple vulnerabilities as referenced in the February 9, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0696) + + - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0697) + + - Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0698) + + - Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) (CVE-2023-0699) + + - Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0700) + + - Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) (CVE-2023-0701) + + - Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0702) + + - Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. + (Chromium security severity: Medium) (CVE-2023-0703) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0704) + + - Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_41.nasl +current +2023-A-0074-S +2023-A-0075-S +2023/02/09 +2023/09/05 +Microsoft Edge (Chromium) < 110.0.1587.41 Multiple Vulnerabilities +2023/02/09 +local +Low +Critical +1.9 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0696 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0697 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0698 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0699 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0700 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0701 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21794 +Upgrade to Microsoft Edge version 110.0.1587.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2023/02/07 +IAVA:2023-A-0074-S +IAVA:2023-A-0075-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21795 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +7.6 +CVE-2023-21795 +5.6 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.52. It is, therefore, affected by a vulnerability as referenced in the January 13, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. (CVE-2023-21795) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_52.nasl +2023-A-0034-S +2023/01/17 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.52 Elevation of Privilege (CVE-2023-21795) +2023/01/30 +local +Low +High +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21795 +Upgrade to Microsoft Edge version 109.0.1518.52 or later. +I +The remote host has an web browser installed that is affected by elevation of privilege. +Very Low +No recorded events +No recorded events +8.1 +2023/01/13 +IAVA:2023-A-0034-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.52 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.70 / 108.0.1462.95. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0471) + + - Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0472) + + - Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0473) + + - Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. + (Chromium security severity: Medium) (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_70.nasl +2023/01/26 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.70 / 108.0.1462.95 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.0 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1518.70 / 108.0.1462.95 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.70 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0129 +CVE-2023-0130 +CVE-2023-0131 +CVE-2023-0132 +CVE-2023-0133 +CVE-2023-0134 +CVE-2023-0135 +CVE-2023-0136 +CVE-2023-0138 +CVE-2023-0139 +CVE-2023-0140 +CVE-2023-0141 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0138 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.49 / 108.0.1462.83. It is, therefore, affected by multiple vulnerabilities as referenced in the January 12, 2023 advisory. + + - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-0130) + + - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-0131) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133) + + - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136) + + - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138) + + - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139) + + - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2023-21775) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. (CVE-2023-21796) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_49.nasl +2023-A-0034-S +2023-A-0029-S +2023/01/12 +2023/10/24 +Microsoft Edge (Chromium) < 109.0.1518.49 / 108.0.1462.83 Multiple Vulnerabilities +2023/01/13 +local +Low +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0132 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0140 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0141 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21775 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21796 +Upgrade to Microsoft Edge version 109.0.1518.49 / 108.0.1462.83 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/10 +IAVA:2023-A-0034-S +IAVA:2023-A-0029-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.49 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1343.27. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport. (CVE-2023-0471) + + - Use after free in WebRTC. (CVE-2023-0472) + + - Type Confusion in ServiceWorker API. (CVE-2023-0473) + + - Use after free in GuestView. (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1343_27.nasl +current +2023/01/26 +2023/02/07 +Microsoft Edge (Chromium) < 109.0.1343.27 Multiple Vulnerabilities +2023/01/27 +local +Low +Critical +1.1 +http://www.nessus.org/u?a883970b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1343.27 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1343.27 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.42. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-44688) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-44708) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_42.nasl +2022/12/05 +2023/09/04 +Microsoft Edge (Chromium) < 108.0.1462.42 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.42 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.42 + + + +180 - 365 days +2023/05/08 +cpe:/a:microsoft:edge +CVE-2023-2033 +CVE-2023-29334 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2033 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.48. It is, therefore, affected by a vulnerability as referenced in the April 15, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033) + + - A spoofing vulnerability could allow an attacker to bypass the Edge security warning message feature. + (CVE-2023-29334) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_112_0_1722_48.nasl +2023-A-0204-S +2023-A-0203-S +2023-A-0232-S +2023/04/15 +2023/07/20 +Microsoft Edge (Chromium) < 112.0.1722.48 +2023/04/20 +local +Medium +Critical +1.13 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033 +Upgrade to Microsoft Edge version 112.0.1722.48 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.0 +2023/04/14 +IAVA:2023-A-0204-S +IAVA:2023-A-0203-S +IAVA:2023-A-0232-S +CISA-KNOWN-EXPLOITED:2023/05/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.100 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1213 +CVE-2023-1214 +CVE-2023-1215 +CVE-2023-1216 +CVE-2023-1217 +CVE-2023-1218 +CVE-2023-1219 +CVE-2023-1220 +CVE-2023-1221 +CVE-2023-1222 +CVE-2023-1223 +CVE-2023-1224 +CVE-2023-1228 +CVE-2023-1229 +CVE-2023-1230 +CVE-2023-1231 +CVE-2023-1232 +CVE-2023-1233 +CVE-2023-1234 +CVE-2023-1235 +CVE-2023-1236 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1222 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.41 / 110.0.1587.69. It is, therefore, affected by multiple vulnerabilities as referenced in the March 13, 2023 advisory. + + - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1213) + + - Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1214) + + - Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1215) + + - Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1216) + + - Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1217) + + - Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1218) + + - Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1219) + + - Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1220) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-1221) + + - Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1222) + + - Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1223) + + - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1224) + + - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1228) + + - Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1229) + + - Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1230) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1231) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1232) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2023-1233) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1234) + + - Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. + (Chromium security severity: Low) (CVE-2023-1235) + + - Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1236) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_41.nasl +2023-A-0131-S +2023/03/13 +2023/10/24 +Microsoft Edge (Chromium) < 111.0.1661.41 / 110.0.1587.69 Multiple Vulnerabilities +2023/03/15 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1220 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1221 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1233 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1234 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1235 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1236 +Upgrade to Microsoft Edge version 111.0.1661.41 / 110.0.1587.69 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/07 +IAVA:2023-A-0131-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1528 +CVE-2023-1529 +CVE-2023-1530 +CVE-2023-1531 +CVE-2023-1532 +CVE-2023-1533 +CVE-2023-1534 +CVE-2023-28261 +CVE-2023-28286 +9.8 +CVE-2023-1529 +8.8 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1534 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.54 / 110.0.1587.78. It is, therefore, affected by multiple vulnerabilities as referenced in the March 24, 2023 advisory. + + - Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1528) + + - Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) (CVE-2023-1529) + + - Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530) + + - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531) + + - Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1532) + + - Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1533) + + - Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1534) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_54.nasl +2023-A-0161-S +2023/03/24 +2023/05/23 +Microsoft Edge (Chromium) < 111.0.1661.54 / 110.0.1587.78 Multiple Vulnerabilities +2023/03/30 +local +Low +Critical +1.11 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28286 +Upgrade to Microsoft Edge version 111.0.1661.54 / 110.0.1587.78 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/21 +IAVA:2023-A-0161-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2459 +CVE-2023-2460 +CVE-2023-2462 +CVE-2023-2463 +CVE-2023-2464 +CVE-2023-2465 +CVE-2023-2466 +CVE-2023-2467 +CVE-2023-2468 +CVE-2023-29350 +CVE-2023-29354 +7.5 +CVE-2023-29350 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.5 +CVE-2023-2460 +6.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.35. It is, therefore, affected by multiple vulnerabilities as referenced in the May 5, 2023 advisory. + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2459) + + - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2460) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2462) + + - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2463) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2464) + + - Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2465) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-2466) + + - Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: + Low) (CVE-2023-2467) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-2468) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-29350) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-29354) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_113_0_1774_35.nasl +2023-A-0240-S +2023/05/05 +2023/07/20 +Microsoft Edge (Chromium) < 113.0.1774.35 Multiple Vulnerabilities +2023/05/11 +local +Low +High +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2459 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2460 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2462 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2464 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2465 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2468 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29354 +Upgrade to Microsoft Edge version 113.0.1774.35 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/02 +IAVA:2023-A-0240-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.35 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2133 +CVE-2023-2134 +CVE-2023-2135 +CVE-2023-2137 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2137 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.58. It is, therefore, affected by multiple vulnerabilities as referenced in the April 21, 2023 advisory. + + - Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2133, CVE-2023-2134) + + - Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2135) + + - Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2137) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_58.nasl +2023-A-0223-S +2023/04/20 +2023/10/23 +Microsoft Edge (Chromium) < 112.0.1722.58 Multiple Vulnerabilities +2023/04/27 +local +Medium +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2137 +Upgrade to Microsoft Edge version 112.0.1722.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/04/18 +IAVA:2023-A-0223-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.58 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3214 +CVE-2023-3215 +CVE-2023-3216 +CVE-2023-3217 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3217 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.51. It is, therefore, affected by multiple vulnerabilities as referenced in the June 15, 2023 advisory. + + - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-3214) + + - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215) + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216) + + - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_114_0_1823_51.nasl +current +2023/06/15 +2023/07/18 +Microsoft Edge (Chromium) < 114.0.1823.51 Multiple Vulnerabilities +2023/06/22 +local +Medium +Critical +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3217 +http://www.nessus.org/u?a084dba4 +Upgrade to Microsoft Edge version 114.0.1823.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/06/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.51 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-2312 +CVE-2023-4349 +CVE-2023-4350 +CVE-2023-4351 +CVE-2023-4352 +CVE-2023-4353 +CVE-2023-4354 +CVE-2023-4355 +CVE-2023-4356 +CVE-2023-4357 +CVE-2023-4358 +CVE-2023-4359 +CVE-2023-4360 +CVE-2023-4361 +CVE-2023-4362 +CVE-2023-4363 +CVE-2023-4364 +CVE-2023-4365 +CVE-2023-4366 +CVE-2023-4367 +CVE-2023-4368 +CVE-2023-36787 +CVE-2023-38158 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4368 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.54. It is, therefore, affected by multiple vulnerabilities as referenced in the August 21, 2023 advisory. + + - Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2312) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36787) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-38158) + + - Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4349) + + - Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4350) + + - Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4351) + + - Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4352) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4353) + + - Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4354) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4355) + + - Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4356) + + - Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4357) + + - Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4358) + + - Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4359) + + - Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4360) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4361) + + - Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4362) + + - Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4363) + + - Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4364) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4365) + + - Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-4366) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4367, CVE-2023-4368) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_54.nasl +current +2023-A-0438-S +2023/08/21 +2023/09/18 +Microsoft Edge (Chromium) < 116.0.1938.54 Multiple Vulnerabilities +2023/08/23 +local +Medium +Critical +1.3 +http://www.nessus.org/u?9ae99e73 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36787 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4349 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4351 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4352 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4353 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4354 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4355 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4356 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4357 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4358 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4359 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4360 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4361 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4362 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4363 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4365 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4366 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4367 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4368 +Upgrade to Microsoft Edge version 116.0.1938.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +8.4 +2023/08/15 +IAVA:2023-A-0438-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-4068 +CVE-2023-4069 +CVE-2023-4070 +CVE-2023-4071 +CVE-2023-4072 +CVE-2023-4073 +CVE-2023-4074 +CVE-2023-4075 +CVE-2023-4076 +CVE-2023-4077 +CVE-2023-4078 +CVE-2023-38157 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4078 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.106 / 115.0.1901.200. It is, therefore, affected by multiple vulnerabilities as referenced in the August 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-38157) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069) + + - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071) + + - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072) + + - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4073) + + - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074) + + - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075) + + - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076) + + - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077) + + - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_115_0_1901_200.nasl +current +2023-A-0401-S +2023/08/07 +2023/10/23 +Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities +2023/08/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?ccceaa60 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4070 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4073 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4075 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4077 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4078 +Upgrade to Microsoft Edge version 114.0.1823.106 / 115.0.1901.200 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +Social Media +9.0 +2023/08/02 +IAVA:2023-A-0401-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.200 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-36883 +CVE-2023-36887 +CVE-2023-36888 +7.8 +CVE-2023-36887 +7.0 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.5 +CVE-2023-36888 +5.9 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.82. It is, therefore, affected by multiple vulnerabilities as referenced in the July 13, 2023 advisory. + + - Microsoft Edge for Android (Chromium-based) Tampering Vulnerability (CVE-2023-36888) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2023-36883) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36887) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_114_0_1823_82.nasl +current +2023-A-0358-S +2023/07/13 +2023/08/02 +Microsoft Edge (Chromium) < 114.0.1823.82 Multiple Vulnerabilities +2023/07/14 +local +Low +High +1.5 +http://www.nessus.org/u?74e8a4a1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888 +Upgrade to Microsoft Edge version 114.0.1823.82 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/13 +IAVA:2023-A-0358-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.82 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4761 +CVE-2023-4762 +CVE-2023-4763 +CVE-2023-4764 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4763 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.76. It is, therefore, affected by multiple vulnerabilities as referenced in the September 7, 2023 advisory. + + - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4761) + + - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762) + + - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763) + + - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_76.nasl +current +2023-A-0457-S +2023/09/07 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.76 Multiple Vulnerabilities +2023/09/07 +local +Medium +Critical +1.6 +http://www.nessus.org/u?0c1fe891 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4761 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4763 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4764 +Upgrade to Microsoft Edge version 116.0.1938.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +6.7 +2023/09/05 +IAVA:2023-A-0457-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.76 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3727 +CVE-2023-3728 +CVE-2023-3730 +CVE-2023-3732 +CVE-2023-3733 +CVE-2023-3734 +CVE-2023-3735 +CVE-2023-3736 +CVE-2023-3737 +CVE-2023-3738 +CVE-2023-3740 +CVE-2023-35392 +CVE-2023-38173 +CVE-2023-38187 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3732 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-35392) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2023-38173) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-38187) + + - Use after free in WebRTC. (CVE-2023-3727, CVE-2023-3728) + + - Use after free in Tab Groups. (CVE-2023-3730) + + - Out of bounds memory access in Mojo. (CVE-2023-3732) + + - Inappropriate implementation in WebApp Installs. (CVE-2023-3733) + + - Inappropriate implementation in Picture In Picture. (CVE-2023-3734) + + - Inappropriate implementation in Web API Permission Prompts. (CVE-2023-3735) + + - Inappropriate implementation in Custom Tabs. (CVE-2023-3736) + + - Inappropriate implementation in Notifications. (CVE-2023-3737) + + - Inappropriate implementation in Autofill. (CVE-2023-3738) + + - Insufficient validation of untrusted input in Themes. (CVE-2023-3740) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_115_0_1901_183.nasl +current +2023-A-0380-S +2023/07/21 +2023/08/11 +Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities +2023/07/21 +local +Low +Critical +1.3 +http://www.nessus.org/u?09d3506d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35392 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3728 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3730 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3732 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3733 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3734 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3736 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3737 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3738 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3740 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38187 +Upgrade to Microsoft Edge version 114.0.1901.183 / 115.0.1901.183 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/18 +IAVA:2023-A-0380-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.183 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4427 +CVE-2023-4428 +CVE-2023-4429 +CVE-2023-4430 +CVE-2023-4431 +CVE-2023-36741 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4430 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the August 25, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36741) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4427) + + - Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4428) + + - Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429) + + - Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430) + + - Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4431) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_62.nasl +current +2023-A-0453-S +2023/08/25 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.62 Multiple Vulnerabilities +2023/08/26 +local +Low +Critical +1.3 +http://www.nessus.org/u?22854207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4427 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4428 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4429 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4430 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4431 +Upgrade to Microsoft Edge version 116.0.1938.62 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/08/22 +IAVA:2023-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.62 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +CVE-2023-4900 +CVE-2023-4901 +CVE-2023-4902 +CVE-2023-4903 +CVE-2023-4904 +CVE-2023-4905 +CVE-2023-4906 +CVE-2023-4907 +CVE-2023-4908 +CVE-2023-4909 +CVE-2023-36562 +CVE-2023-36727 +CVE-2023-36735 +9.6 +CVE-2023-36735 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36562, CVE-2023-36735) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-36727) + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + + - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4900) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4901) + + - Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902) + + - Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4903) + + - Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: + Medium) (CVE-2023-4904) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4906) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4907) + + - Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4908) + + - Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4909) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_117_0_2045_31.nasl +former +2023/09/15 +2023/10/06 +Microsoft Edge (Chromium) < 117.0.2045.31 Multiple Vulnerabilities +2023/09/15 +local +High +Critical +1.8 +http://www.nessus.org/u?db9a43f1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4901 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4902 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4903 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4904 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4906 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4907 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4909 +Upgrade to Microsoft Edge version 117.0.2045.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.31 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2721 +CVE-2023-2722 +CVE-2023-2723 +CVE-2023-2724 +CVE-2023-2725 +CVE-2023-2726 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2726 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.50 / 112.0.1722.84. It is, therefore, affected by multiple vulnerabilities as referenced in the May 18, 2023 advisory. + + - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-2721) + + - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-2722) + + - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2723) + + - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724) + + - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2725) + + - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2726) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_113_0_1774_50.nasl +2023-A-0265-S +2023/05/18 +2023/07/07 +Microsoft Edge (Chromium) < 113.0.1774.50 / 112.0.1722.84 Multiple Vulnerabilities +2023/05/23 +local +Medium +Critical +1.4 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2722 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2723 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2724 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2725 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2726 +Upgrade to Microsoft Edge version 113.0.1774.50 / 112.0.1722.84 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/16 +IAVA:2023-A-0265-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.50 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4572 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4572 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.69. It is, therefore, affected by a vulnerability as referenced in the August 31, 2023 advisory. + + - Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4572) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_69.nasl +current +2023/08/31 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.69 (CVE-2023-4572) +2023/08/31 +local +Medium +Critical +1.2 +http://www.nessus.org/u?3a086c3d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4572 +Upgrade to Microsoft Edge version 116.0.1938.69 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/08/29 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.69 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-24935 +CVE-2023-28284 +CVE-2023-28301 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2023-24935 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.34. It is, therefore, affected by multiple vulnerabilities as referenced in the April 6, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-28284) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-24935) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-28301) + + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_34.nasl +2023-A-0180-S +2023/04/06 +2023/05/23 +Microsoft Edge (Chromium) < 112.0.1722.34 Multiple Vulnerabilities +2023/04/14 +local +Low +Medium +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24935 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28284 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28301 +Upgrade to Microsoft Edge version 112.0.1722.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2023/04/06 +IAVA:2023-A-0180-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.34 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3420 +CVE-2023-3421 +CVE-2023-3422 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3422 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.67. It is, therefore, affected by multiple vulnerabilities as referenced in the June 29, 2023 advisory. + + - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3420) + + - Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3421) + + - Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-3422) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_114_0_1823_67.nasl +current +2023/06/29 +2023/07/06 +Microsoft Edge (Chromium) < 114.0.1823.67 Multiple Vulnerabilities +2023/06/30 +local +Low +Critical +1.1 +http://www.nessus.org/u?12f91dd6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3420 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3421 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3422 +Upgrade to Microsoft Edge version 114.0.1823.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +8.4 +2023/06/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.67 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5472 +CVE-2023-44323 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5472 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.76. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2023 advisory. + + - Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5472) + + - Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-44323) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_76.nasl +current +2023-A-0600-S +2023/10/27 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.76 Multiple Vulnerabilities +2023/10/27 +local +Medium +Critical +1.4 +http://www.nessus.org/u?4f5c8cf8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44323 +Upgrade to Microsoft Edge version 118.0.2088.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/24 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.76 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-36014 +CVE-2023-36024 +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.102 / 119.0.2151.58. It is, therefore, affected by multiple vulnerabilities as referenced in the November 9, 2023 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36014) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36024) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_58.nasl +current +2023-A-0610-S +2023/11/09 +2024/01/26 +Microsoft Edge (Chromium) < 118.0.2088.102 / 119.0.2151.58 Multiple Vulnerabilities +2023/11/09 +local +Medium +Critical +1.6 +http://www.nessus.org/u?683f1aad +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5996 +Upgrade to Microsoft Edge version 118.0.2088.102 / 119.0.2151.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +6.7 +2023/11/07 +IAVA:2023-A-0610-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.58 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5480 +CVE-2023-5482 +CVE-2023-5849 +CVE-2023-5850 +CVE-2023-5851 +CVE-2023-5852 +CVE-2023-5853 +CVE-2023-5854 +CVE-2023-5855 +CVE-2023-5856 +CVE-2023-5857 +CVE-2023-5858 +CVE-2023-5859 +CVE-2023-36022 +CVE-2023-36029 +CVE-2023-36034 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5857 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.88 / 119.0.2151.44. It is, therefore, affected by multiple vulnerabilities as referenced in the November 2, 2023 advisory. + + - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) (CVE-2023-5480) + + - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5482) + + - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5851) + + - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5852) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853) + + - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5854) + + - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5855) + + - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5856) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) (CVE-2023-5857) + + - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5858) + + - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) (CVE-2023-5859) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_44.nasl +current +2023-A-0600-S +2023/11/02 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.88 / 119.0.2151.44 Multiple Vulnerabilities +2023/11/03 +local +Medium +Critical +1.3 +http://www.nessus.org/u?c1b5e0e7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36029 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36034 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5849 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5850 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5851 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5859 +Upgrade to Microsoft Edge version 118.0.2088.88 / 119.0.2151.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/31 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.44 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5346 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5346 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.55. It is, therefore, affected by a vulnerability as referenced in the October 4, 2023 advisory. + + - Type Confusion in V8. (CVE-2023-5346) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_117_0_2045_55.nasl +current +2023/10/04 +2023/10/09 +Microsoft Edge (Chromium) < 117.0.2045.55 (CVE-2023-5346) +2023/10/04 +local +Low +Critical +1.2 +http://www.nessus.org/u?91471929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5346 +Upgrade to Microsoft Edge version 117.0.2045.55 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +120 to 365 days +No recorded events +6.7 +2023/10/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.55 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory. + + - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0222) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0223) + + - Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0224) + + - Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_121.nasl +current +2024-A-0009-S +2024/01/05 +2024/01/18 +Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities +2024/01/05 +local +Low +Critical +1.3 +http://www.nessus.org/u?4aae3ac8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0225 +Upgrade to Microsoft Edge version 120.0.2210.121 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +No recorded events +6.7 +2024/01/03 +IAVA:2024-A-0009-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.121 + + + +7 - 30 days +2024/02/07 +cpe:/a:microsoft:edge +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.144. It is, therefore, affected by multiple vulnerabilities as referenced in the January 17, 2024 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0517) + + - Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0518) + + - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_120_0_2210_144.nasl +current +2024-A-0040-S +2024/01/17 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.144 Multiple Vulnerabilities +2024/01/17 +local +Low +Critical +1.3 +http://www.nessus.org/u?baa12a23 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519 +Upgrade to Microsoft Edge version 120.0.2210.144 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media +9.2 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.144 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +CVE-2023-35618 +CVE-2023-36880 +CVE-2023-38174 +9.6 +CVE-2023-35618 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-35618) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-36880, CVE-2023-38174) + + - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6508) + + - Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) (CVE-2023-6509) + + - Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2023-6510) + + - Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_61.nasl +current +2023-A-0677-S +2023/12/07 +2023/12/22 +Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities +2023/12/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?7f2952a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36880 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6512 +Upgrade to Microsoft Edge version 120.0.2210.61 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2023/12/05 +IAVA:2023-A-0677-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.61 + + + +60 - 180 days +2023/12/21 +cpe:/a:microsoft:edge +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.122 / 119.0.2151.97. It is, therefore, affected by multiple vulnerabilities as referenced in the November 29, 2023 advisory. + + - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) (CVE-2023-6345) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6346) + + - Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6347) + + - Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6348) + + - Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) (CVE-2023-6350, CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_119_0_2151_97.nasl +current +2023/11/29 +2023/12/06 +Microsoft Edge (Chromium) < 118.0.2088.122 / 119.0.2151.97 Multiple Vulnerabilities +2023/11/29 +local +Medium +Critical +1.3 +http://www.nessus.org/u?88d07bbe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6345 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6346 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6347 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6348 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6351 +Upgrade to Microsoft Edge version 118.0.2088.122 / 119.0.2151.97 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.97 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.81. It is, therefore, affected by a vulnerability as referenced in the September 12, 2023 advisory. + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_116_0_1938_81.nasl +current +2023-A-0494-S +2023/09/12 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.81 (CVE-2023-4863) +2023/09/12 +local +High +Critical +1.5 +http://www.nessus.org/u?2bde7861 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +Upgrade to Microsoft Edge version 116.0.1938.81 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 +IAVA:2023-A-0494-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.81 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5997 +CVE-2023-6112 +CVE-2023-36008 +CVE-2023-36026 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.109 / 119.0.2151.72. It is, therefore, affected by multiple vulnerabilities as referenced in the November 16, 2023 advisory. + + - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997) + + - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_119_0_2151_72.nasl +current +2023-A-0649-S +2023/11/16 +2024/01/29 +Microsoft Edge (Chromium) < 118.0.2088.109 / 119.0.2151.72 Multiple Vulnerabilities +2023/11/16 +local +Medium +Critical +1.4 +http://www.nessus.org/u?7feca339 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36026 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6112 +Upgrade to Microsoft Edge version 118.0.2088.109 / 119.0.2151.72 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/11/14 +IAVA:2023-A-0649-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.72 + + + +30 - 60 days +2024/01/23 +cpe:/a:microsoft:edge +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.91. It is, therefore, affected by a vulnerability as referenced in the December 21, 2023 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_120_0_2210_91.nasl +current +2023/12/21 +2024/01/02 +Microsoft Edge (Chromium) < 120.0.2210.91 (CVE-2023-7024) +2023/12/21 +local +Medium +Critical +1.3 +http://www.nessus.org/u?eaceba1a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-7024 +Upgrade to Microsoft Edge version 120.0.2210.91 or later. +The remote host has an web browser installed that is affected by a vulnerability. +High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.91 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0333 +CVE-2024-20675 +CVE-2024-20709 +CVE-2024-20721 +CVE-2024-21337 +6.3 +5.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L +3.7 +7.5 +CVE-2024-20675 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.133. It is, therefore, affected by multiple vulnerabilities as referenced in the January 11, 2024 advisory. + + - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0333) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675) + + - Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20709, CVE-2024-20721) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_133.nasl +current +2024-A-0040-S +2024/01/11 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.133 Multiple Vulnerabilities +2024/01/18 +local +Low +High +1.2 +http://www.nessus.org/u?3844aad0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337 +Upgrade to Microsoft Edge version 120.0.2210.133 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +4.9 +2024/01/09 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.133 + + + +0 - 7 days +cpe:/a:microsoft:edge +CVE-2024-21388 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L +3.7 +5.1 +CVE-2024-21388 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by a vulnerability as referenced in the January 30, 2024 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21388) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_121_0_2277_83.nasl +current +2024-A-0060 +2024/01/25 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) +2024/01/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?d0503752 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388 +Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +4.9 +2024/01/23 +IAVA:2024-A-0060 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 121.0.2277.83 + + + +60 - 180 days +2023/10/23 +cpe:/a:microsoft:edge +CVE-2023-1999 +CVE-2023-5186 +CVE-2023-5187 +CVE-2023-5217 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5217 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.98 / 117.0.2045.47. It is, therefore, affected by multiple vulnerabilities as referenced in the September 29, 2023 advisory. + + - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. (CVE-2023-1999) + + - Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) (CVE-2023-5186) + + - Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-5187) + + - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_117_0_2045_47.nasl +current +2023-A-0523-S +2023/09/29 +2023/10/23 +Microsoft Edge (Chromium) < 116.0.1938.98 / 117.0.2045.47 Multiple Vulnerabilities +2023/10/02 +local +Very High +Critical +1.3 +http://www.nessus.org/u?f89fc291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217 +Upgrade to Microsoft Edge version 116.0.1938.98 / 117.0.2045.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.2 +2023/04/11 +CISA-KNOWN-EXPLOITED:2023/10/23 +IAVA:2023-A-0523-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.47 + + + +180 - 365 days +2023/06/28 +cpe:/a:microsoft:edge +CVE-2023-3079 +CVE-2023-33145 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3079 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 6, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079) + + - An information disclosure vulnerability. (CVE-2023-33145) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_114_0_1823_41.nasl +2023-A-0274-S +2023-A-0302-S +2023/06/06 +2023/07/20 +Microsoft Edge (Chromium) < 114.0.1823.41 Multiple Vulnerabilities +2023/06/07 +local +Medium +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3079 +Upgrade to Microsoft Edge version 114.0.1823.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +9.0 +2023/06/05 +CISA-KNOWN-EXPLOITED:2023/06/28 +IAVA:2023-A-0274-S +IAVA:2023-A-0302-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.41 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +CVE-2023-36878 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.77. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-36878) + + - Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-6706) + + - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-6707) + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_77.nasl +current +2023-A-0696-S +2023/12/14 +2024/01/12 +Microsoft Edge (Chromium) < 120.0.2210.77 Multiple Vulnerabilities +2023/12/15 +local +Low +Critical +1.3 +http://www.nessus.org/u?11cef5be +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6706 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6707 +Upgrade to Microsoft Edge version 120.0.2210.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/12/12 +IAVA:2023-A-0696-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.77 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16016 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16016 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.68. It is, therefore, affected by a vulnerability as referenced in the ADV200002-11-11-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_86_0_622_68.nasl +2020/11/11 +2021/01/12 +Microsoft Edge (Chromium) < 86.0.622.68 Vulnerability +2020/11/12 +local +Low +Medium +1.4 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.68 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.5 +2020/11/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.68 + + + +730 days + +CEA-2020-0124 +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16004 +CVE-2020-16005 +CVE-2020-16006 +CVE-2020-16007 +CVE-2020-16008 +CVE-2020-16009 +CVE-2020-16011 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2020-16011 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.63. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-4-2020 advisory. + + - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16004) + + - Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16005) + + - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16006, CVE-2020-16009) + + - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. (CVE-2020-16007) + + - Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. (CVE-2020-16008) + + - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2020-16011) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_63.nasl +2020/11/04 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.63 Multiple Vulnerabilities +2020/11/04 +local +High +Medium +1.10 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2020/11/02 +CISA-KNOWN-EXPLOITED:2022/05/03 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2019-8075 +CVE-2020-16012 +CVE-2020-16014 +CVE-2020-16015 +CVE-2020-16018 +CVE-2020-16022 +CVE-2020-16023 +CVE-2020-16024 +CVE-2020-16025 +CVE-2020-16026 +CVE-2020-16027 +CVE-2020-16028 +CVE-2020-16029 +CVE-2020-16030 +CVE-2020-16031 +CVE-2020-16032 +CVE-2020-16033 +CVE-2020-16034 +CVE-2020-16036 +9.6 +CVE-2020-16025 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16029 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.41. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-19-2020 advisory. + + - Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. + Successful exploitation could lead to Information Disclosure in the context of the current user. + (CVE-2019-8075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_87_0_664_41.nasl +2020/11/19 +2022/05/11 +Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities +2020/11/20 +local +Low +Medium +1.6 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.41 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2019/06/11 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.41 + + + +730 days + +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16013 +CVE-2020-16017 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16017 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-13-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_69.nasl +2020/11/13 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.69 Multiple Vulnerabilities +2020/11/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2020/11/11 +CISA-KNOWN-EXPLOITED:2022/05/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.69 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-15995 +CVE-2020-16043 +CVE-2021-21106 +CVE-2021-21107 +CVE-2021-21108 +CVE-2021-21109 +CVE-2021-21110 +CVE-2021-21111 +CVE-2021-21112 +CVE-2021-21113 +CVE-2021-21114 +CVE-2021-21115 +CVE-2021-21116 +9.6 +CVE-2021-21115 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +9.3 +CVE-2021-21106 +6.9 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.75. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-1-7-2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15995) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_87_0_664_75.nasl +2021/01/07 +2024/01/30 +Microsoft Edge (Chromium) < 87.0.664.75 Multiple Vulnerabilities +2021/01/08 +local +Medium +High +1.5 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.75 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2020/11/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.75 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21142 +CVE-2021-21143 +CVE-2021-21144 +CVE-2021-21145 +CVE-2021-21146 +CVE-2021-21147 +CVE-2021-24113 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21146 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.62. It is, therefore, affected by multiple vulnerabilities as referenced in the February 4, 2021 advisory. + + - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142) + + - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21143) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21144) + + - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21145) + + - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21146) + + - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_88_0_705_62.nasl +2021/02/04 +2021/02/12 +Microsoft Edge (Chromium) < 88.0.705.62 Multiple Vulnerabilities +2021/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?f6e795b0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21142 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21144 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21147 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24113 +Upgrade to Microsoft Edge version 88.0.705.62 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/02/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.62 + + + +730 days + +CEA-2021-0007 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21148 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21148 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.63. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-21148 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_88_0_705_63.nasl +2021/02/05 +2023/04/25 +Microsoft Edge (Chromium) < 88.0.705.63 Vulnerability +2021/02/08 +local +Medium +Medium +1.9 +http://www.nessus.org/u?c8284af6 +Upgrade to Microsoft Edge version 88.0.705.63 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2021/02/04 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2021-0007 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16044 +CVE-2021-21118 +CVE-2021-21119 +CVE-2021-21120 +CVE-2021-21121 +CVE-2021-21122 +CVE-2021-21123 +CVE-2021-21124 +CVE-2021-21125 +CVE-2021-21126 +CVE-2021-21127 +CVE-2021-21128 +CVE-2021-21129 +CVE-2021-21130 +CVE-2021-21131 +CVE-2021-21132 +CVE-2021-21133 +CVE-2021-21134 +CVE-2021-21135 +CVE-2021-21136 +CVE-2021-21137 +CVE-2021-21139 +CVE-2021-21140 +CVE-2021-21141 +9.6 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21132 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.50. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_88_0_705_50.nasl +2021/01/21 +2024/01/26 +Microsoft Edge (Chromium) < 88.0.705.50 Multiple Vulnerabilities +2021/01/26 +local +Low +Medium +1.5 +http://www.nessus.org/u?f11ddceb +http://www.nessus.org/u?e38b0261 +http://www.nessus.org/u?956993df +http://www.nessus.org/u?86ccd1a7 +http://www.nessus.org/u?ea65fbbf +http://www.nessus.org/u?d945c5fd +http://www.nessus.org/u?804c6012 +http://www.nessus.org/u?6df00137 +http://www.nessus.org/u?8e925c70 +http://www.nessus.org/u?f33d1708 +http://www.nessus.org/u?e453c1c0 +http://www.nessus.org/u?d644083b +http://www.nessus.org/u?04560b20 +http://www.nessus.org/u?3dbc72e7 +http://www.nessus.org/u?3be82d62 +http://www.nessus.org/u?776bc7e6 +http://www.nessus.org/u?858149b3 +http://www.nessus.org/u?3838b7fb +http://www.nessus.org/u?1c282efb +http://www.nessus.org/u?b1321a9c +http://www.nessus.org/u?970b384a +http://www.nessus.org/u?a6495027 +http://www.nessus.org/u?ef57ee24 +http://www.nessus.org/u?a674cb6c +Upgrade to Microsoft Edge version 88.0.705.50 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/01/12 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16037 +CVE-2020-16038 +CVE-2020-16039 +CVE-2020-16040 +CVE-2020-16041 +CVE-2020-16042 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +9.3 +CVE-2020-16039 +8.1 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_87_0_664_57.nasl +2020-A-0571-S +Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase +2020/12/07 +2021/04/20 +Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities +2020/12/09 +local +Low +High +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +7.4 +2020/12/02 +IAVA:2020-A-0571-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.57 + + + +730 days + +CEA-2020-0124 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-15999 +CVE-2020-16000 +CVE-2020-16001 +CVE-2020-16002 +CVE-2020-16003 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +6.8 +CVE-2020-16003 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_86_0_622_51.nasl +2020/10/22 +2022/12/05 +Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities +2020/10/22 +local +High +Medium +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +7.2 +2020/10/20 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.51 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5218 +CVE-2023-5473 +CVE-2023-5474 +CVE-2023-5475 +CVE-2023-5476 +CVE-2023-5477 +CVE-2023-5478 +CVE-2023-5479 +CVE-2023-5481 +CVE-2023-5483 +CVE-2023-5484 +CVE-2023-5485 +CVE-2023-5486 +CVE-2023-5487 +CVE-2023-36559 +CVE-2023-36409 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5476 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 13, 2023 advisory. + + - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-5218) + + - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5473) + + - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474) + + - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475) + + - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5476) + + - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) (CVE-2023-5477) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5479) + + - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5481) + + - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5483) + + - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5484) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485) + + - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5487) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_46.nasl +current +2023-A-0566-S +2023-A-0578-S +2023/10/13 +2023/11/09 +Microsoft Edge (Chromium) < 118.0.2088.46 Multiple Vulnerabilities +2023/10/13 +local +Low +Critical +1.6 +http://www.nessus.org/u?2945f274 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36409 +Upgrade to Microsoft Edge version 118.0.2088.46 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/10/10 +IAVA:2023-A-0566-S +IAVA:2023-A-0578-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-27844 +CVE-2021-21159 +CVE-2021-21160 +CVE-2021-21161 +CVE-2021-21162 +CVE-2021-21163 +CVE-2021-21164 +CVE-2021-21165 +CVE-2021-21166 +CVE-2021-21167 +CVE-2021-21168 +CVE-2021-21169 +CVE-2021-21170 +CVE-2021-21171 +CVE-2021-21172 +CVE-2021-21173 +CVE-2021-21174 +CVE-2021-21175 +CVE-2021-21176 +CVE-2021-21177 +CVE-2021-21178 +CVE-2021-21179 +CVE-2021-21180 +CVE-2021-21181 +CVE-2021-21182 +CVE-2021-21183 +CVE-2021-21184 +CVE-2021-21185 +CVE-2021-21186 +CVE-2021-21187 +CVE-2021-21188 +CVE-2021-21189 +CVE-2021-21190 +8.8 +CVE-2021-21190 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.3 +CVE-2020-27844 +6.9 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected by multiple vulnerabilities as referenced in the March 4, 2021 advisory. + + - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27844) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_45.nasl +2021/03/04 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities +2021/03/08 +local +Medium +High +1.9 +http://www.nessus.org/u?b2e30009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-27844 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21159 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21166 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21167 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21168 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21169 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21170 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21171 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21172 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21176 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21190 +Upgrade to Microsoft Edge version 89.0.774.45 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/01/05 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.45 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21194 +CVE-2021-21195 +CVE-2021-21196 +CVE-2021-21197 +CVE-2021-21198 +CVE-2021-21199 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21199 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.68. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_89_0_774_68.nasl +2021-A-0152-S +2021/04/01 +2021/06/07 +Microsoft Edge (Chromium) < 89.0.774.68 Multiple Vulnerabilities +2021/04/02 +local +Low +Medium +1.6 +http://www.nessus.org/u?d3ce740a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21199 +Upgrade to Microsoft Edge version 89.0.774.68 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/03/30 +IAVA:2021-A-0152-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.68 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21191 +CVE-2021-21192 +CVE-2021-21193 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21193 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.54. It is, therefore, affected by multiple vulnerabilities as referenced in the March 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_54.nasl +2021/03/15 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.54 Multiple Vulnerabilities +2021/03/16 +local +Medium +Medium +1.8 +http://www.nessus.org/u?5072e34e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21193 +Upgrade to Microsoft Edge version 89.0.774.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/03/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21201 +CVE-2021-21202 +CVE-2021-21203 +CVE-2021-21204 +CVE-2021-21205 +CVE-2021-21207 +CVE-2021-21208 +CVE-2021-21209 +CVE-2021-21210 +CVE-2021-21211 +CVE-2021-21212 +CVE-2021-21213 +CVE-2021-21214 +CVE-2021-21215 +CVE-2021-21216 +CVE-2021-21217 +CVE-2021-21218 +CVE-2021-21219 +CVE-2021-21221 +9.6 +CVE-2021-21201 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21214 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_39.nasl +2021/04/15 +2022/05/10 +Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities +2021/04/16 +local +Medium +Medium +1.4 +http://www.nessus.org/u?de6e5227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221 +Upgrade to Microsoft Edge version 90.0.818.39 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/04/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.39 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21227 +CVE-2021-21228 +CVE-2021-21229 +CVE-2021-21230 +CVE-2021-21231 +CVE-2021-21232 +CVE-2021-21233 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21233 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 29, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_51.nasl +2021/04/29 +2021/05/03 +Microsoft Edge (Chromium) < 90.0.818.51 Multiple Vulnerabilities +2021/04/29 +local +Medium +Medium +1.3 +http://www.nessus.org/u?82d8e204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21233 +Upgrade to Microsoft Edge version 90.0.818.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/04/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.51 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21206 +CVE-2021-21220 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21220 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.77. It is, therefore, affected by multiple vulnerabilities as referenced in the April 14, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_89_0_774_77.nasl +2021-A-0176-S +Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE +2021/04/14 +2021/11/30 +Microsoft Edge (Chromium) < 89.0.774.77 Multiple Vulnerabilities +2021/04/15 +local +Low +Medium +1.9 +http://www.nessus.org/u?119280b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21206 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21220 +Upgrade to Microsoft Edge version 89.0.774.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.6 +2021/04/13 +IAVA:2021-A-0176-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.77 + + + +730 days + +2022/07/18 +cpe:/a:microsoft:edge +CVE-2021-30521 +CVE-2021-30522 +CVE-2021-30523 +CVE-2021-30524 +CVE-2021-30525 +CVE-2021-30526 +CVE-2021-30527 +CVE-2021-30528 +CVE-2021-30529 +CVE-2021-30530 +CVE-2021-30531 +CVE-2021-30532 +CVE-2021-30533 +CVE-2021-30534 +CVE-2021-30535 +CVE-2021-30536 +CVE-2021-30537 +CVE-2021-30538 +CVE-2021-30539 +CVE-2021-30540 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30535 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_91_0_864_37.nasl +2021/05/27 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities +2021/06/02 +local +Low +Medium +1.5 +http://www.nessus.org/u?0c14a42a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982 +Upgrade to Microsoft Edge version 91.0.864.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/25 +CISA-KNOWN-EXPLOITED:2022/07/18 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.37 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-33741 +8.2 +7.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N +4.7 +5.1 +CVE-2021-33741 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.41. It is, therefore, affected by a vulnerability as referenced in the June 4, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_41.nasl +2021/06/04 +2023/12/27 +Microsoft Edge (Chromium) < 91.0.864.41 Vulnerability +2021/06/04 +local +Low +Medium +1.4 +http://www.nessus.org/u?aa1e84f8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33741 +Upgrade to Microsoft Edge version 91.0.864.41 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2021/06/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2021-34475 +CVE-2021-34506 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2021-34506 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.59. It is, therefore, affected by multiple vulnerabilities as referenced in the June 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_59.nasl +2021/06/24 +2023/12/12 +Microsoft Edge (Chromium) < 91.0.864.59 Multiple Vulnerabilities +2021/06/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?fcf1608e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506 +Upgrade to Microsoft Edge version 91.0.864.59 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2021/06/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.59 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30565 +CVE-2021-30566 +CVE-2021-30567 +CVE-2021-30568 +CVE-2021-30569 +CVE-2021-30571 +CVE-2021-30572 +CVE-2021-30573 +CVE-2021-30574 +CVE-2021-30575 +CVE-2021-30576 +CVE-2021-30577 +CVE-2021-30578 +CVE-2021-30579 +CVE-2021-30580 +CVE-2021-30581 +CVE-2021-30582 +CVE-2021-30583 +CVE-2021-30584 +CVE-2021-30585 +CVE-2021-30586 +CVE-2021-30587 +CVE-2021-30588 +CVE-2021-30589 +9.6 +CVE-2021-30571 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30588 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_55.nasl +2021-A-0346-S +2021/07/22 +2023/12/07 +Microsoft Edge (Chromium) < 92.0.902.55 Multiple Vulnerabilities +2021/07/22 +local +Low +Medium +1.8 +http://www.nessus.org/u?dc471fea +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30565 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30566 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30567 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30568 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30569 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30571 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30572 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30573 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30574 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30575 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30576 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30577 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30578 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30579 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30580 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30581 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30582 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30583 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30584 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30585 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30586 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30587 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30588 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30589 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36931 +Upgrade to Microsoft Edge version 92.0.902.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/07/20 +IAVA:2021-A-0346-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.55 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21222 +CVE-2021-21223 +CVE-2021-21224 +CVE-2021-21225 +CVE-2021-21226 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21226 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected by multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_90_0_818_46.nasl +2021/04/22 +2021/11/30 +Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities +2021/04/22 +local +Medium +Medium +1.6 +http://www.nessus.org/u?0027f192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21225 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21226 +Upgrade to Microsoft Edge version 90.0.818.46 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.2 +2021/04/20 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30541 +CVE-2021-30559 +CVE-2021-30560 +CVE-2021-30561 +CVE-2021-30562 +CVE-2021-30563 +CVE-2021-30564 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30564 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 19, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_71.nasl +2021/07/19 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.71 Multiple Vulnerabilities +2021/07/19 +local +Low +Medium +1.5 +http://www.nessus.org/u?06a51872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30541 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30559 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30560 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30561 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30563 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30564 +Upgrade to Microsoft Edge version 91.0.864.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/07/15 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.71 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30598 +CVE-2021-30599 +CVE-2021-30601 +CVE-2021-30602 +CVE-2021-30603 +CVE-2021-30604 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30604 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.78. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2021 advisory. + + - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30604) + + - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599) + + - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30601) + + - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30602) + + - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30603) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_78.nasl +2021/08/19 +2021/09/24 +Microsoft Edge (Chromium) < 92.0.902.78 Multiple Vulnerabilities +2021/08/19 +local +Low +Medium +1.6 +http://www.nessus.org/u?97c3a98d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30599 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30601 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30602 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30604 +Upgrade to Microsoft Edge version 92.0.902.78 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.78 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30554 +CVE-2021-30555 +CVE-2021-30556 +CVE-2021-30557 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30557 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected by multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_91_0_864_54.nasl +2021/06/18 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities +2021/06/18 +local +Low +Medium +1.7 +http://www.nessus.org/u?fe8ae1a6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30556 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30557 +Upgrade to Microsoft Edge version 91.0.864.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/06/17 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30590 +CVE-2021-30591 +CVE-2021-30592 +CVE-2021-30593 +CVE-2021-30594 +CVE-2021-30596 +CVE-2021-30597 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30592 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.67. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_67.nasl +2021/08/05 +2023/12/06 +Microsoft Edge (Chromium) < 92.0.902.67 Multiple Vulnerabilities +2021/08/05 +local +Low +Medium +1.4 +http://www.nessus.org/u?c2b02534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30590 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30591 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30592 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30593 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30594 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30596 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30597 +Upgrade to Microsoft Edge version 92.0.902.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.67 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38669 +6.4 +5.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N +2.7 +7.5 +CVE-2021-38669 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.44. It is, therefore, affected by a vulnerability as referenced in the September 9, 2021 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2021-38669) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_44.nasl +2021-A-0432-S +2021/09/09 +2023/12/29 +Microsoft Edge (Chromium) < 93.0.961.44 Vulnerability +2021/09/14 +local +Low +High +1.7 +http://www.nessus.org/u?5b26fe9e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38669 +Upgrade to Microsoft Edge version 93.0.961.44 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +3.8 +2021/09/14 +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.44 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30544 +CVE-2021-30545 +CVE-2021-30546 +CVE-2021-30547 +CVE-2021-30548 +CVE-2021-30549 +CVE-2021-30550 +CVE-2021-30551 +CVE-2021-30552 +CVE-2021-30553 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30553 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected by multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_48.nasl +2021/06/11 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities +2021/06/11 +local +Low +Medium +1.6 +http://www.nessus.org/u?294d93d8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30544 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30545 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30546 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30547 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30548 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30549 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30550 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30551 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30552 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30553 +Upgrade to Microsoft Edge version 91.0.864.48 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/06/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.48 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30506 +CVE-2021-30507 +CVE-2021-30508 +CVE-2021-30509 +CVE-2021-30510 +CVE-2021-30511 +CVE-2021-30512 +CVE-2021-30513 +CVE-2021-30514 +CVE-2021-30515 +CVE-2021-30516 +CVE-2021-30517 +CVE-2021-30518 +CVE-2021-30519 +CVE-2021-30520 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30520 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_90_0_xxxxxx.nasl +2021/05/13 +2024/01/02 +Microsoft Edge (Chromium) < 90.0.xxxxxx Multiple Vulnerabilities +2021/05/14 +local +Low +Medium +1.4 +http://www.nessus.org/u?9cc1dc08 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30506 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30507 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30513 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30514 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30515 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30516 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30519 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30520 +Upgrade to Microsoft Edge version 90.0.xxxxxx or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.xxxxxx + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37956 +CVE-2021-37957 +CVE-2021-37958 +CVE-2021-37959 +CVE-2021-37961 +CVE-2021-37962 +CVE-2021-37963 +CVE-2021-37964 +CVE-2021-37965 +CVE-2021-37966 +CVE-2021-37967 +CVE-2021-37968 +CVE-2021-37969 +CVE-2021-37970 +CVE-2021-37971 +CVE-2021-37972 +CVE-2021-37973 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37973 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. + + - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37973) + + - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37956) + + - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957) + + - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958) + + - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37959) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_31.nasl +2021-A-0448-S +2021/09/24 +2024/01/16 +Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities +2021/09/24 +local +Medium +Medium +1.11 +http://www.nessus.org/u?6dbcb9b7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973 +Upgrade to Microsoft Edge version 94.0.992.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/21 +IAVA:2021-A-0448-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.31 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30625 +CVE-2021-30626 +CVE-2021-30627 +CVE-2021-30628 +CVE-2021-30629 +CVE-2021-30630 +CVE-2021-30633 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30633 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.52. It is, therefore, affected by multiple vulnerabilities as referenced in the September 16, 2021 advisory. + + - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-30633) + + - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30625) + + - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626) + + - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627) + + - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_93_0_961_52.nasl +2021/09/16 +2024/01/16 +Microsoft Edge (Chromium) < 93.0.961.52 Multiple Vulnerabilities +2021/09/17 +local +Low +Medium +1.9 +http://www.nessus.org/u?603235a5 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30625 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30626 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30627 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30628 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30629 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30630 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30633 +Upgrade to Microsoft Edge version 93.0.961.52 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.52 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37997 +CVE-2021-37998 +CVE-2021-37999 +CVE-2021-38000 +CVE-2021-38001 +CVE-2021-38002 +CVE-2021-38003 +9.6 +CVE-2021-38002 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-38003 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory. + + - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003) + + - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997) + + - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998) + + - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. + (CVE-2021-37999) + + - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. + (CVE-2021-38000) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_95_0_1020_40.nasl +2021-A-0522-S +2021/10/29 +2023/04/25 +Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities +2021/10/29 +local +Medium +Medium +1.13 +http://www.nessus.org/u?dd5c7f7f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37998 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38000 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38001 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38002 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38003 +Upgrade to Microsoft Edge version 95.0.1020.40 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/10/28 +IAVA:2021-A-0522-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.40 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37977 +CVE-2021-37978 +CVE-2021-37979 +CVE-2021-37980 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37979 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 11, 2021 advisory. + + - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37979) + + - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977) + + - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978) + + - Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. (CVE-2021-37980) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_94_0_992_47.nasl +2021-A-0459-S +2021/10/11 +2023/11/28 +Microsoft Edge (Chromium) < 94.0.992.47 Multiple Vulnerabilities +2021/10/11 +local +Medium +Medium +1.7 +http://www.nessus.org/u?3a3f355a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37980 +Upgrade to Microsoft Edge version 94.0.992.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/10/07 +IAVA:2021-A-0459-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.47 + + + +365 - 730 days +2021/12/29 +cpe:/a:microsoft:edge +CVE-2021-4098 +CVE-2021-4099 +CVE-2021-4100 +CVE-2021-4101 +CVE-2021-4102 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4102 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.57. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4102) + + - Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-4098) + + - Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4099) + + - Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4100) + + - Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4101) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_96_0_1054_57.nasl +2021-A-0576-S +2021/12/14 +2023/04/25 +Microsoft Edge (Chromium) < 96.0.1054.57 Multiple Vulnerabilities +2021/12/14 +local +Low +Medium +1.10 +http://www.nessus.org/u?f5dd1e14 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4102 +Upgrade to Microsoft Edge version 96.0.1054.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +7.4 +2021/12/13 +CISA-KNOWN-EXPLOITED:2021/12/29 +IAVA:2021-A-0576-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.57 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1052_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities +2021/11/20 +local +Medium +Medium +1.9 +http://www.nessus.org/u?95dce263 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1052.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/15 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1052.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37981 +CVE-2021-37982 +CVE-2021-37983 +CVE-2021-37984 +CVE-2021-37985 +CVE-2021-37986 +CVE-2021-37987 +CVE-2021-37988 +CVE-2021-37989 +CVE-2021-37990 +CVE-2021-37991 +CVE-2021-37992 +CVE-2021-37993 +CVE-2021-37994 +CVE-2021-37995 +CVE-2021-37996 +CVE-2021-42307 +9.6 +CVE-2021-37981 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37993 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.30. It is, therefore, affected by multiple vulnerabilities as referenced in the October 21, 2021 advisory. + + - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993) + + - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37981) + + - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982) + + - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983) + + - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_95_0_1020_30.nasl +2021-A-0491-S +2021-A-0544-S +2021/10/21 +2023/10/06 +Microsoft Edge (Chromium) < 95.0.1020.30 Multiple Vulnerabilities +2021/10/21 +local +Low +Medium +1.8 +http://www.nessus.org/u?6d633bfe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37981 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37982 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37983 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37984 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37985 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37986 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37987 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37988 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37989 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37990 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37991 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37992 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37993 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37994 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37995 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37996 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42307 +Upgrade to Microsoft Edge version 95.0.1020.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/10/19 +IAVA:2021-A-0491-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.30 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37974 +CVE-2021-37975 +CVE-2021-37976 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37975 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.38. It is, therefore, affected by multiple vulnerabilities as referenced in the October 1, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975) + + - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37974) + + - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_38.nasl +2021-A-0449-S +2021/10/01 +2023/04/25 +Microsoft Edge (Chromium) < 94.0.992.38 Multiple Vulnerabilities +2021/10/01 +local +Medium +Medium +1.10 +http://www.nessus.org/u?fc68e93b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37976 +Upgrade to Microsoft Edge version 94.0.992.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/09/30 +IAVA:2021-A-0449-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.38 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30632 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30632 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.47. It is, therefore, affected by a vulnerability as referenced in the September 14, 2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30632) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_93_0_961_47.nasl +2021/09/14 +2021/11/30 +Microsoft Edge (Chromium) < 93.0.961.47 Vulnerability +2021/09/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?78d37aa2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30632 +Upgrade to Microsoft Edge version 93.0.4577.82 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +9.0 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.47 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-23264 +4.7 +4.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N +1.4 +5.0 +CVE-2022-23264 +3.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.50. It is, therefore, affected by a vulnerability as referenced in the February 10, 2022 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-23264) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_50.nasl +2023-A-0071-S +2022/02/10 +2023/11/09 +Microsoft Edge (Chromium) < 98.0.1108.50 Vulnerability +2022/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?fe909fdc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23264 +Upgrade to Microsoft Edge version 98.0.1108.50 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +1.6 +2022/02/10 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2022-23258 +4.3 +3.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N +1.4 +4.3 +CVE-2022-23258 +3.2 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected by multiple vulnerabilities as referenced in the January 20, 2022 advisory. + + - Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_97_0_1072_69.nasl +2022/01/20 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities +2022/01/20 +local +Low +Medium +1.5 +http://www.nessus.org/u?4c365598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311 +Upgrade to Microsoft Edge version 97.0.1072.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +1.4 +2022/01/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.69 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0096 +CVE-2022-0097 +CVE-2022-0098 +CVE-2022-0099 +CVE-2022-0100 +CVE-2022-0101 +CVE-2022-0102 +CVE-2022-0103 +CVE-2022-0104 +CVE-2022-0105 +CVE-2022-0106 +CVE-2022-0107 +CVE-2022-0108 +CVE-2022-0109 +CVE-2022-0110 +CVE-2022-0111 +CVE-2022-0112 +CVE-2022-0113 +CVE-2022-0114 +CVE-2022-0115 +CVE-2022-0116 +CVE-2022-0117 +CVE-2022-0118 +CVE-2022-0120 +CVE-2022-21929 +CVE-2022-21930 +CVE-2022-21931 +CVE-2022-21954 +CVE-2022-21970 +9.6 +CVE-2022-0097 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +8.3 +CVE-2022-21970 +6.5 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory. + + - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107) + + - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096) + + - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097) + + - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098) + + - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. + (CVE-2022-0099) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_97_0_1072_55.nasl +2022/01/06 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities +2022/01/06 +local +Low +High +1.8 +http://www.nessus.org/u?10ad4694 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0096 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0097 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0102 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0103 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0104 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0105 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0106 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0107 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0108 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0109 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0110 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0111 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0112 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0113 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0114 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0116 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0117 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0118 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0120 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21970 +Upgrade to Microsoft Edge version 97.0.1072.55 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2022/01/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0971 +CVE-2022-0972 +CVE-2022-0973 +CVE-2022-0974 +CVE-2022-0975 +CVE-2022-0976 +CVE-2022-0977 +CVE-2022-0978 +CVE-2022-0979 +CVE-2022-0980 +CVE-2022-26899 +9.6 +CVE-2022-0977 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-26899 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.46. It is, therefore, affected by multiple vulnerabilities as referenced in the March 17, 2022 advisory. + + - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980) + + - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0971) + + - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0972) + + - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973) + + - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_99_0_1150_46.nasl +2022-A-0120-S +2021-A-0544-S +2022/03/17 +2023/11/06 +Microsoft Edge (Chromium) < 99.0.1150.46 Multiple Vulnerabilities +2022/03/17 +local +Low +Critical +1.8 +http://www.nessus.org/u?0cc84aae +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0973 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0976 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0980 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26899 +Upgrade to Microsoft Edge version 99.0.1150.46 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/03/15 +IAVA:2022-A-0120-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.46 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0789 +CVE-2022-0790 +CVE-2022-0791 +CVE-2022-0792 +CVE-2022-0793 +CVE-2022-0794 +CVE-2022-0795 +CVE-2022-0796 +CVE-2022-0797 +CVE-2022-0798 +CVE-2022-0799 +CVE-2022-0800 +CVE-2022-0801 +CVE-2022-0802 +CVE-2022-0803 +CVE-2022-0804 +CVE-2022-0805 +CVE-2022-0806 +CVE-2022-0807 +CVE-2022-0808 +CVE-2022-0809 +9.6 +CVE-2022-0790 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0809 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.30. It is, therefore, affected by multiple vulnerabilities as referenced in the March 3, 2022 advisory. + + - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789) + + - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790) + + - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. + (CVE-2022-0791) + + - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_99_0_1150_30.nasl +2022-A-0096-S +2022/03/03 +2023/01/10 +Microsoft Edge (Chromium) < 99.0.1150.30 Multiple Vulnerabilities +2022/03/03 +local +Low +Medium +1.7 +http://www.nessus.org/u?764ee88a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0789 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0790 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0791 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0792 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0793 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0794 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0795 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0796 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0797 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0798 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0799 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0800 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0801 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0802 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0803 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0804 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0805 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0806 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0807 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0808 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0809 +Upgrade to Microsoft Edge version 99.0.1150.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/01 +IAVA:2022-A-0096-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.30 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-4052 +CVE-2021-4053 +CVE-2021-4054 +CVE-2021-4055 +CVE-2021-4056 +CVE-2021-4057 +CVE-2021-4058 +CVE-2021-4059 +CVE-2021-4061 +CVE-2021-4062 +CVE-2021-4063 +CVE-2021-4064 +CVE-2021-4065 +CVE-2021-4066 +CVE-2021-4067 +CVE-2021-4068 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4067 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.53. It is, therefore, affected by multiple vulnerabilities as referenced in the December 10, 2021 advisory. + + - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067) + + - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (CVE-2021-4052) + + - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053) + + - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054) + + - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_96_0_1054_53.nasl +2021/12/10 +2022/01/11 +Microsoft Edge (Chromium) < 96.0.1054.53 Multiple Vulnerabilities +2021/12/11 +local +Medium +Medium +1.5 +http://www.nessus.org/u?10871512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4052 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4059 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4061 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4062 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4063 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4064 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4065 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4066 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4067 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4068 +Upgrade to Microsoft Edge version 96.0.1054.53 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/12/06 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.53 + + + +365 - 730 days +2022/04/18 +cpe:/a:microsoft:edge +CVE-2022-1096 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1096 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.55. It is, therefore, affected by a vulnerability as referenced in the March 26, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_99_0_1150_55.nasl +2022-A-0126-S +2021-A-0544-S +2022/03/26 +2023/11/03 +Microsoft Edge (Chromium) < 99.0.1150.55 Vulnerability +2022/03/26 +local +Low +Critical +1.9 +http://www.nessus.org/u?991726b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096 +Upgrade to Microsoft Edge version 99.0.1150.55 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/03/25 +CISA-KNOWN-EXPLOITED:2022/04/18 +IAVA:2022-A-0126-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-23261 +CVE-2022-23262 +CVE-2022-23263 +7.7 +CVE-2022-23263 +6.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2022-23262 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.43. It is, therefore, affected by multiple vulnerabilities as referenced in the February 3, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. (CVE-2022-23263) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. (CVE-2022-23262) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability. (CVE-2022-23261) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_43.nasl +2022/02/03 +2022/05/06 +Microsoft Edge (Chromium) < 98.0.1108.43 Multiple Vulnerabilities +2022/02/03 +local +Low +Medium +1.5 +http://www.nessus.org/u?c8cf985b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23263 +Upgrade to Microsoft Edge version 98.0.1108.43 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/02/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.43 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-42308 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + + - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009) + + - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. + (CVE-2021-38010) + + - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013) + + - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014) + + - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015) + + - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016) + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019) + + - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (CVE-2021-38020) + + - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021) + + - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2021-42308) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2021-43221) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1054_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1054.29 Multiple Vulnerabilities +2023/02/10 +local +Medium +Medium +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1054.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/10 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-26436 +CVE-2021-26439 +CVE-2021-30606 +CVE-2021-30607 +CVE-2021-30608 +CVE-2021-30609 +CVE-2021-30610 +CVE-2021-30611 +CVE-2021-30612 +CVE-2021-30613 +CVE-2021-30614 +CVE-2021-30615 +CVE-2021-30616 +CVE-2021-30617 +CVE-2021-30618 +CVE-2021-30619 +CVE-2021-30620 +CVE-2021-30621 +CVE-2021-30622 +CVE-2021-30623 +CVE-2021-30624 +CVE-2021-36930 +CVE-2021-38641 +CVE-2021-38642 +8.8 +CVE-2021-30624 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-36930 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436) + + - Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439) + + - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606) + + - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607) + + - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608) + + - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609) + + - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610) + + - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611) + + - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612) + + - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613) + + - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614) + + - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615) + + - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616) + + - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617) + + - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618) + + - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619) + + - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620) + + - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621) + + - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622) + + - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623) + + - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_38.nasl +2021-A-0401-S +2021-A-0432-S +2021/09/02 +2022/05/06 +Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities +2021/11/18 +local +Medium +Medium +1.4 +http://www.nessus.org/u?eab98635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38641 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38642 +Upgrade to Microsoft Edge version 93.0.961.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/08/31 +IAVA:2021-A-0401-S +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.38 + + + +365 - 730 days +2022/03/01 +cpe:/a:microsoft:edge +CVE-2022-0603 +CVE-2022-0604 +CVE-2022-0605 +CVE-2022-0606 +CVE-2022-0607 +CVE-2022-0608 +CVE-2022-0609 +CVE-2022-0610 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0610 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.55. It is, therefore, affected by multiple vulnerabilities as referenced in the February 16, 2022 advisory. + + - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610) + + - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604) + + - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605) + + - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_98_0_1108_55.nasl +2022-A-0086-S +2022/02/16 +2022/05/03 +Microsoft Edge (Chromium) < 98.0.1108.55 Multiple Vulnerabilities +2022/02/16 +local +Low +Medium +1.6 +http://www.nessus.org/u?e17239f6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0610 +Upgrade to Microsoft Edge version 98.0.1108.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.0 +2022/02/14 +CISA-KNOWN-EXPLOITED:2022/03/01 +IAVA:2022-A-0086-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.55 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21149 +CVE-2021-21150 +CVE-2021-21151 +CVE-2021-21152 +CVE-2021-21153 +CVE-2021-21154 +CVE-2021-21155 +CVE-2021-21156 +CVE-2021-21157 +9.6 +CVE-2021-21155 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21157 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.74. It is, therefore, affected by multiple vulnerabilities as referenced in the February 17, 2021 advisory. + + - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149) + + - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21150) + + - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151) + + - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152) + + - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153) + + - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21154) + + - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21155) + + - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. (CVE-2021-21156) + + - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_88_0_705_74.nasl +2021/02/17 +2022/05/10 +Microsoft Edge (Chromium) < 88.0.705.74 Multiple Vulnerabilities +2021/02/19 +local +Low +Medium +1.7 +http://www.nessus.org/u?18ef2264 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21149 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21150 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21151 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21152 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21153 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21154 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21155 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21157 +Upgrade to Microsoft Edge version 88.0.705.74 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/02/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.74 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2852 +CVE-2022-2853 +CVE-2022-2854 +CVE-2022-2855 +CVE-2022-2857 +CVE-2022-2858 +CVE-2022-2860 +CVE-2022-2861 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2858 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.63. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2022 advisory. + + - Use after free in FedCM. (CVE-2022-2852) + + - Heap buffer overflow in Downloads. (CVE-2022-2853) + + - Use after free in SwiftShader. (CVE-2022-2854) + + - Use after free in ANGLE. (CVE-2022-2855) + + - Use after free in Blink. (CVE-2022-2857) + + - Use after free in Sign-In Flow. (CVE-2022-2858) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2860) + + - Inappropriate implementation in Extensions API. (CVE-2022-2861) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_104_0_1293_63.nasl +2022/08/19 +2022/10/21 +Microsoft Edge (Chromium) < 104.0.1293.63 Multiple Vulnerabilities +2022/08/19 +local +Low +Critical +1.4 +http://www.nessus.org/u?4ce23d54 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2860 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2861 +Upgrade to Microsoft Edge version 104.0.1293.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.63 + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 86.0.622.38 + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled. +microsoft_ie_esc_detect.nbin +True +True +2024/01/16 +Microsoft Internet Explorer Enhanced Security Configuration Detection +2014/03/07 +local +None +1.261 +http://www.nessus.org/u?a9c4c131 +n/a +The remote host supports IE Enhanced Security Configuration. + + Type : Admin Groups + Is Enabled : True + + Type : User Groups + Is Enabled : True + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.4690.0 + .NET Version : 4.8 + Associated KB : 5033914 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Full + Release : 528449 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Client + Release : 528449 + + + +180 - 365 days +cpe:/a:microsoft:sql_server +CVE-2023-23375 +CVE-2023-28304 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-28304 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-28304) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms23_apr_sqlserver_odbc_driver.nasl +2023-A-0189-S +2023/04/11 +2023/10/13 +Security Updates for Microsoft SQL Server ODBC Driver (April 2023) +2023/05/12 +local +Low +High +1.3 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23375 +http://www.nessus.org/u?0746d221 +http://www.nessus.org/u?2c041c1a +http://www.nessus.org/u?189633f4 +Microsoft has released security updates for the Microsoft SQL Driver. +I +The Microsoft SQL Server installation on the remote host is missing a security update. +true +Very Low +No recorded events +No recorded events +6.7 +2023/04/11 +IAVA:2023-A-0189-S + + Path : C:\Windows\System32\msodbcsql17.dll + Installed version : 17.4.1.1 + Fixed version : 17.10.3.1 + + + +180 - 365 days +cpe:/a:microsoft:sql_server +CVE-2023-29349 +CVE-2023-29356 +CVE-2023-32025 +CVE-2023-32026 +CVE-2023-32027 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-32027 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms23_jun_sqlserver_odbc_driver.nasl +2023/06/15 +2023/07/27 +Security Updates for Microsoft SQL Server ODBC Driver (June 2023) +2023/07/26 +local +Medium +High +1.1 +http://www.nessus.org/u?efa7fd64 +Microsoft has released security updates for the Microsoft SQL Driver. +The Microsoft SQL Server installation on the remote host is missing a security update. +Very Low +No recorded events +No recorded events +6.7 +2023/06/15 + + Path : C:\Windows\System32\msodbcsql17.dll + Installed version : 17.4.1.1 + Fixed version : 17.10.4.1 + + + +windows +true +x-cpe:/a:microsoft:odbc_driver_for_sql_server +Microsoft ODBC Driver for SQL Server is installed on the remote Windows host. +microsoft_odbc_driver_for_sql_server_win_installed.nbin +2024/01/16 +Microsoft ODBC Driver for SQL Server Installed (Windows) +2023/04/17 +local +None +1.17 +http://www.nessus.org/u?3e257554 +n/a +Microsoft ODBC Driver for SQL Server is installed on the remote Windows host. + + Path : C:\Windows\System32\msodbcsql17.dll + Version : 17.4.1.1 + + + +180 - 365 days +cpe:/a:microsoft:sql_server +CVE-2023-23375 +CVE-2023-28304 +7.8 +6.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.2 +CVE-2023-28304 +5.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C +The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: + + - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-28304) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +smb_nt_ms23_apr_sqlserver_ole_driver.nasl +2023-A-0189-S +2023/04/11 +2023/10/13 +Security Updates for Microsoft SQL Server OLE DB Driver (April 2023) +2023/05/12 +local +Low +High +1.4 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23375 +http://www.nessus.org/u?0746d221 +http://www.nessus.org/u?2c041c1a +http://www.nessus.org/u?189633f4 +Microsoft has released security updates for the Microsoft SQL Driver. +I +The Microsoft SQL Server installation on the remote host is missing a security update. +true +Very Low +No recorded events +No recorded events +6.7 +2023/04/11 +IAVA:2023-A-0189-S + + Path : C:\Windows\System32\msoledbsql.dll + Installed version : 18.2.4.0 + Fixed version : 18.6.5 + + + +windows +true +x-cpe:/a:microsoft:ole_db_driver_for_sql_server +Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host. +microsoft_ole_db_driver_for_sql_server_win_installed.nbin +2024/01/16 +Microsoft OLE DB Driver for SQL Server Installed (Windows) +2023/04/17 +local +None +1.16 +http://www.nessus.org/u?f30efb87 +n/a +Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host. + + Path : C:\Windows\System32\msoledbsql.dll + Version : 18.2.4.0 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.39 : f8-ff-c2-37-57-48 +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +439b7e74c46120656e077ec7faa4eb71 + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + msmpi_benchmarks : C:\Program Files\Microsoft MPI\Benchmarks\ + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + username : SYSTEM + os : Windows_NT + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : C:\Program Files\Microsoft MPI\Bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;E:\Program Files (x86)\Microsoft SQL Server\160\Tools\Binn\;E:\Program Files\Microsoft SQL Server\160\Tools\Binn\;E:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;E:\Program Files\Microsoft SQL Server\160\DTS\Binn\ + tmp : %SystemRoot%\TEMP + msmpi_bin : C:\Program Files\Microsoft MPI\Bin\ + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;E:\Program Files (x86)\Microsoft SQL Server\160\Tools\PowerShell\Modules\ + windir : %SystemRoot% + +Active User Environment Variables + - S-1-5-21-746496990-2641142201-3713043312-500 + temp : %USERPROFILE%\AppData\Local\Temp + path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; + tmp : %USERPROFILE%\AppData\Local\Temp + +247c5a4909ed212c0ad9697d900c1359 +182392767cfa4df248be6d5d4e205bd9 + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +5ebcb7b6a7ddac56f4261d500234847f + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect and report the PowerShell execution policy for the remote Windows host. +microsoft_windows_powershell_execution_policy.nasl +2020/06/12 +Microsoft Windows PowerShell Execution Policy +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report the PowerShell execution policy for the remote host. +HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned +HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.168,SOT-WIN2K22-SQL,<00>,UNIQUE,Registered,00:50:56:3C:01:08 +192.168.40.168,WORKGROUP,<00>,GROUP,Registered,00:50:56:3C:01:08 +192.168.40.168,SOT-WIN2K22-SQL,<20>,UNIQUE,Registered,00:50:56:3C:01:08 + + + +be02a10fbb620311e5797abb4faff02e + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\Windows\\System32\\mstsc.exe + Version : 10.0.20348.1850 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\e: + Data : DMIO:ID:N*C2 + Raw data : 444d494f3a49443a4e97f2c19c2ad943bfded73297d5acad + + Name : \??\volume{17c6c8ff-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\f: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \dosdevices\d: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{17c6c900-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\c: + Data : DMIO:ID:1wA*p + Raw data : 444d494f3a49443af4ec3102b5e877419fa219a9aa2ae270 + + Name : \dosdevices\a: + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5012170, Installed on: 2024/02/02 +KB5022507, Installed on: 2023/04/04 +KB5033914, Installed on: 2024/02/02 +KB5034439, Installed on: 2024/02/02 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Microsoft VSS Writer for SQL Server 2022 + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : Microsoft VSS Writer for SQL Server 2022 + [UninstallString] : + Raw Value : MsiExec.exe /I{AB5D8778-81F3-47E2-87A4-35E776CD664B} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Google Chrome + Best Confidence Version : 121.0.6167.140 + Version Confidence Level : 3 + All Possible Versions : 121.0.6167.140 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files\Google\Chrome\Application\chrome.exe + Parsed File Version : 121.0.6167.140 + [InstallLocation] : + Raw Value : C:\Program Files\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe" --uninstall --system-level + Parsed File Path : C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe + Parsed File Version : 121.0.6167.140 + [VersionMinor] : + Raw Value : 140 + [Version] : + Raw Value : 121.0.6167.140 + [VersionMajor] : + Raw Value : 6167 + [DisplayVersion] : + Raw Value : 121.0.6167.140 + [DisplayName] : + Raw Value : Google Chrome + + - SQL Server 2022 Shared Management Objects + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Shared Management Objects + [UninstallString] : + Raw Value : MsiExec.exe /I{12618131-AA9A-4DAE-9387-CE4417955B9F} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - SQL Server 2022 Connection Info + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Connection Info + [UninstallString] : + Raw Value : MsiExec.exe /I{EAC54B82-7A37-4A9E-8953-474316BD40F6} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Microsoft SQL Server 2022 RsFx Driver + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : Microsoft SQL Server 2022 RsFx Driver + [UninstallString] : + Raw Value : MsiExec.exe /I{629C8FC9-3763-4C58-8264-5288AE34AFEF} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.0.22234872 + Version Confidence Level : 2 + All Possible Versions : 12.3.0.22234872 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523200 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{AF174E64-22CF-4386-A9EC-73F285739998} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 12.3.0.22234872 + [VersionMinor] : + Raw Value : 3 + + - Microsoft ODBC Driver 17 for SQL Server + Best Confidence Version : 17.4.1.1 + Version Confidence Level : 2 + All Possible Versions : 17.4.1.1 + Other Version Data + [VersionMajor] : + Raw Value : 17 + [Version] : + Raw Value : 285474817 + [DisplayName] : + Raw Value : Microsoft ODBC Driver 17 for SQL Server + [UninstallString] : + Raw Value : MsiExec.exe /I{72AFAF21-33FB-45A5-9468-A9EC07427F82} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 17.4.1.1 + [VersionMinor] : + Raw Value : 4 + + - Microsoft SQL Server 2022 Setup (English) + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : Microsoft SQL Server 2022 Setup (English) + [UninstallString] : + Raw Value : MsiExec.exe /X{BF4D8C4B-D931-4D62-A7ED-8A34B2FC0D1B} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Microsoft OLE DB Driver for SQL Server + Best Confidence Version : 18.2.4.0 + Version Confidence Level : 2 + All Possible Versions : 18.2.4.0 + Other Version Data + [VersionMajor] : + Raw Value : 18 + [Version] : + Raw Value : 302120964 + [DisplayName] : + Raw Value : Microsoft OLE DB Driver for SQL Server + [UninstallString] : + Raw Value : MsiExec.exe /I{77E9E138-0D4C-495E-BE77-761E1797BA16} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 18.2.4.0 + [VersionMinor] : + Raw Value : 2 + + - Browser for SQL Server 2022 + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : Browser for SQL Server 2022 + [UninstallString] : + Raw Value : MsiExec.exe /X{FDB357D5-CC78-480A-8D26-C15D1A877642} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - SQL Server 2022 Advanced Analytics + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Advanced Analytics + [UninstallString] : + Raw Value : MsiExec.exe /I{632E3433-C2C4-477B-8AC1-B3DFC73ECC6C} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - SQL Server 2022 Common Files + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Common Files + [UninstallString] : + Raw Value : MsiExec.exe /I{6A68D32C-4C0D-4847-B70C-58E6B4D76A12} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - SQL Server 2022 SQL Diagnostics + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 SQL Diagnostics + [UninstallString] : + Raw Value : MsiExec.exe /I{0CEFE958-E71A-4171-9DEF-77E9234A5613} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.135.41 + Version Confidence Level : 2 + All Possible Versions : 1.3.135.41 + Other Version Data + [Version] : + Raw Value : 1.3.135.41 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.135.41 + + - Microsoft MPI (10.1.12498.18) + Best Confidence Version : 10.1.12498.18 + Version Confidence Level : 2 + All Possible Versions : 10.1.12498.18 + Other Version Data + [VersionMajor] : + Raw Value : 10 + [Version] : + Raw Value : 167850194 + [InstallLocation] : + Raw Value : C:\Program Files\Microsoft MPI\ + [DisplayName] : + Raw Value : Microsoft MPI (10.1.12498.18) + [UninstallString] : + Raw Value : MsiExec.exe /X{8499ACD3-C1E3-45AB-BF96-DA491727EBE1} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 10.1.12498.18 + [VersionMinor] : + Raw Value : 1 + + - SQL Server 2022 Full text search + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Full text search + [UninstallString] : + Raw Value : MsiExec.exe /I{325160B7-7194-48E9-8FEF-53E2517D8748} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Microsoft SQL Server 2022 (64-bit) + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 3 + All Possible Versions : 16.0.1000.6 + Other Version Data + [DisplayName] : + Raw Value : Microsoft SQL Server 2022 (64-bit) + [UninstallString] : + Raw Value : "C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe" + Parsed File Path : C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe + Parsed File Version : 16.0.1000.6 + [DisplayIcon] : + Raw Value : "C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe" + Parsed File Path : C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe + Parsed File Version : 16.0.1000.6 + + - SQL Server 2022 Database Engine Shared + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Database Engine Shared + [UninstallString] : + Raw Value : MsiExec.exe /I{D6E82158-05B9-4A18-A624-EA135BC77766} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Edge + Best Confidence Version : 86.0.622.38 + Version Confidence Level : 3 + All Possible Versions : 86.0.622.38 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 86.0.622.38 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe" --uninstall --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe + Parsed File Version : 86.0.622.38 + [VersionMinor] : + Raw Value : 38 + [Version] : + Raw Value : 86.0.622.38 + [VersionMajor] : + Raw Value : 622 + [DisplayVersion] : + Raw Value : 86.0.622.38 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - SQL Server 2022 XEvent + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 XEvent + [UninstallString] : + Raw Value : MsiExec.exe /I{BD8B7339-7559-4FC3-95E6-264324D45235} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + - SQL Server 2022 DMF + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 DMF + [UninstallString] : + Raw Value : MsiExec.exe /I{DCA0C2D6-83BF-41AE-B1AB-C4181002DE40} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - SQL Server 2022 Shared Management Objects Extensions + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Shared Management Objects Extensions + [UninstallString] : + Raw Value : MsiExec.exe /I{A0F7ACBA-075F-4BC7-A85A-5DC301FCEC74} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - SQL Server 2022 Batch Parser + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Batch Parser + [UninstallString] : + Raw Value : MsiExec.exe /I{7EFD8B19-A9E6-41CF-A96F-B9B6E30EC345} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + - SQL Server 2022 Database Engine Services + Best Confidence Version : 16.0.1000.6 + Version Confidence Level : 2 + All Possible Versions : 16.0.1000.6 + Other Version Data + [VersionMajor] : + Raw Value : 16 + [Version] : + Raw Value : 268436456 + [DisplayName] : + Raw Value : SQL Server 2022 Database Engine Services + [UninstallString] : + Raw Value : MsiExec.exe /I{C4CF167C-4739-4A3A-8D75-59C9C5F135CA} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 16.0.1000.6 + [VersionMinor] : + Raw Value : 0 + + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 121.0.6167.140] [installed on 2024/02/02] +Microsoft Edge [version 86.0.622.38] [installed on 2024/02/02] +Microsoft Edge Update [version 1.3.135.41] +Microsoft SQL Server 2022 (64-bit) +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +SQL Server 2022 SQL Diagnostics [version 16.0.1000.6] [installed on 2024/02/02] +SQL Server 2022 Shared Management Objects [version 16.0.1000.6] [installed on 2024/02/02] +SQL Server 2022 Database Engine Shared [version 16.0.1000.6] [installed on 2024/02/02] +SQL Server 2022 Full text search [version 16.0.1000.6] [installed on 2024/02/02] +SQL Server 2022 Shared Management Objects Extensions [version 16.0.1000.6] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +SQL Server 2022 DMF [version 16.0.1000.6] [installed on 2024/02/02] +Microsoft SQL Server 2022 RsFx Driver [version 16.0.1000.6] [installed on 2024/02/02] +SQL Server 2022 Advanced Analytics [version 16.0.1000.6] [installed on 2024/02/02] +SQL Server 2022 Database Engine Services [version 16.0.1000.6] [installed on 2024/02/02] +SQL Server 2022 Common Files [version 16.0.1000.6] [installed on 2024/02/02] +Microsoft ODBC Driver 17 for SQL Server [version 17.4.1.1] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +SQL Server 2022 Connection Info [version 16.0.1000.6] [installed on 2024/02/02] +Microsoft OLE DB Driver for SQL Server [version 18.2.4.0] [installed on 2024/02/02] +SQL Server 2022 Batch Parser [version 16.0.1000.6] [installed on 2024/02/02] +Microsoft MPI (10.1.12498.18) [version 10.1.12498.18] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +SQL Server 2022 XEvent [version 16.0.1000.6] [installed on 2024/02/02] +Microsoft VSS Writer for SQL Server 2022 [version 16.0.1000.6] [installed on 2024/02/02] +VMware Tools [version 12.3.0.22234872] [installed on 2024/02/02] +Microsoft SQL Server 2022 Setup (English) [version 16.0.1000.6] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Browser for SQL Server 2022 [version 16.0.1000.6] [installed on 2024/02/02] + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.18.9.23 + + + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/2/2 9:33 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2024/01/31 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.47 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : S-1-5-21-746496990-2641142201-3713043312 + +The value of 'RestrictAnonymous' setting is : 0 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : SQL + Device : SWD#WPDBUSENUM#{C6F8DFCB-C1E3-11EE-9DF2-806E6F6E6963}#0000000001000000 + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{C6F8E125-C1E3-11EE-9DF2-0050563C0108}#0000000000100000 + + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry +Logged on users : + - S-1-5-21-746496990-2641142201-3713043312-500 + Domain : SOT-WIN2K22-SQL + Username : soteria + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\Windows\system32\MRT.exe + Version : 5.120.24010.1001 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +60 - 180 days +cpe:/a:vmware:tools +CVE-2023-34058 +7.5 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2023-34058 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C +The version of VMware Tools installed on the remote Windows host is 10.3.x, 11.x or 12.x prior to 12.3.5. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +vmware_tools_win_vmsa-2023-0024.nasl +2023-A-0590 +2023/10/26 +2023/11/02 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) +2023/11/01 +local +Medium +Medium +1.2 +https://www.vmware.com/security/advisories/VMSA-2023-0024.html +Upgrade to VMware Tools version 12.3.5 or later. +I +The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability. +Very Low +No recorded events +No recorded events +2023-0024 +7.4 +2023/10/26 +VMSA:2023-0024 +IAVA:2023-A-0590 + + Path : C:\Program Files\VMware\VMware Tools\ + Installed version : 12.3.0.44994 + Fixed version : 12.3.5 + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.0.44994 + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-VMK7H + +Note that all but the final portion of the key has been obfuscated. + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_SOT-WIN2K22-SQL.csv : lists the loaded modules for each process. + +b448f118bcfc840ae87650e702de3784 + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- smss.exe (312) + 0 : Registry (100) + 0 : MicrosoftEdgeUpdate.exe (3576) + 0 : csrss.exe (424) + 1 : explorer.exe (4604) + 1 : |- vmtoolsd.exe (6052) + 1 : |- AzureArcSysTray.exe (6088) + 0 : wininit.exe (524) + 0 : |- services.exe (664) + 0 : |- svchost.exe (1052) + 0 : |- svchost.exe (1060) + 0 : |- svchost.exe (1068) + 0 : |- svchost.exe (1076) + 0 : |- svchost.exe (1216) + 0 : |- svchost.exe (1240) + 0 : |- svchost.exe (1260) + 0 : |- fdlauncher.exe (1268) + 0 : |- fdhost.exe (1636) + 0 : |- conhost.exe (1672) + 0 : |- svchost.exe (1308) + 1 : |- sihost.exe (2092) + 0 : |- svchost.exe (1356) + 0 : |- svchost.exe (1408) + 0 : |- svchost.exe (1420) + 0 : |- svchost.exe (1432) + 1 : |- svchost.exe (1540) + 0 : |- WUDFHost.exe (1544) + 0 : |- svchost.exe (1552) + 1 : |- taskhostw.exe (2096) + 1 : |- taskhostw.exe (5548) + 0 : |- svchost.exe (1568) + 0 : |- svchost.exe (1576) + 0 : |- svchost.exe (1596) + 0 : |- sqlservr.exe (1644) + 0 : |- svchost.exe (1648) + 0 : |- svchost.exe (1820) + 0 : |- svchost.exe (1848) + 0 : |- svchost.exe (1856) + 0 : |- svchost.exe (1896) + 0 : |- svchost.exe (1908) + 0 : |- svchost.exe (1988) + 0 : |- svchost.exe (2020) + 0 : |- svchost.exe (2100) + 0 : |- spoolsv.exe (2340) + 0 : |- svchost.exe (2352) + 0 : |- svchost.exe (2372) + 0 : |- svchost.exe (2396) + 0 : |- svchost.exe (2404) + 0 : |- AggregatorHost.exe (3512) + 0 : |- svchost.exe (2444) + 0 : |- svchost.exe (2480) + 0 : |- svchost.exe (2508) + 0 : |- sqlwriter.exe (2580) + 0 : |- svchost.exe (2592) + 0 : |- svchost.exe (2612) + 0 : |- svchost.exe (2624) + 0 : |- svchost.exe (2632) + 0 : |- VGAuthService.exe (2644) + 0 : |- svchost.exe (2652) + 0 : |- vm3dservice.exe (2672) + 1 : |- vm3dservice.exe (2936) + 0 : |- vmtoolsd.exe (2708) + 0 : |- svchost.exe (2740) + 0 : |- MsMpEng.exe (2796) + 0 : |- svchost.exe (2820) + 0 : |- svchost.exe (2836) + 0 : |- svchost.exe (2864) + 0 : |- Launchpad.exe (2980) + 0 : |- svchost.exe (3180) + 0 : |- svchost.exe (3312) + 0 : |- dllhost.exe (3552) + 0 : |- svchost.exe (360) + 0 : |- svchost.exe (3700) + 0 : |- svchost.exe (3792) + 0 : |- svchost.exe (3836) + 0 : |- svchost.exe (4172) + 0 : |- sqlceip.exe (4356) + 0 : |- svchost.exe (4384) + 1 : |- svchost.exe (4576) + 0 : |- svchost.exe (4596) + 1 : |- ctfmon.exe (752) + 0 : |- NisSrv.exe (4884) + 0 : |- svchost.exe (5036) + 1 : |- svchost.exe (5652) + 0 : |- svchost.exe (788) + 1 : |- SearchApp.exe (1280) + 1 : |- RuntimeBroker.exe (2556) + 0 : |- WmiPrvSE.exe (2756) + 1 : |- TextInputHost.exe (2920) + 1 : |- StartMenuExperienceHost.exe (3828) + 0 : |- WmiPrvSE.exe (3868) + 1 : |- RuntimeBroker.exe (4208) + 1 : |- dllhost.exe (5796) + 1 : |- RuntimeBroker.exe (5928) + 0 : |- WmiPrvSE.exe (772) + 0 : |- msdtc.exe (8) + 0 : |- svchost.exe (888) + 0 : |- svchost.exe (948) + 0 : |- svchost.exe (952) + 0 : |- lsass.exe (680) + 0 : |- fontdrvhost.exe (796) + 1 : csrss.exe (532) + 1 : winlogon.exe (616) + 1 : |- dwm.exe (72) + 1 : |- fontdrvhost.exe (804) + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : VMware, Inc. + Version : VMW201.00V.21805430.B64.2305221830 + Release date : 20230522000000.000000+000 + UUID : 49864D56-90AE-AE92-3262-D4BB39A19CB8 + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +c787a55353aad588a71405b27464402d + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +9aaa1db41951e72e4f554150267b8ef3 + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation +c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame +c:\windows\regedit.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation +e:\sql2022\expressadv_enu\setup.exe.applicationcompany : Microsoft Corporation +c:\windows\explorer.exe.friendlyappname : Windows Explorer +c:\windows\explorer.exe.applicationcompany : Microsoft Corporation +langid : . +c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console +c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation +c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll +e:\sql2022\expressadv_enu\setup.exe.friendlyappname : Sql Server Setup Bootstrapper +c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt +c:\windows\regedit.exe.friendlyappname : Registry Editor +c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\appresolver.dll.friendlyappname : App Resolver +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search + +MUICache report attached. + +335bea419dcac791ed52ec91cf14d882 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below : + + - Administrative Tools + - AppData + - Cache + - CD Burning + - Cookies + - Desktop + - Favorites + - Fonts + - History + - Local AppData + - My Music + - My Pictures + - My Video + - NetHood + - Personal + - PrintHood + - Programs + - Recent + - SendTo + - Start Menu + - Startup + - Templates +microsoft_windows_shellfolder_settings.nasl +2018/05/16 +User Shell Folders Settings +2016/07/19 +local +None +1.5 +https://technet.microsoft.com/en-us/library/cc962613.aspx +n/a +Nessus was able to find the folder paths for user folders on the remote host. +soteria + - {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches + - {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries + - {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads + - recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent + - my video : C:\Users\Administrator\Videos + - my music : C:\Users\Administrator\Music + - {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts + - {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links + - {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow + - sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo + - start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu + - cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies + - personal : C:\Users\Administrator\Documents + - administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools + - startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup + - nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts + - history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History + - {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games + - {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles + - !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead + - local appdata : C:\Users\Administrator\AppData\Local + - my pictures : C:\Users\Administrator\Pictures + - templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates + - printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts + - cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache + - desktop : C:\Users\Administrator\Desktop + - programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs + - fonts : C:\Windows\Fonts + - cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn + - favorites : C:\Users\Administrator\Favorites + - appdata : C:\Users\Administrator\AppData\Roaming + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence of files opened by file type from the remote host. +microsoft_windows_recent_files.nasl +2018/11/15 +Recent File History +2016/07/19 +local +None +1.7 +https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html +n/a +Nessus was able to enumerate recently opened files on the remote host. +C:\\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Recent\System.lnk + +Recent files found in registry and appdata attached. + +4f8ad2ab88997272b32b3cb63def1f25 +b4a1a99a9279a3e6d1997e2a13a18d86 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Administrator\Downloads\desktop.ini +C:\\Users\degthat\Downloads\desktop.ini +C:\\Users\degthat.WIN-95GFQRRMAS4\Downloads\desktop.ini +C:\\Users\Public\Downloads\desktop.ini + +Download folder content report attached. + +5699da73297fce020d8b43680ac05977 + + +windows +cpe:/o:microsoft:windows +Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user. +microsoft_windows_regedit_lastkey.nasl +2018/11/15 +Registry Editor Last Accessed +2016/07/19 +local +None +1.6 +https://support.microsoft.com/en-us/help/244004 +n/a +Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host. +soteria + - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. +microsoft.windows.controlpanel +windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel +microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5} +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe +{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk +microsoft.windows.search_cw5n1h2txyewy!cortanaui +c:\users\administrator\desktop\chromestandalonesetup64.exe +microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy!app +{f38bf404-1d43-42f2-9305-67de0b28fc23}\systemtemp\guma81c.tmp\googleupdate.exe +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk +ueme_ctlcuacount:ctor +{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe +microsoft.windows.explorer +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk +e:\sql2022\expressadv_enu\x64\landingpage.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe +ueme_ctlsession +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\registry editor.lnk +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk +{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe +{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe +e:\sql2022\expressadv_enu\x64\scenarioengine.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe +e:\sql2022\expressadv_enu\setup.exe +chrome + +Extended userassist report attached. + +edc657304f9268bccd3d5aca4a1c4294 + + +windows +True +software_enumeration +cpe:/a:microsoft:sql_server +Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host. +mssql_version.nasl +0001-T-0800 +2023/06/29 +Microsoft SQL Server Detection (credentialed check) +2003/01/26 +local +None +1.156 +http://www.nessus.org/u?e45407e9 +Ensure the latest service pack and hotfixes are installed. +The remote host has a database server installed. +true +IAVT:0001-T-0800 + Version : 16.0.1000.6 + Edition : Express Edition + Path : E:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\Binn + Named Instance : SQLEXPRESS + + + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-544 +Members : + Name : soteria + Domain : SOT-WIN2K22-SQL + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Name : degthat + Domain : SOT-WIN2K22-SQL + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + +Group Name : Backup Operators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-551 +Members : + +Group Name : Certificate Service DCOM Access +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-574 +Members : + +Group Name : Cryptographic Operators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-569 +Members : + +Group Name : Device Owners +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-583 +Members : + +Group Name : Distributed COM Users +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-546 +Members : + Name : Guest + Domain : SOT-WIN2K22-SQL + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-501 + +Group Name : Hyper-V Administrators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-568 +Members : + Name : IUSR + Domain : SOT-WIN2K22-SQL + Class : Win32_SystemAccount + SID : S-1-5-17 + +Group Name : Network Configuration Operators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-558 +Members : + Name : MSSQL$SQLEXPRESS + Domain : NT SERVICE + Class : Win32_SystemAccount + SID : + Name : SQLAgent$SQLEXPRESS + Domain : NT SERVICE + Class : Win32_SystemAccount + SID : + +Group Name : Power Users +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-547 +Members : + +Group Name : Print Operators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-550 +Members : + +Group Name : RDS Endpoint Servers +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-576 +Members : + +Group Name : RDS Management Servers +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-577 +Members : + +Group Name : RDS Remote Access Servers +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-575 +Members : + +Group Name : Remote Desktop Users +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-552 +Members : + +Group Name : Storage Replica Administrators +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-582 +Members : + +Group Name : System Managed Accounts Group +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : SOT-WIN2K22-SQL + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + +Group Name : Users +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : SOT-WIN2K22-SQL + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : SOT-WIN2K22-SQL + Class : Win32_SystemAccount + SID : S-1-5-11 + +Group Name : SQLRUserGroupSQLEXPRESS +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-21-746496990-2641142201-3713043312-1003 +Members : + Name : MSSQLLaunchpad$SQLEXPRESS + Domain : NT SERVICE + Class : Win32_SystemAccount + SID : + +Group Name : SQLServer2005SQLBrowserUser$SOT-WIN2K22-SQL +Host Name : SOT-WIN2K22-SQL +Group SID : S-1-5-21-746496990-2641142201-3713043312-1002 +Members : + Name : SQLBrowser + Domain : NT SERVICE + Class : Win32_SystemAccount + SID : + + + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware20,1 + Computer SerialNumber : VMware-56 4d 86 49 ae 90 92 ae-32 62 d4 bb 39 a1 9c b8 + Computer Type : Other + + Computer Physical CPU's : 2 + Computer Logical CPU's : 2 + CPU0 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + CPU1 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + + Computer Memory : 4095 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 4096 MB + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.3 + Driver Date : 04/28/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +windows +True +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI. +wmi_enum_qfes.nbin +2024/01/16 +WMI QuickFixEngineering (QFE) Enumeration +2011/02/16 +local +None +1.220 +http://www.nessus.org/u?0c4ec249 +n/a +The remote Windows host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + ++ KB5033914 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5012170 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034129 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034286 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5034439 + - Description : Security Update + - InstalledOn : 2/2/2024 + +Note that for detailed information on installed QFE's such as InstalledBy, Caption, +and so on, please run the scan with 'Report Verbosity' set to 'verbose'. + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d 86 49 ae 90 92 ae-32 62 d4 bb 39 a1 9c b8 + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware20,1 + - UUID : 49864D56-90AE-AE92-3262-D4BB39A19CB8 + - Version : None + + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - .NET Framework 4.8 + - .NET Framework 4.8 Features + - Azure Arc Setup + - File and Storage Services + - Microsoft Defender Antivirus + - Storage Services + - System Data Archiver + - TCP Port Sharing + - WCF Services + - Windows PowerShell + - Windows PowerShell 5.1 + - WoW64 Support + - XPS Viewer + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.1.20348.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.20348 +Architecture = x64 +Build lab extended = 20348.1.amd64fre.fe_release.210507-1500 + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 524). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2820). + +This process 'svchost.exe' (pid 2820) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2444). + +This process 'svchost.exe' (pid 2444) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 664). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1848). + +This process 'svchost.exe' (pid 1848) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1552). + +This process 'svchost.exe' (pid 1552) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2340). + +This process 'spoolsv.exe' (pid 2340) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2740). + +This process 'svchost.exe' (pid 2740) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 888). + +This process 'svchost.exe' (pid 888) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 3700). + +This process 'svchost.exe' (pid 3700) is hosting the following Windows services : +PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1848). + +This process 'svchost.exe' (pid 1848) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 680). + +This process 'lsass.exe' (pid 680) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1240). + +This process 'svchost.exe' (pid 1240) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2444). + +This process 'svchost.exe' (pid 2444) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: DefaultAccount + SID: S-1-5-21-746496990-2641142201-3713043312-503 + DisableCMD: Unset + +Username: soteria + SID: S-1-5-21-746496990-2641142201-3713043312-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-746496990-2641142201-3713043312-504 + DisableCMD: Unset + +Username: Guest + SID: S-1-5-21-746496990-2641142201-3713043312-501 + DisableCMD: Unset + +Username: degthat + SID: S-1-5-21-746496990-2641142201-3713043312-1001 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : DefaultAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : degthat + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Guest + SID : S-1-5-21-746496990-2641142201-3713043312-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : soteria + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-746496990-2641142201-3713043312-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 5 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 20 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 65238/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49670/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 47001/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5985/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:50:56:3C:01:08 + - IPAddress/IPSubnet = 192.168.40.168/255.255.255.0 + - IPAddress/IPSubnet = fe80::ef84:55e5:499b:b57/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.168 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows Server 2022 Standard + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +Nessus was able to obtain the following information about the host, by +parsing the SMB2 Protocol's NTLM SSP message: + + Target Name: SOT-WIN2K22-SQL + NetBIOS Domain Name: SOT-WIN2K22-SQL + NetBIOS Computer Name: SOT-WIN2K22-SQL + DNS Domain Name: SOT-WIN2K22-SQL + DNS Computer Name: SOT-WIN2K22-SQL + DNS Tree Name: unknown + Product Version: 10.0.20348 + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 3 NetBIOS names have been gathered : + + SOT-WIN2K22-SQL = Computer name + WORKGROUP = Workgroup / Domain name + SOT-WIN2K22-SQL = File Server Service + +The remote host has the following MAC address on its adapter : + + 00:50:56:3c:01:08 + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49670 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0 +Description : Unknown RPC service +Annotation : Remote Fw APIs +Type : Remote RPC service +TCP Port : 49670 +IP : 192.168.40.168 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.168 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.168 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.168 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.168 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.168 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.168 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.168 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-SQL + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-SQL + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE6A570C18C16371DF498B7F6B6842 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-749008e8ce61b81710 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE6A570C18C16371DF498B7F6B6842 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-749008e8ce61b81710 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE6A570C18C16371DF498B7F6B6842 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-749008e8ce61b81710 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 +Description : Unknown RPC service +Annotation : PcaSvc +Type : Local RPC service +Named pipe : LRPC-c47ecae28f62faeb9c + +Object UUID : 8261d809-2d4b-4cb9-a475-bcd01ff9f65c +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-e10211b6bfd300f11c + +Object UUID : f28d3f08-153d-464a-8aad-971c0ecbfc52 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-e10211b6bfd300f11c + +Object UUID : 2fd5224e-df9c-4906-b6c7-5063d084b4f1 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-e10211b6bfd300f11c + +Object UUID : f2634a97-2095-4e0a-bd35-e06b8f0da5c1 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLE80DFCFC65E0CB380B7E997B52410 + +Object UUID : f2634a97-2095-4e0a-bd35-e06b8f0da5c1 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-4175778725f7422fc7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d8140e00-5c46-4ae6-80ac-2f9a76df224c, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-051f562a2466e33163 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d249bd56-4cc0-4fd3-8ce6-6fe050d590cb, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-051f562a2466e33163 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7df1ceae-de4e-4e6f-ab14-49636e7c2052, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-a6337da11721699fe3 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEE144F5C746B2336F3575F84AAED2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-2ced72673f548178b4 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-1a2b9b9191b089cb55 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-f317e1733fc8211e15 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-58760c721ac55a0cde + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-58760c721ac55a0cde + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-8374b263142b440377 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-8374b263142b440377 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-8374b263142b440377 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-8374b263142b440377 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLE5DB85DF665EA1720D8389683BD79 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-105bd183dae32eb811 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-105bd183dae32eb811 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-105bd183dae32eb811 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-105bd183dae32eb811 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-105bd183dae32eb811 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-12a5b1f431a89e46ba + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-12a5b1f431a89e46ba + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-0eb54106f591eccd09 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-12a5b1f431a89e46ba + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-0eb54106f591eccd09 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-eb7fa95ed00df088d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-12a5b1f431a89e46ba + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-0eb54106f591eccd09 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-eb7fa95ed00df088d2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-3d37ef30c9b86ac0ed + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE67282924F9302831B4ED3085A8DA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6e602ff6cdb10d474a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE67282924F9302831B4ED3085A8DA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6e602ff6cdb10d474a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE67282924F9302831B4ED3085A8DA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6e602ff6cdb10d474a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE67282924F9302831B4ED3085A8DA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6e602ff6cdb10d474a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE67282924F9302831B4ED3085A8DA + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6e602ff6cdb10d474a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLE2533BE800AAEC1211D14EC221A0F + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-00f7a0f9693279b6ee + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLE2533BE800AAEC1211D14EC221A0F + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-00f7a0f9693279b6ee + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-7cc715b856bc2e4138 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-121bfc34eb8e1d7b22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-121bfc34eb8e1d7b22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-121bfc34eb8e1d7b22 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-c1dc2ec7829853003f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : d07b9142-a41c-4e0c-ae18-a2f86c1dd83d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : OLEDC894ADDA5B1C5DCE0C55613B5AB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : LRPC-f507f56dc45f7ff69d + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-9250a29bc121770ead + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-0ccb76780266e7b255 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-0ccb76780266e7b255 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-0ccb76780266e7b255 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-0ccb76780266e7b255 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8cbbd210567e2a688e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-0ccb76780266e7b255 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8cbbd210567e2a688e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-0ccb76780266e7b255 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8cbbd210567e2a688e + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 6c637067-6569-746e-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-d4d9a6fd9b9c6eb208 + +Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 +UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 +Description : Unknown RPC service +Annotation : Group Policy RPC Interface +Type : Local RPC service +Named pipe : LRPC-9a5d3f0636d2814e4b + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED6A2149A6D7DA5F62EFE06E6E905 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-999630315357890760 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-dca2f5b998a411c43f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-42d15aaee94ea10fc7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-42d15aaee94ea10fc7 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5f7a9eef1ddb10ef8a + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-65c08bde40bd31b33b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-5c6ed918f674846144 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-65c08bde40bd31b33b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLE57C06672AED75CC6424B9F2CED6D + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-246f57b36a4f988e55 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e2afa2bcdf7837657 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A8901 + +Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 +UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 +Description : Unknown RPC service +Annotation : Secure Desktop LRPC interface +Type : Local RPC service +Named pipe : WMsgKRpc0A8901 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-e08711b2b42fcebe9f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e45d1f17f800df8dc9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e45d1f17f800df8dc9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af16019beb0da0f5e6 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e45d1f17f800df8dc9 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af16019beb0da0f5e6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e45d1f17f800df8dc9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af16019beb0da0f5e6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-37c2f6cdf3d87c877b + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e45d1f17f800df8dc9 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af16019beb0da0f5e6 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-37c2f6cdf3d87c877b + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-72ba87096b424d5e1f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE4FDBC809C9DE2689A7B2ABFA474A + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-21e05dd8cf146b0ef2 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e45d1f17f800df8dc9 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-af16019beb0da0f5e6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-37c2f6cdf3d87c877b + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : dabrpc + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A61A0 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A61A0 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + +1706896085 +Fri Feb 2 09:48:05 2024 +983 +0 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024): Upgrade to VMware Tools version 12.3.5 or later. +CVE-2024-21388, CVE-2024-21337, CVE-2024-20721, CVE-2024-20709, CVE-2024-20675, CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707, CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702, CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508, CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996, CVE-2023-5859, CVE-2023-5858, CVE-2023-5857, CVE-2023-5856, CVE-2023-5855, CVE-2023-5854, CVE-2023-5853, CVE-2023-5852, CVE-2023-5851, CVE-2023-5850, CVE-2023-5849, CVE-2023-5487, CVE-2023-5486, CVE-2023-5485, CVE-2023-5484, CVE-2023-5483, CVE-2023-5482, CVE-2023-5481, CVE-2023-5480, CVE-2023-5479, CVE-2023-5478, CVE-2023-5477, CVE-2023-5476, CVE-2023-5475, CVE-2023-5474, CVE-2023-5473, CVE-2023-5472, CVE-2023-5346, CVE-2023-5218, CVE-2023-5217, CVE-2023-5187, CVE-2023-5186, CVE-2023-4909, CVE-2023-4908, CVE-2023-4907, CVE-2023-4906, CVE-2023-4905, CVE-2023-4904, CVE-2023-4903, CVE-2023-4902, CVE-2023-4901, CVE-2023-4900, CVE-2023-4863, CVE-2023-4764, CVE-2023-4763, CVE-2023-4762, CVE-2023-4761, CVE-2023-4572, CVE-2023-44323, CVE-2023-4431, CVE-2023-4430, CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4368, CVE-2023-4367, CVE-2023-4366, CVE-2023-4365, CVE-2023-4364, CVE-2023-4363, CVE-2023-4362, CVE-2023-4361, CVE-2023-4360, CVE-2023-4359, CVE-2023-4358, CVE-2023-4357, CVE-2023-4356, CVE-2023-4355, CVE-2023-4354, CVE-2023-4353, CVE-2023-4352, CVE-2023-4351, CVE-2023-4350, CVE-2023-4349, CVE-2023-4078, CVE-2023-4077, CVE-2023-4076, CVE-2023-4075, CVE-2023-4074, CVE-2023-4073, CVE-2023-4072, CVE-2023-4071, CVE-2023-4070, CVE-2023-4069, CVE-2023-4068, CVE-2023-38187, CVE-2023-38174, CVE-2023-38173, CVE-2023-38158, CVE-2023-38157, CVE-2023-3740, CVE-2023-3738, CVE-2023-3737, CVE-2023-3736, CVE-2023-3735, CVE-2023-3734, CVE-2023-3733, CVE-2023-3732, CVE-2023-3730, CVE-2023-3728, CVE-2023-3727, CVE-2023-36888, CVE-2023-36887, CVE-2023-36883, CVE-2023-36880, CVE-2023-36878, CVE-2023-36787, CVE-2023-36741, CVE-2023-36735, CVE-2023-36727, CVE-2023-36562, CVE-2023-36559, CVE-2023-36409, CVE-2023-36034, CVE-2023-36029, CVE-2023-36026, CVE-2023-36024, CVE-2023-36022, CVE-2023-36014, CVE-2023-36008, CVE-2023-35618, CVE-2023-35392, CVE-2023-3422, CVE-2023-3421, CVE-2023-3420, CVE-2023-33145, CVE-2023-3217, CVE-2023-3216, CVE-2023-3215, CVE-2023-3214, CVE-2023-3079, CVE-2023-29354, CVE-2023-29350, CVE-2023-29334, CVE-2023-28301, CVE-2023-28286, CVE-2023-28284, CVE-2023-28261, CVE-2023-2726, CVE-2023-2725, CVE-2023-2724, CVE-2023-2723, CVE-2023-2722, CVE-2023-2721, CVE-2023-24935, CVE-2023-2468, CVE-2023-2467, CVE-2023-2466, CVE-2023-2465, CVE-2023-2464, CVE-2023-2463, CVE-2023-2462, CVE-2023-2460, CVE-2023-2459, CVE-2023-23374, CVE-2023-2312, CVE-2023-21795, CVE-2023-21794, CVE-2023-21720, CVE-2023-21719, CVE-2023-2137, CVE-2023-2135, CVE-2023-2134, CVE-2023-2133, CVE-2023-2033, CVE-2023-1999, CVE-2023-1534, CVE-2023-1533, CVE-2023-1532, CVE-2023-1531, CVE-2023-1530, CVE-2023-1529, CVE-2023-1528, CVE-2023-1236, CVE-2023-1235, CVE-2023-1234, CVE-2023-1233, CVE-2023-1232, CVE-2023-1231, CVE-2023-1230, CVE-2023-1229, CVE-2023-1228, CVE-2023-1224, CVE-2023-1223, CVE-2023-1222, CVE-2023-1221, CVE-2023-1220, CVE-2023-1219, CVE-2023-1218, CVE-2023-1217, CVE-2023-1216, CVE-2023-1215, CVE-2023-1214, CVE-2023-1213, CVE-2023-0941, CVE-2023-0933, CVE-2023-0932, CVE-2023-0931, CVE-2023-0930, CVE-2023-0929, CVE-2023-0928, CVE-2023-0927, CVE-2023-0705, CVE-2023-0704, CVE-2023-0703, CVE-2023-0702, CVE-2023-0701, CVE-2023-0700, CVE-2023-0699, CVE-2023-0698, CVE-2023-0697, CVE-2023-0696, CVE-2023-0474, CVE-2023-0473, CVE-2023-0472, CVE-2023-0471, CVE-2023-0141, CVE-2023-0140, CVE-2023-0139, CVE-2023-0138, CVE-2023-0136, CVE-2023-0135, CVE-2023-0134, CVE-2023-0133, CVE-2023-0132, CVE-2023-0131, CVE-2023-0130, CVE-2023-0129, CVE-2022-44708, CVE-2022-44688, CVE-2022-4440, CVE-2022-4439, CVE-2022-4438, CVE-2022-4437, CVE-2022-4436, CVE-2022-4262, CVE-2022-4195, CVE-2022-4194, CVE-2022-4193, CVE-2022-4192, CVE-2022-4191, CVE-2022-4190, CVE-2022-4189, CVE-2022-4188, CVE-2022-4187, CVE-2022-4186, CVE-2022-4185, CVE-2022-4184, CVE-2022-4183, CVE-2022-4182, CVE-2022-4181, CVE-2022-4180, CVE-2022-4179, CVE-2022-4178, CVE-2022-4177, CVE-2022-4175, CVE-2022-4174, CVE-2022-4135, CVE-2022-41115, CVE-2022-3890, CVE-2022-3889, CVE-2022-3888, CVE-2022-3887, CVE-2022-3886, CVE-2022-3885, CVE-2022-38012, CVE-2022-3723, CVE-2022-3661, CVE-2022-3660, CVE-2022-3657, CVE-2022-3656, CVE-2022-3655, CVE-2022-3654, CVE-2022-3653, CVE-2022-3652, CVE-2022-35796, CVE-2022-3450, CVE-2022-3449, CVE-2022-3447, CVE-2022-3446, CVE-2022-3445, CVE-2022-3373, CVE-2022-3370, CVE-2022-33680, CVE-2022-33649, CVE-2022-33639, CVE-2022-33636, CVE-2022-3200, CVE-2022-3199, CVE-2022-3198, CVE-2022-3197, CVE-2022-3196, CVE-2022-3195, CVE-2022-3075, CVE-2022-3058, CVE-2022-3057, CVE-2022-3056, CVE-2022-3055, CVE-2022-3054, CVE-2022-3053, CVE-2022-3047, CVE-2022-3046, CVE-2022-3045, CVE-2022-3044, CVE-2022-3041, CVE-2022-3040, CVE-2022-3039, CVE-2022-3038, CVE-2022-30128, CVE-2022-30127, CVE-2022-29147, CVE-2022-29146, CVE-2022-29144, CVE-2022-2861, CVE-2022-2860, CVE-2022-2858, CVE-2022-2857, CVE-2022-2856, CVE-2022-2855, CVE-2022-2854, CVE-2022-2853, CVE-2022-2852, CVE-2022-26912, CVE-2022-26909, CVE-2022-26908, CVE-2022-26905, CVE-2022-26900, CVE-2022-26899, CVE-2022-26895, CVE-2022-26894, CVE-2022-26891, CVE-2022-2624, CVE-2022-2623, CVE-2022-2622, CVE-2022-2621, CVE-2022-2619, CVE-2022-2618, CVE-2022-2617, CVE-2022-2616, CVE-2022-2615, CVE-2022-2614, CVE-2022-2612, CVE-2022-2611, CVE-2022-2610, CVE-2022-2606, CVE-2022-2605, CVE-2022-2604, CVE-2022-2603, CVE-2022-2481, CVE-2022-2480, CVE-2022-2479, CVE-2022-2478, CVE-2022-2477, CVE-2022-24523, CVE-2022-24475, CVE-2022-23264, CVE-2022-23263, CVE-2022-23262, CVE-2022-23261, CVE-2022-23258, CVE-2022-2294, CVE-2022-22021, CVE-2022-21970, CVE-2022-21954, CVE-2022-21931, CVE-2022-21930, CVE-2022-21929, CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, CVE-2022-2007, CVE-2022-1876, CVE-2022-1875, CVE-2022-1874, CVE-2022-1873, CVE-2022-1872, CVE-2022-1871, CVE-2022-1870, CVE-2022-1869, CVE-2022-1868, CVE-2022-1867, CVE-2022-1865, CVE-2022-1864, CVE-2022-1863, CVE-2022-1862, CVE-2022-1859, CVE-2022-1858, CVE-2022-1857, CVE-2022-1856, CVE-2022-1855, CVE-2022-1854, CVE-2022-1853, CVE-2022-1640, CVE-2022-1639, CVE-2022-1638, CVE-2022-1637, CVE-2022-1636, CVE-2022-1635, CVE-2022-1634, CVE-2022-1501, CVE-2022-1500, CVE-2022-1499, CVE-2022-1498, CVE-2022-1497, CVE-2022-1495, CVE-2022-1494, CVE-2022-1493, CVE-2022-1492, CVE-2022-1491, CVE-2022-1490, CVE-2022-1488, CVE-2022-1487, CVE-2022-1486, CVE-2022-1485, CVE-2022-1484, CVE-2022-1483, CVE-2022-1482, CVE-2022-1481, CVE-2022-1479, CVE-2022-1478, CVE-2022-1477, CVE-2022-1364, CVE-2022-1314, CVE-2022-1313, CVE-2022-1312, CVE-2022-1310, CVE-2022-1309, CVE-2022-1308, CVE-2022-1307, CVE-2022-1306, CVE-2022-1305, CVE-2022-1232, CVE-2022-1146, CVE-2022-1145, CVE-2022-1143, CVE-2022-1139, CVE-2022-1138, CVE-2022-1137, CVE-2022-1136, CVE-2022-1135, CVE-2022-1134, CVE-2022-1133, CVE-2022-1131, CVE-2022-1130, CVE-2022-1129, CVE-2022-1128, CVE-2022-1127, CVE-2022-1125, CVE-2022-1096, CVE-2022-0980, CVE-2022-0979, CVE-2022-0978, CVE-2022-0977, CVE-2022-0976, CVE-2022-0975, CVE-2022-0974, CVE-2022-0973, CVE-2022-0972, CVE-2022-0971, CVE-2022-0809, CVE-2022-0808, CVE-2022-0807, CVE-2022-0806, CVE-2022-0805, CVE-2022-0804, CVE-2022-0803, CVE-2022-0802, CVE-2022-0801, CVE-2022-0800, CVE-2022-0799, CVE-2022-0798, CVE-2022-0797, CVE-2022-0796, CVE-2022-0795, CVE-2022-0794, CVE-2022-0793, CVE-2022-0792, CVE-2022-0791, CVE-2022-0790, CVE-2022-0789, CVE-2022-0610, CVE-2022-0609, CVE-2022-0608, CVE-2022-0607, CVE-2022-0606, CVE-2022-0605, CVE-2022-0604, CVE-2022-0603, CVE-2022-0120, CVE-2022-0118, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0109, CVE-2022-0108, CVE-2022-0107, CVE-2022-0106, CVE-2022-0105, CVE-2022-0104, CVE-2022-0103, CVE-2022-0102, CVE-2022-0101, CVE-2022-0100, CVE-2022-0099, CVE-2022-0098, CVE-2022-0097, CVE-2022-0096, CVE-2021-43221, CVE-2021-42308, CVE-2021-42307, CVE-2021-4102, CVE-2021-4101, CVE-2021-4100, CVE-2021-4099, CVE-2021-4098, CVE-2021-4068, CVE-2021-4067, CVE-2021-4066, CVE-2021-4065, CVE-2021-4064, CVE-2021-4063, CVE-2021-4062, CVE-2021-4061, CVE-2021-4059, CVE-2021-4058, CVE-2021-4057, CVE-2021-4056, CVE-2021-4055, CVE-2021-4054, CVE-2021-4053, CVE-2021-4052, CVE-2021-38669, CVE-2021-38642, CVE-2021-38641, CVE-2021-38022, CVE-2021-38021, CVE-2021-38020, CVE-2021-38019, CVE-2021-38018, CVE-2021-38017, CVE-2021-38016, CVE-2021-38015, CVE-2021-38014, CVE-2021-38013, CVE-2021-38012, CVE-2021-38011, CVE-2021-38010, CVE-2021-38009, CVE-2021-38008, CVE-2021-38007, CVE-2021-38006, CVE-2021-38005, CVE-2021-38003, CVE-2021-38002, CVE-2021-38001, CVE-2021-38000, CVE-2021-37999, CVE-2021-37998, CVE-2021-37997, CVE-2021-37996, CVE-2021-37995, CVE-2021-37994, CVE-2021-37993, CVE-2021-37992, CVE-2021-37991, CVE-2021-37990, CVE-2021-37989, CVE-2021-37988, CVE-2021-37987, CVE-2021-37986, CVE-2021-37985, CVE-2021-37984, CVE-2021-37983, CVE-2021-37982, CVE-2021-37981, CVE-2021-37980, CVE-2021-37979, CVE-2021-37978, CVE-2021-37977, CVE-2021-37976, CVE-2021-37975, CVE-2021-37974, CVE-2021-37973, CVE-2021-37972, CVE-2021-37971, CVE-2021-37970, CVE-2021-37969, CVE-2021-37968, CVE-2021-37967, CVE-2021-37966, CVE-2021-37965, CVE-2021-37964, CVE-2021-37963, CVE-2021-37962, CVE-2021-37961, CVE-2021-37959, CVE-2021-37958, CVE-2021-37957, CVE-2021-37956, CVE-2021-36930, CVE-2021-34506, CVE-2021-34475, CVE-2021-33741, CVE-2021-30633, CVE-2021-30632, CVE-2021-30630, CVE-2021-30629, CVE-2021-30628, CVE-2021-30627, CVE-2021-30626, CVE-2021-30625, CVE-2021-30624, CVE-2021-30623, CVE-2021-30622, CVE-2021-30621, CVE-2021-30620, CVE-2021-30619, CVE-2021-30618, CVE-2021-30617, CVE-2021-30616, CVE-2021-30615, CVE-2021-30614, CVE-2021-30613, CVE-2021-30612, CVE-2021-30611, CVE-2021-30610, CVE-2021-30609, CVE-2021-30608, CVE-2021-30607, CVE-2021-30606, CVE-2021-30604, CVE-2021-30603, CVE-2021-30602, CVE-2021-30601, CVE-2021-30599, CVE-2021-30598, CVE-2021-30597, CVE-2021-30596, CVE-2021-30594, CVE-2021-30593, CVE-2021-30592, CVE-2021-30591, CVE-2021-30590, CVE-2021-30589, CVE-2021-30588, CVE-2021-30587, CVE-2021-30586, CVE-2021-30585, CVE-2021-30584, CVE-2021-30583, CVE-2021-30582, CVE-2021-30581, CVE-2021-30580, CVE-2021-30579, CVE-2021-30578, CVE-2021-30577, CVE-2021-30576, CVE-2021-30575, CVE-2021-30574, CVE-2021-30573, CVE-2021-30572, CVE-2021-30571, CVE-2021-30569, CVE-2021-30568, CVE-2021-30567, CVE-2021-30566, CVE-2021-30565, CVE-2021-30564, CVE-2021-30563, CVE-2021-30562, CVE-2021-30561, CVE-2021-30560, CVE-2021-30559, CVE-2021-30557, CVE-2021-30556, CVE-2021-30555, CVE-2021-30554, CVE-2021-30553, CVE-2021-30552, CVE-2021-30551, CVE-2021-30550, CVE-2021-30549, CVE-2021-30548, CVE-2021-30547, CVE-2021-30546, CVE-2021-30545, CVE-2021-30544, CVE-2021-30541, CVE-2021-30540, CVE-2021-30539, CVE-2021-30538, CVE-2021-30537, CVE-2021-30536, CVE-2021-30535, CVE-2021-30534, CVE-2021-30533, CVE-2021-30532, CVE-2021-30531, CVE-2021-30530, CVE-2021-30529, CVE-2021-30528, CVE-2021-30527, CVE-2021-30526, CVE-2021-30525, CVE-2021-30524, CVE-2021-30523, CVE-2021-30522, CVE-2021-30521, CVE-2021-30520, CVE-2021-30519, CVE-2021-30518, CVE-2021-30517, CVE-2021-30516, CVE-2021-30515, CVE-2021-30514, CVE-2021-30513, CVE-2021-30512, CVE-2021-30511, CVE-2021-30510, CVE-2021-30509, CVE-2021-30508, CVE-2021-30507, CVE-2021-30506, CVE-2021-26439, CVE-2021-26436, CVE-2021-24113, CVE-2021-21233, CVE-2021-21232, CVE-2021-21231, CVE-2021-21230, CVE-2021-21229, CVE-2021-21228, CVE-2021-21227, CVE-2021-21226, CVE-2021-21225, CVE-2021-21224, CVE-2021-21223, CVE-2021-21222, CVE-2021-21221, CVE-2021-21220, CVE-2021-21219, CVE-2021-21218, CVE-2021-21217, CVE-2021-21216, CVE-2021-21215, CVE-2021-21214, CVE-2021-21213, CVE-2021-21212, CVE-2021-21211, CVE-2021-21210, CVE-2021-21209, CVE-2021-21208, CVE-2021-21207, CVE-2021-21206, CVE-2021-21205, CVE-2021-21204, CVE-2021-21203, CVE-2021-21202, CVE-2021-21201, CVE-2021-21199, CVE-2021-21198, CVE-2021-21197, CVE-2021-21196, CVE-2021-21195, CVE-2021-21194, CVE-2021-21193, CVE-2021-21192, CVE-2021-21191, CVE-2021-21190, CVE-2021-21189, CVE-2021-21188, CVE-2021-21187, CVE-2021-21186, CVE-2021-21185, CVE-2021-21184, CVE-2021-21183, CVE-2021-21182, CVE-2021-21181, CVE-2021-21180, CVE-2021-21179, CVE-2021-21178, CVE-2021-21177, CVE-2021-21176, CVE-2021-21175, CVE-2021-21174, CVE-2021-21173, CVE-2021-21172, CVE-2021-21171, CVE-2021-21170, CVE-2021-21169, CVE-2021-21168, CVE-2021-21167, CVE-2021-21166, CVE-2021-21165, CVE-2021-21164, CVE-2021-21163, CVE-2021-21162, CVE-2021-21161, CVE-2021-21160, CVE-2021-21159, CVE-2021-21157, CVE-2021-21156, CVE-2021-21155, CVE-2021-21154, CVE-2021-21153, CVE-2021-21152, CVE-2021-21151, CVE-2021-21150, CVE-2021-21149, CVE-2021-21148, CVE-2021-21147, CVE-2021-21146, CVE-2021-21145, CVE-2021-21144, CVE-2021-21143, CVE-2021-21142, CVE-2021-21141, CVE-2021-21140, CVE-2021-21139, CVE-2021-21137, CVE-2021-21136, CVE-2021-21135, CVE-2021-21134, CVE-2021-21133, CVE-2021-21132, CVE-2021-21131, CVE-2021-21130, CVE-2021-21129, CVE-2021-21128, CVE-2021-21127, CVE-2021-21126, CVE-2021-21125, CVE-2021-21124, CVE-2021-21123, CVE-2021-21122, CVE-2021-21121, CVE-2021-21120, CVE-2021-21119, CVE-2021-21118, CVE-2021-21116, CVE-2021-21115, CVE-2021-21114, CVE-2021-21113, CVE-2021-21112, CVE-2021-21111, CVE-2021-21110, CVE-2021-21109, CVE-2021-21108, CVE-2021-21107, CVE-2021-21106, CVE-2020-27844, CVE-2020-16044, CVE-2020-16043, CVE-2020-16042, CVE-2020-16041, CVE-2020-16040, CVE-2020-16039, CVE-2020-16038, CVE-2020-16037, CVE-2020-16036, CVE-2020-16034, CVE-2020-16033, CVE-2020-16032, CVE-2020-16031, CVE-2020-16030, CVE-2020-16029, CVE-2020-16028, CVE-2020-16027, CVE-2020-16026, CVE-2020-16025, CVE-2020-16024, CVE-2020-16023, CVE-2020-16022, CVE-2020-16018, CVE-2020-16017, CVE-2020-16016, CVE-2020-16015, CVE-2020-16014, CVE-2020-16013, CVE-2020-16012, CVE-2020-16011, CVE-2020-16009, CVE-2020-16008, CVE-2020-16007, CVE-2020-16006, CVE-2020-16005, CVE-2020-16004, CVE-2020-16003, CVE-2020-16002, CVE-2020-16001, CVE-2020-16000, CVE-2020-15999, CVE-2020-15995, CVE-2019-8075 +933 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388): Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +1706896084 +Credentialed Patch Audit +cpe:/o:microsoft:windows +windows +100 +SMB_OS +[{"FQDN":"SOT-WIN2K22-WEB","sources":["get_host_fqdn()"]}] +00:50:56:36:0D:06 +general-purpose +Microsoft Windows Server 2022 Standard Build 20348 +{"CPE":"cpe:\/a:microsoft:windows_defender","Last check-in":null,"Path":"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.23110.3-0\\","Product":"Windows Defender","Product version":"4.18.23110.3","Running":"yes","Signature auto-update":"yes","Signature install date":"2024-02-02","Signature version":"1.403.3098.0","Subtype":"EPP","Type":"Endpoint","Vendor":"Microsoft"} +SOT-WIN2K22-WEB +WORKGROUP +SOT-WIN2K22-WEB +33774D56-9473-908C-A751-7860E37B2081 +[{"predicted-os": "Microsoft Windows 10 Pro", "confidence": 23},{"predicted-os": "Microsoft Windows 10 Enterprise", "confidence": 24}] + + P1:B11113:F0x12:W65392:O0204ffff:M1460: + P2:B11113:F0x12:W65535:O0204ffff010303080402080affffffff44454144:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190704_7_p=49668 +SOT-WIN2K22-WEB +true +192.168.40.167\degthat +smb +192.168.40.167 +1706895206 +Fri Feb 2 09:33:26 2024 + + +all +1 +The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date. + +Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled. +patches_summary.nbin +2024/01/16 +Patch Report +2013/07/08 +combined +None +1.253 +Install the patches listed below. +The remote host is missing several patches. + + +. You need to take the following 2 actions : + + +[ Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) (189605) ] + ++ Action to take : Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. + ++Impact : Taking this action will resolve 933 different vulnerabilities (CVEs). + + + +[ VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) (184130) ] + ++ Action to take : Upgrade to VMware Tools version 12.3.5 or later. + + + + + +1 +cpe:/o:microsoft:windows +To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards. +wmi_stop_registry_svc.nbin +2024/01/16 +SMB Registry : Stop the Registry Service after the scan (WMI) +2009/11/25 +local +None +1.204 +n/a +The registry service was stopped after the scan. + +The registry service was successfully stopped after the scan. + + +all +1 +This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. +scan_info.nasl +2023/07/31 +Nessus Scan Information +2005/08/26 +summary +None +1.119 +n/a +This plugin displays information about the Nessus scan. +true +Information about this scan : + +Nessus version : 10.6.4 +Nessus build : 20005 +Plugin feed version : 202402021215 +Scanner edition used : Nessus +Scanner OS : WINDOWS +Scanner distribution : win-x86-64 +Scan type : Normal +Scan name : Soteria all SVR scan +Scan policy used : Credentialed Patch Audit +Scanner IP : 192.168.40.39 +Port scanner(s) : wmi_netstat +Port range : default +Ping RTT : 33.019 ms +Thorough tests : no +Experimental tests : no +Plugin debugging enabled : no +Paranoia level : 1 +Report verbosity : 1 +Safe checks : yes +Optimize the test : yes +Credentialed checks : yes, as '192.168.40.167\degthat' via SMB +Patch management checks : None +Display superseded patches : yes (supersedence plugin launched) +CGI scanning : disabled +Web application tests : disabled +Max hosts : 30 +Max checks : 4 +Recv timeout : 5 +Backports : None +Allow post-scan editing : Yes +Nessus Plugin Signature Checking : Enabled +Audit File Signature Checking : Disabled +Scan Start Date : 2024/2/2 9:33 Pacific Standard Time +Scan duration : 866 sec +Scan for malware : no + + + +True +Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. +smb_dialects_enabled.nasl +2020/03/11 +Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) +2018/02/09 +remote +None +1.6 +n/a +It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host. + +The remote host supports the following SMB dialects : + _version_ _introduced in windows version_ + 2.0.2 Windows 2008 + 2.1 Windows 7 + 3.0 Windows 8 + 3.0.2 Windows 8.1 + 3.1.1 Windows 10 + +The remote host does NOT support the following SMB dialects : + _version_ _introduced in windows version_ + 2.2.2 Windows 8 Beta + 2.2.4 Windows 8 Beta + 3.1 Windows 10 + + + +windows +The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network. +smb-version-detect.nasl +2022/05/04 +Server Message Block (SMB) Protocol Version Detection +2022/05/04 +remote +None +1.1 +http://www.nessus.org/u?f463096b +http://www.nessus.org/u?1a4b3744 +Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices. +Verify the version of SMB on the remote host. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found. + - SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found. + + + +cpe:/o:microsoft:windows +Retrieves the status of Windows Credential Guard. + Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +credential_guard_status.nasl +2023/08/25 +Windows Credential Guard Status +2022/04/18 +local +None +1.3 +http://www.nessus.org/u?fb8c8c37 +n/a +Retrieves the status of Windows Credential Guard. + +Windows Credential Guard is not fully enabled. +The following registry keys have not been set : + - System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found. + - System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found. + - System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found. + + + +cpe:/o:microsoft:windows +The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks. +lsa_protection_status.nasl +2022/05/25 +Windows LSA Protection Status +2022/04/20 +local +None +1.3 +Enable LSA Protection per your corporate security guidelines. +Windows LSA Protection is disabled on the remote Windows host. + +LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found. + + + +cpe:/o:microsoft:windows +Checks Windows Registry for Service ACLs. +smb_reg_services_acl.nasl +2024/01/15 +Windows Services Registry ACL +2022/05/05 +local +None +1.5 +N/A +Checks Windows Registry for Service ACLs +Verbosity must be set to 'Report as much information as possible' for this plugin to produce output. + + +cpe:/o:microsoft:windows +Windows AlwaysInstallElevated policy status was found on the remote Windows host. + You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting. +windows_always_installed_elevated_status.nasl +2022/06/14 +Windows Always Installed Elevated Status +2022/06/14 +local +None +1.1 +If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines. +Windows AlwaysInstallElevated policy status was found on the remote Windows host +AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE. +AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-746496990-2641142201-3713043312-1001 + + + +True +software_enumeration +cpe:/a:microsoft:ie +cpe:/a:microsoft:internet_explorer +Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host. +microsoft_internet_explorer_installed.nbin +2024/01/16 +Microsoft Internet Explorer Installed +2022/06/28 +local +None +1.42 +https://support.microsoft.com/products/internet-explorer +n/a +A web browser is installed on the remote Windows host. + + Path : C:\Windows\system32\mshtml.dll + Version : 11.0.20348.2227 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host. +smb_language_detection.nasl +2022/02/01 +Windows Language Settings Detection +2021/04/14 +local +None +1.3 +n/a +This plugin enumerates language files on a windows host. +Default Install Language Code: 1033 + +Default Active Language Code: 1033 + +Other common microsoft Language packs may be scanned as well. + + +Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. + +Note that this plugin is purely informational. +ms_bulletin_checks_possible.nasl +2021/07/12 +Microsoft Patch Bulletin Feasibility Check +2011/12/06 +local +None +1.13 +n/a +Nessus is able to check for Microsoft patch bulletins. + + +Nessus is able to test for missing patches using : + Nessus + + + +cpe:/o:microsoft:windows +Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp. +microsoft_windows_last_boot.nasl +2018/07/09 +Microsoft Windows Last Boot Time +2016/07/19 +local +None +1.7 +n/a +Nessus was able to collect the remote host's last boot time in a human readable format. +Last reboot : 2024-02-02T12:19:15-05:00 (20240202121915.500000-300) + + +True +Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445. + +Note that this plugin is a remote check and does not work on agents. +smb_versions_enabled.nasl +2019/11/22 +Microsoft Windows SMB Versions Supported (remote check) +2017/06/19 +remote +None +1.2 +n/a +It was possible to obtain information about the version of SMB running on the remote host. + +The remote host supports the following versions of SMB : + SMBv2 + + + +This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc). +smb_accessible_shares_office_files.nasl +2011/03/21 +Microsoft Windows SMB Share Hosting Office Files +2007/01/04 +local +None +$Revision: 1.13 $ +Make sure that the files containing confidential information have proper access controls set on them. +The remote share contains Office-related files. + +Here is a list of office files which have been found on the remote SMB +shares : + + + C$ : + + - C:\Windows\System32\MSDRM\MsoIrmProtector.doc + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.doc + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.doc + - C:\Windows\System32\MSDRM\MsoIrmProtector.ppt + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.ppt + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.ppt + - C:\Windows\System32\MSDRM\MsoIrmProtector.xls + - C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls + - C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_973a2dbdbe834c5f\MsoIrmProtector.xls + - C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.20348.1_none_a18ed80ff2e40e5a\MsoIrmProtector.xls + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + - C:\Users\Administrator\Desktop\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Announcement.docx + + + E$ : + + - E:\Asteria\Google-Drive-2020-10-27\ENG\DOCUMENTATION\ARTIFACTS\WIP\._System design document template 1.doc + - E:\Asteria\Google-Drive-2020-10-27\ENG\DOCUMENTATION\ARTIFACTS\WIP\System design document template 1.doc + - E:\DoD-Tools\STIG-Viewer\HOW_TO_VIEW_SRGs_and_STIGs.doc + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\._Asteria Original (U) RMF SAR.xls + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\._Asteria Controls (Spencer 06152020).xls + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\._Asteria Controls_V2.xls + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\Asteria Controls (Spencer 06152020).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._Asteria Original (U) RMF SAR.xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._Asteria Controls (Spencer 06152020)(1).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._Asteria Controls (Spencer 06152020).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._Asteria Controls_V2(1).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._Asteria Controls_V2.xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\Asteria Controls (Spencer 06152020)(1).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\._Asteria Original (U) RMF SAR.xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\Asteria Original (U) RMF SAR(1).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\Asteria Original (U) RMF SAR.xls + - E:\Work folder\._Asteria Copy of (U) RMF SAR.xls + - E:\Work folder\Asteria Copy of (U) RMF SAR.xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\._Asteria Original (U) RMF SAR(1).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Asteria Original (U) RMF SAR.xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Asteria Original (U) RMF SAR(1).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\Asteria Controls_V2.xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\Asteria Controls_V2(1).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\Asteria Controls (Spencer 06152020).xls + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._Asteria Original (U) RMF SAR(1).xls + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\Asteria Original (U) RMF SAR.xls + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\._Asteria Original (U) RMF SAR.xls + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\Asteria Original (U) RMF SAR.xls + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\Asteria Controls_V2.xls + - E:\ASTERIA-POAM-2020-8-16-17-19-36.xlsx + - E:\Asteria\Work-2020-08-29\._2020818_Deployment_Finalized_Switch_config.xlsx + - E:\Work folder\._ATO RMF Documentation_Delineation_V2.xlsx + - E:\Work folder\._B (Autosaved).xlsx + - E:\Work folder\._B. SCAP_Compare_09_11_2019 -to- 02_27_2020.xlsx + - E:\Work folder\._Contols-To-Checklists-Report.xlsx + - E:\Work folder\._Contols-To-Checklists-Report_Non_STIG.xlsx + - E:\Work folder\._Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019.xlsx + - E:\Work folder\._Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019_KO.xlsx + - E:\Work folder\._SCAP_CHECKLIST_RESULTS COMPARISON_09_11_2019 -to- 01_17_2020.xlsx + - E:\Work folder\Asteria-STIG-and-ACAS-Report (3).xlsx + - E:\Work folder\ATO RMF Documentation_Delineation_V2.xlsx + - E:\Work folder\B (Autosaved).xlsx + - E:\Work folder\B. SCAP_Compare_09_11_2019 -to- 02_27_2020.xlsx + - E:\Work folder\Contols-To-Checklists-Report.xlsx + - E:\Work folder\Contols-To-Checklists-Report_Non_STIG.xlsx + - E:\Work folder\Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019.xlsx + - E:\Work folder\Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019_KO.xlsx + - E:\Work-2020-08-16\OpenRMF-Final-Checklists\20200628_Switch_config.xlsx + - E:\Work-2020-08-16\OpenRMF-Final-Checklists\Asteria-STIG-Reports-202008-17.xlsx + - E:\Work-2020-08-16\OpenRMF-Final-Checklists\test-vuln.xlsx + - E:\Work-2020-08-16\OpenRMF-Final-Checklists\~$Asteria-STIG-Reports-202008-17.xlsx + - E:\Work-2020-08-29\._2020818_Deployment_Finalized_Switch_config.xlsx + - E:\Work-2020-08-29\._Asteria-IA-Information-2020-08-31.xlsx + - E:\Work-2020-08-29\2020818_Deployment_Finalized_Switch_config.xlsx + - E:\Work-2020-08-29\Asteria-IA-Information-2020-08-31.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\3 OLD FILES\DELIVERED TO GEORGE\2 RMF DOCUMENTS 1-12\5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\3 OLD FILES\DELIVERED TO GEORGE\2 RMF DOCUMENTS 1-12\._5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\3 OLD FILES\DELIVERED TO GEORGE\2 RMF DOCUMENTS 1-12\._5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\~$0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\Copy of Copy of ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3 (003).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\~$0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\2 DELIVERED\5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\2 DELIVERED\5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\2 DELIVERED\ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\2 DELIVERED\._Copy of ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\2 DELIVERED\._5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\2 DELIVERED\._5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\GEORGE FILE\2 DELIVERED\._ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\JESSICA GATMEN\TRACKING SHEETS\~$0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\JESSICA GATMEN\2 DELIVERED\ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\JESSICA GATMEN\2 DELIVERED\._5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\JESSICA GATMEN\2 DELIVERED\._ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\~$0.0 Copy of ATO RMF Documentation_Delineation(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\0.0 Copy of ATO RMF Documentation_Delineation(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\~$Copy of ATO RMF Documentation_Delineation_V4_08272020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\0.0 Copy of ATO RMF Documentation_DelineationVS-3(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\Copy of ATO RMF Documentation_Delineation_V4_08272020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._~$0.0 Copy of ATO RMF Documentation_Delineation(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._0.0 Copy of ATO RMF Documentation_Delineation(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._~$Copy of ATO RMF Documentation_Delineation_V4_08272020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._0.0 Copy of ATO RMF Documentation_DelineationVS-3(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._~$0.0 Copy of ATO RMF Documentation_Delineation.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._0.0 Copy of ATO RMF Documentation_DelineationVS-3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\ASTERIA_SECURITY CONTROLS COMPLIANCE_09102020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\ASTERIA_SECURITY CONTROLS COMPLIANCE_09102020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\._ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\._ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\._ASTERIA_SECURITY CONTROLS COMPLIANCE_09102020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\._ASTERIA_SECURITY CONTROLS COMPLIANCE_09102020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\5 RMF CONTROLS NON-APPLICABLE_APPLICABLE_\~$5.0 ASTERIA_SECURITY CONTROLS COMPLIANCE_08272020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\Copy of Asteria-IA-Information-2020-08-31(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\Copy of Asteria-IA-Information-2020-08-31.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\Copy of Asteria-IA-Information-2020-08-31 (003)11.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\._Copy of Asteria-IA-Information-2020-08-31 (003)11(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\._Copy of Asteria-IA-Information-2020-08-31(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\._Copy of Asteria-IA-Information-2020-08-31.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\._Copy of Asteria-IA-Information-2020-08-31 (003)11.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\~$Asteria-STIG-Reports-202008-17.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V5-MWS-edits.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\Asteria Controls_V3(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V5_multiple Tabs.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-MWS-edits(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-edits.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-MWS-edits.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V5_multiple Tabs(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\ASTERIA_SECURITY CONTROLS COMPLIANCE_08062020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-edits.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-MWS-edits.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._ASTERIA_CONTROLS_COMPLIANCE_V5_multiple Tabs(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._ASTERIA_SECURITY CONTROLS COMPLIANCE_08062020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._Asteria Controls_V3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\5.0 Security Controls Compliance\._ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-edits(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Cisco Switch\2020818_Deployment_Finalized_Switch_config(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Cisco Switch\2020818_Deployment_Finalized_Switch_config.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\Vic_Cisco_Configs\._20200527_Switch_config.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\Vic_Cisco_Configs\._20200527_Switch_config(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\Vic_Cisco_Configs\._Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\~$Layer2_Switch_config(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\~$OLD EXAMPLE DONOT LOOSE(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\SCAP results 06272020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\APPlicationDevelopmentSTIG(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\APPlicationDevelopmentSTIG_PI_SI.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019_KO.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\APPlicationDevelopmentSTIG.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\~$Layer2_Switch_config.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\Layer2_Switch_config.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\~$Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._APPlicationDevelopmentSTIG_PI_SI.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._Hours(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._~$OLD EXAMPLE DONOT LOOSE.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._SCAP results 06272020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._Layer2_Switch_config(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._Hours.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._APPlicationDevelopmentSTIG_PI_SI(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._~$Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._OLD EXAMPLE DONOT LOOSE(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._OLD EXAMPLE DONOT LOOSE.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\Dave\._Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019_KO(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\~$ASTERIA_CONTROLS_COMPLIANCE_V4(2).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\ATO RMF Documentation_Delineation_V2(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\~$Asteria-STIG-Reports-202008-17(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\~$ASTERIA_CONTROLS_COMPLIANCE_V4.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._~$Asteria-STIG-Reports-202008-17.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._ATO RMF Documentation_Delineation_V3_08062020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._ATO RMF Documentation_Delineation_V3_080142020.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._Asteria-STIG-Reports-202008-17.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._Asteria Information Type Survey (ITS) v3.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._ATO RMF Documentation_Delineation_V2.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._ATO RMF Documentation_Delineation_V3_080142020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._Accreditation Outline(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._Asteria Information Type Survey (ITS) v3(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._ATO RMF Documentation_Delineation_V3_08062020(1).xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._Accreditation Outline.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ASTERIA ATO 2020-09-30\ATO RMF Documents\._~$ASTERIA_CONTROLS_COMPLIANCE_V4.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ENG\DOCUMENTATION\ATO RMF Documentation Tracker.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ENG\DOCUMENTATION\ARTIFACTS\ASTERIA_SECURITY CONTROLS COMPLIANCE_10162020_Revised.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ENG\DOCUMENTATION\ARTIFACTS\._~$ASTERIA_SECURITY CONTROLS COMPLIANCE_10162020_Revised.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ENG\DOCUMENTATION\ARTIFACTS\._ASTERIA_SECURITY CONTROLS COMPLIANCE_10162020_Revised.xlsx + - E:\Asteria\Google-Drive-2020-10-27\ENG\DOCUMENTATION\._ATO RMF Documentation Tracker.xlsx + - E:\Asteria\emass IATTExport_ASTERIA PE PS controls completed(final).xlsx + - E:\Asteria\ASTERIA_NAVAIR FAO System Categorization Form - Final.xlsx + - E:\Asteria\Checklists\Cisco Switch\Layer-2-Switch-STIG-Cisco-V8-R27-Date-25Jan2019_KO.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-MWS-edits.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\._ASTERIA_CONTROLS_COMPLIANCE_V4-DEG-MWS-edits.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\ASTERIA_CONTROLS_COMPLIANCE_V5-MWS-edits.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\._ASTERIA_CONTROLS_COMPLIANCE_V5-MWS-edits.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\5.0 Security Controls Compliance\ASTERIA_SECURITY CONTROLS COMPLIANCE_08062020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\Cisco Switch\2020818_Deployment_Finalized_Switch_config.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\Cisco Switch\._2020818_Deployment_Finalized_Switch_config.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\Asteria-STIG-Reports-202008-17.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\._Asteria-STIG-Reports-202008-17.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\ASTERIA_CONTROLS_COMPLIANCE_V4.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\ATO RMF Documentation_Delineation_V2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\._ATO RMF Documentation_Delineation_V2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\ATO RMF Documentation_Delineation_V3_08062020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\._ATO RMF Documentation_Delineation_V3_08062020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\ATO RMF DOC\ATO RMF Documentation_Delineation_V3_080142020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\GEORGE FILE\3 OLD FILES\DELIVERED TO GEORGE\2 RMF DOCUMENTS 1-12\5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\GEORGE FILE\3 OLD FILES\DELIVERED TO GEORGE\2 RMF DOCUMENTS 1-12\._5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\~$0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\._~$0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\GEORGE FILE\TRACKING SHEETS\Copy of Copy of ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3 (003).xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\JESSICA GATMEN\2 DELIVERED\ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\JESSICA GATMEN\2 DELIVERED\._ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\JESSICA GATMEN\2 DELIVERED\5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\JESSICA GATMEN\2 DELIVERED\._5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\JESSICA GATMEN\3 OLD FILES\DELIVERED TO GEORGE\2 RMF DOCUMENTS 1-12\5 ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020vs3.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\JESSICA GATMEN\TRACKING SHEETS\0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\JESSICA GATMEN\TRACKING SHEETS\._0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020vs2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\0.0 Copy of ATO RMF Documentation_DelineationVS-2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._0.0 Copy of ATO RMF Documentation_DelineationVS-2.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\0.0 Copy of ATO RMF Documentation_DelineationVS-3 09282020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\~$0.0 Copy of ATO RMF Documentation_Delineation.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._~$0.0 Copy of ATO RMF Documentation_Delineation.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\0.0 Copy of ATO RMF Documentation_Delineation.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\._0.0 Copy of ATO RMF Documentation_Delineation.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\0 ATO RMF DOCUMENTATION\Copy of ATO RMF Documentation_Delineation_V4_08272020.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\Copy of Asteria-IA-Information-2020-08-31 (003)11.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\._Copy of Asteria-IA-Information-2020-08-31 (003)11.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\Copy of Asteria-IA-Information-2020-08-31.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\New folder\._Copy of Asteria-IA-Information-2020-08-31.xlsx + - E:\Asteria\ASTERIA ATO 2020-09-30\SS ATO RMF DOCUMENTS\SECURITY CONTROLS\ASTERIA_SECURITY CONTROLS COMPLIANCE_09102020.xlsx + - E:\Asteria\ASTERIA Documents\Accreditation Outline.xlsx + - E:\Asteria\ASTERIA Documents\ASTERIA_SECURITY CONTROLS COMPLIANCE_09212020.xlsx + - E:\Asteria\Asteria-2020-12-12\Final Reports\Asteria-ACAS-Initial-Scan-Numbers-Per-Host-Needed.xlsx + - E:\Asteria\Asteria-2020-12-12\Final Reports\Asteria-ACAS-Initial-Scan-to-Identify-Necessary-Patches-Needed.xlsx + - E:\Asteria\Asteria-2020-12-12\Asteria-Patch-Status.xlsx + - E:\Asteria\Vulnerator-11-28-2020.xlsx + - E:\Asteria\2020-10-17\Raw-SCAP-Results.xlsx + - E:\Asteria\2020-10-17\Reports\POAM-RAR-TestPlan-Info.xlsx + - E:\Asteria\2020-11-20-Reports\Asteria-Control-Compliance-Listing.xlsx + - E:\Asteria\2020-11-20-Reports\Asteria-Missing-Patch-Info-By Host-.xlsx + - E:\Asteria\SCAP-Scans\SCAP_COMPARISONS\SCAP_COMPARE_09_11-to-11_25-2019.xlsx + - E:\Asteria\SCAP-Scans\SCAP_COMPARISONS\._SCAP_COMPARE_09_11-to-11_25-2019.xlsx + - E:\Asteria\SCAP-Scans\SCAP_COMPARISONS\SCAP_SCAN_COMPARISONS_2019_09_11_TO_-2019_10_18.xlsx + - E:\Asteria\SCAP-Scans\SCAP_COMPARISONS\._SCAP_SCAN_COMPARISONS_2019_09_11_TO_-2019_10_18.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\Asteria-STIG-Reports-202008-17.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\._Asteria-STIG-Reports-202008-17.xlsx + - E:\Reg-Files\Nessus-Reg\Windows 10 Update Baseline\Documentation\Master List of Update Baseline Policies.xlsx + - E:\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\BaselineDiffs-to-v1809-RS5-FINAL.xlsx + - E:\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\MS Security Baseline Windows 10 v1809 and Server 2019.xlsx + - E:\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Server 2016 to 2019 New Settings.xlsx + - E:\Reg-Files\Nessus-Reg\Windows 10 Version 1809 and Windows Server 2019 Security Baseline\Documentation\Windows 10 1803 to 1809 New Settings.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\._test-vuln.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\test-vuln.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\._20200628_Switch_config.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\20200628_Switch_config.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\._~$Asteria-STIG-Reports-202008-17.xlsx + - E:\Work-2020-08-16 - Copy\OpenRMF-Final-Checklists\~$Asteria-STIG-Reports-202008-17.xlsx + - E:\Asteria\2020-11-20-Reports\Asteria-TestPlanSummary.xlsx + - E:\Asteria\2020-11-20-Reports\Asteria-System-ChecklistListing.xlsx + + +Note that Nessus has limited the report to 255 files although there +may be more. + + +The remote has one or more Windows shares that can be accessed through the network with the given credentials. + +Depending on the share rights, it may allow an attacker to read / write confidential data. +smb_accessible_shares.nasl +2021/10/04 +Microsoft Windows SMB Shares Access +2000/05/09 +combined +None +1.83 +To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. +It is possible to access a network share. + +The following shares can be accessed as degthat : + +- ADMIN$ - (readable,writable) + + Content of this share : +.. +ADFS +appcompat +apppatch +AppReadiness +assembly +AzureArcSetup +bcastdvr +bfsvc.exe +Boot +bootstat.dat +Branding +BrowserCore +CbsTemp +Containers +Cursors +debug +diagnostics +DiagTrack +DigitalLocker +Downloaded Program Files +drivers +DtcInstall.log +ELAMBKUP +en-US +explorer.exe +Fonts +Globalization +Help +HelpPane.exe +hh.exe +IdentityCRL +iis.log +IME +ImmersiveControlPanel +INF +InputMethod +Installer +L2Schemas +LiveKernelReports +Logs +lsasetup.log +Media +mib.bin +Microsoft.NET +Migration +ModemLogs +notepad.exe +OCR +Offline Web Pages +Panther +Performance +PFRO.log +PLA +PolicyDefinitions +Prefetch +PrintDialog +Provisioning +regedit.exe +Registration +RemotePackages +rescache +Resources +SchCache +schemas +security +ServerStandard.xml +ServiceProfiles +ServiceState +servicing +Setup +setupact.log +setuperr.log +ShellComponents +ShellExperiences +SKB +SoftwareDistribution +Speech +Speech_OneCore +splwow64.exe +System +system.ini +System32 +SystemApps +SystemResources +SystemTemp +SysWOW64 +TAPI +Tasks +Temp +tracing +twain_32 +twain_32.dll +Vss +WaaS +Web +win.ini + +- C$ - (readable,writable) + + Content of this share : +$WinREAgent +$WINRE_BACKUP_PARTITION.MARKER +Documents and Settings +DumpStack.log.tmp +inetpub +master +pagefile.sys +PerfLogs +Program Files +Program Files (x86) +ProgramData +Recovery +System Volume Information +Users +Windows + + + + +windows +True +By connecting to the remote host, Nessus was able to enumerate the network share names. +smb_enum_shares.nasl +2022/02/01 +Microsoft Windows SMB Shares Enumeration +2000/05/09 +local +None +1.48 +n/a +It is possible to enumerate remote network shares. + +Here are the SMB shares available on the remote host when logged in as degthat: + + - ADMIN$ + - C$ + - E$ + - IPC$ + + + +Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. +smb_group_admin.nasl +2018/05/16 +Microsoft Windows 'Administrators' Group User List +2002/03/15 +local +None +1.23 +Verify that each member of the group should have this type of access. +There is at least one user in the 'Administrators' group. + +The following users are members of the 'Administrators' group : + + - SOT-WIN2K22-WEB\soteria (User) + - SOT-WIN2K22-WEB\degthat (User) + + + +windows +True +An antivirus application is installed on the remote host, and its engine and virus definitions are up to date. +antivirus_installed.nasl +2023/10/05 +Antivirus Software Check +2005/01/18 +local +None +1.50 +http://www.nessus.org/u?3ed73b52 +https://www.tenable.com/blog/auditing-anti-virus-products-with-nessus +n/a +An antivirus application is installed on the remote host. + +Forefront_Endpoint_Protection : + +A Microsoft anti-malware product is installed on the remote host : + + Product name : Windows Defender + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine version : 1.1.23110.2 + Antivirus signature version : 1.403.3098.0 + Antispyware signature version : 1.403.3098.0 + + + +windows +true +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows_server +The remote host is running Microsoft Windows. +microsoft_windows_installed.nbin +2023/12/27 +Microsoft Windows Installed +2023/12/27 +local +None +1.0 +https://www.microsoft.com/en-us/windows +https://www.microsoft.com/en-us/windows-server +n/a +The remote host is running Microsoft Windows. + + OS Name : Microsoft Windows Server 2022 21H2 + Vendor : Microsoft + Product : Windows Server + Release : 2022 21H2 + Edition : Standard + Version : 10.0.20348.2227 + Role : server + Kernel : Windows NT 10.0 + Architecture : x64 + CPE v2.2 : cpe:/o:microsoft:windows_server_2022:10.0.20348.2227:- + CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:-:any:*:standard:*:x64:* + Type : local + Method : SMB + Confidence : 100 + + + +cpe:/o:microsoft:windows +x-cpe:/a:microsoft:msdt +The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. + +Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. +msdt_rce_cve_2022-30190_reg_check.nasl +2022/05/30 +2022/07/28 +The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190) +2022/05/31 +local +None +1.9 +http://www.nessus.org/u?440e4ba1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 +http://www.nessus.org/u?b9345997 +Apply the latest Cumulative Update. +Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key. +2022/05/30 +The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied. + + +windows +security_control +True +software_enumeration +cpe:/a:microsoft:windows_defender +Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host. +microsoft_windows_defender_win_installed.nbin +2024/01/16 +Windows Defender Installed +2019/11/15 +local +None +1.139 +https://www.microsoft.com/en-us/windows/comprehensive-security +n/a +Windows Defender is installed on the remote Windows host. + + Path : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\ + Version : 4.18.23110.3 + Engine Version : 1.1.23110.2 + Malware Signature Timestamp : Feb. 2, 2024 at 08:51:48 GMT + Malware Signature Version : 1.403.3098.0 + Signatures Last Updated : Feb. 2, 2024 at 15:11:46 GMT + + + +The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled. +print_spooler_service_enabled.nasl +2021/07/07 +Microsoft Windows Print Spooler Service Enabled +2021/07/07 +local +None +1.1 +http://www.nessus.org/u?8fc5df24 +n/a +The Microsoft Windows Print Spooler service on the remote host is enabled. +The Microsoft Windows Print Spooler service on the remote host is enabled. + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.). +smb_enum_services_params.nasl +0001-T-0752 +2022/05/16 +Microsoft Windows SMB Service Config Enumeration +2010/02/05 +local +None +1.20 +Ensure that each service is configured properly. +It was possible to enumerate configuration parameters of remote services. +IAVT:0001-T-0752 + +The following services are set to start automatically : + + AppHostSvc startup parameters : + Display name : Application Host Helper Service + Service name : AppHostSvc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k apphost + + BFE startup parameters : + Display name : Base Filtering Engine + Service name : BFE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : RpcSs/ + + BrokerInfrastructure startup parameters : + Display name : Background Tasks Infrastructure Service + Service name : BrokerInfrastructure + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + CDPSvc startup parameters : + Display name : Connected Devices Platform Service + Service name : CDPSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : ncbservice/RpcSS/Tcpip/ + + CDPUserSvc_49584 startup parameters : + Display name : Connected Devices Platform User Service_49584 + Service name : CDPUserSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + CoreMessagingRegistrar startup parameters : + Display name : CoreMessaging + Service name : CoreMessagingRegistrar + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : rpcss/ + + CryptSvc startup parameters : + Display name : Cryptographic Services + Service name : CryptSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + DPS startup parameters : + Display name : Diagnostic Policy Service + Service name : DPS + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + + DcomLaunch startup parameters : + Display name : DCOM Server Process Launcher + Service name : DcomLaunch + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + Dhcp startup parameters : + Display name : DHCP Client + Service name : Dhcp + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : NSI/Afd/ + + DiagTrack startup parameters : + Display name : Connected User Experiences and Telemetry + Service name : DiagTrack + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k utcsvc -p + Dependencies : RpcSs/ + + DispBrokerDesktopSvc startup parameters : + Display name : Display Policy Service + Service name : DispBrokerDesktopSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSS/ + + Dnscache startup parameters : + Display name : DNS Client + Service name : Dnscache + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : nsi/Afd/ + + EventLog startup parameters : + Display name : Windows Event Log + Service name : EventLog + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + + EventSystem startup parameters : + Display name : COM+ Event System + Service name : EventSystem + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + FontCache startup parameters : + Display name : Windows Font Cache Service + Service name : FontCache + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + IKEEXT startup parameters : + Display name : IKE and AuthIP IPsec Keying Modules + Service name : IKEEXT + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : BFE/nsi/ + + LSM startup parameters : + Display name : Local Session Manager + Service name : LSM + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/DcomLaunch/RpcSs/ + + LanmanServer startup parameters : + Display name : Server + Service name : LanmanServer + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k smbsvcs + Dependencies : SamSS/Srv2/ + + LanmanWorkstation startup parameters : + Display name : Workstation + Service name : LanmanWorkstation + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : Bowser/MRxSmb20/NSI/ + + MSDTC startup parameters : + Display name : Distributed Transaction Coordinator + Service name : MSDTC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\msdtc.exe + Dependencies : RPCSS/SamSS/ + + NlaSvc startup parameters : + Display name : Network Location Awareness + Service name : NlaSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/ + + PcaSvc startup parameters : + Display name : Program Compatibility Assistant Service + Service name : PcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + Power startup parameters : + Display name : Power + Service name : Power + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + ProfSvc startup parameters : + Display name : User Profile Service + Service name : ProfSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + RemoteRegistry startup parameters : + Display name : Remote Registry + Service name : RemoteRegistry + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k localService -p + Dependencies : RPCSS/ + + RpcEptMapper startup parameters : + Display name : RPC Endpoint Mapper + Service name : RpcEptMapper + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k RPCSS -p + + RpcSs startup parameters : + Display name : Remote Procedure Call (RPC) + Service name : RpcSs + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k rpcss -p + Dependencies : RpcEptMapper/DcomLaunch/ + + SENS startup parameters : + Display name : System Event Notification Service + Service name : SENS + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : EventSystem/ + + SamSs startup parameters : + Display name : Security Accounts Manager + Service name : SamSs + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RPCSS/ + + Schedule startup parameters : + Display name : Task Scheduler + Service name : Schedule + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/SystemEventsBroker/ + + ShellHWDetection startup parameters : + Display name : Shell Hardware Detection + Service name : ShellHWDetection + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Spooler startup parameters : + Display name : Print Spooler + Service name : Spooler + Log on as : LocalSystem + Executable path : C:\Windows\System32\spoolsv.exe + Dependencies : RPCSS/http/ + + StateRepository startup parameters : + Display name : State Repository Service + Service name : StateRepository + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + StorSvc startup parameters : + Display name : Storage Service + Service name : StorSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + SysMain startup parameters : + Display name : SysMain + Service name : SysMain + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : rpcss/ + + SystemEventsBroker startup parameters : + Display name : System Events Broker + Service name : SystemEventsBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + Dependencies : RpcEptMapper/RpcSs/ + + TrkWks startup parameters : + Display name : Distributed Link Tracking Client + Service name : TrkWks + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + UALSVC startup parameters : + Display name : User Access Logging Service + Service name : UALSVC + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : WinMgmt/ + + UserManager startup parameters : + Display name : User Manager + Service name : UserManager + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + UsoSvc startup parameters : + Display name : Update Orchestrator Service + Service name : UsoSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + VGAuthService startup parameters : + Display name : VMware Alias Manager and Ticket Service + Service name : VGAuthService + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" + + VMTools startup parameters : + Display name : VMware Tools + Service name : VMTools + Log on as : LocalSystem + Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" + + W32Time startup parameters : + Display name : Windows Time + Service name : W32Time + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService + + W3SVC startup parameters : + Display name : World Wide Web Publishing Service + Service name : W3SVC + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k iissvcs + Dependencies : WAS/HTTP/ + + Wcmsvc startup parameters : + Display name : Windows Connection Manager + Service name : Wcmsvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/NSI/ + + WinDefend startup parameters : + Display name : Microsoft Defender Antivirus Service + Service name : WinDefend + Log on as : LocalSystem + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe" + Dependencies : RpcSs/ + + WinRM startup parameters : + Display name : Windows Remote Management (WS-Management) + Service name : WinRM + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RPCSS/HTTP/ + + Winmgmt startup parameters : + Display name : Windows Management Instrumentation + Service name : Winmgmt + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/ + + WpnService startup parameters : + Display name : Windows Push Notifications System Service + Service name : WpnService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + WpnUserService_49584 startup parameters : + Display name : Windows Push Notifications User Service_49584 + Service name : WpnUserService_49584 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + cbdhsvc_49584 startup parameters : + Display name : Clipboard User Service_49584 + Service name : cbdhsvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p + + edgeupdate startup parameters : + Display name : Microsoft Edge Update Service (edgeupdate) + Service name : edgeupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc + Dependencies : RPCSS/ + + gpsvc startup parameters : + Display name : Group Policy Client + Service name : gpsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/Mup/ + + gupdate startup parameters : + Display name : Google Update Service (gupdate) + Service name : gupdate + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc + Dependencies : RPCSS/ + + iphlpsvc startup parameters : + Display name : IP Helper + Service name : iphlpsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : RpcSS/tcpip/nsi/WinHttpAutoProxySvc/ + + mpssvc startup parameters : + Display name : Windows Defender Firewall + Service name : mpssvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p + Dependencies : mpsdrv/bfe/nsi/ + + nsi startup parameters : + Display name : Network Store Interface Service + Service name : nsi + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : rpcss/nsiproxy/ + + sppsvc startup parameters : + Display name : Software Protection + Service name : sppsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\sppsvc.exe + Dependencies : RpcSs/ + + vm3dservice startup parameters : + Display name : VMware SVGA Helper Service + Service name : vm3dservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\vm3dservice.exe + +The following services must be started manually : + + AJRouter startup parameters : + Display name : AllJoyn Router Service + Service name : AJRouter + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + ALG startup parameters : + Display name : Application Layer Gateway Service + Service name : ALG + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\alg.exe + + AppIDSvc startup parameters : + Display name : Application Identity + Service name : AppIDSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/AppID/CryptSvc/ + + AppMgmt startup parameters : + Display name : Application Management + Service name : AppMgmt + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + AppReadiness startup parameters : + Display name : App Readiness + Service name : AppReadiness + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k AppReadiness -p + + AppXSvc startup parameters : + Display name : AppX Deployment Service (AppXSVC) + Service name : AppXSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wsappx -p + Dependencies : rpcss/staterepository/ + + Appinfo startup parameters : + Display name : Application Information + Service name : Appinfo + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + AudioEndpointBuilder startup parameters : + Display name : Windows Audio Endpoint Builder + Service name : AudioEndpointBuilder + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Audiosrv startup parameters : + Display name : Windows Audio + Service name : Audiosrv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : AudioEndpointBuilder/RpcSs/ + + BITS startup parameters : + Display name : Background Intelligent Transfer Service + Service name : BITS + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + COMSysApp startup parameters : + Display name : COM+ System Application + Service name : COMSysApp + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} + Dependencies : RpcSs/EventSystem/SENS/ + + CaptureService_49584 startup parameters : + Display name : CaptureService_49584 + Service name : CaptureService_49584 + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + CertPropSvc startup parameters : + Display name : Certificate Propagation + Service name : CertPropSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + ClipSVC startup parameters : + Display name : Client License Service (ClipSVC) + Service name : ClipSVC + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k wsappx -p + Dependencies : rpcss/ + + ConsentUxUserSvc_49584 startup parameters : + Display name : ConsentUX User Service_49584 + Service name : ConsentUxUserSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + CredentialEnrollmentManagerUserSvc_49584 startup parameters : + Display name : CredentialEnrollmentManagerUserSvc_49584 + Service name : CredentialEnrollmentManagerUserSvc_49584 + Executable path : C:\Windows\system32\CredentialEnrollmentManager.exe + + DevQueryBroker startup parameters : + Display name : DevQuery Background Discovery Broker + Service name : DevQueryBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceAssociationBrokerSvc_49584 startup parameters : + Display name : DeviceAssociationBroker_49584 + Service name : DeviceAssociationBrokerSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow -p + + DeviceAssociationService startup parameters : + Display name : Device Association Service + Service name : DeviceAssociationService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + DeviceInstall startup parameters : + Display name : Device Install Service + Service name : DeviceInstall + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + DevicesFlowUserSvc_49584 startup parameters : + Display name : DevicesFlow_49584 + Service name : DevicesFlowUserSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + DmEnrollmentSvc startup parameters : + Display name : Device Management Enrollment Service + Service name : DmEnrollmentSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + DoSvc startup parameters : + Display name : Delivery Optimization + Service name : DoSvc + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + DsSvc startup parameters : + Display name : Data Sharing Service + Service name : DsSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + DsmSvc startup parameters : + Display name : Device Setup Manager + Service name : DsmSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + EFS startup parameters : + Display name : Encrypting File System (EFS) + Service name : EFS + Log on as : LocalSystem + Executable path : C:\Windows\System32\lsass.exe + Dependencies : RPCSS/ + + EapHost startup parameters : + Display name : Extensible Authentication Protocol + Service name : EapHost + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/KeyIso/ + + EntAppSvc startup parameters : + Display name : Enterprise App Management Service + Service name : EntAppSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + Dependencies : rpcss/ + + FDResPub startup parameters : + Display name : Function Discovery Resource Publication + Service name : FDResPub + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : RpcSs/http/fdphost/ + + FrameServer startup parameters : + Display name : Windows Camera Frame Server + Service name : FrameServer + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k Camera + Dependencies : rpcss/ + + FrameServerMonitor startup parameters : + Display name : Windows Camera Frame Server Monitor + Service name : FrameServerMonitor + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k CameraMonitor + Dependencies : rpcss/ + + GoogleChromeElevationService startup parameters : + Display name : Google Chrome Elevation Service (GoogleChromeElevationService) + Service name : GoogleChromeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\elevation_service.exe" + Dependencies : RPCSS/ + + HvHost startup parameters : + Display name : HV Host Service + Service name : HvHost + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : hvservice/ + + InstallService startup parameters : + Display name : Microsoft Store Install Service + Service name : InstallService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + KPSSVC startup parameters : + Display name : KDC Proxy Server service (KPS) + Service name : KPSSVC + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup + Dependencies : rpcss/http/ + + KeyIso startup parameters : + Display name : CNG Key Isolation + Service name : KeyIso + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : RpcSs/ + + KtmRm startup parameters : + Display name : KtmRm for Distributed Transaction Coordinator + Service name : KtmRm + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p + Dependencies : RPCSS/SamSS/ + + LicenseManager startup parameters : + Display name : Windows License Manager Service + Service name : LicenseManager + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/ + + MSiSCSI startup parameters : + Display name : Microsoft iSCSI Initiator Service + Service name : MSiSCSI + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + McpManagementService startup parameters : + Display name : McpManagementService + Service name : McpManagementService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k McpManagementServiceGroup + Dependencies : RpcSs/ + + MicrosoftEdgeElevationService startup parameters : + Display name : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) + Service name : MicrosoftEdgeElevationService + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\elevation_service.exe" + Dependencies : RPCSS/ + + NcaSvc startup parameters : + Display name : Network Connectivity Assistant + Service name : NcaSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p + Dependencies : BFE/dnscache/NSI/iphlpsvc/ + + NcbService startup parameters : + Display name : Network Connection Broker + Service name : NcbService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSS/tcpip/BrokerInfrastructure/ + + NetSetupSvc startup parameters : + Display name : Network Setup Service + Service name : NetSetupSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + Netlogon startup parameters : + Display name : Netlogon + Service name : Netlogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : LanmanWorkstation/ + + Netman startup parameters : + Display name : Network Connections + Service name : Netman + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/nsi/ + + NgcCtnrSvc startup parameters : + Display name : Microsoft Passport Container + Service name : NgcCtnrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : RpcSs/ + + NgcSvc startup parameters : + Display name : Microsoft Passport + Service name : NgcSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + PerfHost startup parameters : + Display name : Performance Counter DLL Host + Service name : PerfHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\SysWow64\perfhost.exe + Dependencies : RPCSS/ + + PimIndexMaintenanceSvc_49584 startup parameters : + Display name : Contact Data_49584 + Service name : PimIndexMaintenanceSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + PlugPlay startup parameters : + Display name : Plug and Play + Service name : PlugPlay + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p + + PolicyAgent startup parameters : + Display name : IPsec Policy Agent + Service name : PolicyAgent + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p + Dependencies : Tcpip/bfe/ + + PrintNotify startup parameters : + Display name : Printer Extensions and Notifications + Service name : PrintNotify + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k print + Dependencies : RpcSs/ + + PrintWorkflowUserSvc_49584 startup parameters : + Display name : PrintWorkflow_49584 + Service name : PrintWorkflowUserSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow + + QWAVE startup parameters : + Display name : Quality Windows Audio Video Experience + Service name : QWAVE + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/ + + RSoPProv startup parameters : + Display name : Resultant Set of Policy Provider + Service name : RSoPProv + Log on as : LocalSystem + Executable path : C:\Windows\system32\RSoPProv.exe + Dependencies : RPCSS/ + + RasAuto startup parameters : + Display name : Remote Access Auto Connection Manager + Service name : RasAuto + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RasAcd/ + + RasMan startup parameters : + Display name : Remote Access Connection Manager + Service name : RasMan + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : SstpSvc/DnsCache/ + + RpcLocator startup parameters : + Display name : Remote Procedure Call (RPC) Locator + Service name : RpcLocator + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\locator.exe + + SCPolicySvc startup parameters : + Display name : Smart Card Removal Policy + Service name : SCPolicySvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs + Dependencies : RpcSs/ + + SCardSvr startup parameters : + Display name : Smart Card + Service name : SCardSvr + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation + + SNMPTRAP startup parameters : + Display name : SNMP Trap + Service name : SNMPTRAP + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\snmptrap.exe + + SecurityHealthService startup parameters : + Display name : Windows Security Service + Service name : SecurityHealthService + Log on as : LocalSystem + Executable path : C:\Windows\system32\SecurityHealthService.exe + Dependencies : RpcSs/ + + Sense startup parameters : + Display name : Windows Defender Advanced Threat Protection Service + Service name : Sense + Log on as : LocalSystem + Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" + + SensorService startup parameters : + Display name : Sensor Service + Service name : SensorService + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + SensrSvc startup parameters : + Display name : Sensor Monitoring Service + Service name : SensrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + + SessionEnv startup parameters : + Display name : Remote Desktop Configuration + Service name : SessionEnv + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RPCSS/LanmanWorkstation/ + + SgrmBroker startup parameters : + Display name : System Guard Runtime Monitor Broker + Service name : SgrmBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\SgrmBroker.exe + Dependencies : RpcSs/ + + SstpSvc startup parameters : + Display name : Secure Socket Tunneling Protocol Service + Service name : SstpSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + StiSvc startup parameters : + Display name : Windows Image Acquisition (WIA) + Service name : StiSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\system32\svchost.exe -k imgsvc + Dependencies : RpcSs/ + + TabletInputService startup parameters : + Display name : Touch Keyboard and Handwriting Panel Service + Service name : TabletInputService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + TermService startup parameters : + Display name : Remote Desktop Services + Service name : TermService + Log on as : NT Authority\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k termsvcs + Dependencies : RPCSS/ + + TieringEngineService startup parameters : + Display name : Storage Tiers Management + Service name : TieringEngineService + Log on as : localSystem + Executable path : C:\Windows\system32\TieringEngineService.exe + + TimeBrokerSvc startup parameters : + Display name : Time Broker + Service name : TimeBrokerSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + + TokenBroker startup parameters : + Display name : Web Account Manager + Service name : TokenBroker + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : UserManager/BrokerInfrastructure/ + + TrustedInstaller startup parameters : + Display name : Windows Modules Installer + Service name : TrustedInstaller + Log on as : localSystem + Executable path : C:\Windows\servicing\TrustedInstaller.exe + + UdkUserSvc_49584 startup parameters : + Display name : Udk User Service_49584 + Service name : UdkUserSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k UdkSvcGroup + + UmRdpService startup parameters : + Display name : Remote Desktop Services UserMode Port Redirector + Service name : UmRdpService + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : TermService/RDPDR/ + + UnistoreSvc_49584 startup parameters : + Display name : User Data Storage_49584 + Service name : UnistoreSvc_49584 + Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup + + UserDataSvc_49584 startup parameters : + Display name : User Data Access_49584 + Service name : UserDataSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup + + VSS startup parameters : + Display name : Volume Shadow Copy + Service name : VSS + Log on as : LocalSystem + Executable path : C:\Windows\system32\vssvc.exe + Dependencies : RPCSS/ + + VaultSvc startup parameters : + Display name : Credential Manager + Service name : VaultSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\lsass.exe + Dependencies : rpcss/ + + WAS startup parameters : + Display name : Windows Process Activation Service + Service name : WAS + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k iissvcs + Dependencies : RPCSS/ + + WEPHOSTSVC startup parameters : + Display name : Windows Encryption Provider Host Service + Service name : WEPHOSTSVC + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup + Dependencies : rpcss/ + + WMPNetworkSvc startup parameters : + Display name : Windows Media Player Network Sharing Service + Service name : WMPNetworkSvc + Log on as : NT AUTHORITY\NetworkService + Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe" + Dependencies : http/WSearch/ + + WPDBusEnum startup parameters : + Display name : Portable Device Enumerator Service + Service name : WPDBusEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + Dependencies : RpcSs/ + + WaaSMedicSvc startup parameters : + Display name : Windows Update Medic Service + Service name : WaaSMedicSvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k wusvcs -p + Dependencies : rpcss/ + + WarpJITSvc startup parameters : + Display name : Warp JIT Service + Service name : WarpJITSvc + Log on as : NT Authority\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + + WbioSrvc startup parameters : + Display name : Windows Biometric Service + Service name : WbioSrvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup + Dependencies : RpcSs/ + + WdNisSvc startup parameters : + Display name : Microsoft Defender Antivirus Network Inspection Service + Service name : WdNisSvc + Log on as : NT AUTHORITY\LocalService + Executable path : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe" + Dependencies : WdNisDrv/ + + WdiServiceHost startup parameters : + Display name : Diagnostic Service Host + Service name : WdiServiceHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + + WdiSystemHost startup parameters : + Display name : Diagnostic System Host + Service name : WdiSystemHost + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + + Wecsvc startup parameters : + Display name : Windows Event Collector + Service name : Wecsvc + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p + Dependencies : HTTP/Eventlog/ + + WerSvc startup parameters : + Display name : Windows Error Reporting Service + Service name : WerSvc + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup + + WiaRpc startup parameters : + Display name : Still Image Acquisition Events + Service name : WiaRpc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + WinHttpAutoProxySvc startup parameters : + Display name : WinHTTP Web Proxy Auto-Discovery Service + Service name : WinHttpAutoProxySvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Dhcp/ + + bthserv startup parameters : + Display name : Bluetooth Support Service + Service name : bthserv + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + camsvc startup parameters : + Display name : Capability Access Manager Service + Service name : camsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k appmodel -p + + dcsvc startup parameters : + Display name : dcsvc + Service name : dcsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + defragsvc startup parameters : + Display name : Optimize drives + Service name : defragsvc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k defragsvc + Dependencies : RPCSS/ + + diagnosticshub.standardcollector.service startup parameters : + Display name : Microsoft (R) Diagnostics Hub Standard Collector Service + Service name : diagnosticshub.standardcollector.service + Log on as : LocalSystem + Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe + + dot3svc startup parameters : + Display name : Wired AutoConfig + Service name : dot3svc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/Ndisuio/Eaphost/ + + edgeupdatem startup parameters : + Display name : Microsoft Edge Update Service (edgeupdatem) + Service name : edgeupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc + Dependencies : RPCSS/ + + embeddedmode startup parameters : + Display name : Embedded Mode + Service name : embeddedmode + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : BrokerInfrastructure/ + + fdPHost startup parameters : + Display name : Function Discovery Provider Host + Service name : fdPHost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/http/ + + gupdatem startup parameters : + Display name : Google Update Service (gupdatem) + Service name : gupdatem + Log on as : LocalSystem + Executable path : "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc + Dependencies : RPCSS/ + + hidserv startup parameters : + Display name : Human Interface Device Service + Service name : hidserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + lmhosts startup parameters : + Display name : TCP/IP NetBIOS Helper + Service name : lmhosts + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : Afd/ + + msiserver startup parameters : + Display name : Windows Installer + Service name : msiserver + Log on as : LocalSystem + Executable path : C:\Windows\system32\msiexec.exe /V + Dependencies : rpcss/ + + netprofm startup parameters : + Display name : Network List Service + Service name : netprofm + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : RpcSs/nlasvc/ + + pla startup parameters : + Display name : Performance Logs & Alerts + Service name : pla + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p + Dependencies : RPCSS/ + + sacsvr startup parameters : + Display name : Special Administration Console Helper + Service name : sacsvr + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + seclogon startup parameters : + Display name : Secondary Logon + Service name : seclogon + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + + smphost startup parameters : + Display name : Microsoft Storage Spaces SMP + Service name : smphost + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k smphost + Dependencies : RPCSS/ + + svsvc startup parameters : + Display name : Spot Verifier + Service name : svsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + swprv startup parameters : + Display name : Microsoft Software Shadow Copy Provider + Service name : swprv + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k swprv + Dependencies : RPCSS/ + + tapisrv startup parameters : + Display name : Telephony + Service name : tapisrv + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : RpcSs/ + + vds startup parameters : + Display name : Virtual Disk + Service name : vds + Log on as : LocalSystem + Executable path : C:\Windows\System32\vds.exe + Dependencies : RpcSs/ + + vmicguestinterface startup parameters : + Display name : Hyper-V Guest Service Interface + Service name : vmicguestinterface + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicheartbeat startup parameters : + Display name : Hyper-V Heartbeat Service + Service name : vmicheartbeat + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k ICService -p + + vmickvpexchange startup parameters : + Display name : Hyper-V Data Exchange Service + Service name : vmickvpexchange + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicshutdown startup parameters : + Display name : Hyper-V Guest Shutdown Service + Service name : vmicshutdown + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmictimesync startup parameters : + Display name : Hyper-V Time Synchronization Service + Service name : vmictimesync + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p + Dependencies : VmGid/ + + vmicvmsession startup parameters : + Display name : Hyper-V PowerShell Direct Service + Service name : vmicvmsession + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmicvss startup parameters : + Display name : Hyper-V Volume Shadow Copy Requestor + Service name : vmicvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p + + vmvss startup parameters : + Display name : VMware Snapshot Provider + Service name : vmvss + Log on as : LocalSystem + Executable path : C:\Windows\system32\dllhost.exe /Processid:{A5870C72-0E69-4482-ABA6-6ED4CEC56E1D} + Dependencies : rpcss/ + + w3logsvc startup parameters : + Display name : W3C Logging Service + Service name : w3logsvc + Log on as : localSystem + Executable path : C:\Windows\system32\svchost.exe -k apphost + Dependencies : HTTP/ + + wercplsupport startup parameters : + Display name : Problem Reports Control Panel Support + Service name : wercplsupport + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + wlidsvc startup parameters : + Display name : Microsoft Account Sign-in Assistant + Service name : wlidsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + wmiApSrv startup parameters : + Display name : WMI Performance Adapter + Service name : wmiApSrv + Log on as : localSystem + Executable path : C:\Windows\system32\wbem\WmiApSrv.exe + + wuauserv startup parameters : + Display name : Windows Update + Service name : wuauserv + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + +The following services are disabled : + + AppVClient startup parameters : + Display name : Microsoft App-V Client + Service name : AppVClient + Log on as : LocalSystem + Executable path : C:\Windows\system32\AppVClient.exe + Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/ + + AxInstSV startup parameters : + Display name : ActiveX Installer (AxInstSV) + Service name : AxInstSV + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup + Dependencies : rpcss/ + + CscService startup parameters : + Display name : Offline Files + Service name : CscService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p + Dependencies : RpcSs/ + + DevicePickerUserSvc_49584 startup parameters : + Display name : DevicePicker_49584 + Service name : DevicePickerUserSvc_49584 + Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow + + GraphicsPerfSvc startup parameters : + Display name : GraphicsPerfSvc + Service name : GraphicsPerfSvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup + + MapsBroker startup parameters : + Display name : Downloaded Maps Manager + Service name : MapsBroker + Log on as : NT AUTHORITY\NetworkService + Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p + Dependencies : rpcss/ + + NetTcpPortSharing startup parameters : + Display name : Net.Tcp Port Sharing Service + Service name : NetTcpPortSharing + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe + + PushToInstall startup parameters : + Display name : Windows PushToInstall Service + Service name : PushToInstall + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + RemoteAccess startup parameters : + Display name : Routing and Remote Access + Service name : RemoteAccess + Log on as : localSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs + Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/ + + RmSvc startup parameters : + Display name : Radio Management Service + Service name : RmSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted + Dependencies : RpcSs/ + + SEMgrSvc startup parameters : + Display name : Payments and NFC/SE Manager + Service name : SEMgrSvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + Dependencies : RpcSs/ + + SSDPSRV startup parameters : + Display name : SSDP Discovery + Service name : SSDPSRV + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : HTTP/NSI/ + + ScDeviceEnum startup parameters : + Display name : Smart Card Device Enumeration Service + Service name : ScDeviceEnum + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted + + SensorDataService startup parameters : + Display name : Sensor Data Service + Service name : SensorDataService + Log on as : LocalSystem + Executable path : C:\Windows\System32\SensorDataService.exe + + SharedAccess startup parameters : + Display name : Internet Connection Sharing (ICS) + Service name : SharedAccess + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : BFE/ + + Themes startup parameters : + Display name : Themes + Service name : Themes + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + + UevAgentService startup parameters : + Display name : User Experience Virtualization Service + Service name : UevAgentService + Log on as : LocalSystem + Executable path : C:\Windows\system32\AgentService.exe + + WSearch startup parameters : + Display name : Windows Search + Service name : WSearch + Log on as : LocalSystem + Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding + Dependencies : RPCSS/BrokerInfrastructure/ + + WalletService startup parameters : + Display name : WalletService + Service name : WalletService + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k appmodel -p + + dmwappushservice startup parameters : + Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service + Service name : dmwappushservice + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + lfsvc startup parameters : + Display name : Geolocation Service + Service name : lfsvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ + + lltdsvc startup parameters : + Display name : Link-Layer Topology Discovery Mapper + Service name : lltdsvc + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\System32\svchost.exe -k LocalService -p + Dependencies : rpcss/lltdio/ + + shpamsvc startup parameters : + Display name : Shared PC Account Manager + Service name : shpamsvc + Log on as : LocalSystem + Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p + Dependencies : RpcSs/ProfSvc/ + + ssh-agent startup parameters : + Display name : OpenSSH Authentication Agent + Service name : ssh-agent + Log on as : LocalSystem + Executable path : C:\Windows\System32\OpenSSH\ssh-agent.exe + + tzautoupdate startup parameters : + Display name : Auto Time Zone Updater + Service name : tzautoupdate + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalService -p + + upnphost startup parameters : + Display name : UPnP Device Host + Service name : upnphost + Log on as : NT AUTHORITY\LocalService + Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p + Dependencies : SSDPSRV/HTTP/ + + wisvc startup parameters : + Display name : Windows Insider Service + Service name : wisvc + Log on as : LocalSystem + Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p + Dependencies : rpcss/ + + + +By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon. + +Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user. +smb_last_loggedon_user.nasl +2019/09/02 +Microsoft Windows SMB Last Logged On User Disclosure +2009/05/05 +local +None +1.12 +http://www.nessus.org/u?a29751b5 +n/a +Nessus was able to identify the last logged on user on the remote host. + +Last Successful logon : .\degthat + + + +windows +True +cpe:/a:haxx:curl +Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host. + +Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself. +curl_win_installed.nbin +2024/01/16 +Curl Installed (Windows) +2023/02/23 +local +None +1.22 +https://curl.se/ +n/a +Curl is installed on the remote Windows host. +true + +Nessus detected 2 installs of Curl: + + Path : C:\Windows\SysWOW64\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + Path : C:\Windows\System32\curl.exe + Version : 8.4.0.0 + Managed by OS : True + + + +windows +True +cpe:/o:microsoft:windows +This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. + +An attacker may use this feature to gain better knowledge of the remote host. +smb_enum_services.nasl +0001-T-0751 +2022/02/01 +Microsoft Windows SMB Service Enumeration +2000/07/03 +local +None +1.46 +To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. +It is possible to enumerate remote services. +IAVT:0001-T-0751 + +Active Services : + +Application Host Helper Service [ AppHostSvc ] +Application Information [ Appinfo ] +Base Filtering Engine [ BFE ] +Background Tasks Infrastructure Service [ BrokerInfrastructure ] +Capability Access Manager Service [ camsvc ] +Connected Devices Platform Service [ CDPSvc ] +COM+ System Application [ COMSysApp ] +CoreMessaging [ CoreMessagingRegistrar ] +Cryptographic Services [ CryptSvc ] +DCOM Server Process Launcher [ DcomLaunch ] +DHCP Client [ Dhcp ] +Connected User Experiences and Telemetry [ DiagTrack ] +Display Policy Service [ DispBrokerDesktopSvc ] +DNS Client [ Dnscache ] +Diagnostic Policy Service [ DPS ] +Device Setup Manager [ DsmSvc ] +Windows Event Log [ EventLog ] +COM+ Event System [ EventSystem ] +Windows Font Cache Service [ FontCache ] +Group Policy Client [ gpsvc ] +IKE and AuthIP IPsec Keying Modules [ IKEEXT ] +IP Helper [ iphlpsvc ] +CNG Key Isolation [ KeyIso ] +Server [ LanmanServer ] +Workstation [ LanmanWorkstation ] +TCP/IP NetBIOS Helper [ lmhosts ] +Local Session Manager [ LSM ] +Windows Defender Firewall [ mpssvc ] +Distributed Transaction Coordinator [ MSDTC ] +Network Connection Broker [ NcbService ] +Network List Service [ netprofm ] +Network Location Awareness [ NlaSvc ] +Network Store Interface Service [ nsi ] +Program Compatibility Assistant Service [ PcaSvc ] +Plug and Play [ PlugPlay ] +IPsec Policy Agent [ PolicyAgent ] +Power [ Power ] +User Profile Service [ ProfSvc ] +Remote Registry [ RemoteRegistry ] +RPC Endpoint Mapper [ RpcEptMapper ] +Remote Procedure Call (RPC) [ RpcSs ] +Security Accounts Manager [ SamSs ] +Task Scheduler [ Schedule ] +System Event Notification Service [ SENS ] +Shell Hardware Detection [ ShellHWDetection ] +Print Spooler [ Spooler ] +State Repository Service [ StateRepository ] +Storage Service [ StorSvc ] +SysMain [ SysMain ] +System Events Broker [ SystemEventsBroker ] +Touch Keyboard and Handwriting Panel Service [ TabletInputService ] +Time Broker [ TimeBrokerSvc ] +Web Account Manager [ TokenBroker ] +Distributed Link Tracking Client [ TrkWks ] +Windows Modules Installer [ TrustedInstaller ] +User Access Logging Service [ UALSVC ] +User Manager [ UserManager ] +Update Orchestrator Service [ UsoSvc ] +VMware Alias Manager and Ticket Service [ VGAuthService ] +VMware SVGA Helper Service [ vm3dservice ] +VMware Tools [ VMTools ] +Windows Time [ W32Time ] +World Wide Web Publishing Service [ W3SVC ] +Windows Process Activation Service [ WAS ] +Windows Connection Manager [ Wcmsvc ] +Diagnostic System Host [ WdiSystemHost ] +Microsoft Defender Antivirus Network Inspection Service [ WdNisSvc ] +Microsoft Defender Antivirus Service [ WinDefend ] +WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ] +Windows Management Instrumentation [ Winmgmt ] +Windows Remote Management (WS-Management) [ WinRM ] +Windows Push Notifications System Service [ WpnService ] +Clipboard User Service_49584 [ cbdhsvc_49584 ] +Connected Devices Platform User Service_49584 [ CDPUserSvc_49584 ] +Windows Push Notifications User Service_49584 [ WpnUserService_49584 ] + +Inactive Services : + +AllJoyn Router Service [ AJRouter ] +Application Layer Gateway Service [ ALG ] +Application Identity [ AppIDSvc ] +Application Management [ AppMgmt ] +App Readiness [ AppReadiness ] +Microsoft App-V Client [ AppVClient ] +AppX Deployment Service (AppXSVC) [ AppXSvc ] +Windows Audio Endpoint Builder [ AudioEndpointBuilder ] +Windows Audio [ Audiosrv ] +ActiveX Installer (AxInstSV) [ AxInstSV ] +Background Intelligent Transfer Service [ BITS ] +Bluetooth Support Service [ bthserv ] +Certificate Propagation [ CertPropSvc ] +Client License Service (ClipSVC) [ ClipSVC ] +Offline Files [ CscService ] +dcsvc [ dcsvc ] +Optimize drives [ defragsvc ] +Device Association Service [ DeviceAssociationService ] +Device Install Service [ DeviceInstall ] +DevQuery Background Discovery Broker [ DevQueryBroker ] +Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ] +Device Management Enrollment Service [ DmEnrollmentSvc ] +Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ] +Delivery Optimization [ DoSvc ] +Wired AutoConfig [ dot3svc ] +Data Sharing Service [ DsSvc ] +Extensible Authentication Protocol [ EapHost ] +Microsoft Edge Update Service (edgeupdate) [ edgeupdate ] +Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ] +Encrypting File System (EFS) [ EFS ] +Embedded Mode [ embeddedmode ] +Enterprise App Management Service [ EntAppSvc ] +Function Discovery Provider Host [ fdPHost ] +Function Discovery Resource Publication [ FDResPub ] +Windows Camera Frame Server [ FrameServer ] +Windows Camera Frame Server Monitor [ FrameServerMonitor ] +Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ] +GraphicsPerfSvc [ GraphicsPerfSvc ] +Google Update Service (gupdate) [ gupdate ] +Google Update Service (gupdatem) [ gupdatem ] +Human Interface Device Service [ hidserv ] +HV Host Service [ HvHost ] +Microsoft Store Install Service [ InstallService ] +KDC Proxy Server service (KPS) [ KPSSVC ] +KtmRm for Distributed Transaction Coordinator [ KtmRm ] +Geolocation Service [ lfsvc ] +Windows License Manager Service [ LicenseManager ] +Link-Layer Topology Discovery Mapper [ lltdsvc ] +Downloaded Maps Manager [ MapsBroker ] +McpManagementService [ McpManagementService ] +Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) [ MicrosoftEdgeElevationService ] +Microsoft iSCSI Initiator Service [ MSiSCSI ] +Windows Installer [ msiserver ] +Network Connectivity Assistant [ NcaSvc ] +Netlogon [ Netlogon ] +Network Connections [ Netman ] +Network Setup Service [ NetSetupSvc ] +Net.Tcp Port Sharing Service [ NetTcpPortSharing ] +Microsoft Passport Container [ NgcCtnrSvc ] +Microsoft Passport [ NgcSvc ] +Performance Counter DLL Host [ PerfHost ] +Performance Logs & Alerts [ pla ] +Printer Extensions and Notifications [ PrintNotify ] +Windows PushToInstall Service [ PushToInstall ] +Quality Windows Audio Video Experience [ QWAVE ] +Remote Access Auto Connection Manager [ RasAuto ] +Remote Access Connection Manager [ RasMan ] +Routing and Remote Access [ RemoteAccess ] +Radio Management Service [ RmSvc ] +Remote Procedure Call (RPC) Locator [ RpcLocator ] +Resultant Set of Policy Provider [ RSoPProv ] +Special Administration Console Helper [ sacsvr ] +Smart Card [ SCardSvr ] +Smart Card Device Enumeration Service [ ScDeviceEnum ] +Smart Card Removal Policy [ SCPolicySvc ] +Secondary Logon [ seclogon ] +Windows Security Service [ SecurityHealthService ] +Payments and NFC/SE Manager [ SEMgrSvc ] +Windows Defender Advanced Threat Protection Service [ Sense ] +Sensor Data Service [ SensorDataService ] +Sensor Service [ SensorService ] +Sensor Monitoring Service [ SensrSvc ] +Remote Desktop Configuration [ SessionEnv ] +System Guard Runtime Monitor Broker [ SgrmBroker ] +Internet Connection Sharing (ICS) [ SharedAccess ] +Shared PC Account Manager [ shpamsvc ] +Microsoft Storage Spaces SMP [ smphost ] +SNMP Trap [ SNMPTRAP ] +Software Protection [ sppsvc ] +SSDP Discovery [ SSDPSRV ] +OpenSSH Authentication Agent [ ssh-agent ] +Secure Socket Tunneling Protocol Service [ SstpSvc ] +Windows Image Acquisition (WIA) [ StiSvc ] +Spot Verifier [ svsvc ] +Microsoft Software Shadow Copy Provider [ swprv ] +Telephony [ tapisrv ] +Remote Desktop Services [ TermService ] +Themes [ Themes ] +Storage Tiers Management [ TieringEngineService ] +Auto Time Zone Updater [ tzautoupdate ] +User Experience Virtualization Service [ UevAgentService ] +Remote Desktop Services UserMode Port Redirector [ UmRdpService ] +UPnP Device Host [ upnphost ] +Credential Manager [ VaultSvc ] +Virtual Disk [ vds ] +Hyper-V Guest Service Interface [ vmicguestinterface ] +Hyper-V Heartbeat Service [ vmicheartbeat ] +Hyper-V Data Exchange Service [ vmickvpexchange ] +Hyper-V Guest Shutdown Service [ vmicshutdown ] +Hyper-V Time Synchronization Service [ vmictimesync ] +Hyper-V PowerShell Direct Service [ vmicvmsession ] +Hyper-V Volume Shadow Copy Requestor [ vmicvss ] +VMware Snapshot Provider [ vmvss ] +Volume Shadow Copy [ VSS ] +W3C Logging Service [ w3logsvc ] +Windows Update Medic Service [ WaaSMedicSvc ] +WalletService [ WalletService ] +Warp JIT Service [ WarpJITSvc ] +Windows Biometric Service [ WbioSrvc ] +Diagnostic Service Host [ WdiServiceHost ] +Windows Event Collector [ Wecsvc ] +Windows Encryption Provider Host Service [ WEPHOSTSVC ] +Problem Reports Control Panel Support [ wercplsupport ] +Windows Error Reporting Service [ WerSvc ] +Still Image Acquisition Events [ WiaRpc ] +Windows Insider Service [ wisvc ] +Microsoft Account Sign-in Assistant [ wlidsvc ] +WMI Performance Adapter [ wmiApSrv ] +Windows Media Player Network Sharing Service [ WMPNetworkSvc ] +Portable Device Enumerator Service [ WPDBusEnum ] +Windows Search [ WSearch ] +Windows Update [ wuauserv ] +CaptureService_49584 [ CaptureService_49584 ] +ConsentUX User Service_49584 [ ConsentUxUserSvc_49584 ] +CredentialEnrollmentManagerUserSvc_49584 [ CredentialEnrollmentManagerUserSvc_49584 ] +DeviceAssociationBroker_49584 [ DeviceAssociationBrokerSvc_49584 ] +DevicePicker_49584 [ DevicePickerUserSvc_49584 ] +DevicesFlow_49584 [ DevicesFlowUserSvc_49584 ] +Contact Data_49584 [ PimIndexMaintenanceSvc_49584 ] +PrintWorkflow_49584 [ PrintWorkflowUserSvc_49584 ] +Udk User Service_49584 [ UdkUserSvc_49584 ] +User Data Storage_49584 [ UnistoreSvc_49584 ] +User Data Access_49584 [ UserDataSvc_49584 ] + + + +Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy. +smb_password_policy.nasl +2015/01/12 +Microsoft Windows SMB : Obtains the Password Policy +2005/03/30 +local +None +$Revision: 1.15 $ +n/a +It is possible to retrieve the remote host's password policy using the supplied credentials. +The following password policy is defined on the remote host: + +Minimum password len: 0 +Password history len: 0 +Maximum password age (d): 42 +Password must meet complexity requirements: Enabled +Minimum password age (d): 0 +Forced logoff time (s): Not set +Locked account time (s): 600 +Time between failed logon (s): 600 +Number of invalid logon before locked out (s): 10 + + + +Using the supplied credentials, Nessus was able to list user accounts that have been disabled. +smb_users_disabled.nasl +2018/08/13 +Microsoft Windows - Users Information : Disabled Accounts +2002/03/15 +local +None +1.19 +Delete accounts that are no longer needed. +At least one user account has been disabled. + +The following user accounts have been disabled : + + - DefaultAccount + - Guest + - soteria + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never logged into their accounts. +smb_users_neverloggedon.nasl +2018/08/13 +Microsoft Windows - Users Information : User Has Never Logged In +2002/03/15 +local +None +1.20 +Delete accounts that are not needed. +At least one user has never logged into his or her account. + +The following users have never logged in : + + - DefaultAccount + - Guest + - WDAGUtilityAccount + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users who have never changed their passwords. +smb_users_lastpwchange.nasl +2018/08/13 +Microsoft Windows - Users Information : Never Changed Password +2002/03/15 +local +None +1.23 +Allow or require users to change their passwords regularly. +At least one user has never changed his or her password. + +The following users have never changed their passwords : + + - DefaultAccount + - Guest + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for +'SMB use domain SID to enumerate users' setting, and then re-run the scan. + + + +Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire. +smb_users_pwexpiry.nasl +2018/08/13 +Microsoft Windows - Users Information : Passwords Never Expire +2002/03/15 +local +None +1.22 +Allow or require users to change their passwords regularly. +At least one user has a password that never expires. + +The following user has a password that never expires : + + - degthat + + +Note that, in addition to the Administrator, Guest, and Kerberos +accounts, Nessus has enumerated only those domain users with UIDs +between 1000 and 1200. To use a different range, edit the scan policy +and change the 'Start UID' and/or 'End UID' preferences for this +plugin, then re-run the scan. + + + +Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. +smb_samr_user_enum.nasl +2023/01/20 +Microsoft Windows SAM user enumeration +2019/07/08 +local +None +1.7 +n/a +Nessus was able to enumerate domain users from the local SAM. + - DefaultAccount (id S-1-5-21-746496990-2641142201-503, A user account managed by the system.) + - degthat (id S-1-5-21-746496990-2641142201-1001, degthat) + - Guest (id S-1-5-21-746496990-2641142201-501, Built-in account for guest access to the computer/domain, Guest account) + - soteria (id S-1-5-21-746496990-2641142201-500, Built-in account for administering the computer/domain, Administrator account) + - WDAGUtilityAccount (id S-1-5-21-746496990-2641142201-504, A user account managed and used by the system for Windows Defender Application Guard scenarios.) + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI. +wmi_enum_printer_drivers.nbin +2024/01/16 +Windows Printer Driver Enumeration +2021/12/09 +local +None +1.63 +http://www.nessus.org/u?fab99415 +n/a +Nessus was able to enumerate one or more of the printer drivers on the remote host. + +--- Microsoft enhanced Point and Print compatibility driver --- + +Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver: + + Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows x64 + + Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll + Version : 10.0.20348.2227 + Supported Platform : Windows NT x86 + +--- Microsoft Print To PDF --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + +--- Microsoft XPS Document Writer v4 --- + + Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_675324844f835f70\Amd64\mxdwdrv.dll + Version : 10.0.20348.1 + Supported Platform : Windows x64 + + + +The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). + +Cached logon credentials could be accessed by an attacker and subjected to brute force attacks. +smb_reg_cachedlogons.nasl +2018/06/05 +Microsoft Windows SMB Registry : Winlogon Cached Password Weakness +2003/03/24 +local +None +1.17 +http://www.nessus.org/u?184d3eab +http://www.nessus.org/u?fe16cea8 +https://technet.microsoft.com/en-us/library/cc957390.aspx +Consult Microsoft documentation and best practices. +User credentials are stored in memory. + + Max cached logons : 10 + + + +730 days + +2022/07/10 +cpe:/o:microsoft:windows +CVE-2013-3900 +7.8 +7.5 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.6 +CVE-2013-3900 +6.6 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host. +true +High +Exploits are available +true +smb_nt_ms22_oct_CVE-2013-3900_reg_check.nasl +2013-A-0227 +2023/12/26 +WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) +2022/10/26 +local +Very High +High +1.7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +http://www.nessus.org/u?9780b9d2 +Add and enable registry value EnableCertPaddingCheck: + - HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck + +Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck: + + - HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck +II +The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability. +Very Low +No recorded events +No recorded events +8.9 +2013/12/10 +CISA-KNOWN-EXPLOITED:2022/07/10 +IAVA:2013-A-0227 + + + Nessus detected the following potentially insecure registry key configuration: + - Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + - Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry. + + + + +Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host. +smb_check_rollup.nasl +2023/06/26 +Microsoft Security Rollup Enumeration +2016/10/11 +local +None +1.180 +http://www.nessus.org/u?b23205aa +n/a +This plugin enumerates installed Microsoft security rollups. + + Cumulative Rollup : 01_2024 [KB5034129] + Cumulative Rollup : 12_2023 + Cumulative Rollup : 11_2023 + Cumulative Rollup : 10_2023 + Cumulative Rollup : 09_2023 + Cumulative Rollup : 08_2023 + Cumulative Rollup : 07_2023 + Cumulative Rollup : 06_2023 + Cumulative Rollup : 05_2023 + Cumulative Rollup : 04_2023 + Cumulative Rollup : 03_2023 + Cumulative Rollup : 02_2023 + Cumulative Rollup : 01_2023 + Cumulative Rollup : 12_2022 + Cumulative Rollup : 11_2022 + Cumulative Rollup : 10_2022 + Cumulative Rollup : 09_2022 + Cumulative Rollup : 08_2022 + Cumulative Rollup : 07_2022 + Cumulative Rollup : 06_2022 + Cumulative Rollup : 05_2022 + Cumulative Rollup : 04_2022 + Cumulative Rollup : 03_2022 + Cumulative Rollup : 02_2022 + Cumulative Rollup : 01_2022 + Cumulative Rollup : 12_2021 + Cumulative Rollup : 11_2021 + Cumulative Rollup : 10_2021 + + Latest effective update level : 01_2024 + File checked : C:\Windows\system32\ntoskrnl.exe + File version : 10.0.20348.2227 + Associated KB : 5034129 + + + +windows +True +cpe:/o:microsoft:windows +Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages. +dism_enum_packages.nbin +2024/01/16 +DISM Package List (Windows) +2020/08/25 +local +None +1.93 +http://www.nessus.org/u?cbb428b2 +n/a +Use DISM to extract package info from the host. +The following packages were enumerated using the Deployment Image Servicing and Management Tool: + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Downlevel-NLS-Sorting-Versions-Server-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-DirectX-Database-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-OneCore-RasSstp-Api-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Foundation +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : Language Pack +Install Time : 5/8/2021 9:34 AM + +Package : Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.2227 +State : Installed +Release Type : Language Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.20348.1906 +State : Installed +Release Type : Feature Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.20348.380 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.1668 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.1070 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-MSPaint-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Staged +Release Type : Language Pack +Install Time : + +Package : Microsoft-Windows-Networking-RemoteAccess-PowerShell-Base-Package~31bf3856ad364e35~amd64~~10.0.20348.617 +State : Staged +Release Type : Feature Pack +Install Time : + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Notepad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-PowerShell-ISE-FOD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerStandard-GVLK-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 9:44 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1668 +State : Superseded +Release Type : Language Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.2227 +State : Installed +Release Type : Language Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : Feature Pack +Install Time : 5/8/2021 8:24 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-StepsRecorder-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.20348.1194 +State : Installed +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.2227 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~amd64~~10.0.20348.740 +State : Superseded +Release Type : OnDemand Pack +Install Time : 4/5/2023 12:33 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~en-US~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-WordPad-FoD-Package~31bf3856ad364e35~wow64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:36 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Superseded +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:37 AM + +Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.20348.1787 +State : Installed +Release Type : OnDemand Pack +Install Time : 2/2/2024 3:23 PM + +Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.20348.1 +State : Installed +Release Type : OnDemand Pack +Install Time : 5/8/2021 9:35 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4614.6 +State : Superseded +Release Type : Update +Install Time : 4/5/2023 12:21 AM + +Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4690.3 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:10 PM + +Package : Package_for_KB5012170~31bf3856ad364e35~amd64~~20348.880.1.1 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:08 PM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.1668.1.8 +State : Superseded +Release Type : Security Update +Install Time : 4/5/2023 12:33 AM + +Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~20348.2227.1.4 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:23 PM + +Package : Package_for_ServicingStack_2200~31bf3856ad364e35~amd64~~20348.2200.1.0 +State : Installed +Release Type : Update +Install Time : 2/2/2024 3:11 PM + +Package : Package_for_WinREServicing~31bf3856ad364e35~amd64~~20348.2201.1.18 +State : Installed +Release Type : Security Update +Install Time : 2/2/2024 3:26 PM + + + +windows +True +software_enumeration +cpe:/a:google:chrome +Google Chrome, a web browser from Google, is installed on the remote Windows host. +google_chrome_installed.nasl +0001-T-0511 +2022/10/10 +Google Chrome Detection (Windows) +2008/09/12 +local +None +1.26 +https://www.google.com/chrome/ +n/a +The remote Windows host contains a web browser. +true +IAVT:0001-T-0511 + + Path : C:\Program Files\Google\Chrome\Application + Version : 121.0.6167.140 + +Note that Nessus only looked in the registry for evidence of Google +Chrome. If there are multiple users on this host, you may wish to +enable the 'Perform thorough tests' setting and re-scan. This will +cause Nessus to scan each local user's directory for installs. + + + + +365 - 730 days +2022/05/06 +cpe:/a:microsoft:edge +CVE-2022-1305 +CVE-2022-1306 +CVE-2022-1307 +CVE-2022-1308 +CVE-2022-1309 +CVE-2022-1310 +CVE-2022-1312 +CVE-2022-1313 +CVE-2022-1314 +CVE-2022-1364 +CVE-2022-29144 +9.6 +CVE-2022-1312 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1364 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.44. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2022 advisory. + + - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313) + + - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1305) + + - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306) + + - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307) + + - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1308) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_44.nasl +2022-A-0156-S +2022/04/15 +2023/11/01 +Microsoft Edge (Chromium) < 100.0.1185.44 Multiple Vulnerabilities +2022/04/18 +local +Low +Critical +1.7 +http://www.nessus.org/u?84a20f12 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144 +Upgrade to Microsoft Edge version 100.0.1185.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/04/11 +CISA-KNOWN-EXPLOITED:2022/05/06 +IAVA:2022-A-0156-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1232 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1232 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.36. It is, therefore, affected by a vulnerability as referenced in the April 7, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1232) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_100_0_1185_36.nasl +2022-A-0133-S +2022/04/07 +2023/11/02 +Microsoft Edge (Chromium) < 100.0.1185.36 Vulnerability +2022/04/07 +local +Low +Critical +1.7 +http://www.nessus.org/u?cc9eba61 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1232 +Upgrade to Microsoft Edge version 100.0.1185.36 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.7 +2022/04/04 +IAVA:2022-A-0133-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.36 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33639 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33639 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected by multiple vulnerabilities as referenced in the June 23, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_37.nasl +2022/06/23 +2023/03/21 +Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities +2022/06/23 +local +Low +Medium +1.9 +http://www.nessus.org/u?2b2d4e0f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638 +Upgrade to Microsoft Edge version 103.0.1264.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/06/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.37 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2007 +CVE-2022-2008 +CVE-2022-2010 +CVE-2022-2011 +9.3 +CVE-2022-2010 +8.4 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H +5.8 +10.0 +CVE-2022-2011 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2022 advisory. + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011) + + - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007) + + - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008) + + - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2022-2010) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_102_0_1245_41.nasl +2022-A-0231-S +2022/06/13 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities +2022/06/13 +local +Low +Critical +1.9 +http://www.nessus.org/u?c00d2c8a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011 +Upgrade to Microsoft Edge version 102.0.1245.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.1 +2022/06/09 +IAVA:2022-A-0231-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-22021 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-22021 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.39. It is, therefore, affected by a vulnerability as referenced in the June 9, 2022 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_102_0_1245_39.nasl +2022/06/09 +2023/03/23 +Microsoft Edge (Chromium) < 102.0.1245.39 Vulnerability +2022/06/09 +local +Low +Medium +1.6 +http://www.nessus.org/u?c8dc918f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22021 +Upgrade to Microsoft Edge version 102.0.1245.39 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.39 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1125 +CVE-2022-1127 +CVE-2022-1128 +CVE-2022-1129 +CVE-2022-1130 +CVE-2022-1131 +CVE-2022-1133 +CVE-2022-1134 +CVE-2022-1135 +CVE-2022-1136 +CVE-2022-1137 +CVE-2022-1138 +CVE-2022-1139 +CVE-2022-1143 +CVE-2022-1145 +CVE-2022-1146 +CVE-2022-24475 +CVE-2022-24523 +CVE-2022-26891 +CVE-2022-26894 +CVE-2022-26895 +CVE-2022-26900 +CVE-2022-26908 +CVE-2022-26909 +CVE-2022-26912 +8.8 +CVE-2022-1143 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +5.1 +CVE-2022-26912 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 100.0.1185.29. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-24475) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26891) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26894) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26895) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_100_0_1185_29.nasl +2021-A-0544-S +2022/04/01 +2023/11/03 +Microsoft Edge (Chromium) < 100.0.1185.29 Multiple Vulnerabilities +2022/04/01 +local +Low +Medium +1.8 +http://www.nessus.org/u?471a8cda +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1125 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1128 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1137 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26894 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26895 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26909 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26912 +Upgrade to Microsoft Edge version 100.0.1185.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/29 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 100.0.1185.29 + + + +365 - 730 days +2022/09/15 +cpe:/a:microsoft:edge +CVE-2022-2294 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2294 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory. + + - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_103_0_1264_49.nasl +2022-A-0262-S +2022/07/06 +2023/10/19 +Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability +2022/07/07 +local +Very High +Critical +1.7 +http://www.nessus.org/u?c255ed38 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295 +Upgrade to Microsoft Edge version 103.0.1264.49 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/07/04 +IAVA:2022-A-0262-S +CISA-KNOWN-EXPLOITED:2022/09/15 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.49 + + + +365 - 730 days +2022/09/08 +cpe:/a:microsoft:edge +CVE-2022-2856 +6.5 +6.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N +3.6 +7.8 +CVE-2022-2856 +6.8 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.60. It is, therefore, affected by a vulnerability as referenced in the August 17, 2022 advisory. + + - Insufficient validation of untrusted input in Intents. (CVE-2022-2856) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_104_0_1293_60.nasl +2022/08/17 +2023/10/13 +Microsoft Edge (Chromium) < 104.0.1293.60 Vulnerability +2022/08/18 +local +Low +High +1.6 +http://www.nessus.org/u?b53011a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2856 +Upgrade to Microsoft Edge version 104.0.1293.60 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2022/08/16 +CISA-KNOWN-EXPLOITED:2022/09/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.60 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-1477 +CVE-2022-1478 +CVE-2022-1479 +CVE-2022-1481 +CVE-2022-1482 +CVE-2022-1483 +CVE-2022-1484 +CVE-2022-1485 +CVE-2022-1486 +CVE-2022-1487 +CVE-2022-1488 +CVE-2022-1490 +CVE-2022-1491 +CVE-2022-1492 +CVE-2022-1493 +CVE-2022-1494 +CVE-2022-1495 +CVE-2022-1497 +CVE-2022-1498 +CVE-2022-1499 +CVE-2022-1500 +CVE-2022-1501 +CVE-2022-29146 +CVE-2022-29147 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-1493 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.32. It is, therefore, affected by multiple vulnerabilities as referenced in the April 28, 2022 advisory. + + - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493) + + - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1477) + + - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478) + + - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1479) + + - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_101_0_1210_32.nasl +2022-A-0183-S +2022/04/28 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.32 Multiple Vulnerabilities +2022/04/28 +local +Low +Critical +1.9 +http://www.nessus.org/u?436625dd +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1481 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1483 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1484 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1485 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1486 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1487 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1488 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1490 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1491 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1492 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1493 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1494 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1495 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1497 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1498 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1499 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1500 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1501 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29147 +Upgrade to Microsoft Edge version 101.0.1210.32 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/04/26 +IAVA:2022-A-0183-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.32 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-33680 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-33680 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.44. It is, therefore, affected by a vulnerability as referenced in the June 30, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639. (CVE-2022-33680) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_103_0_1264_44.nasl +2022/06/30 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.44 Vulnerability +2022/06/30 +local +Low +Medium +1.5 +http://www.nessus.org/u?83620a15 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33680 +Upgrade to Microsoft Edge version 103.0.1264.44 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/06/30 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.44 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1634 +CVE-2022-1635 +CVE-2022-1636 +CVE-2022-1637 +CVE-2022-1638 +CVE-2022-1639 +CVE-2022-1640 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1640 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 101.0.1210.47. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2022 advisory. + + - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1640) + + - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1634) + + - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1635) + + - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636) + + - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_101_0_1210_47.nasl +2022/05/13 +2023/03/23 +Microsoft Edge (Chromium) < 101.0.1210.47 Multiple Vulnerabilities +2022/05/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?3405acc7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1634 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1637 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1638 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1639 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1640 +Upgrade to Microsoft Edge version 101.0.1210.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 101.0.1210.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2603 +CVE-2022-2604 +CVE-2022-2605 +CVE-2022-2606 +CVE-2022-2610 +CVE-2022-2611 +CVE-2022-2612 +CVE-2022-2614 +CVE-2022-2615 +CVE-2022-2616 +CVE-2022-2617 +CVE-2022-2618 +CVE-2022-2619 +CVE-2022-2621 +CVE-2022-2622 +CVE-2022-2623 +CVE-2022-2624 +CVE-2022-33636 +CVE-2022-33649 +CVE-2022-35796 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-33649 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.47. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2022 advisory. + + - Use after free in Omnibox. (CVE-2022-2603) + + - Use after free in Safe Browsing. (CVE-2022-2604) + + - Out of bounds read in Dawn. (CVE-2022-2605) + + - Use after free in Managed devices API. (CVE-2022-2606) + + - Insufficient policy enforcement in Background Fetch. (CVE-2022-2610) + + - Inappropriate implementation in Fullscreen API. (CVE-2022-2611) + + - Side-channel information leakage in Keyboard input. (CVE-2022-2612) + + - Use after free in Sign-In Flow. (CVE-2022-2614) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2615) + + - Inappropriate implementation in Extensions API. (CVE-2022-2616) + + - Use after free in Extensions API. (CVE-2022-2617) + + - Insufficient validation of untrusted input in Internals. (CVE-2022-2618) + + - Insufficient validation of untrusted input in Settings. (CVE-2022-2619) + + - Use after free in Extensions. (CVE-2022-2621) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-2622) + + - Use after free in Offline. (CVE-2022-2623) + + - Heap buffer overflow in PDF. (CVE-2022-2624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_104_0_1293_47.nasl +2022/08/05 +2023/10/25 +Microsoft Edge (Chromium) < 104.0.1293.47 Multiple Vulnerabilities +2022/08/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?d822b1dc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796 +Upgrade to Microsoft Edge version 104.0.1293.47 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3370 +CVE-2022-3373 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3373 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected by multiple vulnerabilities as referenced in the October 3, 2022 advisory. + + - Use after free in CSS. (CVE-2022-3304) + + - Use after free in Media. (CVE-2022-3307) + + - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308) + + - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310) + + - Use after free in Import. (CVE-2022-3311) + + - Incorrect security UI in Full Screen. (CVE-2022-3313) + + - Type confusion in Blink. (CVE-2022-3315) + + - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316) + + - Insufficient validation of untrusted input in Intents. (CVE-2022-3317) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_34.nasl +2022-A-0396-S +2022/10/03 +2023/10/25 +Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities +2022/10/06 +local +Low +Critical +1.7 +http://www.nessus.org/u?2c48e7f3 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3311 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3313 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3316 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3317 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035 +Upgrade to Microsoft Edge version 106.0.1370.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/27 +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.34 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3195 +CVE-2022-3196 +CVE-2022-3197 +CVE-2022-3198 +CVE-2022-3199 +CVE-2022-3200 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3200 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2022 advisory. + + - Out of bounds write in Storage. (CVE-2022-3195) + + - Use after free in PDF. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198) + + - Use after free in Frames. (CVE-2022-3199) + + - Heap buffer overflow in Internals. (CVE-2022-3200) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_42.nasl +2022-A-0379-S +2022-A-0396-S +2022/09/15 +2023/10/25 +Microsoft Edge (Chromium) < 105.0.1343.42 Multiple Vulnerabilities +2022/09/16 +local +Low +Critical +1.9 +http://www.nessus.org/u?e8ee04b1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3199 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3200 +Upgrade to Microsoft Edge version 105.0.1343.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/09/14 +IAVA:2022-A-0379-S +IAVA:2022-A-0396-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.42 + + + +365 - 730 days +2022/09/29 +cpe:/a:microsoft:edge +CVE-2022-3075 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3075 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.27. It is, therefore, affected by a vulnerability as referenced in the September 2, 2022 advisory. + + - Insufficient data validation in Mojo. (CVE-2022-3075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_105_0_1343_27.nasl +2022-A-0351-S +2022-A-0361-S +2022/09/02 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.27 Vulnerability +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?7aa022b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075 +Upgrade to Microsoft Edge version 105.0.1343.27 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/09/02 +CISA-KNOWN-EXPLOITED:2022/09/29 +IAVA:2022-A-0351-S +IAVA:2022-A-0361-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.27 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3652 +CVE-2022-3653 +CVE-2022-3654 +CVE-2022-3655 +CVE-2022-3656 +CVE-2022-3657 +CVE-2022-3660 +CVE-2022-3661 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3657 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3652) + + - Heap buffer overflow in Vulkan. (CVE-2022-3653) + + - Use after free in Layout. (CVE-2022-3654) + + - Heap buffer overflow in Media Galleries. (CVE-2022-3655) + + - Insufficient data validation in File System. (CVE-2022-3656) + + - Use after free in Extensions. (CVE-2022-3657) + + - Inappropriate implementation in Full screen mode. (CVE-2022-3660) + + - Insufficient data validation in Extensions. (CVE-2022-3661) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_107_0_1418_24.nasl +2022-A-0446-S +2022-A-0454-S +2022/10/27 +2022/11/28 +Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities +2022/10/27 +local +Low +Critical +1.8 +http://www.nessus.org/u?57027261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3652 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3653 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3654 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3655 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3656 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3657 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3660 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3661 +Upgrade to Microsoft Edge version 107.0.1418.24 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/25 +IAVA:2022-A-0446-S +IAVA:2022-A-0454-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.24 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3885 +CVE-2022-3886 +CVE-2022-3887 +CVE-2022-3888 +CVE-2022-3889 +CVE-2022-3890 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3890 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.42. It is, therefore, affected by multiple vulnerabilities as referenced in the November 10, 2022 advisory. + + - Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3885) + + - Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3886) + + - Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3887) + + - Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3888) + + - Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3889) + + - Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3890) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_107_0_1418_42.nasl +2022-A-0493-S +2022/11/10 +2023/10/25 +Microsoft Edge (Chromium) < 107.0.1418.42 Multiple Vulnerabilities +2022/11/10 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3885 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3886 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3888 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3889 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3890 +Upgrade to Microsoft Edge version 107.0.1418.42 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/11/08 +IAVA:2022-A-0493-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.42 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2477 +CVE-2022-2478 +CVE-2022-2479 +CVE-2022-2480 +CVE-2022-2481 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2481 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2022 advisory. + + - : Use after free in Guest View. (CVE-2022-2477) + + - : Use after free in PDF. (CVE-2022-2478) + + - : Insufficient validation of untrusted input in File. (CVE-2022-2479) + + - : Use after free in Service Worker API. (CVE-2022-2480) + + - Use after free in Views. (CVE-2022-2481) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_103_0_1264_71.nasl +2022/07/22 +2023/03/23 +Microsoft Edge (Chromium) < 103.0.1264.71 Multiple Vulnerabilities +2022/07/23 +local +Low +Critical +1.5 +http://www.nessus.org/u?4d376e5a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2477 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2478 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2479 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2481 +Upgrade to Microsoft Edge version 103.0.1264.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/07/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 103.0.1264.71 + + + +365 - 730 days +2022/12/19 +cpe:/a:microsoft:edge +CVE-2022-4135 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4135 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.62. It is, therefore, affected by a vulnerability as referenced in the November 28, 2022 advisory. + + - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (Chromium security severity: High) (CVE-2022-4135) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_62.nasl +2022-A-0501-S +2022-A-0502-S +2022/11/28 +2023/09/20 +Microsoft Edge (Chromium) < 107.0.1418.62 Vulnerability +2022/11/29 +local +Medium +Critical +1.8 +http://www.nessus.org/u?2fa4911e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4135 +Upgrade to Microsoft Edge version 107.0.1418.62 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +8.1 +2022/11/24 +CISA-KNOWN-EXPLOITED:2022/12/19 +IAVA:2022-A-0501-S +IAVA:2022-A-0502-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 107.0.1418.62 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-1853 +CVE-2022-1854 +CVE-2022-1855 +CVE-2022-1856 +CVE-2022-1857 +CVE-2022-1858 +CVE-2022-1859 +CVE-2022-1862 +CVE-2022-1863 +CVE-2022-1864 +CVE-2022-1865 +CVE-2022-1867 +CVE-2022-1868 +CVE-2022-1869 +CVE-2022-1870 +CVE-2022-1871 +CVE-2022-1872 +CVE-2022-1873 +CVE-2022-1874 +CVE-2022-1875 +CVE-2022-1876 +CVE-2022-26905 +CVE-2022-30127 +CVE-2022-30128 +9.6 +CVE-2022-1853 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +5.1 +CVE-2022-30128 +4.0 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.30. It is, therefore, affected by multiple vulnerabilities as referenced in the May 31, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. (CVE-2022-30128) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. (CVE-2022-30127) + + - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853) + + - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1854) + + - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_102_0_1245_30.nasl +2022/05/31 +2023/10/26 +Microsoft Edge (Chromium) < 102.0.1245.30 Multiple Vulnerabilities +2022/05/31 +local +Low +Medium +1.8 +http://www.nessus.org/u?ae294315 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1859 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1862 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1864 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1865 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1867 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1868 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1869 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1870 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1871 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1873 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1874 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1875 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1876 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30127 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30128 +Upgrade to Microsoft Edge version 102.0.1245.30 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/05/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 102.0.1245.30 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-41115 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.41. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_41.nasl +current +2022-A-0507-S +2022-A-0510-S +2022/12/05 +2023/09/20 +Microsoft Edge (Chromium) < 108.0.1462.41 Multiple Vulnerabilities +2022/12/05 +local +Low +Critical +1.8 +http://www.nessus.org/u?26b297b9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 +IAVA:2022-A-0507-S +IAVA:2022-A-0510-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.41 + + + +365 - 730 days +2023/04/20 +cpe:/a:microsoft:edge +CVE-2022-3038 +CVE-2022-3039 +CVE-2022-3040 +CVE-2022-3041 +CVE-2022-3044 +CVE-2022-3045 +CVE-2022-3046 +CVE-2022-3047 +CVE-2022-3053 +CVE-2022-3054 +CVE-2022-3055 +CVE-2022-3056 +CVE-2022-3057 +CVE-2022-3058 +CVE-2022-38012 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-3058 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory. + + - Use after free in Network Service. (CVE-2022-3038) + + - Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041) + + - Use after free in Layout. (CVE-2022-3040) + + - Inappropriate implementation in Site Isolation. (CVE-2022-3044) + + - Insufficient validation of untrusted input in V8. (CVE-2022-3045) + + - Use after free in Browser Tag. (CVE-2022-3046) + + - Insufficient policy enforcement in Extensions API. (CVE-2022-3047) + + - Inappropriate implementation in Pointer Lock. (CVE-2022-3053) + + - Insufficient policy enforcement in DevTools. (CVE-2022-3054) + + - Use after free in Passwords. (CVE-2022-3055) + + - Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056) + + - Inappropriate implementation in iframe Sandbox. (CVE-2022-3057) + + - Use after free in Sign-In Flow. (CVE-2022-3058) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_105_0_1343_25.nasl +2022-A-0361-S +2022/09/01 +2023/10/13 +Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities +2022/09/02 +local +Low +Critical +1.9 +http://www.nessus.org/u?31d28038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3038 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3039 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3040 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3041 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3044 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3045 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3046 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3047 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012 +Upgrade to Microsoft Edge version 105.0.1343.25 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/08/30 +IAVA:2022-A-0361-S +CISA-KNOWN-EXPLOITED:2023/04/20 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 105.0.1343.25 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-3445 +CVE-2022-3446 +CVE-2022-3447 +CVE-2022-3449 +CVE-2022-3450 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3450 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 14, 2022 advisory. + + - Use after free in Skia. (CVE-2022-3445) + + - Heap buffer overflow in WebSQL. (CVE-2022-3446) + + - Inappropriate implementation in Custom Tabs. (CVE-2022-3447) + + - Use after free in Safe Browsing. (CVE-2022-3449) + + - Use after free in Peer Connection. (CVE-2022-3450) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_106_0_1370_47.nasl +2022-A-0437-S +2022/10/14 +2022/11/11 +Microsoft Edge (Chromium) < 106.0.1370.47 Multiple Vulnerabilities +2022/10/14 +local +Low +Critical +1.5 +http://www.nessus.org/u?e2630fd9 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3445 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3446 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3447 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3449 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3450 +Upgrade to Microsoft Edge version 106.0.1370.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/10/11 +IAVA:2022-A-0437-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.47 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-4436 +CVE-2022-4437 +CVE-2022-4438 +CVE-2022-4439 +CVE-2022-4440 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-4440 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.54. It is, therefore, affected by multiple vulnerabilities as referenced in the December 16, 2022 advisory. + + - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4436) + + - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4437) + + - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4438) + + - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) (CVE-2022-4439) + + - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4440) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_108_0_1462_54.nasl +2023-A-0003-S +2022/12/16 +2023/02/10 +Microsoft Edge (Chromium) < 108.0.1462.54 Multiple Vulnerabilities +2022/12/16 +local +Low +Critical +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4437 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4438 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4440 +Upgrade to Microsoft Edge version 108.0.1462.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2022/12/13 +IAVA:2023-A-0003-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-21720 +5.3 +4.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H +3.6 +5.4 +CVE-2023-21720 +4.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.78. It is, therefore, affected by a vulnerability as referenced in the February 2, 2023 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-21720) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_78.nasl +2023-A-0071-S +2023/02/03 +2023/02/16 +Microsoft Edge (Chromium) < 109.0.1518.78 Tampering (CVE-2023-21720) +2023/02/10 +local +Low +Medium +1.1 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720 +Upgrade to Microsoft Edge version 109.0.1518.78 or later. +I +The remote host has an web browser installed that is affected by tampering. +Very Low +No recorded events +No recorded events +4.4 +2023/02/02 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.78 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0927 +CVE-2023-0928 +CVE-2023-0929 +CVE-2023-0930 +CVE-2023-0931 +CVE-2023-0932 +CVE-2023-0933 +CVE-2023-0941 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0941 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.56. It is, therefore, affected by multiple vulnerabilities as referenced in the February 25, 2023 advisory. + + - Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0927) + + - Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0928) + + - Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0929) + + - Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0930) + + - Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0931) + + - Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0932) + + - Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-0933) + + - Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-0941) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_56.nasl +2023-A-0119-S +2023/02/25 +2023/05/23 +Microsoft Edge (Chromium) < 110.0.1587.56 Multiple Vulnerabilities +2023/02/27 +local +Low +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0927 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0932 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0933 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0941 +Upgrade to Microsoft Edge version 110.0.1587.56 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/02/22 +IAVA:2023-A-0119-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.56 + + + +365 - 730 days +2022/11/18 +cpe:/a:microsoft:edge +CVE-2022-3723 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-3723 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.26. It is, therefore, affected by a vulnerability as referenced in the October 31, 2022 advisory. + + - Type Confusion in V8. (CVE-2022-3723) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_107_0_1418_26.nasl +2022-A-0453-S +2022/10/31 +2023/10/06 +Microsoft Edge (Chromium) < 107.0.1418.26 Vulnerability +2022/11/01 +local +Low +Critical +1.6 +http://www.nessus.org/u?ff54e40b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3723 +Upgrade to Microsoft Edge version 107.0.1418.26 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/10/27 +CISA-KNOWN-EXPLOITED:2022/11/18 +IAVA:2022-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 106.0.1370.61 (Extended Stable Channel) / 107.0.1418.26 (Stable Channel) + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21719 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N +3.6 +7.8 +CVE-2023-21719 +5.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.61. It is, therefore, affected by a vulnerability as referenced in the January 19, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2023-21719) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_61.nasl +2023-A-0051-S +2023/01/19 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.61 Security Feature Bypass (CVE-2023-21719) +2023/01/27 +local +Low +High +1.3 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21719 +Upgrade to Microsoft Edge version 109.0.1518.61 or later. +I +The remote host has an web browser installed that is affected by security feature bypass. +Very Low +No recorded events +No recorded events +3.6 +2023/01/19 +IAVA:2023-A-0051-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.61 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-0696 +CVE-2023-0697 +CVE-2023-0698 +CVE-2023-0699 +CVE-2023-0700 +CVE-2023-0701 +CVE-2023-0702 +CVE-2023-0703 +CVE-2023-0704 +CVE-2023-0705 +CVE-2023-21794 +CVE-2023-23374 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-0703 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.41. It is, therefore, affected by multiple vulnerabilities as referenced in the February 9, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0696) + + - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0697) + + - Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0698) + + - Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) (CVE-2023-0699) + + - Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0700) + + - Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) (CVE-2023-0701) + + - Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0702) + + - Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. + (Chromium security severity: Medium) (CVE-2023-0703) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0704) + + - Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_110_0_1587_41.nasl +current +2023-A-0074-S +2023-A-0075-S +2023/02/09 +2023/09/05 +Microsoft Edge (Chromium) < 110.0.1587.41 Multiple Vulnerabilities +2023/02/09 +local +Low +Critical +1.9 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0696 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0697 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0698 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0699 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0700 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0701 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21794 +Upgrade to Microsoft Edge version 110.0.1587.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2023/02/07 +IAVA:2023-A-0074-S +IAVA:2023-A-0075-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 110.0.1587.41 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-21795 +8.3 +7.2 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +7.6 +CVE-2023-21795 +5.6 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.52. It is, therefore, affected by a vulnerability as referenced in the January 13, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. (CVE-2023-21795) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_52.nasl +2023-A-0034-S +2023/01/17 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.52 Elevation of Privilege (CVE-2023-21795) +2023/01/30 +local +Low +High +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21795 +Upgrade to Microsoft Edge version 109.0.1518.52 or later. +I +The remote host has an web browser installed that is affected by elevation of privilege. +Very Low +No recorded events +No recorded events +8.1 +2023/01/13 +IAVA:2023-A-0034-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.52 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.70 / 108.0.1462.95. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0471) + + - Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0472) + + - Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0473) + + - Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. + (Chromium security severity: Medium) (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_70.nasl +2023/01/26 +2023/02/10 +Microsoft Edge (Chromium) < 109.0.1518.70 / 108.0.1462.95 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.0 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1518.70 / 108.0.1462.95 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.70 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0471 +CVE-2023-0472 +CVE-2023-0473 +CVE-2023-0474 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0474 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1343.27. It is, therefore, affected by multiple vulnerabilities as referenced in the January 26, 2023 advisory. + + - Use after free in WebTransport. (CVE-2023-0471) + + - Use after free in WebRTC. (CVE-2023-0472) + + - Type Confusion in ServiceWorker API. (CVE-2023-0473) + + - Use after free in GuestView. (CVE-2023-0474) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1343_27.nasl +current +2023/01/26 +2023/02/07 +Microsoft Edge (Chromium) < 109.0.1343.27 Multiple Vulnerabilities +2023/01/27 +local +Low +Critical +1.1 +http://www.nessus.org/u?a883970b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0471 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0473 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0474 +Upgrade to Microsoft Edge version 109.0.1343.27 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1343.27 + + + +365 - 730 days +2022/12/26 +cpe:/a:microsoft:edge +CVE-2022-4174 +CVE-2022-4175 +CVE-2022-4177 +CVE-2022-4178 +CVE-2022-4179 +CVE-2022-4180 +CVE-2022-4181 +CVE-2022-4182 +CVE-2022-4183 +CVE-2022-4184 +CVE-2022-4185 +CVE-2022-4186 +CVE-2022-4187 +CVE-2022-4188 +CVE-2022-4189 +CVE-2022-4190 +CVE-2022-4191 +CVE-2022-4192 +CVE-2022-4193 +CVE-2022-4194 +CVE-2022-4195 +CVE-2022-4262 +CVE-2022-44688 +CVE-2022-44708 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-4262 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.42. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174) + + - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175) + + - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178) + + - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4179) + + - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (Chromium security severity: High) (CVE-2022-4180) + + - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181) + + - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182) + + - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184) + + - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4185) + + - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186) + + - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4187) + + - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188) + + - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189) + + - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190) + + - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191) + + - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192) + + - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2022-4193) + + - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194) + + - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195) + + - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4262) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-44688) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-44708) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_108_0_1462_42.nasl +2022/12/05 +2023/09/04 +Microsoft Edge (Chromium) < 108.0.1462.42 Multiple Vulnerabilities +2023/02/10 +local +Low +Critical +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708 +Upgrade to Microsoft Edge version 108.0.1462.42 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/11/29 +CISA-KNOWN-EXPLOITED:2022/12/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 108.0.1462.42 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2023-0129 +CVE-2023-0130 +CVE-2023-0131 +CVE-2023-0132 +CVE-2023-0133 +CVE-2023-0134 +CVE-2023-0135 +CVE-2023-0136 +CVE-2023-0138 +CVE-2023-0139 +CVE-2023-0140 +CVE-2023-0141 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-0138 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 109.0.1518.49 / 108.0.1462.83. It is, therefore, affected by multiple vulnerabilities as referenced in the January 12, 2023 advisory. + + - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-0130) + + - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-0131) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132) + + - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133) + + - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135) + + - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136) + + - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138) + + - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139) + + - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2023-21775) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. (CVE-2023-21796) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_109_0_1518_49.nasl +2023-A-0034-S +2023-A-0029-S +2023/01/12 +2023/10/24 +Microsoft Edge (Chromium) < 109.0.1518.49 / 108.0.1462.83 Multiple Vulnerabilities +2023/01/13 +local +Low +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0129 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0130 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0131 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0132 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0136 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0138 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0139 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0140 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0141 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21775 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21796 +Upgrade to Microsoft Edge version 109.0.1518.49 / 108.0.1462.83 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/01/10 +IAVA:2023-A-0034-S +IAVA:2023-A-0029-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.49 + + + +180 - 365 days +2023/05/08 +cpe:/a:microsoft:edge +CVE-2023-2033 +CVE-2023-29334 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2033 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.48. It is, therefore, affected by a vulnerability as referenced in the April 15, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2033) + + - A spoofing vulnerability could allow an attacker to bypass the Edge security warning message feature. + (CVE-2023-29334) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_112_0_1722_48.nasl +2023-A-0204-S +2023-A-0203-S +2023-A-0232-S +2023/04/15 +2023/07/20 +Microsoft Edge (Chromium) < 112.0.1722.48 +2023/04/20 +local +Medium +Critical +1.13 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033 +Upgrade to Microsoft Edge version 112.0.1722.48 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.0 +2023/04/14 +IAVA:2023-A-0204-S +IAVA:2023-A-0203-S +IAVA:2023-A-0232-S +CISA-KNOWN-EXPLOITED:2023/05/08 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 109.0.1518.100 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1213 +CVE-2023-1214 +CVE-2023-1215 +CVE-2023-1216 +CVE-2023-1217 +CVE-2023-1218 +CVE-2023-1219 +CVE-2023-1220 +CVE-2023-1221 +CVE-2023-1222 +CVE-2023-1223 +CVE-2023-1224 +CVE-2023-1228 +CVE-2023-1229 +CVE-2023-1230 +CVE-2023-1231 +CVE-2023-1232 +CVE-2023-1233 +CVE-2023-1234 +CVE-2023-1235 +CVE-2023-1236 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1222 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.41 / 110.0.1587.69. It is, therefore, affected by multiple vulnerabilities as referenced in the March 13, 2023 advisory. + + - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1213) + + - Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1214) + + - Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1215) + + - Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1216) + + - Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1217) + + - Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1218) + + - Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1219) + + - Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1220) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-1221) + + - Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1222) + + - Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1223) + + - Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1224) + + - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1228) + + - Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-1229) + + - Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1230) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-1231) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1232) + + - Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2023-1233) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1234) + + - Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. + (Chromium security severity: Low) (CVE-2023-1235) + + - Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-1236) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_41.nasl +2023-A-0131-S +2023/03/13 +2023/10/24 +Microsoft Edge (Chromium) < 111.0.1661.41 / 110.0.1587.69 Multiple Vulnerabilities +2023/03/15 +local +Low +Critical +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1220 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1221 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1233 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1234 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1235 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1236 +Upgrade to Microsoft Edge version 111.0.1661.41 / 110.0.1587.69 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/07 +IAVA:2023-A-0131-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-1528 +CVE-2023-1529 +CVE-2023-1530 +CVE-2023-1531 +CVE-2023-1532 +CVE-2023-1533 +CVE-2023-1534 +CVE-2023-28261 +CVE-2023-28286 +9.8 +CVE-2023-1529 +8.8 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-1534 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 111.0.1661.54 / 110.0.1587.78. It is, therefore, affected by multiple vulnerabilities as referenced in the March 24, 2023 advisory. + + - Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1528) + + - Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) (CVE-2023-1529) + + - Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1530) + + - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1531) + + - Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1532) + + - Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1533) + + - Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-1534) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_111_0_1661_54.nasl +2023-A-0161-S +2023/03/24 +2023/05/23 +Microsoft Edge (Chromium) < 111.0.1661.54 / 110.0.1587.78 Multiple Vulnerabilities +2023/03/30 +local +Low +Critical +1.11 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28286 +Upgrade to Microsoft Edge version 111.0.1661.54 / 110.0.1587.78 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/03/21 +IAVA:2023-A-0161-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 111.0.1661.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2459 +CVE-2023-2460 +CVE-2023-2462 +CVE-2023-2463 +CVE-2023-2464 +CVE-2023-2465 +CVE-2023-2466 +CVE-2023-2467 +CVE-2023-2468 +CVE-2023-29350 +CVE-2023-29354 +7.5 +CVE-2023-29350 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.5 +CVE-2023-2460 +6.3 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.35. It is, therefore, affected by multiple vulnerabilities as referenced in the May 5, 2023 advisory. + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2459) + + - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2460) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2462) + + - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2463) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2464) + + - Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2465) + + - Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-2466) + + - Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: + Low) (CVE-2023-2467) + + - Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-2468) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-29350) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-29354) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_113_0_1774_35.nasl +2023-A-0240-S +2023/05/05 +2023/07/20 +Microsoft Edge (Chromium) < 113.0.1774.35 Multiple Vulnerabilities +2023/05/11 +local +Low +High +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2459 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2460 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2462 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2464 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2465 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2468 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29354 +Upgrade to Microsoft Edge version 113.0.1774.35 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/02 +IAVA:2023-A-0240-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.35 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2133 +CVE-2023-2134 +CVE-2023-2135 +CVE-2023-2137 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2137 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.58. It is, therefore, affected by multiple vulnerabilities as referenced in the April 21, 2023 advisory. + + - Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2133, CVE-2023-2134) + + - Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2135) + + - Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2137) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_58.nasl +2023-A-0223-S +2023/04/20 +2023/10/23 +Microsoft Edge (Chromium) < 112.0.1722.58 Multiple Vulnerabilities +2023/04/27 +local +Medium +Critical +1.5 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2133 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2134 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2135 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2137 +Upgrade to Microsoft Edge version 112.0.1722.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/04/18 +IAVA:2023-A-0223-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.58 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3214 +CVE-2023-3215 +CVE-2023-3216 +CVE-2023-3217 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3217 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.51. It is, therefore, affected by multiple vulnerabilities as referenced in the June 15, 2023 advisory. + + - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-3214) + + - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215) + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216) + + - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_114_0_1823_51.nasl +current +2023/06/15 +2023/07/18 +Microsoft Edge (Chromium) < 114.0.1823.51 Multiple Vulnerabilities +2023/06/22 +local +Medium +Critical +1.2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3217 +http://www.nessus.org/u?a084dba4 +Upgrade to Microsoft Edge version 114.0.1823.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/06/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.51 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-2312 +CVE-2023-4349 +CVE-2023-4350 +CVE-2023-4351 +CVE-2023-4352 +CVE-2023-4353 +CVE-2023-4354 +CVE-2023-4355 +CVE-2023-4356 +CVE-2023-4357 +CVE-2023-4358 +CVE-2023-4359 +CVE-2023-4360 +CVE-2023-4361 +CVE-2023-4362 +CVE-2023-4363 +CVE-2023-4364 +CVE-2023-4365 +CVE-2023-4366 +CVE-2023-4367 +CVE-2023-4368 +CVE-2023-36787 +CVE-2023-38158 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4368 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.54. It is, therefore, affected by multiple vulnerabilities as referenced in the August 21, 2023 advisory. + + - Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2312) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36787) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-38158) + + - Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4349) + + - Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4350) + + - Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4351) + + - Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4352) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4353) + + - Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4354) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4355) + + - Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4356) + + - Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4357) + + - Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4358) + + - Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4359) + + - Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4360) + + - Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4361) + + - Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4362) + + - Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4363) + + - Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4364) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4365) + + - Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: Medium) (CVE-2023-4366) + + - Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4367, CVE-2023-4368) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_54.nasl +current +2023-A-0438-S +2023/08/21 +2023/09/18 +Microsoft Edge (Chromium) < 116.0.1938.54 Multiple Vulnerabilities +2023/08/23 +local +Medium +Critical +1.3 +http://www.nessus.org/u?9ae99e73 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2312 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36787 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38158 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4349 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4351 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4352 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4353 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4354 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4355 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4356 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4357 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4358 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4359 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4360 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4361 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4362 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4363 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4364 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4365 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4366 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4367 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4368 +Upgrade to Microsoft Edge version 116.0.1938.54 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +8.4 +2023/08/15 +IAVA:2023-A-0438-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.54 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-4068 +CVE-2023-4069 +CVE-2023-4070 +CVE-2023-4071 +CVE-2023-4072 +CVE-2023-4073 +CVE-2023-4074 +CVE-2023-4075 +CVE-2023-4076 +CVE-2023-4077 +CVE-2023-4078 +CVE-2023-38157 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4078 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.106 / 115.0.1901.200. It is, therefore, affected by multiple vulnerabilities as referenced in the August 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-38157) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070) + + - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069) + + - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071) + + - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072) + + - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-4073) + + - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074) + + - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075) + + - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076) + + - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077) + + - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_115_0_1901_200.nasl +current +2023-A-0401-S +2023/08/07 +2023/10/23 +Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities +2023/08/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?ccceaa60 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4070 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4073 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4075 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4077 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4078 +Upgrade to Microsoft Edge version 114.0.1823.106 / 115.0.1901.200 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +Social Media +9.0 +2023/08/02 +IAVA:2023-A-0401-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.200 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-36883 +CVE-2023-36887 +CVE-2023-36888 +7.8 +CVE-2023-36887 +7.0 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +7.5 +CVE-2023-36888 +5.9 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.82. It is, therefore, affected by multiple vulnerabilities as referenced in the July 13, 2023 advisory. + + - Microsoft Edge for Android (Chromium-based) Tampering Vulnerability (CVE-2023-36888) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2023-36883) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36887) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_114_0_1823_82.nasl +current +2023-A-0358-S +2023/07/13 +2023/08/02 +Microsoft Edge (Chromium) < 114.0.1823.82 Multiple Vulnerabilities +2023/07/14 +local +Low +High +1.5 +http://www.nessus.org/u?74e8a4a1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888 +Upgrade to Microsoft Edge version 114.0.1823.82 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/13 +IAVA:2023-A-0358-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.82 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4761 +CVE-2023-4762 +CVE-2023-4763 +CVE-2023-4764 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4763 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.76. It is, therefore, affected by multiple vulnerabilities as referenced in the September 7, 2023 advisory. + + - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-4761) + + - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762) + + - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763) + + - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_76.nasl +current +2023-A-0457-S +2023/09/07 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.76 Multiple Vulnerabilities +2023/09/07 +local +Medium +Critical +1.6 +http://www.nessus.org/u?0c1fe891 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4761 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4763 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4764 +Upgrade to Microsoft Edge version 116.0.1938.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +6.7 +2023/09/05 +IAVA:2023-A-0457-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.76 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3727 +CVE-2023-3728 +CVE-2023-3730 +CVE-2023-3732 +CVE-2023-3733 +CVE-2023-3734 +CVE-2023-3735 +CVE-2023-3736 +CVE-2023-3737 +CVE-2023-3738 +CVE-2023-3740 +CVE-2023-35392 +CVE-2023-38173 +CVE-2023-38187 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3732 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-35392) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2023-38173) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-38187) + + - Use after free in WebRTC. (CVE-2023-3727, CVE-2023-3728) + + - Use after free in Tab Groups. (CVE-2023-3730) + + - Out of bounds memory access in Mojo. (CVE-2023-3732) + + - Inappropriate implementation in WebApp Installs. (CVE-2023-3733) + + - Inappropriate implementation in Picture In Picture. (CVE-2023-3734) + + - Inappropriate implementation in Web API Permission Prompts. (CVE-2023-3735) + + - Inappropriate implementation in Custom Tabs. (CVE-2023-3736) + + - Inappropriate implementation in Notifications. (CVE-2023-3737) + + - Inappropriate implementation in Autofill. (CVE-2023-3738) + + - Insufficient validation of untrusted input in Themes. (CVE-2023-3740) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_115_0_1901_183.nasl +current +2023-A-0380-S +2023/07/21 +2023/08/11 +Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities +2023/07/21 +local +Low +Critical +1.3 +http://www.nessus.org/u?09d3506d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35392 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3728 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3730 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3732 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3733 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3734 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3736 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3737 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3738 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3740 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38187 +Upgrade to Microsoft Edge version 114.0.1901.183 / 115.0.1901.183 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/07/18 +IAVA:2023-A-0380-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 115.0.1901.183 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4427 +CVE-2023-4428 +CVE-2023-4429 +CVE-2023-4430 +CVE-2023-4431 +CVE-2023-36741 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4430 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the August 25, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36741) + + - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4427) + + - Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4428) + + - Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429) + + - Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430) + + - Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4431) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_116_0_1938_62.nasl +current +2023-A-0453-S +2023/08/25 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.62 Multiple Vulnerabilities +2023/08/26 +local +Low +Critical +1.3 +http://www.nessus.org/u?22854207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4427 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4428 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4429 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4430 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4431 +Upgrade to Microsoft Edge version 116.0.1938.62 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/08/22 +IAVA:2023-A-0453-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.62 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +CVE-2023-4900 +CVE-2023-4901 +CVE-2023-4902 +CVE-2023-4903 +CVE-2023-4904 +CVE-2023-4905 +CVE-2023-4906 +CVE-2023-4907 +CVE-2023-4908 +CVE-2023-4909 +CVE-2023-36562 +CVE-2023-36727 +CVE-2023-36735 +9.6 +CVE-2023-36735 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36562, CVE-2023-36735) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-36727) + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + + - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4900) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4901) + + - Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902) + + - Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: + Medium) (CVE-2023-4903) + + - Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: + Medium) (CVE-2023-4904) + + - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905) + + - Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4906) + + - Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4907) + + - Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4908) + + - Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4909) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_117_0_2045_31.nasl +former +2023/09/15 +2023/10/06 +Microsoft Edge (Chromium) < 117.0.2045.31 Multiple Vulnerabilities +2023/09/15 +local +High +Critical +1.8 +http://www.nessus.org/u?db9a43f1 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4900 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4901 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4902 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4903 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4904 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4905 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4906 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4907 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4908 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4909 +Upgrade to Microsoft Edge version 117.0.2045.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.31 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-2721 +CVE-2023-2722 +CVE-2023-2723 +CVE-2023-2724 +CVE-2023-2725 +CVE-2023-2726 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-2726 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 113.0.1774.50 / 112.0.1722.84. It is, therefore, affected by multiple vulnerabilities as referenced in the May 18, 2023 advisory. + + - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-2721) + + - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: + High) (CVE-2023-2722) + + - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2723) + + - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724) + + - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-2725) + + - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2726) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_113_0_1774_50.nasl +2023-A-0265-S +2023/05/18 +2023/07/07 +Microsoft Edge (Chromium) < 113.0.1774.50 / 112.0.1722.84 Multiple Vulnerabilities +2023/05/23 +local +Medium +Critical +1.4 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2722 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2723 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2724 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2725 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2726 +Upgrade to Microsoft Edge version 113.0.1774.50 / 112.0.1722.84 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/05/16 +IAVA:2023-A-0265-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 113.0.1774.50 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-4572 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4572 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.69. It is, therefore, affected by a vulnerability as referenced in the August 31, 2023 advisory. + + - Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4572) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_116_0_1938_69.nasl +current +2023/08/31 +2023/09/25 +Microsoft Edge (Chromium) < 116.0.1938.69 (CVE-2023-4572) +2023/08/31 +local +Medium +Critical +1.2 +http://www.nessus.org/u?3a086c3d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4572 +Upgrade to Microsoft Edge version 116.0.1938.69 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/08/29 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.69 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-24935 +CVE-2023-28284 +CVE-2023-28301 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2023-24935 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 112.0.1722.34. It is, therefore, affected by multiple vulnerabilities as referenced in the April 6, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-28284) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-24935) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2023-28301) + + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_112_0_1722_34.nasl +2023-A-0180-S +2023/04/06 +2023/05/23 +Microsoft Edge (Chromium) < 112.0.1722.34 Multiple Vulnerabilities +2023/04/14 +local +Low +Medium +1.6 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24935 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28284 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28301 +Upgrade to Microsoft Edge version 112.0.1722.34 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2023/04/06 +IAVA:2023-A-0180-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 112.0.1722.34 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2023-3420 +CVE-2023-3421 +CVE-2023-3422 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3422 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.67. It is, therefore, affected by multiple vulnerabilities as referenced in the June 29, 2023 advisory. + + - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3420) + + - Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3421) + + - Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-3422) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_114_0_1823_67.nasl +current +2023/06/29 +2023/07/06 +Microsoft Edge (Chromium) < 114.0.1823.67 Multiple Vulnerabilities +2023/06/30 +local +Low +Critical +1.1 +http://www.nessus.org/u?12f91dd6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3420 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3421 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3422 +Upgrade to Microsoft Edge version 114.0.1823.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +8.4 +2023/06/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.67 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5472 +CVE-2023-44323 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5472 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.76. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2023 advisory. + + - Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5472) + + - Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-44323) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_76.nasl +current +2023-A-0600-S +2023/10/27 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.76 Multiple Vulnerabilities +2023/10/27 +local +Medium +Critical +1.4 +http://www.nessus.org/u?4f5c8cf8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5472 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44323 +Upgrade to Microsoft Edge version 118.0.2088.76 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/24 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.76 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-36014 +CVE-2023-36024 +CVE-2023-5996 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5996 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.102 / 119.0.2151.58. It is, therefore, affected by multiple vulnerabilities as referenced in the November 9, 2023 advisory. + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36014) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36024) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_58.nasl +current +2023-A-0610-S +2023/11/09 +2024/01/26 +Microsoft Edge (Chromium) < 118.0.2088.102 / 119.0.2151.58 Multiple Vulnerabilities +2023/11/09 +local +Medium +Critical +1.6 +http://www.nessus.org/u?683f1aad +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5996 +Upgrade to Microsoft Edge version 118.0.2088.102 / 119.0.2151.58 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +6.7 +2023/11/07 +IAVA:2023-A-0610-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.58 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5480 +CVE-2023-5482 +CVE-2023-5849 +CVE-2023-5850 +CVE-2023-5851 +CVE-2023-5852 +CVE-2023-5853 +CVE-2023-5854 +CVE-2023-5855 +CVE-2023-5856 +CVE-2023-5857 +CVE-2023-5858 +CVE-2023-5859 +CVE-2023-36022 +CVE-2023-36029 +CVE-2023-36034 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5857 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.88 / 119.0.2151.44. It is, therefore, affected by multiple vulnerabilities as referenced in the November 2, 2023 advisory. + + - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) (CVE-2023-5480) + + - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5482) + + - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5851) + + - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5852) + + - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853) + + - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5854) + + - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5855) + + - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5856) + + - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) (CVE-2023-5857) + + - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5858) + + - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) (CVE-2023-5859) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_119_0_2151_44.nasl +current +2023-A-0600-S +2023/11/02 +2023/11/16 +Microsoft Edge (Chromium) < 118.0.2088.88 / 119.0.2151.44 Multiple Vulnerabilities +2023/11/03 +local +Medium +Critical +1.3 +http://www.nessus.org/u?c1b5e0e7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36029 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36034 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5480 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5482 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5849 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5850 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5851 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5856 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5859 +Upgrade to Microsoft Edge version 118.0.2088.88 / 119.0.2151.44 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/10/31 +IAVA:2023-A-0600-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.44 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5346 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5346 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.55. It is, therefore, affected by a vulnerability as referenced in the October 4, 2023 advisory. + + - Type Confusion in V8. (CVE-2023-5346) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_117_0_2045_55.nasl +current +2023/10/04 +2023/10/09 +Microsoft Edge (Chromium) < 117.0.2045.55 (CVE-2023-5346) +2023/10/04 +local +Low +Critical +1.2 +http://www.nessus.org/u?91471929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5346 +Upgrade to Microsoft Edge version 117.0.2045.55 or later. +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +120 to 365 days +No recorded events +6.7 +2023/10/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.55 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0222 +CVE-2024-0223 +CVE-2024-0224 +CVE-2024-0225 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0225 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory. + + - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0222) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0223) + + - Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0224) + + - Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0225) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_121.nasl +current +2024-A-0009-S +2024/01/05 +2024/01/18 +Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities +2024/01/05 +local +Low +Critical +1.3 +http://www.nessus.org/u?4aae3ac8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0225 +Upgrade to Microsoft Edge version 120.0.2210.121 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +7 to 30 days +No recorded events +6.7 +2024/01/03 +IAVA:2024-A-0009-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.121 + + + +7 - 30 days +2024/02/07 +cpe:/a:microsoft:edge +CVE-2024-0517 +CVE-2024-0518 +CVE-2024-0519 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2024-0519 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.144. It is, therefore, affected by multiple vulnerabilities as referenced in the January 17, 2024 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0517) + + - Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0518) + + - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0519) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_120_0_2210_144.nasl +current +2024-A-0040-S +2024/01/17 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.144 Multiple Vulnerabilities +2024/01/17 +local +Low +Critical +1.3 +http://www.nessus.org/u?baa12a23 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519 +Upgrade to Microsoft Edge version 120.0.2210.144 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very High +0 to 7 days +Social Media +9.2 +2024/01/16 +CISA-KNOWN-EXPLOITED:2024/02/07 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.144 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6508 +CVE-2023-6509 +CVE-2023-6510 +CVE-2023-6511 +CVE-2023-6512 +CVE-2023-35618 +CVE-2023-36880 +CVE-2023-38174 +9.6 +CVE-2023-35618 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6510 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-35618) + + - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-36880, CVE-2023-38174) + + - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6508) + + - Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) (CVE-2023-6509) + + - Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2023-6510) + + - Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-6511) + + - Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. + (Chromium security severity: Low) (CVE-2023-6512) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_61.nasl +current +2023-A-0677-S +2023/12/07 +2023/12/22 +Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities +2023/12/07 +local +Low +Critical +1.3 +http://www.nessus.org/u?7f2952a2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36880 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6512 +Upgrade to Microsoft Edge version 120.0.2210.61 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2023/12/05 +IAVA:2023-A-0677-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.61 + + + +60 - 180 days +2023/12/21 +cpe:/a:microsoft:edge +CVE-2023-6345 +CVE-2023-6346 +CVE-2023-6347 +CVE-2023-6348 +CVE-2023-6350 +CVE-2023-6351 +9.6 +CVE-2023-6345 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2023-6351 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.122 / 119.0.2151.97. It is, therefore, affected by multiple vulnerabilities as referenced in the November 29, 2023 advisory. + + - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) (CVE-2023-6345) + + - Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6346) + + - Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6347) + + - Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6348) + + - Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) (CVE-2023-6350, CVE-2023-6351) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_119_0_2151_97.nasl +current +2023/11/29 +2023/12/06 +Microsoft Edge (Chromium) < 118.0.2088.122 / 119.0.2151.97 Multiple Vulnerabilities +2023/11/29 +local +Medium +Critical +1.3 +http://www.nessus.org/u?88d07bbe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6345 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6346 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6347 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6348 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6350 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6351 +Upgrade to Microsoft Edge version 118.0.2088.122 / 119.0.2151.97 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.9 +2023/11/28 +CISA-KNOWN-EXPLOITED:2023/12/21 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.97 + + + +60 - 180 days +2023/10/04 +cpe:/a:microsoft:edge +CVE-2023-4863 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-4863 +8.7 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.81. It is, therefore, affected by a vulnerability as referenced in the September 12, 2023 advisory. + + - Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_116_0_1938_81.nasl +current +2023-A-0494-S +2023/09/12 +2023/10/06 +Microsoft Edge (Chromium) < 116.0.1938.81 (CVE-2023-4863) +2023/09/12 +local +High +Critical +1.5 +http://www.nessus.org/u?2bde7861 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 +Upgrade to Microsoft Edge version 116.0.1938.81 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +30 to 120 days +Security Research +9.7 +2023/09/12 +CISA-KNOWN-EXPLOITED:2023/10/04 +IAVA:2023-A-0494-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 116.0.1938.81 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5997 +CVE-2023-6112 +CVE-2023-36008 +CVE-2023-36026 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6112 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.109 / 119.0.2151.72. It is, therefore, affected by multiple vulnerabilities as referenced in the November 16, 2023 advisory. + + - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997) + + - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_119_0_2151_72.nasl +current +2023-A-0649-S +2023/11/16 +2024/01/29 +Microsoft Edge (Chromium) < 118.0.2088.109 / 119.0.2151.72 Multiple Vulnerabilities +2023/11/16 +local +Medium +Critical +1.4 +http://www.nessus.org/u?7feca339 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36026 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6112 +Upgrade to Microsoft Edge version 118.0.2088.109 / 119.0.2151.72 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/11/14 +IAVA:2023-A-0649-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 119.0.2151.72 + + + +30 - 60 days +2024/01/23 +cpe:/a:microsoft:edge +CVE-2023-7024 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-7024 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.91. It is, therefore, affected by a vulnerability as referenced in the December 21, 2023 advisory. + + - Heap buffer overflow in WebRTC. (CVE-2023-7024) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_120_0_2210_91.nasl +current +2023/12/21 +2024/01/02 +Microsoft Edge (Chromium) < 120.0.2210.91 (CVE-2023-7024) +2023/12/21 +local +Medium +Critical +1.3 +http://www.nessus.org/u?eaceba1a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-7024 +Upgrade to Microsoft Edge version 120.0.2210.91 or later. +The remote host has an web browser installed that is affected by a vulnerability. +High +7 to 30 days +Social Media +9.2 +2023/12/20 +CISA-KNOWN-EXPLOITED:2024/01/23 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.91 + + + +7 - 30 days +cpe:/a:microsoft:edge +CVE-2024-0333 +CVE-2024-20675 +CVE-2024-20709 +CVE-2024-20721 +CVE-2024-21337 +6.3 +5.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L +3.7 +7.5 +CVE-2024-20675 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.133. It is, therefore, affected by multiple vulnerabilities as referenced in the January 11, 2024 advisory. + + - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0333) + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675) + + - Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20709, CVE-2024-20721) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_133.nasl +current +2024-A-0040-S +2024/01/11 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.133 Multiple Vulnerabilities +2024/01/18 +local +Low +High +1.2 +http://www.nessus.org/u?3844aad0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337 +Upgrade to Microsoft Edge version 120.0.2210.133 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +4.9 +2024/01/09 +IAVA:2024-A-0040-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.133 + + + +0 - 7 days +cpe:/a:microsoft:edge +CVE-2024-21388 +6.5 +5.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L +3.7 +5.1 +CVE-2024-21388 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by a vulnerability as referenced in the January 30, 2024 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21388) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_121_0_2277_83.nasl +current +2024-A-0060 +2024/01/25 +2024/02/02 +Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388) +2024/01/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?d0503752 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388 +Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +4.9 +2024/01/23 +IAVA:2024-A-0060 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 121.0.2277.83 + + + +60 - 180 days +2023/10/23 +cpe:/a:microsoft:edge +CVE-2023-1999 +CVE-2023-5186 +CVE-2023-5187 +CVE-2023-5217 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5217 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.98 / 117.0.2045.47. It is, therefore, affected by multiple vulnerabilities as referenced in the September 29, 2023 advisory. + + - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. (CVE-2023-1999) + + - Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) (CVE-2023-5186) + + - Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-5187) + + - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5217) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_117_0_2045_47.nasl +current +2023-A-0523-S +2023/09/29 +2023/10/23 +Microsoft Edge (Chromium) < 116.0.1938.98 / 117.0.2045.47 Multiple Vulnerabilities +2023/10/02 +local +Very High +Critical +1.3 +http://www.nessus.org/u?f89fc291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217 +Upgrade to Microsoft Edge version 116.0.1938.98 / 117.0.2045.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +9.2 +2023/04/11 +CISA-KNOWN-EXPLOITED:2023/10/23 +IAVA:2023-A-0523-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 117.0.2045.47 + + + +180 - 365 days +2023/06/28 +cpe:/a:microsoft:edge +CVE-2023-3079 +CVE-2023-33145 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-3079 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 6, 2023 advisory. + + - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079) + + - An information disclosure vulnerability. (CVE-2023-33145) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_114_0_1823_41.nasl +2023-A-0274-S +2023-A-0302-S +2023/06/06 +2023/07/20 +Microsoft Edge (Chromium) < 114.0.1823.41 Multiple Vulnerabilities +2023/06/07 +local +Medium +Critical +1.7 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3079 +Upgrade to Microsoft Edge version 114.0.1823.41 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +120 to 365 days +No recorded events +9.0 +2023/06/05 +CISA-KNOWN-EXPLOITED:2023/06/28 +IAVA:2023-A-0274-S +IAVA:2023-A-0302-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 114.0.1823.41 + + + +30 - 60 days +cpe:/a:microsoft:edge +CVE-2023-6702 +CVE-2023-6703 +CVE-2023-6704 +CVE-2023-6705 +CVE-2023-6706 +CVE-2023-6707 +CVE-2023-36878 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-6707 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.77. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2023 advisory. + + - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-36878) + + - Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. + (Chromium security severity: High) (CVE-2023-6706) + + - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-6707) + + - Type Confusion in V8. (CVE-2023-6702) + + - Use after free in Blink. (CVE-2023-6703) + + - Use after free in libavif. (CVE-2023-6704) + + - Use after free in WebRTC. (CVE-2023-6705) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_120_0_2210_77.nasl +current +2023-A-0696-S +2023/12/14 +2024/01/12 +Microsoft Edge (Chromium) < 120.0.2210.77 Multiple Vulnerabilities +2023/12/15 +local +Low +Critical +1.3 +http://www.nessus.org/u?11cef5be +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6702 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6703 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6704 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6705 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6706 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6707 +Upgrade to Microsoft Edge version 120.0.2210.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2023/12/12 +IAVA:2023-A-0696-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 120.0.2210.77 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16016 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16016 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.68. It is, therefore, affected by a vulnerability as referenced in the ADV200002-11-11-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_86_0_622_68.nasl +2020/11/11 +2021/01/12 +Microsoft Edge (Chromium) < 86.0.622.68 Vulnerability +2020/11/12 +local +Low +Medium +1.4 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.68 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +6.5 +2020/11/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.68 + + + +730 days + +CEA-2020-0124 +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16004 +CVE-2020-16005 +CVE-2020-16006 +CVE-2020-16007 +CVE-2020-16008 +CVE-2020-16009 +CVE-2020-16011 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2020-16011 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.63. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-4-2020 advisory. + + - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16004) + + - Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16005) + + - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16006, CVE-2020-16009) + + - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. (CVE-2020-16007) + + - Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. (CVE-2020-16008) + + - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2020-16011) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_63.nasl +2020/11/04 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.63 Multiple Vulnerabilities +2020/11/04 +local +High +Medium +1.10 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2020/11/02 +CISA-KNOWN-EXPLOITED:2022/05/03 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2019-8075 +CVE-2020-16012 +CVE-2020-16014 +CVE-2020-16015 +CVE-2020-16018 +CVE-2020-16022 +CVE-2020-16023 +CVE-2020-16024 +CVE-2020-16025 +CVE-2020-16026 +CVE-2020-16027 +CVE-2020-16028 +CVE-2020-16029 +CVE-2020-16030 +CVE-2020-16031 +CVE-2020-16032 +CVE-2020-16033 +CVE-2020-16034 +CVE-2020-16036 +9.6 +CVE-2020-16025 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16029 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.41. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-19-2020 advisory. + + - Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. + Successful exploitation could lead to Information Disclosure in the context of the current user. + (CVE-2019-8075) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_87_0_664_41.nasl +2020/11/19 +2022/05/11 +Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities +2020/11/20 +local +Low +Medium +1.6 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.41 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2019/06/11 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.41 + + + +730 days + +2022/05/03 +cpe:/a:microsoft:edge +CVE-2020-16013 +CVE-2020-16017 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2020-16017 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-13-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_86_0_622_69.nasl +2020/11/13 +2023/04/25 +Microsoft Edge (Chromium) < 86.0.622.69 Multiple Vulnerabilities +2020/11/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2020/11/11 +CISA-KNOWN-EXPLOITED:2022/05/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.69 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-15995 +CVE-2020-16043 +CVE-2021-21106 +CVE-2021-21107 +CVE-2021-21108 +CVE-2021-21109 +CVE-2021-21110 +CVE-2021-21111 +CVE-2021-21112 +CVE-2021-21113 +CVE-2021-21114 +CVE-2021-21115 +CVE-2021-21116 +9.6 +CVE-2021-21115 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +9.3 +CVE-2021-21106 +6.9 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.75. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-1-7-2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15995) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_87_0_664_75.nasl +2021/01/07 +2024/01/30 +Microsoft Edge (Chromium) < 87.0.664.75 Multiple Vulnerabilities +2021/01/08 +local +Medium +High +1.5 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.75 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2020/11/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.75 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21142 +CVE-2021-21143 +CVE-2021-21144 +CVE-2021-21145 +CVE-2021-21146 +CVE-2021-21147 +CVE-2021-24113 +9.6 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21146 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.62. It is, therefore, affected by multiple vulnerabilities as referenced in the February 4, 2021 advisory. + + - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142) + + - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21143) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-21144) + + - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21145) + + - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21146) + + - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_88_0_705_62.nasl +2021/02/04 +2021/02/12 +Microsoft Edge (Chromium) < 88.0.705.62 Multiple Vulnerabilities +2021/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?f6e795b0 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21142 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21143 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21144 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21145 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21146 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21147 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24113 +Upgrade to Microsoft Edge version 88.0.705.62 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/02/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.62 + + + +730 days + +CEA-2021-0007 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21148 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21148 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.63. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-21148 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_88_0_705_63.nasl +2021/02/05 +2023/04/25 +Microsoft Edge (Chromium) < 88.0.705.63 Vulnerability +2021/02/08 +local +Medium +Medium +1.9 +http://www.nessus.org/u?c8284af6 +Upgrade to Microsoft Edge version 88.0.705.63 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2021/02/04 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2021-0007 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.63 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16044 +CVE-2021-21118 +CVE-2021-21119 +CVE-2021-21120 +CVE-2021-21121 +CVE-2021-21122 +CVE-2021-21123 +CVE-2021-21124 +CVE-2021-21125 +CVE-2021-21126 +CVE-2021-21127 +CVE-2021-21128 +CVE-2021-21129 +CVE-2021-21130 +CVE-2021-21131 +CVE-2021-21132 +CVE-2021-21133 +CVE-2021-21134 +CVE-2021-21135 +CVE-2021-21136 +CVE-2021-21137 +CVE-2021-21139 +CVE-2021-21140 +CVE-2021-21141 +9.6 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21132 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.50. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_88_0_705_50.nasl +2021/01/21 +2024/01/26 +Microsoft Edge (Chromium) < 88.0.705.50 Multiple Vulnerabilities +2021/01/26 +local +Low +Medium +1.5 +http://www.nessus.org/u?f11ddceb +http://www.nessus.org/u?e38b0261 +http://www.nessus.org/u?956993df +http://www.nessus.org/u?86ccd1a7 +http://www.nessus.org/u?ea65fbbf +http://www.nessus.org/u?d945c5fd +http://www.nessus.org/u?804c6012 +http://www.nessus.org/u?6df00137 +http://www.nessus.org/u?8e925c70 +http://www.nessus.org/u?f33d1708 +http://www.nessus.org/u?e453c1c0 +http://www.nessus.org/u?d644083b +http://www.nessus.org/u?04560b20 +http://www.nessus.org/u?3dbc72e7 +http://www.nessus.org/u?3be82d62 +http://www.nessus.org/u?776bc7e6 +http://www.nessus.org/u?858149b3 +http://www.nessus.org/u?3838b7fb +http://www.nessus.org/u?1c282efb +http://www.nessus.org/u?b1321a9c +http://www.nessus.org/u?970b384a +http://www.nessus.org/u?a6495027 +http://www.nessus.org/u?ef57ee24 +http://www.nessus.org/u?a674cb6c +Upgrade to Microsoft Edge version 88.0.705.50 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/01/12 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2020-16037 +CVE-2020-16038 +CVE-2020-16039 +CVE-2020-16040 +CVE-2020-16041 +CVE-2020-16042 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +9.3 +CVE-2020-16039 +8.1 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_87_0_664_57.nasl +2020-A-0571-S +Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase +2020/12/07 +2021/04/20 +Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities +2020/12/09 +local +Low +High +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 87.0.664.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +Security Research +7.4 +2020/12/02 +IAVA:2020-A-0571-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 87.0.664.57 + + + +730 days + +CEA-2020-0124 +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-15999 +CVE-2020-16000 +CVE-2020-16001 +CVE-2020-16002 +CVE-2020-16003 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +3.6 +6.8 +CVE-2020-16003 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_86_0_622_51.nasl +2020/10/22 +2022/12/05 +Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities +2020/10/22 +local +High +Medium +1.9 +http://www.nessus.org/u?083510ae +Upgrade to Microsoft Edge version 86.0.622.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +7.2 +2020/10/20 +CISA-KNOWN-EXPLOITED:2021/11/17 +CEA-ID:CEA-2020-0124 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 86.0.622.51 + + + +60 - 180 days +cpe:/a:microsoft:edge +CVE-2023-5218 +CVE-2023-5473 +CVE-2023-5474 +CVE-2023-5475 +CVE-2023-5476 +CVE-2023-5477 +CVE-2023-5478 +CVE-2023-5479 +CVE-2023-5481 +CVE-2023-5483 +CVE-2023-5484 +CVE-2023-5485 +CVE-2023-5486 +CVE-2023-5487 +CVE-2023-36559 +CVE-2023-36409 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2023-5476 +7.4 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 13, 2023 advisory. + + - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-5218) + + - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5473) + + - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474) + + - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475) + + - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5476) + + - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) (CVE-2023-5477) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478) + + - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5479) + + - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5481) + + - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5483) + + - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5484) + + - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485) + + - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486) + + - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5487) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +Unproven +No known exploits are available +microsoft_edge_chromium_118_0_2088_46.nasl +current +2023-A-0566-S +2023-A-0578-S +2023/10/13 +2023/11/09 +Microsoft Edge (Chromium) < 118.0.2088.46 Multiple Vulnerabilities +2023/10/13 +local +Low +Critical +1.6 +http://www.nessus.org/u?2945f274 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36409 +Upgrade to Microsoft Edge version 118.0.2088.46 or later. +I +The remote host has an web browser installed that is affected by a vulnerability. +Very Low +No recorded events +No recorded events +6.7 +2023/10/10 +IAVA:2023-A-0566-S +IAVA:2023-A-0578-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 118.0.2088.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2020-27844 +CVE-2021-21159 +CVE-2021-21160 +CVE-2021-21161 +CVE-2021-21162 +CVE-2021-21163 +CVE-2021-21164 +CVE-2021-21165 +CVE-2021-21166 +CVE-2021-21167 +CVE-2021-21168 +CVE-2021-21169 +CVE-2021-21170 +CVE-2021-21171 +CVE-2021-21172 +CVE-2021-21173 +CVE-2021-21174 +CVE-2021-21175 +CVE-2021-21176 +CVE-2021-21177 +CVE-2021-21178 +CVE-2021-21179 +CVE-2021-21180 +CVE-2021-21181 +CVE-2021-21182 +CVE-2021-21183 +CVE-2021-21184 +CVE-2021-21185 +CVE-2021-21186 +CVE-2021-21187 +CVE-2021-21188 +CVE-2021-21189 +CVE-2021-21190 +8.8 +CVE-2021-21190 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +8.3 +CVE-2020-27844 +6.9 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected by multiple vulnerabilities as referenced in the March 4, 2021 advisory. + + - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27844) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_45.nasl +2021/03/04 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities +2021/03/08 +local +Medium +High +1.9 +http://www.nessus.org/u?b2e30009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-27844 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21159 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21160 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21161 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21162 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21163 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21164 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21165 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21166 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21167 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21168 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21169 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21170 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21171 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21172 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21173 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21174 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21175 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21176 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21177 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21178 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21179 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21180 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21181 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21182 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21183 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21184 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21185 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21186 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21187 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21188 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21189 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21190 +Upgrade to Microsoft Edge version 89.0.774.45 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/01/05 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.45 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21194 +CVE-2021-21195 +CVE-2021-21196 +CVE-2021-21197 +CVE-2021-21198 +CVE-2021-21199 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21199 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.68. It is, therefore, affected by multiple vulnerabilities as referenced in the April 1, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_89_0_774_68.nasl +2021-A-0152-S +2021/04/01 +2021/06/07 +Microsoft Edge (Chromium) < 89.0.774.68 Multiple Vulnerabilities +2021/04/02 +local +Low +Medium +1.6 +http://www.nessus.org/u?d3ce740a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21194 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21195 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21196 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21197 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21198 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21199 +Upgrade to Microsoft Edge version 89.0.774.68 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/03/30 +IAVA:2021-A-0152-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.68 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21191 +CVE-2021-21192 +CVE-2021-21193 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21193 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.54. It is, therefore, affected by multiple vulnerabilities as referenced in the March 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_89_0_774_54.nasl +2021/03/15 +2023/04/25 +Microsoft Edge (Chromium) < 89.0.774.54 Multiple Vulnerabilities +2021/03/16 +local +Medium +Medium +1.8 +http://www.nessus.org/u?5072e34e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21191 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21193 +Upgrade to Microsoft Edge version 89.0.774.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/03/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21201 +CVE-2021-21202 +CVE-2021-21203 +CVE-2021-21204 +CVE-2021-21205 +CVE-2021-21207 +CVE-2021-21208 +CVE-2021-21209 +CVE-2021-21210 +CVE-2021-21211 +CVE-2021-21212 +CVE-2021-21213 +CVE-2021-21214 +CVE-2021-21215 +CVE-2021-21216 +CVE-2021-21217 +CVE-2021-21218 +CVE-2021-21219 +CVE-2021-21221 +9.6 +CVE-2021-21201 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21214 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_39.nasl +2021/04/15 +2022/05/10 +Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities +2021/04/16 +local +Medium +Medium +1.4 +http://www.nessus.org/u?de6e5227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221 +Upgrade to Microsoft Edge version 90.0.818.39 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.5 +2021/04/13 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.39 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21227 +CVE-2021-21228 +CVE-2021-21229 +CVE-2021-21230 +CVE-2021-21231 +CVE-2021-21232 +CVE-2021-21233 +8.8 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21233 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 29, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_90_0_818_51.nasl +2021/04/29 +2021/05/03 +Microsoft Edge (Chromium) < 90.0.818.51 Multiple Vulnerabilities +2021/04/29 +local +Medium +Medium +1.3 +http://www.nessus.org/u?82d8e204 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21227 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21228 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21229 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21230 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21231 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21232 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21233 +Upgrade to Microsoft Edge version 90.0.818.51 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +5.9 +2021/04/26 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.51 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21206 +CVE-2021-21220 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21220 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.77. It is, therefore, affected by multiple vulnerabilities as referenced in the April 14, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +true +Exploits are available +true +microsoft_edge_chromium_89_0_774_77.nasl +2021-A-0176-S +Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE +2021/04/14 +2021/11/30 +Microsoft Edge (Chromium) < 89.0.774.77 Multiple Vulnerabilities +2021/04/15 +local +Low +Medium +1.9 +http://www.nessus.org/u?119280b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21206 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21220 +Upgrade to Microsoft Edge version 89.0.774.77 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.6 +2021/04/13 +IAVA:2021-A-0176-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 89.0.774.77 + + + +730 days + +2022/07/18 +cpe:/a:microsoft:edge +CVE-2021-30521 +CVE-2021-30522 +CVE-2021-30523 +CVE-2021-30524 +CVE-2021-30525 +CVE-2021-30526 +CVE-2021-30527 +CVE-2021-30528 +CVE-2021-30529 +CVE-2021-30530 +CVE-2021-30531 +CVE-2021-30532 +CVE-2021-30533 +CVE-2021-30534 +CVE-2021-30535 +CVE-2021-30536 +CVE-2021-30537 +CVE-2021-30538 +CVE-2021-30539 +CVE-2021-30540 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30535 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_91_0_864_37.nasl +2021/05/27 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities +2021/06/02 +local +Low +Medium +1.5 +http://www.nessus.org/u?0c14a42a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982 +Upgrade to Microsoft Edge version 91.0.864.37 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/25 +CISA-KNOWN-EXPLOITED:2022/07/18 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.37 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-33741 +8.2 +7.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N +4.7 +5.1 +CVE-2021-33741 +3.8 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.41. It is, therefore, affected by a vulnerability as referenced in the June 4, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_41.nasl +2021/06/04 +2023/12/27 +Microsoft Edge (Chromium) < 91.0.864.41 Vulnerability +2021/06/04 +local +Low +Medium +1.4 +http://www.nessus.org/u?aa1e84f8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33741 +Upgrade to Microsoft Edge version 91.0.864.41 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +5.1 +2021/06/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.41 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2021-34475 +CVE-2021-34506 +6.1 +5.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N +2.7 +6.4 +CVE-2021-34506 +4.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.59. It is, therefore, affected by multiple vulnerabilities as referenced in the June 24, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_91_0_864_59.nasl +2021/06/24 +2023/12/12 +Microsoft Edge (Chromium) < 91.0.864.59 Multiple Vulnerabilities +2021/06/25 +local +Low +Medium +1.3 +http://www.nessus.org/u?fcf1608e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506 +Upgrade to Microsoft Edge version 91.0.864.59 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +3.0 +2021/06/24 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.59 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30565 +CVE-2021-30566 +CVE-2021-30567 +CVE-2021-30568 +CVE-2021-30569 +CVE-2021-30571 +CVE-2021-30572 +CVE-2021-30573 +CVE-2021-30574 +CVE-2021-30575 +CVE-2021-30576 +CVE-2021-30577 +CVE-2021-30578 +CVE-2021-30579 +CVE-2021-30580 +CVE-2021-30581 +CVE-2021-30582 +CVE-2021-30583 +CVE-2021-30584 +CVE-2021-30585 +CVE-2021-30586 +CVE-2021-30587 +CVE-2021-30588 +CVE-2021-30589 +9.6 +CVE-2021-30571 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30588 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_55.nasl +2021-A-0346-S +2021/07/22 +2023/12/07 +Microsoft Edge (Chromium) < 92.0.902.55 Multiple Vulnerabilities +2021/07/22 +local +Low +Medium +1.8 +http://www.nessus.org/u?dc471fea +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30565 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30566 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30567 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30568 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30569 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30571 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30572 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30573 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30574 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30575 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30576 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30577 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30578 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30579 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30580 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30581 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30582 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30583 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30584 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30585 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30586 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30587 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30588 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30589 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36931 +Upgrade to Microsoft Edge version 92.0.902.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/07/20 +IAVA:2021-A-0346-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.55 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-21222 +CVE-2021-21223 +CVE-2021-21224 +CVE-2021-21225 +CVE-2021-21226 +9.6 +9.2 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-21226 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.46. It is, therefore, affected by multiple vulnerabilities as referenced in the April 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_90_0_818_46.nasl +2021/04/22 +2021/11/30 +Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities +2021/04/22 +local +Medium +Medium +1.6 +http://www.nessus.org/u?0027f192 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21222 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21223 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21224 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21225 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21226 +Upgrade to Microsoft Edge version 90.0.818.46 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +Security Research +9.2 +2021/04/20 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.818.46 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30541 +CVE-2021-30559 +CVE-2021-30560 +CVE-2021-30561 +CVE-2021-30562 +CVE-2021-30563 +CVE-2021-30564 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30564 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 19, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_71.nasl +2021/07/19 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.71 Multiple Vulnerabilities +2021/07/19 +local +Low +Medium +1.5 +http://www.nessus.org/u?06a51872 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30541 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30559 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30560 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30561 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30562 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30563 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30564 +Upgrade to Microsoft Edge version 91.0.864.71 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/07/15 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.71 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30598 +CVE-2021-30599 +CVE-2021-30601 +CVE-2021-30602 +CVE-2021-30603 +CVE-2021-30604 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30604 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.78. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2021 advisory. + + - Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30604) + + - Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (CVE-2021-30598, CVE-2021-30599) + + - Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30601) + + - Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-30602) + + - Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30603) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_78.nasl +2021/08/19 +2021/09/24 +Microsoft Edge (Chromium) < 92.0.902.78 Multiple Vulnerabilities +2021/08/19 +local +Low +Medium +1.6 +http://www.nessus.org/u?97c3a98d +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30599 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30601 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30602 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30604 +Upgrade to Microsoft Edge version 92.0.902.78 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.78 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30554 +CVE-2021-30555 +CVE-2021-30556 +CVE-2021-30557 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30557 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected by multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_91_0_864_54.nasl +2021/06/18 +2023/04/25 +Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities +2021/06/18 +local +Low +Medium +1.7 +http://www.nessus.org/u?fe8ae1a6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30556 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30557 +Upgrade to Microsoft Edge version 91.0.864.54 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/06/17 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.54 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30590 +CVE-2021-30591 +CVE-2021-30592 +CVE-2021-30593 +CVE-2021-30594 +CVE-2021-30596 +CVE-2021-30597 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30592 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.67. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_92_0_902_67.nasl +2021/08/05 +2023/12/06 +Microsoft Edge (Chromium) < 92.0.902.67 Multiple Vulnerabilities +2021/08/05 +local +Low +Medium +1.4 +http://www.nessus.org/u?c2b02534 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30590 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30591 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30592 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30593 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30594 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30596 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30597 +Upgrade to Microsoft Edge version 92.0.902.67 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/08/02 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 92.0.902.67 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38669 +6.4 +5.6 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N +2.7 +7.5 +CVE-2021-38669 +5.5 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.44. It is, therefore, affected by a vulnerability as referenced in the September 9, 2021 advisory. + + - Microsoft Edge (Chromium-based) Tampering Vulnerability (CVE-2021-38669) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_44.nasl +2021-A-0432-S +2021/09/09 +2023/12/29 +Microsoft Edge (Chromium) < 93.0.961.44 Vulnerability +2021/09/14 +local +Low +High +1.7 +http://www.nessus.org/u?5b26fe9e +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38669 +Upgrade to Microsoft Edge version 93.0.961.44 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +3.8 +2021/09/14 +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.44 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30544 +CVE-2021-30545 +CVE-2021-30546 +CVE-2021-30547 +CVE-2021-30548 +CVE-2021-30549 +CVE-2021-30550 +CVE-2021-30551 +CVE-2021-30552 +CVE-2021-30553 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30553 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected by multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_91_0_864_48.nasl +2021/06/11 +2021/11/30 +Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities +2021/06/11 +local +Low +Medium +1.6 +http://www.nessus.org/u?294d93d8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30544 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30545 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30546 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30547 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30548 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30549 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30550 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30551 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30552 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30553 +Upgrade to Microsoft Edge version 91.0.864.48 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.9 +2021/06/09 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 91.0.864.48 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-30506 +CVE-2021-30507 +CVE-2021-30508 +CVE-2021-30509 +CVE-2021-30510 +CVE-2021-30511 +CVE-2021-30512 +CVE-2021-30513 +CVE-2021-30514 +CVE-2021-30515 +CVE-2021-30516 +CVE-2021-30517 +CVE-2021-30518 +CVE-2021-30519 +CVE-2021-30520 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30520 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_90_0_xxxxxx.nasl +2021/05/13 +2024/01/02 +Microsoft Edge (Chromium) < 90.0.xxxxxx Multiple Vulnerabilities +2021/05/14 +local +Low +Medium +1.4 +http://www.nessus.org/u?9cc1dc08 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30506 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30507 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30508 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30509 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30510 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30511 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30513 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30514 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30515 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30516 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30517 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30518 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30519 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30520 +Upgrade to Microsoft Edge version 90.0.xxxxxx or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/05/10 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 90.0.xxxxxx + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37956 +CVE-2021-37957 +CVE-2021-37958 +CVE-2021-37959 +CVE-2021-37961 +CVE-2021-37962 +CVE-2021-37963 +CVE-2021-37964 +CVE-2021-37965 +CVE-2021-37966 +CVE-2021-37967 +CVE-2021-37968 +CVE-2021-37969 +CVE-2021-37970 +CVE-2021-37971 +CVE-2021-37972 +CVE-2021-37973 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37973 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 24, 2021 advisory. + + - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37973) + + - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37956) + + - Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37957) + + - Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2021-37958) + + - Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37959) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_31.nasl +2021-A-0448-S +2021/09/24 +2024/01/16 +Microsoft Edge (Chromium) < 94.0.992.31 Multiple Vulnerabilities +2021/09/24 +local +Medium +Medium +1.11 +http://www.nessus.org/u?6dbcb9b7 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37956 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37957 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37958 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37959 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37961 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37962 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37963 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37964 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37965 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37966 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37967 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37968 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37969 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37970 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37973 +Upgrade to Microsoft Edge version 94.0.992.31 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/21 +IAVA:2021-A-0448-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.31 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30625 +CVE-2021-30626 +CVE-2021-30627 +CVE-2021-30628 +CVE-2021-30629 +CVE-2021-30630 +CVE-2021-30633 +9.6 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-30633 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.52. It is, therefore, affected by multiple vulnerabilities as referenced in the September 16, 2021 advisory. + + - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-30633) + + - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30625) + + - Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30626) + + - Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30627) + + - Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (CVE-2021-30628) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_93_0_961_52.nasl +2021/09/16 +2024/01/16 +Microsoft Edge (Chromium) < 93.0.961.52 Multiple Vulnerabilities +2021/09/17 +local +Low +Medium +1.9 +http://www.nessus.org/u?603235a5 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30625 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30626 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30627 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30628 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30629 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30630 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30633 +Upgrade to Microsoft Edge version 93.0.961.52 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.52 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37997 +CVE-2021-37998 +CVE-2021-37999 +CVE-2021-38000 +CVE-2021-38001 +CVE-2021-38002 +CVE-2021-38003 +9.6 +CVE-2021-38002 +8.9 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-38003 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory. + + - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38003) + + - Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37997) + + - Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37998) + + - Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. + (CVE-2021-37999) + + - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. + (CVE-2021-38000) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_95_0_1020_40.nasl +2021-A-0522-S +2021/10/29 +2023/04/25 +Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities +2021/10/29 +local +Medium +Medium +1.13 +http://www.nessus.org/u?dd5c7f7f +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37997 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37998 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37999 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38000 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38001 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38002 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38003 +Upgrade to Microsoft Edge version 95.0.1020.40 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/10/28 +IAVA:2021-A-0522-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.40 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37977 +CVE-2021-37978 +CVE-2021-37979 +CVE-2021-37980 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37979 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.47. It is, therefore, affected by multiple vulnerabilities as referenced in the October 11, 2021 advisory. + + - heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37979) + + - Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37977) + + - Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37978) + + - Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. (CVE-2021-37980) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_94_0_992_47.nasl +2021-A-0459-S +2021/10/11 +2023/11/28 +Microsoft Edge (Chromium) < 94.0.992.47 Multiple Vulnerabilities +2021/10/11 +local +Medium +Medium +1.7 +http://www.nessus.org/u?3a3f355a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37980 +Upgrade to Microsoft Edge version 94.0.992.47 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/10/07 +IAVA:2021-A-0459-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.47 + + + +365 - 730 days +2021/12/29 +cpe:/a:microsoft:edge +CVE-2021-4098 +CVE-2021-4099 +CVE-2021-4100 +CVE-2021-4101 +CVE-2021-4102 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4102 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.57. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4102) + + - Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-4098) + + - Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4099) + + - Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4100) + + - Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4101) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_96_0_1054_57.nasl +2021-A-0576-S +2021/12/14 +2023/04/25 +Microsoft Edge (Chromium) < 96.0.1054.57 Multiple Vulnerabilities +2021/12/14 +local +Low +Medium +1.10 +http://www.nessus.org/u?f5dd1e14 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4102 +Upgrade to Microsoft Edge version 96.0.1054.57 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +30 to 120 days +No recorded events +7.4 +2021/12/13 +CISA-KNOWN-EXPLOITED:2021/12/29 +IAVA:2021-A-0576-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.57 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1052_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities +2021/11/20 +local +Medium +Medium +1.9 +http://www.nessus.org/u?95dce263 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1052.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/15 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1052.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-37981 +CVE-2021-37982 +CVE-2021-37983 +CVE-2021-37984 +CVE-2021-37985 +CVE-2021-37986 +CVE-2021-37987 +CVE-2021-37988 +CVE-2021-37989 +CVE-2021-37990 +CVE-2021-37991 +CVE-2021-37992 +CVE-2021-37993 +CVE-2021-37994 +CVE-2021-37995 +CVE-2021-37996 +CVE-2021-42307 +9.6 +CVE-2021-37981 +8.3 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-37993 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.30. It is, therefore, affected by multiple vulnerabilities as referenced in the October 21, 2021 advisory. + + - Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37993) + + - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-37981) + + - Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37982) + + - Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37983) + + - Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37984) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_95_0_1020_30.nasl +2021-A-0491-S +2021-A-0544-S +2021/10/21 +2023/10/06 +Microsoft Edge (Chromium) < 95.0.1020.30 Multiple Vulnerabilities +2021/10/21 +local +Low +Medium +1.8 +http://www.nessus.org/u?6d633bfe +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37981 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37982 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37983 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37984 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37985 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37986 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37987 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37988 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37989 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37990 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37991 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37992 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37993 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37994 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37995 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37996 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42307 +Upgrade to Microsoft Edge version 95.0.1020.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/10/19 +IAVA:2021-A-0491-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 95.0.1020.30 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-37974 +CVE-2021-37975 +CVE-2021-37976 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-37975 +5.6 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 94.0.992.38. It is, therefore, affected by multiple vulnerabilities as referenced in the October 1, 2021 advisory. + + - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-37975) + + - Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2021-37974) + + - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2021-37976) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_94_0_992_38.nasl +2021-A-0449-S +2021/10/01 +2023/04/25 +Microsoft Edge (Chromium) < 94.0.992.38 Multiple Vulnerabilities +2021/10/01 +local +Medium +Medium +1.10 +http://www.nessus.org/u?fc68e93b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-37976 +Upgrade to Microsoft Edge version 94.0.992.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/09/30 +IAVA:2021-A-0449-S +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 94.0.992.38 + + + +730 days + +2021/11/17 +cpe:/a:microsoft:edge +CVE-2021-30632 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-30632 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.47. It is, therefore, affected by a vulnerability as referenced in the September 14, 2021 advisory. + + - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30632) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_93_0_961_47.nasl +2021/09/14 +2021/11/30 +Microsoft Edge (Chromium) < 93.0.961.47 Vulnerability +2021/09/14 +local +Low +Medium +1.8 +http://www.nessus.org/u?78d37aa2 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30632 +Upgrade to Microsoft Edge version 93.0.4577.82 or later. +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +9.0 +2021/09/13 +CISA-KNOWN-EXPLOITED:2021/11/17 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.47 + + + +180 - 365 days +cpe:/a:microsoft:edge +CVE-2022-23264 +4.7 +4.1 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N +1.4 +5.0 +CVE-2022-23264 +3.7 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.50. It is, therefore, affected by a vulnerability as referenced in the February 10, 2022 advisory. + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-23264) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_50.nasl +2023-A-0071-S +2022/02/10 +2023/11/09 +Microsoft Edge (Chromium) < 98.0.1108.50 Vulnerability +2022/02/10 +local +Low +Medium +1.6 +http://www.nessus.org/u?fe909fdc +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23264 +Upgrade to Microsoft Edge version 98.0.1108.50 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +1.6 +2022/02/10 +IAVA:2023-A-0071-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.50 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2022-23258 +4.3 +3.8 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N +1.4 +4.3 +CVE-2022-23258 +3.2 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected by multiple vulnerabilities as referenced in the January 20, 2022 advisory. + + - Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_97_0_1072_69.nasl +2022/01/20 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities +2022/01/20 +local +Low +Medium +1.5 +http://www.nessus.org/u?4c365598 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311 +Upgrade to Microsoft Edge version 97.0.1072.69 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +1.4 +2022/01/19 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.69 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0096 +CVE-2022-0097 +CVE-2022-0098 +CVE-2022-0099 +CVE-2022-0100 +CVE-2022-0101 +CVE-2022-0102 +CVE-2022-0103 +CVE-2022-0104 +CVE-2022-0105 +CVE-2022-0106 +CVE-2022-0107 +CVE-2022-0108 +CVE-2022-0109 +CVE-2022-0110 +CVE-2022-0111 +CVE-2022-0112 +CVE-2022-0113 +CVE-2022-0114 +CVE-2022-0115 +CVE-2022-0116 +CVE-2022-0117 +CVE-2022-0118 +CVE-2022-0120 +CVE-2022-21929 +CVE-2022-21930 +CVE-2022-21931 +CVE-2022-21954 +CVE-2022-21970 +9.6 +CVE-2022-0097 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +8.3 +CVE-2022-21970 +6.5 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory. + + - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0107) + + - Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0096) + + - Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. (CVE-2022-0097) + + - Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. (CVE-2022-0098) + + - Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. + (CVE-2022-0099) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_97_0_1072_55.nasl +2022/01/06 +2022/05/06 +Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities +2022/01/06 +local +Low +High +1.8 +http://www.nessus.org/u?10ad4694 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0096 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0097 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0098 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0099 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0100 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0101 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0102 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0103 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0104 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0105 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0106 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0107 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0108 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0109 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0110 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0111 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0112 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0113 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0114 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0115 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0116 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0117 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0118 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0120 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21929 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21931 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21970 +Upgrade to Microsoft Edge version 97.0.1072.55 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2022/01/04 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 97.0.1072.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0971 +CVE-2022-0972 +CVE-2022-0973 +CVE-2022-0974 +CVE-2022-0975 +CVE-2022-0976 +CVE-2022-0977 +CVE-2022-0978 +CVE-2022-0979 +CVE-2022-0980 +CVE-2022-26899 +9.6 +CVE-2022-0977 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +10.0 +CVE-2022-26899 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.46. It is, therefore, affected by multiple vulnerabilities as referenced in the March 17, 2022 advisory. + + - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980) + + - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0971) + + - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. + (CVE-2022-0972) + + - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973) + + - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_99_0_1150_46.nasl +2022-A-0120-S +2021-A-0544-S +2022/03/17 +2023/11/06 +Microsoft Edge (Chromium) < 99.0.1150.46 Multiple Vulnerabilities +2022/03/17 +local +Low +Critical +1.8 +http://www.nessus.org/u?0cc84aae +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0971 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0972 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0973 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0974 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0975 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0976 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0977 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0978 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0979 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0980 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26899 +Upgrade to Microsoft Edge version 99.0.1150.46 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.2 +2022/03/15 +IAVA:2022-A-0120-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.46 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-0789 +CVE-2022-0790 +CVE-2022-0791 +CVE-2022-0792 +CVE-2022-0793 +CVE-2022-0794 +CVE-2022-0795 +CVE-2022-0796 +CVE-2022-0797 +CVE-2022-0798 +CVE-2022-0799 +CVE-2022-0800 +CVE-2022-0801 +CVE-2022-0802 +CVE-2022-0803 +CVE-2022-0804 +CVE-2022-0805 +CVE-2022-0806 +CVE-2022-0807 +CVE-2022-0808 +CVE-2022-0809 +9.6 +CVE-2022-0790 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0809 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.30. It is, therefore, affected by multiple vulnerabilities as referenced in the March 3, 2022 advisory. + + - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808) + + - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789) + + - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790) + + - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. + (CVE-2022-0791) + + - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_99_0_1150_30.nasl +2022-A-0096-S +2022/03/03 +2023/01/10 +Microsoft Edge (Chromium) < 99.0.1150.30 Multiple Vulnerabilities +2022/03/03 +local +Low +Medium +1.7 +http://www.nessus.org/u?764ee88a +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0789 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0790 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0791 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0792 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0793 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0794 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0795 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0796 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0797 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0798 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0799 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0800 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0801 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0802 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0803 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0804 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0805 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0806 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0807 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0808 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0809 +Upgrade to Microsoft Edge version 99.0.1150.30 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.4 +2022/03/01 +IAVA:2022-A-0096-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.30 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-4052 +CVE-2021-4053 +CVE-2021-4054 +CVE-2021-4055 +CVE-2021-4056 +CVE-2021-4057 +CVE-2021-4058 +CVE-2021-4059 +CVE-2021-4061 +CVE-2021-4062 +CVE-2021-4063 +CVE-2021-4064 +CVE-2021-4065 +CVE-2021-4066 +CVE-2021-4067 +CVE-2021-4068 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-4067 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.53. It is, therefore, affected by multiple vulnerabilities as referenced in the December 10, 2021 advisory. + + - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067) + + - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. + (CVE-2021-4052) + + - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053) + + - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054) + + - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Unproven +Exploits are available +microsoft_edge_chromium_96_0_1054_53.nasl +2021/12/10 +2022/01/11 +Microsoft Edge (Chromium) < 96.0.1054.53 Multiple Vulnerabilities +2021/12/11 +local +Medium +Medium +1.5 +http://www.nessus.org/u?10871512 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4052 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4053 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4054 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4055 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4056 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4057 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4058 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4059 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4061 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4062 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4063 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4064 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4065 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4066 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4067 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4068 +Upgrade to Microsoft Edge version 96.0.1054.53 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +6.7 +2021/12/06 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.53 + + + +365 - 730 days +2022/04/18 +cpe:/a:microsoft:edge +CVE-2022-1096 +8.8 +8.2 +CVSS:3.0/E:F/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-1096 +8.3 +CVSS2#E:F/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.55. It is, therefore, affected by a vulnerability as referenced in the March 26, 2022 advisory. + + - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +Functional +Exploits are available +microsoft_edge_chromium_99_0_1150_55.nasl +2022-A-0126-S +2021-A-0544-S +2022/03/26 +2023/11/03 +Microsoft Edge (Chromium) < 99.0.1150.55 Vulnerability +2022/03/26 +local +Low +Critical +1.9 +http://www.nessus.org/u?991726b8 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096 +Upgrade to Microsoft Edge version 99.0.1150.55 or later. +I +The remote host has an web browser installed that is affected by a vulnerability +Very Low +No recorded events +No recorded events +7.4 +2022/03/25 +CISA-KNOWN-EXPLOITED:2022/04/18 +IAVA:2022-A-0126-S +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 99.0.1150.55 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-23261 +CVE-2022-23262 +CVE-2022-23263 +7.7 +CVE-2022-23263 +6.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2022-23262 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.43. It is, therefore, affected by multiple vulnerabilities as referenced in the February 3, 2022 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. (CVE-2022-23263) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. (CVE-2022-23262) + + - Microsoft Edge (Chromium-based) Tampering Vulnerability. (CVE-2022-23261) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_98_0_1108_43.nasl +2022/02/03 +2022/05/06 +Microsoft Edge (Chromium) < 98.0.1108.43 Multiple Vulnerabilities +2022/02/03 +local +Low +Medium +1.5 +http://www.nessus.org/u?c8cf985b +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23261 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23262 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23263 +Upgrade to Microsoft Edge version 98.0.1108.43 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +8.1 +2022/02/03 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.43 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-38005 +CVE-2021-38006 +CVE-2021-38007 +CVE-2021-38008 +CVE-2021-38009 +CVE-2021-38010 +CVE-2021-38011 +CVE-2021-38012 +CVE-2021-38013 +CVE-2021-38014 +CVE-2021-38015 +CVE-2021-38016 +CVE-2021-38017 +CVE-2021-38018 +CVE-2021-38019 +CVE-2021-38020 +CVE-2021-38021 +CVE-2021-38022 +CVE-2021-42308 +CVE-2021-43221 +9.6 +CVE-2021-38013 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-38017 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. + + - Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38005) + + - Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38006, CVE-2021-38011) + + - Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38007, CVE-2021-38012) + + - Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38008) + + - Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38009) + + - Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. + (CVE-2021-38010) + + - Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-38013) + + - Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-38014) + + - Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (CVE-2021-38015) + + - Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2021-38016) + + - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38017) + + - Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-38018) + + - Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38019) + + - Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. + (CVE-2021-38020) + + - Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-38021) + + - Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-38022) + + - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2021-42308) + + - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2021-43221) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_96_0_1054_29.nasl +2021-A-0544-S +2021/11/19 +2023/10/06 +Microsoft Edge (Chromium) < 96.0.1054.29 Multiple Vulnerabilities +2023/02/10 +local +Medium +Medium +1.2 +http://www.nessus.org/u?245dfb65 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38005 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38006 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38007 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38008 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38009 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38010 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38011 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38012 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38013 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38014 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38015 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38016 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38017 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38018 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38019 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38020 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38022 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42308 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43221 +Upgrade to Microsoft Edge version 96.0.1054.29 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/11/10 +IAVA:2021-A-0544-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 96.0.1054.29 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-26436 +CVE-2021-26439 +CVE-2021-30606 +CVE-2021-30607 +CVE-2021-30608 +CVE-2021-30609 +CVE-2021-30610 +CVE-2021-30611 +CVE-2021-30612 +CVE-2021-30613 +CVE-2021-30614 +CVE-2021-30615 +CVE-2021-30616 +CVE-2021-30617 +CVE-2021-30618 +CVE-2021-30619 +CVE-2021-30620 +CVE-2021-30621 +CVE-2021-30622 +CVE-2021-30623 +CVE-2021-30624 +CVE-2021-36930 +CVE-2021-38641 +CVE-2021-38642 +8.8 +CVE-2021-30624 +7.7 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2021-36930 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 93.0.961.38. It is, therefore, affected by multiple vulnerabilities as referenced in the September 2, 2021 advisory. + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. (CVE-2021-26436) + + - Microsoft Edge for Android Information Disclosure Vulnerability (CVE-2021-26439) + + - Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606) + + - Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607) + + - Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608) + + - Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609) + + - Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610) + + - Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611) + + - Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612) + + - Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613) + + - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614) + + - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615) + + - Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616) + + - Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617) + + - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618) + + - Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619) + + - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620) + + - Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621) + + - Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622) + + - Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623) + + - Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624) + + - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. (CVE-2021-36930) + + - Microsoft Edge for Android Spoofing Vulnerability (CVE-2021-38641) + + - Microsoft Edge for iOS Spoofing Vulnerability (CVE-2021-38642) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +microsoft_edge_chromium_93_0_961_38.nasl +2021-A-0401-S +2021-A-0432-S +2021/09/02 +2022/05/06 +Microsoft Edge (Chromium) < 93.0.961.38 Multiple Vulnerabilities +2021/11/18 +local +Medium +Medium +1.4 +http://www.nessus.org/u?eab98635 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26436 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36930 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38641 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38642 +Upgrade to Microsoft Edge version 93.0.961.38 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2021/08/31 +IAVA:2021-A-0401-S +IAVA:2021-A-0432-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 93.0.961.38 + + + +365 - 730 days +2022/03/01 +cpe:/a:microsoft:edge +CVE-2022-0603 +CVE-2022-0604 +CVE-2022-0605 +CVE-2022-0606 +CVE-2022-0607 +CVE-2022-0608 +CVE-2022-0609 +CVE-2022-0610 +8.8 +8.4 +CVSS:3.0/E:H/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2022-0610 +5.9 +CVSS2#E:H/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.55. It is, therefore, affected by multiple vulnerabilities as referenced in the February 16, 2022 advisory. + + - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610) + + - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603) + + - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604) + + - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605) + + - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +High +Exploits are available +true +microsoft_edge_chromium_98_0_1108_55.nasl +2022-A-0086-S +2022/02/16 +2022/05/03 +Microsoft Edge (Chromium) < 98.0.1108.55 Multiple Vulnerabilities +2022/02/16 +local +Low +Medium +1.6 +http://www.nessus.org/u?e17239f6 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0603 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0604 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0605 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0606 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0607 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0608 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0610 +Upgrade to Microsoft Edge version 98.0.1108.55 or later. +I +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +9.0 +2022/02/14 +CISA-KNOWN-EXPLOITED:2022/03/01 +IAVA:2022-A-0086-S + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 98.0.1108.55 + + + +730 days + +cpe:/a:microsoft:edge +CVE-2021-21149 +CVE-2021-21150 +CVE-2021-21151 +CVE-2021-21152 +CVE-2021-21153 +CVE-2021-21154 +CVE-2021-21155 +CVE-2021-21156 +CVE-2021-21157 +9.6 +CVE-2021-21155 +8.6 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H +6.0 +6.8 +CVE-2021-21157 +5.3 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P +The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.74. It is, therefore, affected by multiple vulnerabilities as referenced in the February 17, 2021 advisory. + + - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (CVE-2021-21149) + + - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21150) + + - Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21151) + + - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21152) + + - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21153) + + - Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. + (CVE-2021-21154) + + - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21155) + + - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. (CVE-2021-21156) + + - Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21157) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_88_0_705_74.nasl +2021/02/17 +2022/05/10 +Microsoft Edge (Chromium) < 88.0.705.74 Multiple Vulnerabilities +2021/02/19 +local +Low +Medium +1.7 +http://www.nessus.org/u?18ef2264 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21149 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21150 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21151 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21152 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21153 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21154 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21155 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21156 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21157 +Upgrade to Microsoft Edge version 88.0.705.74 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.3 +2021/02/09 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 88.0.705.74 + + + +365 - 730 days +cpe:/a:microsoft:edge +CVE-2022-2852 +CVE-2022-2853 +CVE-2022-2854 +CVE-2022-2855 +CVE-2022-2857 +CVE-2022-2858 +CVE-2022-2860 +CVE-2022-2861 +8.8 +7.9 +CVSS:3.0/E:P/RL:O/RC:C +CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +5.9 +10.0 +CVE-2022-2858 +7.8 +CVSS2#E:POC/RL:OF/RC:C +CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C +The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.63. It is, therefore, affected by multiple vulnerabilities as referenced in the August 19, 2022 advisory. + + - Use after free in FedCM. (CVE-2022-2852) + + - Heap buffer overflow in Downloads. (CVE-2022-2853) + + - Use after free in SwiftShader. (CVE-2022-2854) + + - Use after free in ANGLE. (CVE-2022-2855) + + - Use after free in Blink. (CVE-2022-2857) + + - Use after free in Sign-In Flow. (CVE-2022-2858) + + - Insufficient policy enforcement in Cookies. (CVE-2022-2860) + + - Inappropriate implementation in Extensions API. (CVE-2022-2861) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. +true +PoC +Exploits are available +microsoft_edge_chromium_104_0_1293_63.nasl +2022/08/19 +2022/10/21 +Microsoft Edge (Chromium) < 104.0.1293.63 Multiple Vulnerabilities +2022/08/19 +local +Low +Critical +1.4 +http://www.nessus.org/u?4ce23d54 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2852 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2853 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2854 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2855 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2857 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2858 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2860 +https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2861 +Upgrade to Microsoft Edge version 104.0.1293.63 or later. +The remote host has an web browser installed that is affected by multiple vulnerabilities. +Very Low +No recorded events +No recorded events +7.4 +2022/08/16 + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Installed version : 86.0.622.38 + Fixed version : 104.0.1293.63 + + + +windows +True +software_enumeration +cpe:/a:microsoft:edge +Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host. +microsoft_edge_chromium_installed.nbin +2024/01/16 +Microsoft Edge Chromium Installed +2020/05/29 +local +None +1.116 +https://www.microsoft.com/en-us/edge +n/a +Microsoft Edge (Chromium-based) is installed on the remote host. + + Path : C:\Program Files (x86)\Microsoft\Edge\Application + Version : 86.0.622.38 + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled. +microsoft_ie_esc_detect.nbin +True +True +2024/01/16 +Microsoft Internet Explorer Enhanced Security Configuration Detection +2014/03/07 +local +None +1.261 +http://www.nessus.org/u?a9c4c131 +n/a +The remote host supports IE Enhanced Security Configuration. + + Type : Admin Groups + Is Enabled : True + + Type : User Groups + Is Enabled : True + + + +windows +True +Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host. +smb_check_dotnet_rollup.nasl +2024/01/10 +Microsoft .NET Security Rollup Enumeration +2017/04/14 +local +None +1.48 +http://www.nessus.org/u?662e30c9 +n/a +This plugin enumerates installed Microsoft .NET security rollups. + + Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll + Version : 4.8.4690.0 + .NET Version : 4.8 + Associated KB : 5033914 + Latest effective update level : 01_2024 + + + +windows +True +software_enumeration +cpe:/a:microsoft:.net_framework +Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host. +microsoft_net_framework_installed.nasl +0001-T-0655 +2022/10/18 +Microsoft .NET Framework Detection +2010/12/20 +local +None +1.39 +https://www.microsoft.com/net +http://www.nessus.org/u?15ae6806 +n/a +A software framework is installed on the remote host. +IAVT:0001-T-0655 + +Nessus detected 2 installs of Microsoft .NET Framework: + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Full + Release : 528449 + + Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ + Version : 4.8 + Full Version : 4.8.04161 + Install Type : Client + Release : 528449 + + + +windows +True +cpe:/a:microsoft:microsoft_update +Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server. +microsoft_update_installed.nasl +2022/02/01 +Microsoft Update Installed +2010/10/26 +local +None +1.8 +http://update.microsoft.com/microsoftupdate/v6/default.aspx +n/a +A software updating service is installed. + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_arp_table.nbin +2024/01/16 +Microsoft Windows ARP Table +2016/07/19 +local +None +1.222 +n/a +Nessus was able to collect and report ARP table information from the remote host. +192.168.40.1 : 60-22-32-6f-91-bf +192.168.40.39 : f8-ff-c2-37-57-48 +192.168.40.60 : cc-96-e5-08-af-3e +192.168.40.255 : ff-ff-ff-ff-ff-ff +224.0.0.22 : 01-00-5e-00-00-16 +224.0.0.251 : 01-00-5e-00-00-fb +224.0.0.252 : 01-00-5e-00-00-fc +255.255.255.255 : ff-ff-ff-ff-ff-ff + +Extended ARP table information attached. +c605a6971c6522c6d14ccc6655cead7f + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect the hosts file from the remote Windows host and report it as attachment. +microsoft_windows_host_file.nasl +True +True +2020/01/27 +Microsoft Windows Hosts File +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect the hosts file from the remote host. +Windows hosts file attached. + +MD5: 3688374325b992def12793500307566d +SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274 +SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 +3688374325b992def12793500307566d + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_env_vars.nasl +True +0001-T-0757 +True +2022/06/24 +Microsoft Windows Environment Variables +2016/07/19 +local +None +1.13 +n/a +Nessus was able to collect and report environment variables from the remote host. +IAVT:0001-T-0757 +Global Environment Variables : + processor_level : 6 + comspec : %SystemRoot%\system32\cmd.exe + number_of_processors : 2 + username : SYSTEM + os : Windows_NT + temp : %SystemRoot%\TEMP + processor_revision : 9702 + path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ + tmp : %SystemRoot%\TEMP + processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel + driverdata : C:\Windows\System32\Drivers\DriverData + pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC + processor_architecture : AMD64 + psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules + windir : %SystemRoot% + +Active User Environment Variables + - S-1-5-21-746496990-2641142201-3713043312-1001 + temp : %USERPROFILE%\AppData\Local\Temp + path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; + tmp : %USERPROFILE%\AppData\Local\Temp + +b832544bd268ec74c9bd669b3f12564e +e8f54fc8af2cc00cd8948629abeaae0d + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_smb_sessions.nbin +2024/01/16 +Microsoft Windows SMB Sessions +2016/07/19 +local +None +1.221 +n/a +Nessus was able to collect and report SMB session information from the remote host. +degthat + +Extended SMB session information attached. +5ebcb7b6a7ddac56f4261d500234847f + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_time_zone_info.nasl +True +True +2023/06/06 +Microsoft Windows Time Zone Information +2016/07/19 +local +None +1.10 +n/a +Nessus was able to collect and report time zone information from the remote host. +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Eastern Standard Time +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-112 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-111 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x0000012C +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000 +HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000 + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect and report the PowerShell execution policy for the remote Windows host. +microsoft_windows_powershell_execution_policy.nasl +2020/06/12 +Microsoft Windows PowerShell Execution Policy +2016/07/19 +local +None +1.6 +n/a +Nessus was able to collect and report the PowerShell execution policy for the remote host. +HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned +HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned + + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_scripting_host_settings.nasl +2018/05/23 +Microsoft Windows Scripting Host Settings +2016/07/19 +local +None +1.5 +n/a +Nessus was able to collect and report the Windows scripting host settings from the remote host. +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0 +HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1 + +Windows scripting host configuration attached. +681e5094e1df8ab1423ef2ea66dfc266 +4934d1726a8504e051694b846ef9b32e + + +windows +cpe:/o:microsoft:windows +Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment. +microsoft_windows_nbt_info.nbin +2024/01/16 +Microsoft Windows NetBIOS over TCP/IP Info +2016/07/19 +local +None +1.224 +n/a +Nessus was able to collect and report NBT information from the remote host. +NBT information attached. +First 10 lines of all CSVs: +nbtstat_local.csv: +Interface,Name,Suffix,Type,Status,MAC +192.168.40.167,SOT-WIN2K22-WEB,<00>,UNIQUE,Registered,00:50:56:36:0D:06 +192.168.40.167,WORKGROUP,<00>,GROUP,Registered,00:50:56:36:0D:06 +192.168.40.167,SOT-WIN2K22-WEB,<20>,UNIQUE,Registered,00:50:56:36:0D:06 + + + +33ec1ba995cdb00aeb95ddcd00208d51 + + +windows +True +software_enumeration +cpe:/a:microsoft:remote_desktop_connection +Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host. +remote_desktop_connection_installed.nasl +2022/10/10 +Microsoft Remote Desktop Connection Installed +2019/06/12 +local +None +1.3 +http://www.nessus.org/u?1c33f0e7 +n/a +A graphical interface connection utility is installed on the remote Windows host + + Path : C:\Windows\\System32\\mstsc.exe + Version : 10.0.20348.1850 + + + +Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings: + + - 0xFFFFFFFF (Removes the current working directory from the default DLL search order) + + - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder) + + - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder) +smb_cwdindllsearchvalue_setting.nasl +2019/12/20 +Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting +2010/08/26 +local +None +1.7 +http://www.nessus.org/u?0c574c56 +http://www.nessus.org/u?5234ef0c +n/a +CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks. + + Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch + Value : Registry Key Empty or Missing + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past. +smb_enum_drive_mount.nasl +2022/02/01 +Microsoft Windows Mounted Devices +2012/11/28 +local +None +1.4 +http://www.nessus.org/u?99fcc329 +Make sure that the mounted drives agree with your organization's acceptable use and security policies. +It is possible to get a list of mounted devices that may have been connected to the remote system in the past. + + Name : \dosdevices\e: + Data : )+ + Raw data : 29bc2bc00000100000000000 + + Name : \??\volume{17c6c8ff-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\d: + Data : \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD01#5&260e6d66&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004e004500430056004d005700610072002600500072006f0064005f0056004d0077006100720065005f0053004100540041005f0043004400300031002300350026003200360030006500360064003600360026003000260030003100300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \??\volume{17c6c900-c1f3-11ee-9de6-806e6f6e6963} + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + Name : \dosdevices\c: + Data : DMIO:ID:1wA*p + Raw data : 444d494f3a49443af4ec3102b5e877419fa219a9aa2ae270 + + Name : \dosdevices\a: + Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} + Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00 + + + + +windows +True +cpe:/o:microsoft:windows +Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry. +smb_dns_servers.nasl +True +True +2022/02/01 +Windows DNS Server Enumeration +2012/03/01 +local +None +1.9 +n/a +Nessus enumerated the DNS servers being used by the remote Windows host. + +Nessus enumerated DNS servers for the following interfaces : + +Interface: Default +DhcpNameServer: 192.168.40.1 1.1.1.1 + + + +windows +True +By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry. +smb_enum_qfes.nasl +2022/02/01 +SMB QuickFixEngineering (QFE) Enumeration +2012/09/11 +local +None +1.8 +n/a +The remote host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + +KB5012170, Installed on: 2024/02/02 +KB5022507, Installed on: 2023/04/04 +KB5033914, Installed on: 2024/02/02 +KB5034439, Installed on: 2024/02/02 + + +windows +True +This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. + +Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system. +smb_enum_software_versions.nasl +2023/07/18 +Microsoft Windows Installed Software Version Enumeration +2023/07/10 +local +None +1.1 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +Enumerates installed software versions. + +The following software information is available on the remote host : + + - Google Chrome + Best Confidence Version : 121.0.6167.140 + Version Confidence Level : 3 + All Possible Versions : 121.0.6167.140 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files\Google\Chrome\Application\chrome.exe,0 + Parsed File Path : C:\Program Files\Google\Chrome\Application\chrome.exe + Parsed File Version : 121.0.6167.140 + [InstallLocation] : + Raw Value : C:\Program Files\Google\Chrome\Application + [UninstallString] : + Raw Value : "C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe" --uninstall --system-level + Parsed File Path : C:\Program Files\Google\Chrome\Application\121.0.6167.140\Installer\setup.exe + Parsed File Version : 121.0.6167.140 + [VersionMinor] : + Raw Value : 140 + [Version] : + Raw Value : 121.0.6167.140 + [VersionMajor] : + Raw Value : 6167 + [DisplayVersion] : + Raw Value : 121.0.6167.140 + [DisplayName] : + Raw Value : Google Chrome + + - Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - VMware Tools + Best Confidence Version : 12.3.0.22234872 + Version Confidence Level : 2 + All Possible Versions : 12.3.0.22234872 + Other Version Data + [VersionMajor] : + Raw Value : 12 + [Version] : + Raw Value : 201523200 + [InstallLocation] : + Raw Value : C:\Program Files\VMware\VMware Tools\ + [DisplayName] : + Raw Value : VMware Tools + [UninstallString] : + Raw Value : MsiExec.exe /I{AF174E64-22CF-4386-A9EC-73F285739998} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 12.3.0.22234872 + [VersionMinor] : + Raw Value : 3 + + - Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + Best Confidence Version : 14.36.32532 + Version Confidence Level : 2 + All Possible Versions : 14.36.32532 + Other Version Data + [VersionMajor] : + Raw Value : 14 + [Version] : + Raw Value : 237272852 + [DisplayName] : + Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 + [UninstallString] : + Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050} + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayVersion] : + Raw Value : 14.36.32532 + [VersionMinor] : + Raw Value : 36 + + - Microsoft Edge Update + Best Confidence Version : 1.3.135.41 + Version Confidence Level : 2 + All Possible Versions : 1.3.135.41 + Other Version Data + [Version] : + Raw Value : 1.3.135.41 + [DisplayName] : + Raw Value : Microsoft Edge Update + [DisplayVersion] : + Raw Value : 1.3.135.41 + + - Microsoft Edge + Best Confidence Version : 86.0.622.38 + Version Confidence Level : 3 + All Possible Versions : 86.0.622.38 + Other Version Data + [InstallDate] : + Raw Value : 2024/02/02 + [DisplayIcon] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0 + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe + Parsed File Version : 86.0.622.38 + [InstallLocation] : + Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application + [UninstallString] : + Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe" --uninstall --system-level --verbose-logging + Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\Installer\setup.exe + Parsed File Version : 86.0.622.38 + [VersionMinor] : + Raw Value : 38 + [Version] : + Raw Value : 86.0.622.38 + [VersionMajor] : + Raw Value : 622 + [DisplayVersion] : + Raw Value : 86.0.622.38 + [DisplayName] : + Raw Value : Microsoft Edge + + - Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe + Parsed File Version : 14.36.32532.0 + + - Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + Best Confidence Version : 14.36.32532.0 + Version Confidence Level : 3 + All Possible Versions : 14.36.32532.0 + Other Version Data + [DisplayName] : + Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 + [UninstallString] : + Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + [DisplayVersion] : + Raw Value : 14.36.32532.0 + [DisplayIcon] : + Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0 + Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe + Parsed File Version : 14.36.32532.0 + + + + +windows +True +This plugin lists software that is configured to run on system startup by crawling the registry entries in : + + - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run +smb_enum_startup_registry.nasl +2022/02/01 +Microsoft Windows Startup Software Enumeration +2012/03/23 +local +None +1.6 +Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate startup software. + +The following startup item was found : + + AzureArcSetup - %windir%\AzureArcSetup\Systray\AzureArcSysTray.exe + SecurityHealth - %windir%\system32\SecurityHealthSystray.exe + VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe + + + +windows +True +This plugin lists software potentially installed on the remote host by crawling the registry entries in : + + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates + +Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed. +smb_enum_softwares.nasl +0001-T-0501 +2022/02/01 +Microsoft Windows Installed Software Enumeration (credentialed check) +2006/01/26 +local +None +1.21 +Remove any applications that are not compliant with your organization's acceptable use and security policies. +It is possible to enumerate installed software. +IAVT:0001-T-0501 + +The following software are installed on the remote host : + +Google Chrome [version 121.0.6167.140] [installed on 2024/02/02] +Microsoft Edge [version 86.0.622.38] [installed on 2024/02/02] +Microsoft Edge Update [version 1.3.135.41] +Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0] +Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0] +VMware Tools [version 12.3.0.22234872] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] +Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2024/02/02] + + + +windows +True +Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host. +smb_enum_network_adapters.nasl +0001-T-0758 +2022/02/01 +Microsoft Windows Network Adapters +2017/10/17 +local +None +1.8 +Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies. +Identifies the network adapters installed on the remote host. +IAVT:0001-T-0758 +Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection +Network Adapter Driver Version : 12.18.9.23 + + + + +windows +True +user_enumeration +Enumerate Windows accounts. +windows_enum_accounts.nbin +2024/01/16 +Windows Enumerate Accounts +2023/02/28 +local +None +1.25 +n/a +Enumerate Windows accounts. +Windows accounts enumerated. Results output to DB. +User data gathered in scan starting at : 2024/2/2 9:33 Pacific Standard Time + + + +By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier). + +The host SID can then be used to get the list of local users. +smb_host2sid.nasl +2024/01/31 +Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration +2002/02/13 +local +None +1.47 +http://technet.microsoft.com/en-us/library/bb418944.aspx +You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value. + +Refer to the 'See also' section for guidance. +It is possible to obtain the host SID for the remote host. + +The remote host SID value is : S-1-5-21-746496990-2641142201-3713043312 + +The value of 'RestrictAnonymous' setting is : 0 + + + +windows +True +By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past. +smb_enum_portable_devices.nasl +2022/02/01 +Microsoft Windows Portable Devices +2013/04/03 +local +None +1.4 +http://www.nessus.org/u?af102b66 +Make sure that use of the portable devices agrees with your organization's acceptable use and security policies. +It is possible to get a list of portable devices that may have been connected to the remote system in the past. + + Friendly name : Samsung_T5 + Device : SWD#WPDBUSENUM#{4B02CD96-C1E7-11EE-9DF4-005056360D06}#0000000000100000 + + + +windows +True +cpe:/a:microsoft:ie +The remote host has Enhanced Protection Mode (EPM) enabled for the Microsoft Internet Explorer web browser. + +Enhanced Protection Mode (EPM) is an added layer of protection first added in Microsoft Internet Explorer version 10 that provides a security feature set that includes : + + - individual browser tabs can be run in 64-bit mode, increasing the effectiveness of Address Space Layout Randomization (ASLR) + + - better access protection for files via a broker process + + - untrusted web pages cannot access domain credentials + +Note that Microsoft Internet Explorer running in 'Metro style' uses Enhanced Protected Mode by default. +smb_explorer_epm_enabled.nasl +2022/02/01 +Microsoft Internet Explorer Enhanced Protection Mode (EPM) Detection +2014/06/13 +local +None +1.4 +http://www.nessus.org/u?792794bd +n/a +The remote host has Enhanced Protection Mode (EPM) for Microsoft Internet Explorer enabled. + +Enhanced Protected Mode for IE has been enabled via Group Policy configuration. + - 64-bit processes for Enhanced Protected Mode is enabled + + +Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users +smb_loggedon_users.nasl +2022/05/25 +Microsoft Windows Logged On Users +2022/05/25 +local +None +1.2 +n/a +Nessus was able to determine the logged on users from the registry +Logged on users : + - S-1-5-21-746496990-2641142201-3713043312-1001 + Domain : SOT-WIN2K22-WEB + Username : degthat + + + +windows +True +cpe:/o:microsoft:windows +cpe:/a:microsoft:malicious_software_removal_tool +The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems. +smb_mrt_installed.nasl +True +True +2023/01/10 +Microsoft Malicious Software Removal Tool Installed +2013/05/15 +local +None +1.60 +http://www.nessus.org/u?47a3e94d +https://support.microsoft.com/en-us/help/891716 +n/a +An antimalware application is installed on the remote Windows host. + + File : C:\Windows\system32\MRT.exe + Version : 5.120.24010.1001 + Release at last run : unknown + Report infection information to Microsoft : Yes + + + +60 - 180 days +cpe:/a:vmware:tools +CVE-2023-34058 +7.5 +6.5 +CVSS:3.0/E:U/RL:O/RC:C +CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +5.9 +6.8 +CVE-2023-34058 +5.0 +CVSS2#E:U/RL:OF/RC:C +CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C +The version of VMware Tools installed on the remote Windows host is 10.3.x, 11.x or 12.x prior to 12.3.5. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. +false +Unproven +No known exploits are available +vmware_tools_win_vmsa-2023-0024.nasl +2023-A-0590 +2023/10/26 +2023/11/02 +VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024) +2023/11/01 +local +Medium +Medium +1.2 +https://www.vmware.com/security/advisories/VMSA-2023-0024.html +Upgrade to VMware Tools version 12.3.5 or later. +I +The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability. +Very Low +No recorded events +No recorded events +2023-0024 +7.4 +2023/10/26 +VMSA:2023-0024 +IAVA:2023-A-0590 + + Path : C:\Program Files\VMware\VMware Tools\ + Installed version : 12.3.0.44994 + Fixed version : 12.3.5 + + + +windows +True +software_enumeration +cpe:/a:vmware:tools +VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host. +vmware_tools_installed.nbin +0001-T-0738 +2024/01/16 +VMware Tools Detection +2018/01/13 +local +None +1.178 +https://kb.vmware.com/s/article/340 +http://www.nessus.org/u?7d54c30a +n/a +A virtual machine management application is installed on the remote host. +IAVT:0001-T-0738 + + Path : C:\Program Files\VMware\VMware Tools\ + Version : 12.3.0.44994 + + + +cpe:/o:microsoft:windows +Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'. +windows_product_key_retrieval.nasl +2013/01/18 +Windows Product Key Retrieval +2013/01/18 +local +None +$Revision: 1.1 $ +n/a +This plugin retrieves the Windows Product key of the remote Windows host. + + Product key : XXXXX-XXXXX-XXXXX-XXXXX-VMK7H + +Note that all but the final portion of the key has been obfuscated. + + + +Report details on the running processes modules on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies. +windows_process_module_information.nbin +2024/01/16 +Microsoft Windows Process Module Information +2013/10/08 +local +None +1.217 +n/a +Use WMI to obtain running process module information. +Process_Modules_SOT-WIN2K22-WEB.csv : lists the loaded modules for each process. + +2769b2a82a78b26246ba6aa0963d9e32 + + +Report details on the running processes on the machine. + +This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies. +windows_process_information.nbin +2024/01/16 +Microsoft Windows Process Information +2013/10/08 +local +None +1.216 +n/a +Use WMI to obtain running process information. +Process Overview : +SID: Process (PID) + 0 : System Idle Process (0) + 0 : |- System (4) + 0 : |- smss.exe (312) + 0 : Registry (100) + 0 : MicrosoftEdgeUpdate.exe (3520) + 1 : explorer.exe (424) + 1 : |- cmd.exe (5560) + 1 : |- conhost.exe (1372) + 1 : |- vmtoolsd.exe (6436) + 0 : csrss.exe (428) + 0 : wininit.exe (536) + 0 : |- services.exe (672) + 0 : |- svchost.exe (1044) + 0 : |- svchost.exe (1052) + 0 : |- svchost.exe (1096) + 0 : |- svchost.exe (1112) + 0 : |- svchost.exe (1120) + 0 : |- svchost.exe (1164) + 0 : |- svchost.exe (1212) + 0 : |- svchost.exe (1224) + 0 : |- svchost.exe (1240) + 0 : |- svchost.exe (1352) + 0 : |- svchost.exe (1428) + 0 : |- svchost.exe (1464) + 0 : |- svchost.exe (1492) + 0 : |- svchost.exe (1508) + 0 : |- svchost.exe (1580) + 1 : |- taskhostw.exe (4256) + 0 : |- svchost.exe (1592) + 1 : |- sihost.exe (4308) + 0 : |- WUDFHost.exe (1600) + 0 : |- svchost.exe (1684) + 0 : |- svchost.exe (1728) + 0 : |- svchost.exe (1776) + 0 : |- svchost.exe (1792) + 0 : |- svchost.exe (1864) + 0 : |- svchost.exe (1896) + 0 : |- svchost.exe (1908) + 0 : |- svchost.exe (1916) + 0 : |- svchost.exe (1996) + 0 : |- spoolsv.exe (2284) + 0 : |- svchost.exe (2348) + 0 : |- svchost.exe (2356) + 0 : |- svchost.exe (2368) + 0 : |- AggregatorHost.exe (3332) + 0 : |- svchost.exe (2416) + 0 : |- svchost.exe (2440) + 0 : |- svchost.exe (2472) + 0 : |- svchost.exe (2500) + 0 : |- svchost.exe (2508) + 0 : |- svchost.exe (2540) + 0 : |- svchost.exe (2576) + 0 : |- vm3dservice.exe (2584) + 1 : |- vm3dservice.exe (3064) + 0 : |- vmtoolsd.exe (2596) + 0 : |- svchost.exe (2608) + 0 : |- svchost.exe (2620) + 0 : |- w3wp.exe (6264) + 0 : |- VGAuthService.exe (2628) + 0 : |- MsMpEng.exe (2712) + 0 : |- svchost.exe (2740) + 0 : |- svchost.exe (2796) + 0 : |- svchost.exe (2804) + 0 : |- svchost.exe (2864) + 0 : |- svchost.exe (3352) + 0 : |- dllhost.exe (3532) + 0 : |- msdtc.exe (3680) + 0 : |- svchost.exe (4252) + 0 : |- svchost.exe (4260) + 1 : |- svchost.exe (4292) + 1 : |- svchost.exe (4304) + 0 : |- svchost.exe (4440) + 1 : |- ctfmon.exe (4632) + 0 : |- svchost.exe (4560) + 0 : |- svchost.exe (4884) + 0 : |- NisSrv.exe (4968) + 1 : |- svchost.exe (5224) + 0 : |- svchost.exe (5444) + 0 : |- svchost.exe (5728) + 0 : |- svchost.exe (6196) + 0 : |- svchost.exe (6240) + 0 : |- svchost.exe (808) + 0 : |- WmiPrvSE.exe (2396) + 0 : |- WmiPrvSE.exe (3668) + 0 : |- WmiPrvSE.exe (3880) + 1 : |- ShellExperienceHost.exe (4824) + 1 : |- StartMenuExperienceHost.exe (5688) + 1 : |- TextInputHost.exe (5716) + 1 : |- RuntimeBroker.exe (5860) + 1 : |- SearchApp.exe (5968) + 1 : |- RuntimeBroker.exe (6080) + 1 : |- mmc.exe (6672) + 1 : |- RuntimeBroker.exe (6124) + 1 : |- dllhost.exe (6168) + 1 : |- RuntimeBroker.exe (6372) + 0 : |- svchost.exe (892) + 0 : |- svchost.exe (900) + 0 : |- svchost.exe (956) + 0 : |- lsass.exe (688) + 0 : |- fontdrvhost.exe (792) + 1 : csrss.exe (544) + 1 : winlogon.exe (628) + 1 : |- dwm.exe (72) + 1 : |- fontdrvhost.exe (800) + + + +cpe:/o:microsoft:windows +It is possible to get information about the BIOS via the host's WMI interface. +bios_get_info_wmi.nbin +2024/01/16 +BIOS Info (WMI) +2008/09/05 +local +None +1.215 +n/a +The BIOS info could be read. + + Vendor : VMware, Inc. + Version : VMW201.00V.21805430.B64.2305221830 + Release date : 20230522000000.000000+000 + UUID : 33774D56-9473-908C-A751-7860E37B2081 + Secure boot : disabled + + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report on the application compatibility cache on the remote Windows host. +microsoft_windows_appcompatcache.nasl +2018/05/23 +Application Compatibility Cache +2016/07/19 +local +None +1.5 +https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf +http://www.nessus.org/u?4a076105 +n/a +Nessus was able to gather application compatibility settings on the remote host. +Application compatibility cache report attached. + +c787a55353aad588a71405b27464402d + + +windows +cpe:/o:microsoft:windows +cpe:/a:microsoft:ie +Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. +microsoft_windows_ie_typeurls.nasl +2018/05/16 +Internet Explorer Typed URLs +2016/07/19 +local +None +1.5 +https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ +n/a +Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar. +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 +http://go.microsoft.com/fwlink/p/?LinkId=255141 + +Internet Explorer typed URL report attached. + +0d9e44ac470313c9b8817dfa90885e21 + + +windows +cpe:/o:microsoft:windows +Nessus was able to query the MUIcache registry key to find evidence of program execution. +microsoft_windows_muicache.nasl +2018/05/16 +MUICache Program Execution History +2016/07/19 +local +None +1.5 +https://forensicartifacts.com/2010/08/registry-muicache/ +http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html +http://www.nirsoft.net/utils/muicache_view.html +n/a +Nessus was able to enumerate recently executed programs on the remote host. +@%systemroot%\system32\themeservice.dll,-8192 : Themes +@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service +@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration +@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker +@combase.dll,-5010 : Remote Procedure Call (RPC) +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work. +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%windir%\system32\inetsrv\iisres.dll,-30011 : Application Host Helper Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\firewallapi.dll,-38521 : World Wide Web Services (HTTP) +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\inetsrv\iisres.dll,-30001 : Windows Process Activation Service +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness +@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\firewallapi.dll,-38529 : Secure World Wide Web Services (QUIC) +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%windir%\system32\inetsrv\iisres.dll,-30003 : World Wide Web Publishing Service +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@combase.dll,-5012 : DCOM Server Process Launcher +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\firewallapi.dll,-38523 : Secure World Wide Web Services (HTTPS) +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%windir%\system32\lsm.dll,-1001 : Local Session Manager +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\spoolsv.exe,-1 : Print Spooler +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\umpo.dll,-100 : Power +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\usermgr.dll,-100 : User Manager +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@gpapi.dll,-112 : Group Policy Client +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\profsvc.dll,-300 : User Profile Service +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +@%systemroot%\system32\themeservice.dll,-8192 : Themes +@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service +@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access +@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service +@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver +@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker +@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. +c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service +@%systemroot%\system32\icsvcvss.dll,-101 : Hyper-V Volume Shadow Copy Requestor +@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow +@%systemroot%\system32\msimsg.dll,-27 : Windows Installer +@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service +@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver +@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock +@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@regsvc.dll,-1 : Remote Registry +@%systemroot%\system32\das.dll,-100 : Device Association Service +@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. +@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver +@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy +@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. +@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service +@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker +@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver +@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time. +@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. +@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver +@%systemroot%\system32\appinfo.dll,-100 : Application Information +@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. +@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator +@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. +@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server +@%systemroot%\system32\dnsapi.dll,-101 : DNS Client +@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. +@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. +@%systemroot%\system32\wkssvc.dll,-2001 : Browser +@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. +@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. +@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration +@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker +@combase.dll,-5010 : Remote Procedure Call (RPC) +@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs +@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. +@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. +@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol +@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work. +@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver +@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow +@%systemroot%\system32\credentialenrollmentmanager.exe,-101 : Credential Enrollment Manager +@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery. +@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider +@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client +@%programfiles%\windows defender\mpasdesc.dll,-330 : Microsoft Defender Antivirus Mini-Filter Driver +@%systemroot%\system32\icsvcvss.dll,-102 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. +@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running. +@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service +@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. +@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host +@%systemroot%\system32\storsvc.dll,-100 : Storage Service +@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions. +@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform. +@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service +@%systemroot%\system32\printworkflowservice.dll,-101 : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully. +@%windir%\system32\inetsrv\iisres.dll,-30011 : Application Host Helper Service +@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service +@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS) +@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper +@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service +@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver +@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. +@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives. +@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped. +@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled. +@%systemroot%\system32\dcsvc.dll,-101 : Declared Configuration(DC) service +@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system. +@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts +@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management. +@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service +@%systemroot%\system32\tapisrv.dll,-10100 : Telephony +@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user.s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service. +@%systemroot%\system32\firewallapi.dll,-38521 : World Wide Web Services (HTTP) +@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization +@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System +@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors +@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. +@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service +@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol +@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD) +@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge +@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. +@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. +@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service. +@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability. +@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work. +@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps. +@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP) +@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP +@%systemroot%\system32\wuaueng.dll,-105 : Windows Update +@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper +@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler +@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter +@gpapi.dll,-114 : Resultant Set of Policy Provider +@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS) +@%systemroot%\system32\sppsvc.exe,-101 : Software Protection +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service +@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. +@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services . Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. +@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform +@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker +@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service +@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service +@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won.t be able to print or see your printers. +@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager +@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider +@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service +@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV) +@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives +@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver +@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption +@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities +@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service +@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. +@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker +@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service +@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components +@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver +@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service +@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA) +@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr +@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface +@%systemroot%\system32\netman.dll,-109 : Network Connections +c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration +@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service +@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager +@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication +@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service +@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant +@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver +c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration +@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. +@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices. +@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing +@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector +@keyiso.dll,-100 : CNG Key Isolation +@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio +@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. +@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services +@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS) +@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager +@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager +@%systemroot%\system32\ci.dll,-101 : Enclave +@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly. +@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver +@%systemroot%\system32\cscsvc.dll,-200 : Offline Files +@%systemroot%\system32\firewallapi.dll,-37302 : mDNS +@%systemroot%\system32\frameservermonitor.dll,-100 : Windows Camera Frame Server Monitor +@%programfiles%\windows defender\mpasdesc.dll,-370 : Microsoft Defender Antivirus Network Inspection System Driver +@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service +@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder +@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service +@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services. +@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access +@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage +@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%windir%\system32\inetsrv\iisres.dll,-30001 : Windows Process Activation Service +@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements. +@%systemroot%\system32\netlogon.dll,-102 : Netlogon +@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver +@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler +@%systemroot%\system32\drivers\pdc.sys,-100 : PDC +@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. +@firewallapi.dll,-50323 : SNMP Trap +@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall +@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver +@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver +@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr +@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices. +@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host +@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter +@%systemroot%\system32\deviceaccess.dll,-107 : DeviceAssociationBroker +@%systemroot%\system32\wuaueng.dll,-400 : Windows Update +@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension +@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios +@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater +@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service +@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information +@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data +@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. +@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver +@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper +@%systemroot%\system32\w32time.dll,-200 : Windows Time +@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model. +@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS) +@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. +@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service +@winlangdb.dll,-1121 : English (United States) +@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service +@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. +@%systemroot%\system32\walletservice.dll,-1000 : WalletService +@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall +@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. +@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. +@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT +@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy +@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator +@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness +@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play +c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration +@%systemroot%\system32\drivers\executioncontext.sys,-101 : CPU Scheduler for High Performance I/O +@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service +@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging +@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service +@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers. +@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run. +@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays. +@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. +@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated. +@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery +@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP) +@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. +@%systemroot%\system32\usosvc.dll,-101 : Update Orchestrator Service +@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them. +@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent +@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections +@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon +@appmgmts.dll,-3250 : Application Management +@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver +@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver +@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. +@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager +@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver +@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well. +@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management +@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service +@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust +@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. +c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection +@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion +@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management. +@%systemroot%\system32\drivers\mup.sys,-101 : MUP +@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver +@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager +@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service +@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly. +@%systemroot%\system32\scardsvr.dll,-1 : Smart Card +@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly. +@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer +@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. +@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions +@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service +@%systemroot%\system32\wkssvc.dll,-100 : Workstation +@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events. +@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. +@waasmedicsvc.dll,-100 : Windows Update Medic Service +@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt +@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS) +@%systemroot%\system32\captureservice.dll,-100 : CaptureService +@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine +@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager +@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports Control Panel Support +@%systemroot%\system32\deviceaccess.dll,-108 : Enables apps to pair devices +@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager +@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager +@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service +@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider +c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration +@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer. +@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. +@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone. +@%systemroot%\system32\firewallapi.dll,-38529 : Secure World Wide Web Services (QUIC) +@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. +@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service +@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them. +@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache +@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker +@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper +@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content. +@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications +@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service +@%systemroot%\system32\windows.warp.jitservice.dll,-100 : Warp JIT Service +@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. +@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service +@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. +@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications +@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service +@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver +@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager +@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver +@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw. +@%windir%\system32\inetsrv\iisres.dll,-30003 : World Wide Web Publishing Service +@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service +@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service +@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC) +@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. +@combase.dll,-5012 : DCOM Server Process Launcher +@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account. +@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks +@%systemroot%\system32\firewallapi.dll,-38523 : Secure World Wide Web Services (HTTPS) +@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection +@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver +@%programfiles%\windows defender\mpasdesc.dll,-240 : Helps protect users from malware and other potentially unwanted software +@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios +@%systemroot%\system32\credentialenrollmentmanager.exe,-100 : CredentialEnrollmentManagerUserSvc +@%systemroot%\system32\dispbroker.desktop.dll,-102 : Manages the connection and configuration of local and remote displays +@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service +@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client +@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. +@%windir%\system32\lsm.dll,-1001 : Local Session Manager +@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. +@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI +@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. +@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization +@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. +@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration +@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. +@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device +c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration +@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption +@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed. +@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service +@%systemroot%\system32\spoolsv.exe,-1 : Print Spooler +@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP) +@comres.dll,-947 : COM+ System Application +@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount +@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. +@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. +@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications. +@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation +@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios +@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel. +@%systemroot%\system32\umpo.dll,-100 : Power +@comres.dll,-2797 : Distributed Transaction Coordinator +@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal. +@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience +@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver +@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. +@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped. +@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. +@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer +@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service +@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver +@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service +@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras +@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs. +@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager +@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. +@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. +@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. +@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector +@%systemroot%\system32\usermgr.dll,-100 : User Manager +@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service +@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver +@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices. +@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-100 : Udk User Service +@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper +@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. +@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. +@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events. +@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service +@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task +@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver +@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality +@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver +@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet. +@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access +@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management) +@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service +@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver +@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running. +@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. +@%systemroot%\system32\vds.exe,-100 : Virtual Disk +@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver +@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host +@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm +@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder +@%systemroot%\system32\consentuxclient.dll,-101 : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location +@%systemroot%\system32\captureservice.dll,-101 : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API. +@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. +@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service +@%programfiles%\windows defender\mpasdesc.dll,-320 : Microsoft Defender Antivirus Network Inspection Service +@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service +@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management +@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. +@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host +@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log +@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network. +@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier +@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver +@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM) +@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver +@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace +@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning +@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. +@%systemroot%\system32\icsvc.dll,-700 : Virtual Machine Monitoring +@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector +@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver +@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service +@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver +@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts +@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service +@comres.dll,-2450 : COM+ Event System +@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages. +@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly. +@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC) +@gpapi.dll,-112 : Group Policy Client +@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP) +@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness +@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface +@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. +c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine +@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver +@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver +@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. +@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service +@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services. +@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager +@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service +@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service +@%systemroot%\system32\dispbroker.desktop.dll,-101 : Display Policy Service +@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation. +@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won.t be able to see printer extensions or notifications. +@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc +@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service +@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules +@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services +@%systemroot%\system32\appidsvc.dll,-100 : Application Identity +@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly. +@%systemroot%\system32\srpapi.dll,-100 : AppID Driver +@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service +@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode +@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\usosvc.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates. +@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager +@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport +@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture +@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver +@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. +@%systemroot%\system32\srvsvc.dll,-100 : Server +@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. +@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly. +@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry +@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments. +c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration +@%systemroot%\system32\sysmain.dll,-1000 : SysMain +@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector +c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection +@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events. +@%systemroot%\system32\frameservermonitor.dll,-101 : Monitors the health and state for the Windows Camera Frame Server service. +@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant +@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol +@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol +@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX User Service +@%programfiles%\windows defender\mpasdesc.dll,-310 : Microsoft Defender Antivirus Service +@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation +@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. +@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications. +@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding. +@%systemroot%\system32\profsvc.dll,-300 : User Profile Service +@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled. +@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming +@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. +@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host +@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation +@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components. +@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter +@%programfiles%\windows defender\mpasdesc.dll,-242 : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols +@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol. +@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. +@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet +@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler +@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. +@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start +@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service +@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator +@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine +@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. +@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. +@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. +@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver +@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. +@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service +@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver +@%systemroot%\system32\windowsudkservices.shellcommon.dll,-101 : Shell components service +@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig +@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. +@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS) +@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver +@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver +@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client +@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. +@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events +@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. +@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service +@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components. +@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service +@%programfiles%\windows defender\mpasdesc.dll,-390 : Microsoft Defender Antivirus Boot Driver +@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play +@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. +@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter +@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver +@%systemroot%\system32\searchindexer.exe,-103 : Windows Search +c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation +c:\windows\explorer.exe.applicationcompany : Microsoft Corporation +c:\windows\explorer.exe.friendlyappname : Windows Explorer +c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation +c:\windows\system32\appresolver.dll.friendlyappname : App Resolver +c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll +c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console +c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation +langid : . + +MUICache report attached. + +03cd05df49cbe4846ed49172aef5e41f + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. +microsoft_windows_recyclebin.nasl +2018/11/15 +Recycle Bin Files +2016/07/19 +local +None +1.6 +http://www.nessus.org/u?0c1a03df +http://www.nessus.org/u?61293b38 +n/a +Nessus was able to enumerate files in the recycle bin on the remote host. +C:\\$Recycle.Bin\\. +C:\\$Recycle.Bin\\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500 +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1000\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-1001\desktop.ini +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\.. +C:\\$Recycle.Bin\\S-1-5-21-746496990-2641142201-3713043312-500\desktop.ini + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below : + + - Administrative Tools + - AppData + - Cache + - CD Burning + - Cookies + - Desktop + - Favorites + - Fonts + - History + - Local AppData + - My Music + - My Pictures + - My Video + - NetHood + - Personal + - PrintHood + - Programs + - Recent + - SendTo + - Start Menu + - Startup + - Templates +microsoft_windows_shellfolder_settings.nasl +2018/05/16 +User Shell Folders Settings +2016/07/19 +local +None +1.5 +https://technet.microsoft.com/en-us/library/cc962613.aspx +n/a +Nessus was able to find the folder paths for user folders on the remote host. +degthat + - {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\degthat.WIN-95GFQRRMAS4\Searches + - {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Libraries + - {374de290-123f-4565-9164-39c4925e467b} : C:\Users\degthat.WIN-95GFQRRMAS4\Downloads + - recent : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Recent + - my video : C:\Users\degthat.WIN-95GFQRRMAS4\Videos + - my music : C:\Users\degthat.WIN-95GFQRRMAS4\Music + - {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\degthat.WIN-95GFQRRMAS4\Contacts + - {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\degthat.WIN-95GFQRRMAS4\Links + - {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\LocalLow + - sendto : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\SendTo + - start menu : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Start Menu + - cookies : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Local\Microsoft\Windows\INetCookies + - personal : C:\Users\degthat.WIN-95GFQRRMAS4\Documents + - administrative tools : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools + - startup : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup + - nethood : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Network Shortcuts + - history : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Local\Microsoft\Windows\History + - {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\degthat.WIN-95GFQRRMAS4\Saved Games + - {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Local\Microsoft\Windows\RoamingTiles + - !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead + - local appdata : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Local + - my pictures : C:\Users\degthat.WIN-95GFQRRMAS4\Pictures + - templates : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Templates + - printhood : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Printer Shortcuts + - cache : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Local\Microsoft\Windows\INetCache + - desktop : C:\Users\degthat.WIN-95GFQRRMAS4\Desktop + - programs : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs + - fonts : C:\Windows\Fonts + - cd burning : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Local\Microsoft\Windows\Burn\Burn + - favorites : C:\Users\degthat.WIN-95GFQRRMAS4\Favorites + - appdata : C:\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming + + + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence of files opened by file type from the remote host. +microsoft_windows_recent_files.nasl +2018/11/15 +Recent File History +2016/07/19 +local +None +1.7 +https://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html +n/a +Nessus was able to enumerate recently opened files on the remote host. +C:\\Users\degthat.WIN-95GFQRRMAS4\AppData\Roaming\Microsoft\Windows\Recent\System.lnk + +Recent files found in registry and appdata attached. + +e89760c95653b7c17ed4f7a0be5d97af +9b285444206e9b06f15d8768e77a7230 + + +windows +cpe:/o:microsoft:windows +Nessus was able to generate a report of all files listed in the default user download folder. +microsoft_windows_user_downloads.nasl +2018/05/16 +User Download Folder Files +2016/07/19 +local +None +1.5 +n/a +Nessus was able to enumerate downloaded files on the remote host. +C:\\Users\Administrator\Downloads\desktop.ini +C:\\Users\degthat\Downloads\desktop.ini +C:\\Users\degthat.WIN-95GFQRRMAS4\Downloads\desktop.ini +C:\\Users\Public\Downloads\desktop.ini + +Download folder content report attached. + +5699da73297fce020d8b43680ac05977 + + +windows +cpe:/o:microsoft:windows +Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed. +microsoft_windows_userassist.nasl +2019/11/12 +UserAssist Execution History +2016/07/19 +local +None +1.7 +https://www.nirsoft.net/utils/userassist_view.html +n/a +Nessus was able to enumerate program execution history on the remote host. +microsoft.windows.controlpanel +windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel +microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5} +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe +microsoft.windows.search_cw5n1h2txyewy!cortanaui +microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy!app +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk +ueme_ctlcuacount:ctor +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe +microsoft.windows.explorer +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk +{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe +ueme_ctlsession +{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk +microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app +{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe + +Extended userassist report attached. + +0f3384858315f1600326bf05c6e300e3 + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number. +wmi_asset_info.nbin +2024/01/16 +Computer Manufacturer Information (WMI) +2007/02/02 +local +None +1.222 +n/a +It is possible to obtain the name of the remote computer manufacturer. + + Computer Manufacturer : VMware, Inc. + Computer Model : VMware20,1 + Computer SerialNumber : VMware-56 4d 77 33 73 94 8c 90-a7 51 78 60 e3 7b 20 81 + Computer Type : Other + + Computer Physical CPU's : 2 + Computer Logical CPU's : 2 + CPU0 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + CPU1 + Architecture : x64 + Physical Cores: 1 + Logical Cores : 1 + + Computer Memory : 4095 MB + RAM slot #0 + Form Factor: DIMM + Type : DRAM + Capacity : 4096 MB + + + +True +user_enumeration +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +wmi_enum_local_group_memberships.nbin +2024/01/16 +Enumerate Local Group Memberships +2013/12/06 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members. +Group Name : Access Control Assistance Operators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-579 +Members : + +Group Name : Administrators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-544 +Members : + Name : soteria + Domain : SOT-WIN2K22-WEB + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Name : degthat + Domain : SOT-WIN2K22-WEB + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + +Group Name : Backup Operators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-551 +Members : + +Group Name : Certificate Service DCOM Access +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-574 +Members : + +Group Name : Cryptographic Operators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-569 +Members : + +Group Name : Device Owners +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-583 +Members : + +Group Name : Distributed COM Users +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-562 +Members : + +Group Name : Event Log Readers +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-573 +Members : + +Group Name : Guests +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-546 +Members : + Name : Guest + Domain : SOT-WIN2K22-WEB + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-501 + +Group Name : Hyper-V Administrators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-578 +Members : + +Group Name : IIS_IUSRS +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-568 +Members : + +Group Name : Network Configuration Operators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-556 +Members : + +Group Name : Performance Log Users +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-559 +Members : + +Group Name : Performance Monitor Users +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-558 +Members : + +Group Name : Power Users +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-547 +Members : + +Group Name : Print Operators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-550 +Members : + +Group Name : RDS Endpoint Servers +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-576 +Members : + +Group Name : RDS Management Servers +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-577 +Members : + +Group Name : RDS Remote Access Servers +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-575 +Members : + +Group Name : Remote Desktop Users +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-555 +Members : + +Group Name : Remote Management Users +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-580 +Members : + +Group Name : Replicator +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-552 +Members : + +Group Name : Storage Replica Administrators +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-582 +Members : + +Group Name : System Managed Accounts Group +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-581 +Members : + Name : DefaultAccount + Domain : SOT-WIN2K22-WEB + Class : Win32_UserAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + +Group Name : Users +Host Name : SOT-WIN2K22-WEB +Group SID : S-1-5-32-545 +Members : + Name : INTERACTIVE + Domain : SOT-WIN2K22-WEB + Class : Win32_SystemAccount + SID : S-1-5-4 + Name : Authenticated Users + Domain : SOT-WIN2K22-WEB + Class : Win32_SystemAccount + SID : S-1-5-11 + + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate one or more of the display drivers on the remote host via WMI. +wmi_enum_display_drivers.nbin +0001-T-0756 +2024/01/16 +Windows Display Driver Enumeration +2014/02/06 +local +None +1.208 +http://www.nessus.org/u?b6e87533 +n/a +Nessus was able to enumerate one or more of the display drivers on the remote host. +IAVT:0001-T-0756 + + Device Name : VMware SVGA 3D + Driver File Version : 9.17.6.3 + Driver Date : 04/28/2023 + Video Processor : VMware Virtual SVGA 3D Graphics Adapter + + + +cpe:/o:microsoft:windows +By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc. +wmi_enum_computersystemproduct.nbin +2024/01/16 +Windows ComputerSystemProduct Enumeration (WMI) +2010/08/16 +local +None +1.204 +http://www.nessus.org/u?a21ce849 +n/a +It is possible to obtain product information from the remote host using WMI. + ++ Computer System Product + - IdentifyingNumber : VMware-56 4d 77 33 73 94 8c 90-a7 51 78 60 e3 7b 20 81 + - Description : Computer System Product + - Vendor : VMware, Inc. + - Name : VMware20,1 + - UUID : 33774D56-9473-908C-A751-7860E37B2081 + - Version : None + + + + +windows +True +cpe:/o:microsoft:windows +By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI. +wmi_enum_qfes.nbin +2024/01/16 +WMI QuickFixEngineering (QFE) Enumeration +2011/02/16 +local +None +1.220 +http://www.nessus.org/u?0c4ec249 +n/a +The remote Windows host has quick-fix engineering updates installed. + +Here is a list of quick-fix engineering updates installed on the +remote system : + ++ KB5033914 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5012170 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034129 + - Description : Security Update + - InstalledOn : 2/2/2024 + ++ KB5034286 + - Description : Update + - InstalledOn : 2/2/2024 + ++ KB5034439 + - Description : Security Update + - InstalledOn : 2/2/2024 + +Note that for detailed information on installed QFE's such as InstalledBy, Caption, +and so on, please run the scan with 'Report Verbosity' set to 'verbose'. + + + +True +software_enumeration +cpe:/o:microsoft:windows +This plugin connects to the remote Windows host with the supplied credentials and uses WMI and Powershell to enumerate applications installed on the host from the Windows Store. +wmi_enum_windows_app_store.nbin +2024/01/16 +Windows Store Application Enumeration +2015/09/02 +local +None +1.232 +https://www.microsoft.com/en-us/store/apps +n/a +It is possible to obtain the list of applications installed from the Windows Store. + + -1527c705-839a-4832-9118-54d4Bd6a0c89 + Version : 10.0.19640.1000 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -c5e2524a-ea46-4f67-841f-6a9465d9d515 + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -E2A4F912-2574-4A75-9BB0-0D023378592B + Version : 10.0.19640.1000 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AAD.BrokerPlugin + Version : 1000.19580.1000.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AccountsControl + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.AsyncTextService + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.BioEnrollment + Version : 10.0.19585.1001 + InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.CredDialogHost + Version : 10.0.19595.1001 + InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.ECApp + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.LockApp + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Win32WebViewHost + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Apprep.ChxApp + Version : 1000.20348.1.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CapturePicker + Version : 10.0.19580.1000 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.CloudExperienceHost + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.NarratorQuickStart + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkCaptivePortal + Version : 10.0.19580.1000 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.OOBENetworkConnectionFlow + Version : 10.0.19581.1000 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PeopleExperienceHost + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.PinningConfirmationDialog + Version : 1000.20348.1.0 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.Search + Version : 1.15.0.20348 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.SecHealthUI + Version : 10.0.20348.859 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.ShellExperienceHost + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.StartMenuExperienceHost + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.Windows.XGpuEjectDialog + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -MicrosoftWindows.Client.CBS + Version : 120.27512.10351.0 + InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy + Architecture : X64 + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -MicrosoftWindows.UndockedDevKit + Version : 10.0.20348.1 + InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.CBSPreview + Version : 10.0.19580.1000 + InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -windows.immersivecontrolpanel + Version : 10.0.4.1000 + InstallLocation : C:\Windows\ImmersiveControlPanel + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Windows.PrintDialog + Version : 6.2.1.0 + InstallLocation : C:\Windows\PrintDialog + Architecture : Neutral + Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.2 + Version : 2.21909.17002.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.2_2.21909.17002.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.UI.Xaml.2.4 + Version : 2.42007.9001.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.VCLibs.140.00 + Version : 14.0.27810.0 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27810.0_x64__8wekyb3d8bbwe + Architecture : X64 + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + -Microsoft.MicrosoftEdge.Stable + Version : 86.0.622.38 + InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe + Architecture : Neutral + Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + + + +cpe:/o:microsoft:windows +By making certain WMI queries, it is possible to extract the list of logical drives of the remote host that do not use NTFS. +wmi_ntfs_drives.nbin +2024/01/16 +Logical Drive Insecure Filesystem Enumeration (WMI) +2007/03/20 +local +None +1.212 +Migrate any reported filesystems to NTFS. +The remote host is using an insecure filesystem. + +The following drives are not formatted with NTFS : + +Caption : E: +Description : Local Fixed Disk + + + + +windows +True +cpe:/a:microsoft:ie +The remote Windows host contains Internet Explorer, a web browser created by Microsoft. +smb_explorer_detection.nasl +0001-T-0509 +2022/02/01 +Microsoft Internet Explorer Version Detection +2014/02/06 +local +None +1.7 +https://support.microsoft.com/en-us/help/17621/internet-explorer-downloads +n/a +Internet Explorer is installed on the remote host. +IAVT:0001-T-0509 + + Version : 11.1.20348.0 + + + +windows +True +Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials. +smb_registry_os_and_arch.nasl +True +2022/02/01 +Microsoft Windows SMB Registry : OS Version and Processor Architecture +2010/08/31 +local +None +1.9 +n/a +It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system. +Operating system version = 10.20348 +Architecture = x64 +Build lab extended = 20348.1.amd64fre.fe_release.210507-1500 + + + +cpe:/o:microsoft:windows +Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions. + +Note that Features can only be enumerated for Windows 7 and later for desktop versions. +wmi_enum_server_features.nbin +0001-T-0754 +2024/01/16 +WMI Windows Feature Enumeration +2010/02/24 +local +None +1.208 +https://msdn.microsoft.com/en-us/library/cc280268 +https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features +n/a +It is possible to enumerate Windows features using WMI. +IAVT:0001-T-0754 + +Nessus enumerated the following Windows features : + + - .NET Framework 4.8 + - .NET Framework 4.8 Features + - Azure Arc Setup + - Common HTTP Features + - Default Document + - Directory Browsing + - File and Storage Services + - HTTP Errors + - HTTP Logging + - Health and Diagnostics + - IIS Management Console + - Management Tools + - Microsoft Defender Antivirus + - Performance + - Request Filtering + - Security + - Static Content + - Static Content Compression + - Storage Services + - System Data Archiver + - TCP Port Sharing + - WCF Services + - Web Server + - Web Server (IIS) + - Windows PowerShell + - Windows PowerShell 5.1 + - WoW64 Support + - XPS Viewer + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'wininit.exe' is listening on this port (pid 536). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2416). + +This process 'svchost.exe' (pid 2416) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'services.exe' is listening on this port (pid 672). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1776). + +This process 'svchost.exe' (pid 1776) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1580). + +This process 'svchost.exe' (pid 1580) is hosting the following Windows services : +Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'spoolsv.exe' is listening on this port (pid 2284). + +This process 'spoolsv.exe' (pid 2284) is hosting the following Windows services : +Spooler (@%systemroot%\system32\spoolsv.exe,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2608). + +This process 'svchost.exe' (pid 2608) is hosting the following Windows services : +W32Time (@%SystemRoot%\system32\w32time.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 900). + +This process 'svchost.exe' (pid 900) is hosting the following Windows services : +RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) +RpcSs (@combase.dll,-5010) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1776). + +This process 'svchost.exe' (pid 1776) is hosting the following Windows services : +Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'lsass.exe' is listening on this port (pid 688). + +This process 'lsass.exe' (pid 688) is hosting the following Windows services : +KeyIso (@keyiso.dll,-100) +SamSs (@%SystemRoot%\system32\samsrv.dll,-1) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2508). + +This process 'svchost.exe' (pid 2508) is hosting the following Windows services : +Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 1212). + +This process 'svchost.exe' (pid 1212) is hosting the following Windows services : +EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) + + + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'System' is listening on this port (pid 4). + + +cpe:/o:microsoft:windows +This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports. +wmi_process_on_port.nbin +2024/01/16 +Microsoft Windows Remote Listeners Enumeration (WMI) +2008/09/23 +local +None +1.235 +n/a +It is possible to obtain the names of processes listening on the remote UDP and TCP ports. + +The Win32 process 'svchost.exe' is listening on this port (pid 2416). + +This process 'svchost.exe' (pid 2416) is hosting the following Windows services : +IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) + + + + +cpe:/o:microsoft:windows +The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key: + 'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD' + + - Unset or 0: The command prompt is enabled normally. + - 1: The command promt is disabled. + - 2: The command prompt is disabled however windows batch processing is allowed. +windows_disablecmd.nasl +2022/10/05 +Windows Disabled Command Prompt Enumeration +2022/09/06 +local +None +1.2 +http://www.nessus.org/u?b40698bc +n/a +This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user. + +Username: DefaultAccount + SID: S-1-5-21-746496990-2641142201-3713043312-503 + DisableCMD: Unset + +Username: soteria + SID: S-1-5-21-746496990-2641142201-3713043312-500 + DisableCMD: Unset + +Username: WDAGUtilityAccount + SID: S-1-5-21-746496990-2641142201-3713043312-504 + DisableCMD: Unset + +Username: Guest + SID: S-1-5-21-746496990-2641142201-3713043312-501 + DisableCMD: Unset + +Username: degthat + SID: S-1-5-21-746496990-2641142201-3713043312-1001 + DisableCMD: Unset + + + +cpe:/o:microsoft:windows +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin. +wmi_enum_local_users.nbin +2024/01/16 +Enumerate Users via WMI +2014/02/25 +local +None +1.215 +n/a +Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. + + Name : DefaultAccount + SID : S-1-5-21-746496990-2641142201-3713043312-503 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : degthat + SID : S-1-5-21-746496990-2641142201-3713043312-1001 + Disabled : False + Lockout : False + Change password : True + Source : Local + + Name : Guest + SID : S-1-5-21-746496990-2641142201-3713043312-501 + Disabled : True + Lockout : False + Change password : False + Source : Local + + Name : soteria + SID : S-1-5-21-746496990-2641142201-3713043312-500 + Disabled : True + Lockout : False + Change password : True + Source : Local + + Name : WDAGUtilityAccount + SID : S-1-5-21-746496990-2641142201-3713043312-504 + Disabled : True + Lockout : False + Change password : True + Source : Local + + No. Of Users : 5 + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. + +Nessus was able to find 20 open ports. + + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 138/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 137/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5355/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5353/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 4500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 500/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 123/udp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 139/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 62510/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49669/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49668/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49667/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49666/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49665/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 49664/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 47001/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 5985/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 445/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 135/tcp was found to be open + + +windows +cpe:/o:microsoft:windows +Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports. +wmi_netstat.nbin +2024/01/16 +Netstat Portscanner (WMI) +2008/09/16 +local +None +1.263 +https://en.wikipedia.org/wiki/Netstat +n/a +Remote open ports can be enumerated via WMI. +Port 80/tcp was found to be open + + +windows +True +cpe:/o:microsoft:windows +It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests). +smb_registry_access.nasl +True +True +2022/02/01 +Microsoft Windows SMB Registry Remotely Accessible +2000/05/09 +local +None +1.54 +n/a +Access the remote Windows Registry. + + +windows +cpe:/o:microsoft:windows +Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them. +Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later. +wmi_list_interfaces.nbin +2024/01/16 +Network Interfaces Enumeration (WMI) +2007/02/03 +local +None +1.247 +http://www.nessus.org/u?b362cab2 +n/a +Nessus was able to obtain the list of network interfaces on the remote host. ++ Network Interface Information : + + - Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection + - MAC Address = 00:50:56:36:0D:06 + - IPAddress/IPSubnet = 192.168.40.167/255.255.255.0 + - IPAddress/IPSubnet = fe80::cb1e:49b2:cb28:4883/64 + + ++ Routing Information : + + Destination Netmask Gateway + ----------- ------- ------- + 0.0.0.0 0.0.0.0 192.168.40.1 + 127.0.0.0 255.0.0.0 0.0.0.0 + 127.0.0.1 255.255.255.255 0.0.0.0 + 127.255.255.255 255.255.255.255 0.0.0.0 + 192.168.40.0 255.255.255.0 0.0.0.0 + 192.168.40.167 255.255.255.255 0.0.0.0 + 192.168.40.255 255.255.255.255 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 224.0.0.0 240.0.0.0 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + 255.255.255.255 255.255.255.255 0.0.0.0 + + + +cpe:/o:microsoft:windows +The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM. + +These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc. +wmi_available.nbin +2024/01/16 +WMI Available +2007/02/03 +local +None +1.218 +https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page +n/a +WMI queries can be made against the remote host. +The remote host returned the following caption from Win32_OperatingSystem: + + Microsoft Windows Server 2022 Standard + + +True +The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts : + +- Guest account +- Supplied credentials +smb_login.nasl +2023/07/25 +Microsoft Windows SMB Log In Possible +2000/05/09 +remote +None +1.173 +http://www.nessus.org/u?5c2589f6 +https://support.microsoft.com/en-us/help/246261 +n/a +It was possible to log into the remote host. +- The SMB tests will be done as degthat/****** + + + +True +Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host. +smb_nativelanman.nasl +True +2021/09/20 +Microsoft Windows SMB NativeLanManager Remote System Information Disclosure +2001/10/17 +remote +None +1.54 +n/a +It was possible to obtain information about the remote operating system. +Nessus was able to obtain the following information about the host, by +parsing the SMB2 Protocol's NTLM SSP message: + + Target Name: SOT-WIN2K22-WEB + NetBIOS Domain Name: SOT-WIN2K22-WEB + NetBIOS Computer Name: SOT-WIN2K22-WEB + DNS Domain Name: SOT-WIN2K22-WEB + DNS Computer Name: SOT-WIN2K22-WEB + DNS Tree Name: unknown + Product Version: 10.0.20348 + + + +The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests. + +Note that this plugin gathers information to be used in other plugins, but does not itself generate a report. +netbios_name_get.nasl +2021/02/10 +Windows NetBIOS / SMB Remote Host Information Disclosure +1999/10/12 +remote +None +1.91 +n/a +It was possible to obtain the network name of the remote host. +The following 3 NetBIOS names have been gathered : + + SOT-WIN2K22-WEB = Computer name + WORKGROUP = Workgroup / Domain name + SOT-WIN2K22-WEB = File Server Service + +The remote host has the following MAC address on its adapter : + + 00:50:56:36:0d:06 + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49669 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0 +Description : Service Control Manager +Windows process : svchost.exe +Type : Remote RPC service +TCP Port : 49669 +IP : 192.168.40.167 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49668 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49668 +IP : 192.168.40.167 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49667 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49667 +IP : 192.168.40.167 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49666 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +TCP Port : 49666 +IP : 192.168.40.167 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49665 : + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +TCP Port : 49665 +IP : 192.168.40.167 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available on TCP port 49664 : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.167 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +TCP Port : 49664 +IP : 192.168.40.167 + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available remotely : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Remote RPC service +Named pipe : \PIPE\wkssvc +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\atsvc +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Remote RPC service +Named pipe : \pipe\eventlog +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Remote RPC service +Named pipe : \PIPE\InitShutdown +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-WEB + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Remote RPC service +Named pipe : \pipe\lsass +Netbios name : \\SOT-WIN2K22-WEB + + + + +True +By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe. +dcetest.nasl +True +2021/10/04 +DCE Services Enumeration +2001/08/26 +combined +None +1.57 +n/a +A DCE/RPC service is running on the remote host. + +The following DCERPC services are available locally : + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0 +Description : Unknown RPC service +Annotation : PcaSvc +Type : Local RPC service +Named pipe : LRPC-b895254301fc728484 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0497b57d-2e66-424f-a0c6-157cd5d41700, version 1.0 +Description : Unknown RPC service +Annotation : AppInfo +Type : Local RPC service +Named pipe : LRPC-ec434275bea17da948 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0 +Description : Unknown RPC service +Annotation : AppInfo +Type : Local RPC service +Named pipe : LRPC-ec434275bea17da948 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0 +Description : Unknown RPC service +Annotation : AppInfo +Type : Local RPC service +Named pipe : LRPC-ec434275bea17da948 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0 +Description : Unknown RPC service +Annotation : AppInfo +Type : Local RPC service +Named pipe : LRPC-ec434275bea17da948 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0 +Description : Unknown RPC service +Annotation : AppInfo +Type : Local RPC service +Named pipe : LRPC-ec434275bea17da948 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED618BF6864F47618459D88D12E88 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6f92d91361ce30d4ec + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED618BF6864F47618459D88D12E88 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6f92d91361ce30d4ec + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLED618BF6864F47618459D88D12E88 + +Object UUID : 00000001-0000-0000-0000-000000000000 +UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6f92d91361ce30d4ec + +Object UUID : 8261d809-2d4b-4cb9-a475-bcd01ff9f65c +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-e91c0415d8306b6784 + +Object UUID : f28d3f08-153d-464a-8aad-971c0ecbfc52 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-e91c0415d8306b6784 + +Object UUID : 2fd5224e-df9c-4906-b6c7-5063d084b4f1 +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-e91c0415d8306b6784 + +Object UUID : a3f739e0-0b65-4bcd-9abf-76a9d6512c0c +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : OLE2CE57E17E686B1109A1C816FAAD5 + +Object UUID : a3f739e0-0b65-4bcd-9abf-76a9d6512c0c +UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0 +Description : Distributed Transaction Coordinator +Windows process : msdtc.exe +Type : Local RPC service +Named pipe : LRPC-374034f6135851bd59 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d8140e00-5c46-4ae6-80ac-2f9a76df224c, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-59f0646b2ce1354e85 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d249bd56-4cc0-4fd3-8ce6-6fe050d590cb, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-59f0646b2ce1354e85 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7df1ceae-de4e-4e6f-ab14-49636e7c2052, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-474c3af3f383acf6bf + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLEB0DD2105A30BFAD370D74C117AB6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-1e502c1d31a506a535 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0 +Description : Unknown RPC service +Annotation : IKE/Authip API +Type : Local RPC service +Named pipe : LRPC-373473465980e98041 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-b47f984b168c38c272 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0 +Description : Unknown RPC service +Annotation : XactSrv service +Type : Local RPC service +Named pipe : LRPC-cdc6cb5b5cf1b982fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0 +Description : Unknown RPC service +Annotation : IdSegSrv service +Type : Local RPC service +Named pipe : LRPC-cdc6cb5b5cf1b982fd + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0 +Description : Unknown RPC service +Annotation : IP Transition Configuration endpoint +Type : Local RPC service +Named pipe : LRPC-0062a9d1cab8e5f0b5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : LRPC-0062a9d1cab8e5f0b5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager provider server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : LRPC-0062a9d1cab8e5f0b5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0 +Description : Unknown RPC service +Annotation : Proxy Manager client server endpoint +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : LRPC-0062a9d1cab8e5f0b5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoDiagnostics + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : TeredoControl + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0 +Description : Unknown RPC service +Annotation : Adh APIs +Type : Local RPC service +Named pipe : OLE1C29D841C087CC3F2FBA3EDE0095 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0 +Description : IPsec Services (Windows XP & 2003) +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LRPC-e784ba6b938da78a3d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e784ba6b938da78a3d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e784ba6b938da78a3d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e784ba6b938da78a3d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e784ba6b938da78a3d + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0 +Description : Unknown RPC service +Annotation : Base Firewall Engine API +Type : Local RPC service +Named pipe : LRPC-76e69fb255cd8a386a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-76e69fb255cd8a386a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7a65980512f5765735 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-76e69fb255cd8a386a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7a65980512f5765735 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-6345d2ed063e9ad92a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-76e69fb255cd8a386a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-7a65980512f5765735 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-6345d2ed063e9ad92a + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0 +Description : Unknown RPC service +Annotation : Fw APIs +Type : Local RPC service +Named pipe : LRPC-d4559c42144107ef81 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE7EDDB74FD0AA8901E9FAE2869D0E + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27565bbddf2f19f7e5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE7EDDB74FD0AA8901E9FAE2869D0E + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27565bbddf2f19f7e5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE7EDDB74FD0AA8901E9FAE2869D0E + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27565bbddf2f19f7e5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE7EDDB74FD0AA8901E9FAE2869D0E + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27565bbddf2f19f7e5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE7EDDB74FD0AA8901E9FAE2869D0E + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27565bbddf2f19f7e5 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEFAF210218422127E7DCCE306D6CC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-10b2eb2cadb6bcd25f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : OLEFAF210218422127E7DCCE306D6CC + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0 +Description : Unknown RPC service +Annotation : UserMgrCli +Type : Local RPC service +Named pipe : LRPC-10b2eb2cadb6bcd25f + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0 +Description : Unknown RPC service +Annotation : Witness Client Upcall Server +Type : Local RPC service +Named pipe : LRPC-52d6154bc5f1cff7f0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0 +Description : Unknown RPC service +Annotation : Witness Client Test Interface +Type : Local RPC service +Named pipe : LRPC-52d6154bc5f1cff7f0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0 +Description : Unknown RPC service +Annotation : DfsDs service +Type : Local RPC service +Named pipe : LRPC-52d6154bc5f1cff7f0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : LRPC-8c0947230e2f7ff1da + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0 +Description : Unknown RPC service +Annotation : WinHttp Auto-Proxy Service +Type : Local RPC service +Named pipe : 66120b02-1fe5-4838-a280-2f25750a0943 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : OLE43D83F8CED9A0D6753B6DBCD8984 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0 +Description : Unknown RPC service +Annotation : NSP Rpc Interface +Type : Local RPC service +Named pipe : LRPC-599649ad4d2437d162 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : DNSResolver + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0 +Description : Unknown RPC service +Annotation : NRP server endpoint +Type : Local RPC service +Named pipe : LRPC-3e98fd699d1f8afe90 + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : senssvc + +Object UUID : 736e6573-0000-0000-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-d0ebc7804fc3f98155 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-27de8542b9d11e7496 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-27de8542b9d11e7496 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0 +Description : Scheduler Service +Windows process : svchost.exe +Type : Local RPC service +Named pipe : LRPC-27de8542b9d11e7496 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27de8542b9d11e7496 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-87a0cc5185c203d1f1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27de8542b9d11e7496 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-87a0cc5185c203d1f1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-27de8542b9d11e7496 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : ubpmtaskhostchannel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-87a0cc5185c203d1f1 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0 +Description : Unknown RPC service +Annotation : DHCPv6 Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0 +Description : DHCP Client Service +Windows process : svchost.exe +Annotation : DHCP Client LRPC Endpoint +Type : Local RPC service +Named pipe : dhcpcsvc + +Object UUID : 666f7270-6c69-7365-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : IUserProfile2 + +Object UUID : 6c637067-6569-746e-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-2cce7033af0b84679d + +Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601 +UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0 +Description : Unknown RPC service +Annotation : Group Policy RPC Interface +Type : Local RPC service +Named pipe : LRPC-c4ad0352adc8cc6263 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0 +Description : Unknown RPC service +Annotation : NSI server endpoint +Type : Local RPC service +Named pipe : LRPC-c0955571e0c137d449 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE111796B75E90103E4831BF28ABA7 + +Object UUID : bae10e73-0001-0000-9dab-7d0f635c171a +UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-24003a211e1652ee79 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0 +Description : Unknown RPC service +Annotation : Event log TCPIP +Type : Local RPC service +Named pipe : eventlog + +Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e268132c69502f9cc8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-adb77f6fe633553714 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-e268132c69502f9cc8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : OLEF6A4CB1AF57DBDE1D92FD9737D6B + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0 +Description : Unknown RPC service +Annotation : KAPI Service endpoint +Type : Local RPC service +Named pipe : LRPC-e7bdf1f157b5eff1ee + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-03d5aabad4efbe550e + +Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6b0b70d954f1178f33 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-6b0b70d954f1178f33 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-e63cbcc4415ca51c94 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A7D61 + +Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001 +UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0 +Description : Unknown RPC service +Annotation : Secure Desktop LRPC interface +Type : Local RPC service +Named pipe : WMsgKRpc0A7D61 + +Object UUID : 6d726574-7273-0076-0000-000000000000 +UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0 +Description : Unknown RPC service +Annotation : Impl friendly name +Type : Local RPC service +Named pipe : LRPC-bd58114b9851862e80 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3b0083c8eaf42c73a0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3b0083c8eaf42c73a0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3c89f46ecd0a4a69a8 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3b0083c8eaf42c73a0 + +Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3c89f46ecd0a4a69a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3b0083c8eaf42c73a0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3c89f46ecd0a4a69a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7f4beaa1bb481915cb + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3b0083c8eaf42c73a0 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3c89f46ecd0a4a69a8 + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7f4beaa1bb481915cb + +Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86 +UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : umpo + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : actkernel + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-8e8fca544b350a0ad6 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : OLE3A90FD335ABF7384FFB0BC5BF407 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-cef49fdd6833e87124 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3b0083c8eaf42c73a0 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-3c89f46ecd0a4a69a8 + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : LRPC-7f4beaa1bb481915cb + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : csebpub + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : dabrpc + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A5560 + +Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000 +UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WMsgKRpc0A5560 + +Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91 +UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0 +Description : Unknown RPC service +Type : Local RPC service +Named pipe : WindowsShutdown + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0 +Description : Security Account Manager +Windows process : lsass.exe +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0 +Description : Unknown RPC service +Annotation : KeyIso +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSARPC_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsacap + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_IDPEXT_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : LSA_EAS_ENDPOINT + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsapolicylookup + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : lsasspirpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : protected_storage + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : SidKey Local End Point + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : samss lpc + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : audit + +Object UUID : 00000000-0000-0000-0000-000000000000 +UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0 +Description : Unknown RPC service +Annotation : Ngc Pop Key Service +Type : Local RPC service +Named pipe : securityevent + + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +An SMB server is running on this port. + + + +True +The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network. +cifs445.nasl +True +2021/02/11 +Microsoft Windows SMB Service Detection +2002/06/05 +remote +None +1.43 +n/a +A file / print sharing service is listening on the remote host. + +A CIFS server is running on this port. + + + + +